cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1502
Views
5
Helpful
10
Replies

Using MSTP on switches for WiFi link redundancy

ladderman
Level 1
Level 1

We have 3 WiFi links between 2 buildings, these links carry a main data network, a VOIP network and a CCTV network. Occasionally due to unestablished factors we loose one or other of the links for a short period (5mins to an hour). In order to give some redundancy I opted to use a pair of switches and utilize MSTP to give a low cost solution.

I have installed an SF302-08P in one building and an SRW208G in the other building and connected ports 1-3 as trunk ports to the three wifi links on both. Ports 5-7 on both switches are set as access ports and connect to the respective networks within that building.

MSTP region is set the same on both switches and the instances and VLANs are the same on both switches. I have set port priority and cost to force the three networks to use their own link until a failure occurs. Then within the MSTP instances I have set the path costs such that CCTV or MAIN failover to VOIP last of all.

During testing on the bench using patch cables to simulate the wifi links all went well. Upon installation things got a little more difficult. The VOIP network seems to work well but the CCTV won't pass the video traffic until the SF302-08P is rebooted even though I could connect a PC and login to the CCTV devices from either direction.

More serious though is no matter what I do the MAIN network will not pass traffic. The MSTP interface settings show the correct port states with (in the case of MAIN network - MSTP instance 3) Port 1 Alternate, Port 2 Discarding, Port 3 Forwarding and Port 7 Forwarding. However a pcap shows no traffic across the wifi link on VLAN 4 (MAIN) although Layer 1 must be ok as VLAN1 is fine.

The only other factor that may be relevent could be the wifi units themselves as the CCTV and VOIP links use an older 2.4GHz bridge while the MAIN link uses a newer 5GHz bridge. The 2.4G units have no knowledge of STP while the 5G units are 802.1d aware but I'm sure I read somewhere that 802.1d devices will cause problems with RTSP or MSTP networks due to the BDPU message format compatability, therefore I left it disabled.

Can anyone assist with where to go from here? I'm also not sure about how VLAN 1 is handled as it appears to be unrestricted on all ports, is this managed by the CIST? Do I need to be blocking this anywhere?

Any assistance would be much appreciated.

10 Replies 10

Tom Watts
VIP Alumni
VIP Alumni

Please post configs of both switches in a text format.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Tom Watts wrote:

Please post configs of both switches in a text format.

-Tom
Please mark answered for helpful posts

The configuration of the SF302-08P is below. I'm having  problems getting a config from the Linksys that isn't in binary format,  can anyone advise how best to get the config in text format?

spanning-tree mode mst

spanning-tree bpdu filtering

spanning-tree mst configuration

instance 1 vlan 2

instance 2 vlan 3

instance 3 vlan 4

name Link

exit

interface fa1

spanning-tree mst 1 cost 200

exit

interface fa1

spanning-tree mst 1 port-priority 64

exit

interface fa2

spanning-tree mst 1 cost 400

exit

interface fa3

spanning-tree mst 1 cost 600

exit

interface fa5

spanning-tree mst 1 cost 200

exit

interface fa5

spanning-tree mst 1 port-priority 48

exit

interface fa1

spanning-tree mst 2 cost 400

exit

interface fa2

spanning-tree mst 2 cost 200

exit

interface fa2

spanning-tree mst 2 port-priority 64

exit

interface fa3

spanning-tree mst 2 cost 600

exit

interface fa6

spanning-tree mst 2 cost 200

exit

interface fa6

spanning-tree mst 2 port-priority 48

exit

interface fa1

spanning-tree mst 3 cost 400

exit

interface fa2

spanning-tree mst 3 cost 600

exit

interface fa3

spanning-tree mst 3 port-priority 64

exit

interface range fa3,fa7

spanning-tree mst 3 cost 200

exit

interface fa7

spanning-tree mst 3 port-priority 48

exit

interface  fa1

description CCTV_Link

exit

interface  fa2

description VOIP_Link

exit

interface  fa3

description MAIN_Link

exit

vlan database

vlan 2-4

exit

voice vlan id 3

voice vlan state auto-enabled

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface vlan 1

ip address 192.168.90.208 255.255.255.0

exit

interface vlan 1

no ip address dhcp

exit

ip access-list extended "192.168.40.x Deny"

deny ip 192.168.40.0 0.0.0.255 any

exit

hostname switcha304c4

no passwords complexity enable

username admin password encrypted 649ab076284cc9780bb3e0c57326db86499d0a48 privilege 15

username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15

ip ssh server

no snmp-server server

ip http timeout-policy 1800 http-only

clock summer-time web recurring eu

ip telnet server

macro auto disabled

interface fastethernet1

switchport trunk allowed vlan add 2-4

exit

interface fastethernet2

switchport trunk allowed vlan add 2-4

exit

interface fastethernet3

switchport trunk allowed vlan add 2-4

exit

interface fastethernet4

switchport trunk allowed vlan add 2-4

exit

interface fastethernet5

switchport mode access

switchport access vlan 2

switchport forbidden vlan add 3-4

exit

interface fastethernet6

switchport mode access

switchport access vlan 3

switchport forbidden vlan add 2,4

exit

interface fastethernet7

switchport mode access

switchport access vlan 4

switchport forbidden vlan add 2-3

exit

interface fastethernet8

switchport mode access

switchport forbidden vlan add 2-4

exit

interface vlan 2

name CCTV

exit

interface vlan 3

name VOIP

exit

interface vlan 4

name MAIN

exit

snmp-server set  rlAutomaticClockSetFromPCEnabled rlAutomaticClockSetFromPCEnabled true

The Linksys is set up to be practically a mirror image of the SF302-08P.

Phil, what is the vlan 1 used for? The vlan 4 is only a tagged packet, wherever it is connecting to, is it able to understand vlan tag?

The other thing I see, on the link schematic both sides have a different LAN IP address, how is this routing? On layer 2 switch different subnet/vlans won't communicate, need a router or switch in layer 3 (300 series can do that).

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

VLAN 1 is only used for management and after seeing how much traffic there was on our main Lan using Wireshark I disconnected the port we had used (PVID 1) and now just connect when we need to administer the switches.

I'm currently discussing with the ditributor of the PheeNet wifi bridge as to whether it is the cause of the problem, the manual gives examples of multiple VLANs but the supplier is stating the product doesn't support multiple VLANs. I think the supplier is wrong as spec also shows in AP mode it supports WMM queuing using 802.1p which I don't understand how it could do without being 802.1q aware.

The MAIN/data networks on either side are routed, sorry I left that bit off. Both switches and the wifi bridge are in their own subnet with a router at either end. It wasn't specifically planned like this but originally we tried having the routers fail-over to ADSL (VPN) but it's just too slow in our location.

VLAN 2 and 3 for the VOIP and CCTV are not routed.

It appears these PheeNet wifi units will only pass tagged VLAN traffic in Access Point mode. Furthermore, our supplier recommended an alternative but while digging around on the manufacturers website these alternative units also have the same problem.

I'm struggling for a cost-effective solution now, has anyone got any ideas?

- Phil

Disable spanning tree and pray there isn't a network loop?

Perhaps set a storm control setting to limit the impact?

Sounds terrible

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Thanks Tom, I'm getting fairly desperate to solve this now. The wifi distributor has suggested we setup the alternative units in WP+WPD mode to pass tagged VLAN traffic so I may get a pair in to test.

I was wondering if it's possible to leave the CCTV and VOIP on ports 1 & 2 using tagged VLAN and MSTP and then have the MAIN VLAN (4) with 2 wifi links on ports 3&4 and untag VLAN 4 and forbid VLAN 1 on these 2 ports.

Will this disable MSTP?

What's the deal with forbidding VLAN 1, when I was testing initially before I installed the switches I set VLAN 1 to disabled on some ports and it appeared to shut that port down.

- Phil 

Hi Phil, MSTP is not going to work so long as whatever the connections are connecting to do not participate in the MSTP. The vlans are key to separate the instances but the MSTP BPDU is what makes it work.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

The older 2.4GHz wifi units we have are not aware of MSTP or VLANs but quite happily pass the packets through. The PheeNet devices pass the untagged VLAN 1 packets but not tagged VLAN packets.

If untagging the VLAN doesn't interfere with the BPDU packets then this may work but obviously I can't have VLAN 1 traffic on those ports as I can't have 2 untagged VLANs on the same port.

I suppose what I'm trying to do is have ports 1 & 2 on MSTP and ports 3 & 4 on RSTP which I know can't be configured on the switch but effectively that path would be one VLAN and one instance without anything shared. Just having one port as a root and one port as an alternative.

-Phil

Hey Phil, could you please email me at tmw0402@hotmail.com ?

If it's possible I'd like to do a team viewer and see if we can figure this out. I think your problem is out of the capacity of this forum.

If you do not wish to take me up on the offer I'd implore you to call the small business support center to see if they can hash it out for you.

I'd like to give this a crack and see if I can make it the way you want it to work.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X