04-02-2013 08:55 AM
We have 3 WiFi links between 2 buildings, these links carry a main data network, a VOIP network and a CCTV network. Occasionally due to unestablished factors we loose one or other of the links for a short period (5mins to an hour). In order to give some redundancy I opted to use a pair of switches and utilize MSTP to give a low cost solution.
I have installed an SF302-08P in one building and an SRW208G in the other building and connected ports 1-3 as trunk ports to the three wifi links on both. Ports 5-7 on both switches are set as access ports and connect to the respective networks within that building.
MSTP region is set the same on both switches and the instances and VLANs are the same on both switches. I have set port priority and cost to force the three networks to use their own link until a failure occurs. Then within the MSTP instances I have set the path costs such that CCTV or MAIN failover to VOIP last of all.
During testing on the bench using patch cables to simulate the wifi links all went well. Upon installation things got a little more difficult. The VOIP network seems to work well but the CCTV won't pass the video traffic until the SF302-08P is rebooted even though I could connect a PC and login to the CCTV devices from either direction.
More serious though is no matter what I do the MAIN network will not pass traffic. The MSTP interface settings show the correct port states with (in the case of MAIN network - MSTP instance 3) Port 1 Alternate, Port 2 Discarding, Port 3 Forwarding and Port 7 Forwarding. However a pcap shows no traffic across the wifi link on VLAN 4 (MAIN) although Layer 1 must be ok as VLAN1 is fine.
The only other factor that may be relevent could be the wifi units themselves as the CCTV and VOIP links use an older 2.4GHz bridge while the MAIN link uses a newer 5GHz bridge. The 2.4G units have no knowledge of STP while the 5G units are 802.1d aware but I'm sure I read somewhere that 802.1d devices will cause problems with RTSP or MSTP networks due to the BDPU message format compatability, therefore I left it disabled.
Can anyone assist with where to go from here? I'm also not sure about how VLAN 1 is handled as it appears to be unrestricted on all ports, is this managed by the CIST? Do I need to be blocking this anywhere?
Any assistance would be much appreciated.
04-02-2013 09:43 AM
Please post configs of both switches in a text format.
-Tom
Please mark answered for helpful posts
04-05-2013 04:35 AM
Tom Watts wrote:
Please post configs of both switches in a text format.
-Tom
Please mark answered for helpful posts
The configuration of the SF302-08P is below. I'm having problems getting a config from the Linksys that isn't in binary format, can anyone advise how best to get the config in text format?
spanning-tree mode mst
spanning-tree bpdu filtering
spanning-tree mst configuration
instance 1 vlan 2
instance 2 vlan 3
instance 3 vlan 4
name Link
exit
interface fa1
spanning-tree mst 1 cost 200
exit
interface fa1
spanning-tree mst 1 port-priority 64
exit
interface fa2
spanning-tree mst 1 cost 400
exit
interface fa3
spanning-tree mst 1 cost 600
exit
interface fa5
spanning-tree mst 1 cost 200
exit
interface fa5
spanning-tree mst 1 port-priority 48
exit
interface fa1
spanning-tree mst 2 cost 400
exit
interface fa2
spanning-tree mst 2 cost 200
exit
interface fa2
spanning-tree mst 2 port-priority 64
exit
interface fa3
spanning-tree mst 2 cost 600
exit
interface fa6
spanning-tree mst 2 cost 200
exit
interface fa6
spanning-tree mst 2 port-priority 48
exit
interface fa1
spanning-tree mst 3 cost 400
exit
interface fa2
spanning-tree mst 3 cost 600
exit
interface fa3
spanning-tree mst 3 port-priority 64
exit
interface range fa3,fa7
spanning-tree mst 3 cost 200
exit
interface fa7
spanning-tree mst 3 port-priority 48
exit
interface fa1
description CCTV_Link
exit
interface fa2
description VOIP_Link
exit
interface fa3
description MAIN_Link
exit
vlan database
vlan 2-4
exit
voice vlan id 3
voice vlan state auto-enabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface vlan 1
ip address 192.168.90.208 255.255.255.0
exit
interface vlan 1
no ip address dhcp
exit
ip access-list extended "192.168.40.x Deny"
deny ip 192.168.40.0 0.0.0.255 any
exit
hostname switcha304c4
no passwords complexity enable
username admin password encrypted 649ab076284cc9780bb3e0c57326db86499d0a48 privilege 15
username cisco password encrypted 7af78c911d5b48bea1dc2449d9d89513abeb4be5 privilege 15
ip ssh server
no snmp-server server
ip http timeout-policy 1800 http-only
clock summer-time web recurring eu
ip telnet server
macro auto disabled
interface fastethernet1
switchport trunk allowed vlan add 2-4
exit
interface fastethernet2
switchport trunk allowed vlan add 2-4
exit
interface fastethernet3
switchport trunk allowed vlan add 2-4
exit
interface fastethernet4
switchport trunk allowed vlan add 2-4
exit
interface fastethernet5
switchport mode access
switchport access vlan 2
switchport forbidden vlan add 3-4
exit
interface fastethernet6
switchport mode access
switchport access vlan 3
switchport forbidden vlan add 2,4
exit
interface fastethernet7
switchport mode access
switchport access vlan 4
switchport forbidden vlan add 2-3
exit
interface fastethernet8
switchport mode access
switchport forbidden vlan add 2-4
exit
interface vlan 2
name CCTV
exit
interface vlan 3
name VOIP
exit
interface vlan 4
name MAIN
exit
snmp-server set rlAutomaticClockSetFromPCEnabled rlAutomaticClockSetFromPCEnabled true
The Linksys is set up to be practically a mirror image of the SF302-08P.
