ISP provides two layer 2 links for the same layer 3 link

bensonlei · ‎07-24-2019

Hi, guys,

The ISP provides a internet line to my company. For the last mile WAN link, they provide two layer 2 lines connecting to our two separated C2960 switches; and these two C2960 switches are trunked together.

I found Layer 2 network loop if we trunk these two C2960 switches, any suggestion to configure the switches and switch ports connecting these two uplinks to avoid network loop and provides resilient uplink connections, thx a lot ?

kubn2 · ‎07-24-2019

Hi,

Check if STP is enabled on your switches (it should be by default but maybe someone turned it off) using show spanning-tree. If it is disabled turn it on with command: spanning-tree vlan 1-1014.

bensonlei · ‎07-24-2019

sw3#sh span summ
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0091-VLAN0094, VLAN0096-VLAN0099, VLAN0852
VLAN2888
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
VLAN0091 0 0 0 3 3
VLAN0092 0 0 0 3 3
VLAN0093 0 0 0 3 3
VLAN0094 0 0 0 3 3
VLAN0096 0 0 0 3 3
VLAN0097 0 0 0 3 3

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0098 0 0 0 3 3
VLAN0099 0 0 0 3 3
VLAN0852 0 0 0 3 3
VLAN2888 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
11 vlans 0 0 0 31 31
sw3#

SPAN is enabled on both switches and all switch ports of both switches are "forwarding", any other suggestion, thx ?

Martin L · ‎07-24-2019

sounds like they want you to do FRRP (redundancy protocols). FHRP protocols include HSRP, VRRP, GLBP GLBP would be the best I think.

bensonlei · ‎07-24-2019

Hi, guys,

I think my case is the following:

ISP -----L2 Switch Line1 -------- C2960-1 ---- Our Layer 3 device

L2 Switch Line 2 -------- C2960-2 ---- Our Layer 3 device

Our side:

C2960-1 (vlan 10) --trunked---C2960-2 (vlan 10); 2 Layer-3 devices in Active-Active mode.

For our C2960 switches:

1. we enabled the cisco default pvst.

2. At this moment, all switch ports connected to ISP Layer 2 switches are in "forwarding" state, we have not yet configured the trunk, ( network loop occurred if we configured trunk for vlan 10, this is verified ).

ISP side:

We do not know what device their L2 switch is ?

We found the same MAC address captured from our switches ports.

How we configure our Layer 2 switches ( switch port and trunk ), so one switch port (connected to ISP ) is in "forwarding" state, another port is in "blocked" state for resilient links for ISP connection ?

so that the above

Martin L · ‎07-27-2019

so that C2960-2 is a backup connection to ISP in case of broken link via C2960-1 to your L3.

Is Line 2 not connected to ISP ? was in the past but maybe no longer active?

if connect both C2960 switches using trunk link(s). STP is on - or should be on always- will block one link to prevent loops. Make switch 1 Root switch.

why u think "network loop occurred if we configured trunk for vlan 10, this is verified" Make sure STP runs on both switches.

bensonlei · ‎07-28-2019

Hi, Martin

Thx for your advice,

I shall further investigate the network, as this is simple SPT topology.