Wednesday, September 10, 2014

Cisco EVC and tunnel L2 STP packets

I found out some interesting behavior with a ethernet-carrier of ours. They are our VPLS provider and we notice a break in our STP domain between 2 switches that are terminated over each end of  the interlink.

Our  switches are running  RSTP w/ext-sys-id and we specifically set the root-bridge for election. But what we later found out;   Per cisco guide lines, tunnel STP does not  tunnel the  tagged-PVST BPDUs for the 7600s.

note:  So cisco own PVST/RPVST  BPDUs are not honored

So if you think about this deeply,  cisco own implementation of PVST is  " proprietary " and does not fall under the true original IEEE STP scope or definition.

If you think about it more, the  non-tagged BPDUs are sent to the STP mac_address ending in  "01:80:c2:00:00:00" which is true IEEE 802.1d standards.


Where-as the tagged PVST BPDUs are sent to a mcast mac_address ending in "01:00:0c:cc:cc:cd"

note: A simple packet capture output will demonstrate this behavior as shown for  the 2 types

( PVST within a 802.1q tag == vlan-id 903 )

10:07:19.900706 2c:54:2d:c3:11:81 > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 76: vlan 903, p 7, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Proposal, Learn], bridge-id 6387.1c:e6:c7:52:a6:c0.8201, length 50
    message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
    root-id 6387.1c:e6:c7:52:a6:c0, root-pathcost 0, port-role Designated

( native vlan  == raw no tag true 802.1d )

10:07:21.303624 2c:54:2d:c3:11:81 > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Proposal, Learn], bridge-id 6001.1c:e6:c7:52:a6:c0.8201, length 43
    message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
    root-id 6001.1c:e6:c7:52:a6:c0, root-pathcost 0, port-role Designated

note: cisco uses these 2 different  BPDUs packet-types for comparison & when the native vlan doesn't match, you get that  "native vlan mismatch" in your logging

So I found it strange this behavior was strange for a simple EVC configuration  & that it would not pass ciscp BPDUs.


The " l2protocol tunnel stp "will tunnel true STP BPDUs and not cisco own " proprietary" types.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
   ^      ^
=(  $  $ )=
      /  \


  1. The shared information about ethernet-carrier is worthy. But I could not get your sayings about cisco own implementation of PVST is " proprietary " . could you please elaborate this ?

  2. Sure, the cisco PVST is compatible with IEEE but the PVST ( per vlan spanning-tree ) for multiple vlans is not. What happens the STP in the native vlan ( no tagging ) are I triple EEE compatible with 802.1d . I'm including this link on IEEE std destination mac_address ( i.e this is a true STP bpdu 01:80:c2:00:00:00 where as the cisco mac_address is not )
    802.1D format

    01:00:0c:cc:cc:cd vrs 01:80:c2:00:00:00

    So in the EVC STP tunneling, the none 802.1D packet will not be encapsulated and tunnel. So just keep this in mind if your running a cisco and wonder why your STP tree is broken.