04-05-2013 05:41 AM
Phil, what is the vlan 1 used for? The vlan 4 is only a tagged packet, wherever it is connecting to, is it able to understand vlan tag?
The other thing I see, on the link schematic both sides have a different LAN IP address, how is this routing? On layer 2 switch different subnet/vlans won't communicate, need a router or switch in layer 3 (300 series can do that).
-Tom
Please mark answered for helpful posts
04-05-2013 06:01 AM
VLAN 1 is only used for management and after seeing how much traffic there was on our main Lan using Wireshark I disconnected the port we had used (PVID 1) and now just connect when we need to administer the switches.
I'm currently discussing with the ditributor of the PheeNet wifi bridge as to whether it is the cause of the problem, the manual gives examples of multiple VLANs but the supplier is stating the product doesn't support multiple VLANs. I think the supplier is wrong as spec also shows in AP mode it supports WMM queuing using 802.1p which I don't understand how it could do without being 802.1q aware.
The MAIN/data networks on either side are routed, sorry I left that bit off. Both switches and the wifi bridge are in their own subnet with a router at either end. It wasn't specifically planned like this but originally we tried having the routers fail-over to ADSL (VPN) but it's just too slow in our location.
VLAN 2 and 3 for the VOIP and CCTV are not routed.
04-11-2013 11:10 AM
It appears these PheeNet wifi units will only pass tagged VLAN traffic in Access Point mode. Furthermore, our supplier recommended an alternative but while digging around on the manufacturers website these alternative units also have the same problem.
I'm struggling for a cost-effective solution now, has anyone got any ideas?
- Phil
04-11-2013 02:27 PM
Disable spanning tree and pray there isn't a network loop?
Perhaps set a storm control setting to limit the impact?
Sounds terrible
-Tom
Please mark answered for helpful posts
04-12-2013 01:48 AM
Thanks Tom, I'm getting fairly desperate to solve this now. The wifi distributor has suggested we setup the alternative units in WP+WPD mode to pass tagged VLAN traffic so I may get a pair in to test.
I was wondering if it's possible to leave the CCTV and VOIP on ports 1 & 2 using tagged VLAN and MSTP and then have the MAIN VLAN (4) with 2 wifi links on ports 3&4 and untag VLAN 4 and forbid VLAN 1 on these 2 ports.
Will this disable MSTP?
What's the deal with forbidding VLAN 1, when I was testing initially before I installed the switches I set VLAN 1 to disabled on some ports and it appeared to shut that port down.
- Phil
04-12-2013 06:52 AM
Hi Phil, MSTP is not going to work so long as whatever the connections are connecting to do not participate in the MSTP. The vlans are key to separate the instances but the MSTP BPDU is what makes it work.
-Tom
Please mark answered for helpful posts
04-12-2013 10:51 AM
Hi Tom,
The older 2.4GHz wifi units we have are not aware of MSTP or VLANs but quite happily pass the packets through. The PheeNet devices pass the untagged VLAN 1 packets but not tagged VLAN packets.
If untagging the VLAN doesn't interfere with the BPDU packets then this may work but obviously I can't have VLAN 1 traffic on those ports as I can't have 2 untagged VLANs on the same port.
I suppose what I'm trying to do is have ports 1 & 2 on MSTP and ports 3 & 4 on RSTP which I know can't be configured on the switch but effectively that path would be one VLAN and one instance without anything shared. Just having one port as a root and one port as an alternative.
-Phil
04-12-2013 12:36 PM
Hey Phil, could you please email me at tmw0402@hotmail.com ?
If it's possible I'd like to do a team viewer and see if we can figure this out. I think your problem is out of the capacity of this forum.
If you do not wish to take me up on the offer I'd implore you to call the small business support center to see if they can hash it out for you.
I'd like to give this a crack and see if I can make it the way you want it to work.
-Tom
Please mark answered for helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide