Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5202
Views
0
Helpful
2
Replies

Spanning Tree: STP Status Blocking Second trunked link from L2 SW to L3 SW

intport1231
Level 1
Level 1

‎02-22-2016 08:05 AM

Admittedly, I am not very knowledgeable about spanning tree... and I'm being unable to sort out a basic scenario because of it, and I'm unsure whether it is a behavior related to the small business switches and/or 300 series only.

 

Please take a look at the attached scheme, nevertheless re-explained at the end in text (I 'm changing the ip addresses so it is more readable).

Basically I have an SF300 L2 connected to a SG300 L3 via (trunk) general switchport with tagged vlans a,b,c

If I enable Rapid Spanning Tree (RSTP) then, upon allocating another general switchport with tagged vlans d,e,f as another uplink from L2 SW towards the L3 SW then the Rapid STP protocol will block one of the two links in the L3 SW (the L2 switch will be root switch) automatically selecting one L3 port as root and the other as alternate (the switch L2 will appear twice as neighbor (show cdp neighbor)).

I already have tried MSTP with one region and three instances with same results (the cost is always the same and if I set manually the cost of one link it'll just favor one link on top of another).

The questions are:

  • How Many trunked uplinks (general tagged) are possible with the use of MSTP/RSTP between a switch in L2 and a L3 switch for 300,300x,500,500x,550x series switches (I currently have just 300s but I'm wondering if multiple trunked links is even supported in the Small Business line. (I came across a post somewhere else where they were seeing how several cisco lines, several, dell lines (switches) had different implementations of the STP protocol allowing (or not) for multiple trunked (general port) uplinks see here: http://en.community.dell.com/support-forums/network-switches/f/866/t/19370444).
  • With my current topology (just testing) is there anything it can be done, configuration wise, so as to tell a port not to go to alternate role (thus blocking) and go to something as designated (thus forwarding), it'd be better something global. Or for instance configuring the Spanning tree cost  per instance? I couldn't find a way to do it myself and I'd prefer to have STP enabled.
  • Very Important!: Is there anything that can be done to prevent "accidental" blocking of ports that occurs by simply connecting a cable from one switch to another when an uplink is already there?  THis should be elemental security, I mean if the STP will bring down links based on perceived redundancy then it should be almost mandatory implement multiple instances and have different root ports (different costs) for every instance.

Thank you

=== My current configuration re-explained - see also attached image===

========

Router (wi-fi) 100 base T interfaces

========

untagged, dhcp pool 192.168.1.1 /24 No Spanning tree protocol (cheap router)

|

|

V

========

SG300 L3 v1.4.1.3

========

  • Vlans, with DHCP pools, vlan 1 with fixed ip address (i'd later go for a different default vlan)

vlan 1,2,3

vlan 1 ip address 192.168.1.100 /24

vlan 2 ip address 192.168.2.1 /24

vlan 3 ip address 192.168.3.1 /24

vlan 4 ip address 192.168.4.1 /24

ip dhcp pool network v2
address low 192.168.2.2 high 192.168.2.254 255.255.255.0

ip dhcp pool network v3
address low 192.168.3.2 high 192.168.3.254 255.255.255.0

ip dhcp pool network v4
address low 192.168.4.2 high 192.168.4.254 255.255.255.0

 

  • Connections to router and to L2 Switch:

ge10 trunk pvid 1 (default) (It connects to router)

ge9 general allowed vlan add 2,3 tagged pvid 4095 (connects to L2 switch)

ge5  general allowed vlan add 4,5 tagged pvid 4095 (connects to L2 switch)

 

  • Spannng tree protocol default settings

|

|

|

V

========

SF300 L2 v1.4.1.3

========

  • Vlans, mac to vlan group,

vlan 1,2,3,4,5

map mac XX:XX:XX:XX:XX:XX 48 macs-group 3
map mac YY:YY:YY:YY:YY:YY 48 macs-group 2

 

  • Host port FE3, vlan group to vlan

switchport mode general
 switchport general allowed vlan add 2,3 tagged
 switchport general map macs-group 2 vlan 2
 switchport general map macs-group 3 vlan 3
 switchport general pvid 4095

 

  • Link Port between L2 switch and L3 switch GE1

switchport mode general
 switchport general allowed vlan add 2,3 tagged
 switchport general map macs-group 2 vlan 2
 switchport general map macs-group 3 vlan 3
 switchport general pvid 4095

 

  • Router port (just for testing pourposes-- the switch should be reached via the L3 switch) GE3

switchport mode trunk

pvid 1

 

  • Spannng tree protocol default settings

---------------------------------------------

 

Now The Rapid STP is automatically configuring:

- GE 9 port in L3 Switch as root Forwarding

- GE 10 port in L3 switch as alternate Blocking (!!! Thus making it impossible to connect to the router)

- GE 5 port in L3 switch as alternate Blocking (!!! Thus making it impossible to L2 switch for vlan 4,5)

from console:

29-Mar-2015 17:11:15 %STP-W-PORTSTATUS: gi10: STP status Blocking
29-Mar-2015 17:11:15 %STP-W-PORTSTATUS: gi9: STP status Forwarding

- FE3, GE1,GE2 GE3 in L2 switch as designated Forwarding: Therefore a host in FE3 belonging to vlan 3 can have its IP address from L3 Pool via the general tagged connection in GE1, I can also reach the switch for management from the router via the GE3 port.

