Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6374
Views
0
Helpful
5
Replies

Spanning -tree-Dlink Switch

Shibu1978
Level 1
Level 1

‎05-19-2009 02:06 AM - edited ‎03-04-2019 04:48 AM

Dear All,

Please find attached one of our Switch configuration. this switch has been interconnected another switches in the network.

Today morning one of the user brought a Dlink switch and connected two port to the attached switch. there was two connection were dropped in cabin from the switch. suddenly all our other switch including the attached switch were started blinking . network is tottaly collapsed...no one was able to work.

atlast we idenfied the culprit and switched of the Dlink switch.

As per my understading Spanning -tree is been configured in the swiches. why it was not blocking the other link from the Dlink switch?

Could you please check the attached configuration a and guide me to prevent such incidents in future.

Thanks

Labels:
Preview file
19 KB
0 Helpful
5 Replies 5

pestebogdan
Level 1
Level 1

‎05-19-2009 06:17 AM

If you say a user brought it to work, I assume it's one of those cheap-o, 3 for a buck, home-user switches. Those don't have spanning tree. All the switches in the topology need to have spanning-tree enabled. I believe what happened was the dumb D-Link switch, not knowing spanning tree, doesn't participate in the whole BPDU, this port is forwarding, this port is blocking message exchange, so both links on both switched were in FWD mode. It probably only took a couple of broadcasts to take your network down.

I encountered this scenario about a year back, and what I did was enable Broadcast Storm Control on the "Smart Switch" (P.S: It wasn't CISCO)

0 Helpful

Shibu1978
Level 1
Level 1
In response to pestebogdan

‎05-19-2009 08:24 AM

Thanks for the reply.

In Cisco switch side already spanning tree is configured and running. will not be cisco switch blocking one of the port which connects to Dlink switch ?

One more thing i noticed in cisco switch side that "spanning tree portfast" was enabled in those ports. in that case looping will occur right ?

I dont want such incidents happen again in future. please help a way out for it .

Thanks

0 Helpful

bretjaquish
Level 3
Level 3
In response to Shibu1978

‎05-19-2009 10:43 AM

Shibu,

I would rework your config:

Global Config:

spanning-tree portfast default

spanning-tree portfast bpduguard default

Access port config:

switchport access vlan XX

switchport mode access

switchport nonegotiate

Trunk port config:

switchport trunk encapsulation dot1q

switchport trunk native vlan XX

switchport mode trunk

switchport trunk allowed vlan XX

0 Helpful

bretjaquish
Level 3
Level 3
In response to bretjaquish

‎05-19-2009 10:46 AM

Part of your issue was BPDU Filtering. That was what caused the loop not to be seen on the access ports that the DLINK was looped up with.

Filtering disallows inbound and outbound filtering. If you had that off on the access ports, bpduguard would have shut it down.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to bretjaquish

‎05-19-2009 01:17 PM

Hello Bret,

I agree with you

>> spanning-tree portfast bpdufilter default

Shibu:

this causes problems on enterprise networks because makes a switch vulnerable to simply connecting two ports of same switch together !

bpdu filter is there to be used by SP to avoid to participate in customer's STP.

It is is bpdu guard the right tool.

We use it with storm-control on host ports.

We use loop guard + storm control on uplinks

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card