cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1090
Views
0
Helpful
2
Replies

PortFast For Some Networks But Not Others

IES Sys Admin
Level 1
Level 1

Greetings,

 

I have 4 offline self contained networks. They are setup as such:

 

Network 1: Windows Server 2016 As Domain Controllers And Windows 10 (1909) Clients Connected by Cisco C9300-24Ps.

Network 2: Windows Server 2016 As Domain Controllers And Windows 10 (1909) Clients Connected by Cisco C9300-24Ps.

Network 3: Windows Server 2008 R2 As Domain Controllers And Windows 7 Clients Connected by Cisco C9300-24Ps.

Network 4: Windows Server 2016 As Domain Controllers And Windows 10 (1909) Clients Connected by Cisco IE4000s.

 

Network 1 I replaced the network switches which were HP ProLiants with the Ciscos about a year and half ago and all worked well.

Network 4 I have been running for the past 3 years and they have had an issue where every single Client could not resolve the network connection as a Domain but instead saw the domain network as an "Unidentified Network."

Recently I replaced the HP Switches on Network 2 & 3 with the Ciscos and I started getting the same problem as with Network 4. 

 

I spent the past 4 weeks going through research on some issue that could be wrong with the DNS and connection issues with Windows to no avail. Someone posted on my Microsoft thread to look into the use of PortFast with BDPUGUARD.

 

Today I tried to implement it and on all the Networks it fixed the issue with the client seeing the domain! 4 Weeks of work and this is what it was. It was the Cisco Switches. But this fix has led me to another question. Network setups are the same for 1, 2, 3, and 4. All with about the exact same setup of clients, and GPOs, and Network 1, 2 & 3 had the same config. So here is lies the question.

 

Why, to get the network to see it as a domain, do I need to enable PortFast on networks 2, 3 & 4 but I never had to do that for Network 1.

 

I also have a much larger network running Server 2019 with Windows 10 Clients and vastly more C9300-24Ps and devices and I didn't have to enable PortFast for that network either. The only thing I can think of that the hardware is different on the none PortFast networks than it is the PortFast networks but I have elements of some on the non PortFast networks and it works fine. So what's the catch? As far as I can tell the configs and VLANS are about the same. Why do I need to enable PortFast on some networks but not others?

2 Replies 2

ngkin2010
Level 7
Level 7
Hi,

Is the problem happened on every reboot of the physical machine?

Port Fast could make the port transit from BLK (Blocking) state to FWD (Forwarding) state immediately. Otherwise, the port (or the connected client) will unable to use the network until the spanning tree protocol has converged, which may take up to 30 seconds.

If you physical Windows machine was started up within this 30 seconds, Windows service (concretely, Network Location Awareness Service) will start on boot and try to identify the network. The NLA service may failed to identify the connected network if the spanning tree is still learning.

To confirm the above analysis, you may try the following:

1. Reproduce the issue (e.g. disable portfast)
2. When the NLA identity that it's a "Unidentified Network", restart the NLA service after 30 seconds.

If it work, you may configure "delayed start" for NLA service on your clients.

Greetings ngkin2010. Yes the problem happens ton restart of every physical machine. Even if it sits more than 30 seconds. Shoot even it it sits for over an hour it still NLA still does not find the domain. It will sit forever as unidentified network. its very strange that it needs to be enabled on 3 networks but not the 4th.
Review Cisco Networking for a $25 gift card