Hi.
I'm trying to test RSTPs 6 second reaction to having stopped receiving BPDUs.
I have two switches with 2 links between them and running RSTP. Switch 1 is the root switch.
I have configured an input firewall filter on a switch 2's root port to drop received BPDUs.
set firewall family ethernet-switching filter block-bpdus term 1 from source-mac-address c0:bf:a7:ee:b7:00/48
set firewall family ethernet-switching filter block-bpdus term 1 from destination-mac-address 01:80:c2:00:00:00/48
set firewall family ethernet-switching filter block-bpdus term 1 then discard
set firewall family ethernet-switching filter block-bpdus term 1 then count dj-drop
set firewall family ethernet-switching filter block-bpdus term 2 then accept
I see drop counter increasing, but the root port never goes blocking.
lab@ex2# run show firewall
Filter: block-bpdus
Counters:
Name Bytes Packets
accepted 0 0
dj-drop 14336 224
{master:0}[edit]
lab@ex2# run show spanning-tree interface ge-0/0/1
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/1 128:490 128:490 4096.c0bfa7eeb700 20000 FWD ROOT
Why is this port refusing to go down?
Thanks,
Deepak