Content filters configured as transparent bridges and spanning tree

I've got a situation where I need to connect two switches, a 4507R (our core switch) to a 3560, using two devices which are functioning as transparent bridges, connected in parallel. The devices are actually content filters (they're Lightspeed Rocket appliances if that makes any difference), and we'd like to have one online as a standby unit in case the first one fails. The only other thing connected to the 3560 is two PIX firewalls (active/standby) which are in a vlan from the core network. The two switch are EIGRP neighbors.

I was hoping that spanning-tree would take care of selecting one device for production use and the other as a standby. When we tried it, there was no connectivity at all. It seemed like the switches were not agreeing on which device to use. Is there any way to maybe have the 4507R take care of the forwarding/blocking decisions and turn off spanning-tree on the 3560?

Reply to
Loading thread data ...

The wise pfisterfarm enlightened me with:

What I've remember from quite a similar setup (but with different boxes, not sure anymore, Astaro or something like that) is that the boxes needed to specifically have spanning tree configured, which makes sense since SPT is a point-to-point thingy. I would ask your vendor or the producer of this appliance how to configure that.


Reply to
Mark Huizer

Meanwhile, at the Job Justification Hearings, pfisterfarm chose the tried and tested strategy of:

Do the content filters participate in STP at all? Ie, do they pass STP, do they block STP and not emit their own, or do they emit their own and not pass STP?

Reply to
alexd Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.