Disable STP on LTM4200V ver 11.2.1

We are implementing a pair of new F5 LTMs in our environment. In our test lab we are cross connecting a 802.1q trunked interface from each cluster member to two separate Cisco switches. In the event of a single link failure on the the LTM we wish to have the redundant connection immediately available. However, it appears that Spanning Tree is running on the LTM, thus preventing us from a fast failover scenario. In this environment we have no need for the LTM to participate in spanning-tree, and want to disable it.

See attached diagram.

Even though our Cisco switch config enables port-fast for a trunk on this interface, something on the LTM is over-riding this setting and placing redundant ports into Blocking mode. Take a look at these configs:

Switch1 link to LTM-A

interface GigabitEthernet0/6

description dg-p-ltm-4200a 1.1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast trunk

end

Switch1 link to LTM-B

interface GigabitEthernet0/7

description dg-p-ltm-4200b 1.1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast trunk

end

Switch2 link to LTM-A

interface FastEthernet0/36

description dg-p-ltm-4200a 1.2

switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160

switchport mode trunk

duplex full

spanning-tree portfast trunk

end

Switch2 link to LTM-B

interface FastEthernet0/37

description dg-p-ltm-4200b 1.2

switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160

switchport mode trunk

duplex full

spanning-tree portfast trunk

end

Here is the spanning tree output for VLAN6:

Switch1

mm-lab-F5Web-switch1show spanning-tree vlan 6

VLAN0006

Spanning tree enabled protocol ieee

Root ID Priority 49158

Address 000d.bc11.6b00

Cost 3004

Port 6 (GigabitEthernet0/6)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 49158 (priority 49152 sys-id-ext 6)

Address 0015.6290.5900

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Uplinkfast enabled

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/6 Root FWD 3004 128.6 P2p

Gi0/7 Altn BLK 3004 128.7 P2p

Gi0/18 Desg FWD 3004 128.18 P2p Edge

Gi0/19 Desg FWD 3004 128.19 P2p Edge

Gi0/32 Desg FWD 3004 128.32 P2p Edge

Gi0/48 Altn BLK 3004 16.48 P2p

Switch2

mm-lab-F5Web-switch2show spanning-tree vlan 6

VLAN0006

Spanning tree enabled protocol ieee

Root ID Priority 49158

Address 000d.bc11.6b00

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 49158 (priority 49152 sys-id-ext 6)

Address 000d.bc11.6b00

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Uplinkfast enabled

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/18 Desg FWD 3019 128.18 Edge P2p

Fa0/19 Desg FWD 3019 128.19 Edge P2p

Fa0/36 Desg FWD 3019 128.36 P2p

Fa0/37 Desg FWD 3019 128.37 P2p

Gi0/1 Desg FWD 3004 128.49 P2p

Based on the switch config (spanning-tree portfast trunk), Switch1 port G0/7 should not ever be placed in BLOCKING mode. I have tried several IOS revisions and have had the config verified by Cisco.

Note that ports 18 and 19 on both switches are 802.1q trunks connected to Checkpoint firewalls with the SAME spanning-tree portfast trunk configs. As you can see, they are properly marked as Edge P2P ports while the LTM ports are NOT.

Debugs on the switches also clearly show BPDUs coming in from the LTM interfaces, which is not what I expect to see:

The LTMs are definitely sending BPDUs (THE FIREWALLS NOT)

02:09:18: STP: VLAN0006 rx BPDU: config protocol = ieee, packet from GigabitEthernet0/6 , linktype SSTP , enctype 3, encsize 22

02:09:18: STP: enc 01 00 0C CC CC CD 00 0D BC 11 6B 24 00 32 AA AA 03 00 00 0C 01 0B

02:09:18: STP: Data 0000000000C006000DBC116B0000000000C006000DBC116B0080240000140002000F00

02:09:18: STP: VLAN0006 Gi0/6:0000 00 00 00 C006000DBC116B00 00000000 C006000DBC116B00 8024 0000 1400 0200 0F00

02:09:18: STP(6) port Gi0/6 supersedes 0

02:09:18: STP: VLAN0006 rx BPDU: config protocol = ieee, packet from GigabitEthernet0/7 , linktype SSTP , enctype 3, encsize 22

02:09:18: STP: enc 01 00 0C CC CC CD 00 0D BC 11 6B 25 00 32 AA AA 03 00 00 0C 01 0B

02:09:18: STP: Data 0000000000C006000DBC116B0000000000C006000DBC116B0080250000140002000F00

02:09:18: STP: VLAN0006 Gi0/7:0000 00 00 00 C006000DBC116B00 00000000 C006000DBC116B00 8025 0000 1400 0200 0F00

02:09:18: STP(6) port Gi0/7 supersedes 0

The only other BPDUs come from the Lab switch 2, which is correct.

02:09:18: STP: VLAN0006 rx BPDU: config protocol = ieee, packet from GigabitEthernet0/48 , linktype SSTP , enctype 3, encsize 22

02:09:18: STP: enc 01 00 0C CC CC CD 00 0D BC 11 6B 31 00 32 AA AA 03 00 00 0C 01 0B

02:09:18: STP: Data 0000000000C006000DBC116B0000000000C006000DBC116B0080310000140002000F00

02:09:18: STP: VLAN0006 Gi0/48:0000 00 00 00 C006000DBC116B00 00000000 C006000DBC116B00 8031 0000 1400 0200 0F00

02:09:18: STP(6) port Gi0/48 supersedes 0