 

this is How they look like:

 

Port gi9 enabled
State: forwarding                              Role: root
Port id: 128.57                                Port cost: 20000
Type: P2P    (configured:Auto  ) Boundary RSTP Port Fast: No (configured:Auto)
Designated bridge Priority : 32768             Address:
Designated port id: 128.49                     Designated path cost: 0
Guard root: Disabled                           BPDU guard: Disabled
Number of transitions to forwarding state: 1
BPDU: sent 13, received 3076

Port gi10 enabled
State: blocking                                Role: alternate
Port id: 128.58                                Port cost: 200000
Type: P2P    (configured:Auto  ) Boundary RSTP Port Fast: No (configured:Auto)
Designated bridge Priority : 32768             Address:
Designated port id: 128.51                     Designated path cost: 0
Guard root: Disabled                           BPDU guard: Disabled
Number of transitions to forwarding state: 0
BPDU: sent 7, received 743

  • What I have tried with same results

- MSTP instances per vlan: instance 1 for vlan 1, instance2 for vlan 2,3

- GE10 port on L3 switch as access, general with pvid 1

- Going for Multiple STP instead of Rapid

- Connecting GE10 on L3 to GE4 on L2 (trunk pvid 1) so as to be part of vlan 1 on L2 that reaches the router and have the same cost of 20000 for both GE9, GE10 on L3.

 

If i disconnect GE9 on L3 (link to L2 switch), obviously GE10 becomes root STP and then there's connectivity to whatever i want in that port.

Thanks for your help.

Labels:
Preview file
45 KB
0 Helpful
2 Replies 2

devils_advocate
Level 7
Level 7

‎02-24-2016 03:59 AM

Hopefully I have understood your issue properly.

At the moment, the L2 switch is acting as the Root bridge.

Looking at your diagram, your L3 switch seems to have three different paths to reach the L2 switch. 

1. Ge5

2. Ge9

3. Ge10 (via the router)

You have enabled RSTP which is not per vlan, its a single STP instance for the whole switch. 

Port Ge10 on the L3 switch goes up to the Router and then there is another connection between the router and the L2 switch which creates a loop in the STP topology. I believe this is why Ge10 is in a blocking state.

I suspect the L2 switch (root bridge) is sending out BPDU's on all its ports (including the one up to the router) and the router is passing the BPDU's back to the L3 switch. As the L3 switch gets a BPDU in its Ge10 interface, its causing this port to be part of the STP topology and because it has a higher cost, its putting it in a blocking state.

Remove the connection between the router and the L2 switch and this should bring Port Ge10 back online.

In terms of the ports between the L2 and the L3 switch, you could put them into a PortChannel and use both links as opposed to STP blocking one of them.

Hope that helps.

0 Helpful

intport1231
Level 1
Level 1
In response to devils_advocate

‎02-24-2016 09:55 PM

Thank you for your response, may God Bless you!

Effectively if I remove the cable in ge10 L3 switch I will recover that port. as it was seeing a duplicate path towards the router as you said.

- However, If as I said, what I want to do is to have several uplinks with different characteristics let's say po1 tagging some vlans and po2 tagging some others, I want to know If that can be done with the Small Business Line of switches or if that's reserved for some campus or core switches only. Do you know by any chance?

- I don't see my way around my current new configuration (testing) I went the Portchannel way, as you suggested, with MSTP and several instances. but they end up with the same cost in all the interfaces and then it makes no difference that a po1 is carrying some vlans and another po2 is carrying others, and I haven't found a way to set the cost manually per instance. Do you know how that can be achieved? Setting cost per instance (I'm still trying to figure out a way of having several different uplinks)

Please, take a look at the attached, simpler scheme and see comments/outputs below only if you need further check (with the image is faster than all the text stuff)

:

I go like this in both switches:

excerpt from configuration:

spanning-tree mode mst
spanning-tree pathcost method short
spanning-tree mst configuration
instance 1 vlan 1
instance 2 vlan 2,3,8
instance 3 vlan 10,11
name R1
exit
vlan database
vlan 2,3,8,10,11

then I go with:

interface Port-channel1
 switchport mode general
 switchport general allowed vlan add 10,11 tagged
 switchport general pvid 4095
!
interface Port-channel2
 description all_but_1
 switchport mode general
 switchport general allowed vlan add 2,3,8 tagged
 switchport general pvid 4095

Then I end up with po2 entering in alternate role and Blocking

While po1 will assume root role and Forwarding.

and the cost in every instance looks like this (in the non CST root switch, that is the L3 SG300, the L2 Sf300 is the root CST ans IST master)

show spanning-tree detail active

###### MST 3 Vlans Mapped: 10,11

Root ID        Priority    32768
               Address     xx:xx:xx:xx:xx:3b
               Path Cost   4
               Root Port   Po1
               Rem hops    19


Bridge ID      Priority    32768
               Address     xx:xx:xx:xx:xx:b8

               Number of topology changes 5 last change occurred 00:06:29 ago
               Times:  hold 1, topology change 35, notification 2
               hello 2, max age 20, forward delay 15


Port Po1 enabled
State: forwarding                              Role: root
Port id: 128.1000                               Port cost: 4
Type: P2P    (configured:Auto  ) Internal      Port Fast: No (configured: Auto)
Designated bridge Priority: 32768              Address: xx:xx:xx:xx:xx:3b
Designated port id: 128.1000                     Designated path cost: 0
Guard root: Disabled
Number of transitions to forwarding state: 1
BPDU: sent 5, received 398

Port Po2 enabled
State: discarding                              Role: alternate
Port id: 128.1001                               Port cost: 4
Type: P2P    (configured:Auto  ) Internal      Port Fast: No (configured: Auto)
Designated bridge Priority: 32768              Address: xx:xx:xx:xx:xx:3b
Designated port id: 128.1001                     Designated path cost: 0
Guard root: Disabled
Number of transitions to forwarding state: 0
BPDU: sent 6, received 240

Preview file
29 KB
0 Helpful
Customers Also Viewed These Support Documents