cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


3112
Views
0
Helpful
10
Replies
Highlighted

SGE2010 switches, VLAN's and a blocked port in spanning-tree

Folks,

I have 2 switch groups.

2 SGE2010's with VLAN's defined as 10,20 and 30

Vlan 10 is the management VLAN, and it uplinks to our border router.

Vlan 20 is the workstation VLAN, and all workstations point to the switch as their default GW

Vlan 30 is the ip phone VLAN, and all phones use this as their gateway.

I would like to put a LAG between said switches, we have some servers on the ip phone switch that need to be accessed by the workstation clients, and the single 100mb link through the router is probably not going to be enough.

As I understand it, because the switches have different networks on them, a simple lag will not work. I did create a lag, and assign ip addresses to each side, however in that mode, it doesn't appear I can block vlan 10 from transiting the LAG, and with out that block I will end up with a logical loop, and spanning-tree will block one of the uplinks, or the LAG itself.

I have attached an image with a diagram of our current set up.

Any help/advice would be much appreciated.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

John, the original 802.1q standard specifies there is only global spanning tree regardless of the vlan membership. That is why you're running in to problems. Cisco developed PVST to run over ISL trunks. MSTP was originally defined as 802.1S which is a combination of 802.1q + RSTP. The 802.1s was later ammended to become a part of the 802.1q.

The person is incorrect as they quote "since spanning tree is construct per vlan." They are incorrect because you have to define spanning tree properties to allow spanning tree per vlan. The small business switches do not support Cisco proprietary PVST or PVST+. However, the SB switches support MSTP which is an IEEE standard.

How the MSTP works is you have what is called Instance, which is each spanning tree construct. Then you have region, the SB switches support only 1 region. The region maintains the instances. Essentially how it works, you enable the MSTP globally. You then specify the instance. As example, vlan 1 is instance 1. Vlan 2 is instance 2.  This will allow you to run 2 physical wire between the switches on different vlan without looping. If you use classic STP or RSTP, the lower cost path will go to block/discard state which is working as intended.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Highlighted

Hi John, the vlan 1 isn't relevant. I think I goofed making the picture is all.

But the same thing applies, there is vlan 10, 20, 30.

Vlan 10 link is 10u and 20t and the other link is 10u, 30t.

The trick is not putting all of the vlans on all the links and the mstp should separate it from there.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

10 REPLIES 10
Highlighted
Advocate

Hi John,

With the MSTP, you may specify a per vlan spanning tree, essentially making each VLAN their own STP groups. Classic spanning tree and RSTP will do exactly as you describe, bring 1 link down.

Did you get that situated from before around 3 weeks ago? What was the result?

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Highlighted

Tom,

I remember our conversation a few weeks ago. I did not get a chance to have a go at MSTP, mainly because I have no expierence with it, and looking at the configuration properities, it looks a little daunting.

It has also been a very busy few weeks with the deployment of 200+ phones across several sites, and the system is functioning great with out the LAG trunk, I am just trying to plan for the future.

I made a few postings a few weeks ago, one here and one on the Cisco forums on reddit, and a user there gave me some advice I have been unable to make work (I think it's just wrong), but I would love to go this route if it is in fact possible.

Here is the thread : http://www.reddit.com/r/Cisco/comments/x91tc/vlan_trunks_spanning_tree_and_a_port_blocked/c5kskch

This user implies it's possible to block a VLAN across the LAG which would end the logical loop problems.

It looks like his advice is to make the LAG into a trunk, and then block specific VLAN's from transiting it, but in trunk mode, I can't assign it an IP, so I am sorta wondering how exactly you transport packets across it.

Can you confirm that his advice is in fact incorrect?

If MSTP is my only route, then I suppose it's time to dig into the docs and see If I cant get it up and running.

Highlighted

John, the original 802.1q standard specifies there is only global spanning tree regardless of the vlan membership. That is why you're running in to problems. Cisco developed PVST to run over ISL trunks. MSTP was originally defined as 802.1S which is a combination of 802.1q + RSTP. The 802.1s was later ammended to become a part of the 802.1q.

The person is incorrect as they quote "since spanning tree is construct per vlan." They are incorrect because you have to define spanning tree properties to allow spanning tree per vlan. The small business switches do not support Cisco proprietary PVST or PVST+. However, the SB switches support MSTP which is an IEEE standard.

How the MSTP works is you have what is called Instance, which is each spanning tree construct. Then you have region, the SB switches support only 1 region. The region maintains the instances. Essentially how it works, you enable the MSTP globally. You then specify the instance. As example, vlan 1 is instance 1. Vlan 2 is instance 2.  This will allow you to run 2 physical wire between the switches on different vlan without looping. If you use classic STP or RSTP, the lower cost path will go to block/discard state which is working as intended.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Highlighted

Tom,

Thanks for all your help.

I guess it's time to have a look at MSTP and see if I cant get this up and running before these go into production.

I really appreciate your advice!

Highlighted

Ok so a quick question here.

It doesnt appear my cisco 890 supports MSTP.

But both switches do.

How exactly do I go about this?

Basically vlan 10 needs to be available on both switch's uplink ports but not on the LAG, vlan 20 and 30 need to be available on the LAG but not on the uplinks.

So put both switches in the same region and give every vlan its own instance?

Highlighted

Hi John,

Reference my picture below. The vlan 10 instance picture, shows how your network normally would look. Obviously the ports will go down.

The vlan 20/30 instance picture, notice the links between the left switch and right switch.  The router is sort of a wild card. I don't know how it will behave but with the switch configuration if you make each vlan their own instance and configure as my diagram, it should work, provided the router won't hose you up.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Highlighted

Two questions,

Why the U vlan 1? We basically have that shut down.

For the 20/30 instance. I need 10 on the firewall uplink (so it can route out).

Otherwise this looks pretty simple.

Highlighted

Hi John, the vlan 1 isn't relevant. I think I goofed making the picture is all.

But the same thing applies, there is vlan 10, 20, 30.

Vlan 10 link is 10u and 20t and the other link is 10u, 30t.

The trick is not putting all of the vlans on all the links and the mstp should separate it from there.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Highlighted

Got it, thanks again.

6PM PST tonight this goes into play and we will see if it flys with the router!

Appreciate all your help, if you're ever in San Diego, I owe ya a beer!

edit.. Just for clarity, both switches go in the same region with teh same revision # ?

Highlighted

The MSTP revision levels should be the same on all devices. The MSTP region must also be the same as the switches only support 1 region.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/