cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1798
Views
0
Helpful
12
Replies

Problem with RSTP between sg300 and sg350

s.georgiev
Level 1
Level 1

Hi everybody,

 

I have a strange problem. Below is the topology in which the backup link must be in a blocked state. Ports 8 and 10, however, are constantly on the forwarding mode and the connection breaks.

If someone would/want to help, I can send him conf files.

12 Replies 12

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,
I assume 'ROUTER' is the STP root-bridge in your topology?
If it is, you would expect port8 and port10 to be Designated and forwarding.
The blocked port would be port1 at SiteA. This assumes that 'ISP MAN' is actually participating in STP and not running a BPDU filter. If it is filtering BPDU's then you will not get a blocked port at SiteA and will most likely end up with a Layer2 loop.

 

cheers,
Seb.

Hi Seb,
The main purpose is "ROUTER"(he is just end point) to be always connected to the infrastructure behind siteA (SG300) through vlan300.
So, the challenge is how to force SG350 to switch between port 10 and port 8. Port 10 should be preferred and if goes down port 8 to became active. When port 10 returns in UP state to became again active and port 8 became blocked.
On SG300 port 1 must be always UP. In short, only RSTP capable ports are: port 10(SG300) and port 10, 8 (SG350).

What is the STP state of SG300 Port1 ? If all the highlighted ports are Desg FWD then this indicates that 'ISP MAN' is not participating in STP, therefore you have a high risk of a Layer2 loop. If 'ISP MAN' were participating then I would expect SG300 Port1 to be a Blocking state as the cost to SG350 is higher (assuming default costs).

 

If you want SG300 port1 to always be forwarding then configure it with a BPDU filter.

 

You mention you want SG350 to switch between Port8 and Port10, in a correctly functioning STP topology this would be dependent on the position of the root-bridge. If it were the Router or SG350 then both parts would be Forwarding. If SG300 were the root-bridge, then on of the ports on SG350 would be in a Blocking state and you would get the automatic switching which you want.

 

To re-iterate, I believe 'ISP MAN' is the root cause of your STP problems.

cheers,

Seb.

Yes, 'ISP MAN' is not participating in STP and no BPDU from SG300 and SG350 can pass through ISP MAN.
Otherwise, it would have been a simple task.
Please, find attached outputs. Port 8 on SG350 currently is unplugged cos of loop.

SG300:

Spanning tree enabled mode RSTP
Default port cost method: short
Loopback guard: Enabled



Root ID Priority 4096
Address a0:f8:49:03:23:4e
This switch is the root
Hello Time 2 sec Max Age 6 sec Forward Delay 4 sec

Number of topology changes 287 last change occurred 115:27:50 ago
Times: hold 1, topology change 10, notification 2
hello 2, max age 6, forward delay 4

Interfaces
Name State Prio.Nbr Cost Sts Role PortFast Type
--------- -------- --------- -------- ------ ---- -------- -----------------
gi1 disabled 128.49 19 Dsbl Dsbl No -
gi2 disabled 128.50 4 Dsbl Dsbl No -
gi3 disabled 128.51 4 Dsbl Dsbl No -
gi4 disabled 128.52 4 Dsbl Dsbl No -
gi5 disabled 128.53 4 Dsbl Dsbl No -
gi6 enabled 128.54 100 Dsbl Dsbl No -
gi7 enabled 128.55 100 Dsbl Dsbl No -
gi8 disabled 128.56 4 Dsbl Dsbl No -
gi9 enabled 128.57 100 Dsbl Dsbl No -
gi10 enabled 16.58 4 Frw Desg No P2P (RSTP)
description DarkFiber
no spanning-tree portfast
spanning-tree link-type point-to-point
spanning-tree cost 4
spanning-tree port-priority 16
switchport trunk allowed vlan add 300

Po1 enabled 128.1000 4 Dsbl Dsbl No -
Po2 enabled 128.1001 4 Dsbl Dsbl No -
Po3 enabled 128.1002 4 Dsbl Dsbl No -
Po4 enabled 128.1003 4 Dsbl Dsbl No -
Po5 enabled 128.1004 4 Dsbl Dsbl No -
Po6 enabled 128.1005 4 Dsbl Dsbl No -
Po7 enabled 128.1006 4 Dsbl Dsbl No -
Po8 enabled 128.1007 4 Dsbl Dsbl No -



SG350:

Spanning tree enabled mode RSTP
Default port cost method: short
Loopback guard: Enabled



Root ID Priority 4096
Address a0:f8:49:03:23:4e
Cost 4
Port gi10
Hello Time 2 sec Max Age 6 sec Forward Delay 4 sec
Bridge ID Priority 32768
Address 00:7e:95:2e:e2:26
Hello Time 2 sec Max Age 6 sec Forward Delay 4 sec

Number of topology changes 7 last change occurred 115:36:08 ago
Times: hold 1, topology change 10, notification 2
hello 2, max age 6, forward delay 4

Interfaces
Name State Prio.Nbr Cost Sts Role PortFast Type
--------- -------- --------- -------- ------ ---- -------- -----------------
gi1 disabled 128.1 19 Dsbl Dsbl No -
gi2 disabled 128.2 19 Dsbl Dsbl No -
gi3 enabled 128.3 100 Dsbl Dsbl No -
gi4 enabled 128.4 100 Dsbl Dsbl No -
gi5 enabled 128.5 100 Dsbl Dsbl No -
gi6 enabled 128.6 100 Dsbl Dsbl No -
gi7 enabled 128.7 100 Dsbl Dsbl No -
gi8 enabled 128.8 19 Dsbl Dsbl No -
loopback-detection enable
description ISP-MAN
no spanning-tree portfast
spanning-tree link-type point-to-point
spanning-tree cost 19
spanning-tree bpdu filtering
spanning-tree mst 2 cost 19
switchport access vlan 300
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch

gi9 enabled 128.9 100 Dsbl Dsbl No -
gi10 enabled 16.10 4 Frw Root No P2P (RSTP)
loopback-detection enable
description DarkFiber
no spanning-tree portfast
spanning-tree cost 4
spanning-tree port-priority 16
spanning-tree mst 1 port-priority 16
spanning-tree mst 1 cost 4
switchport mode trunk
switchport protected-port
switchport trunk native vlan none
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch

Po1 enabled 128.1000 4 Dsbl Dsbl No -
Po2 enabled 128.1001 4 Dsbl Dsbl No -
Po3 enabled 128.1002 4 Dsbl Dsbl No -
Po4 enabled 128.1003 4 Dsbl Dsbl No -
Po5 enabled 128.1004 4 Dsbl Dsbl No -
Po6 enabled 128.1005 4 Dsbl Dsbl No -
Po7 enabled 128.1006 4 Dsbl Dsbl No -
Po8 enabled 128.1007 4 Dsbl Dsbl No -

Interfaces
Name State Prio.Nbr Cost Sts Role PortFast Type
--------- -------- --------- -------- ------ ---- -------- -----------------
gi8 enabled 128.8 19 Dsbl Dsbl No -
loopback-detection enable
description ISP-MAN
no spanning-tree portfast
spanning-tree link-type point-to-point
spanning-tree cost 19
spanning-tree bpdu filtering
spanning-tree mst 2 cost 19
switchport access vlan 300
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch

gi10 enabled 16.10 4 Frw Root No P2P (RSTP)
loopback-detection enable
description DarkFiber
no spanning-tree portfast
spanning-tree cost 4
spanning-tree port-priority 16
spanning-tree mst 1 port-priority 16
spanning-tree mst 1 cost 4
switchport mode trunk
switchport protected-port
switchport trunk native vlan none
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch

Hello,

 

your port 8 is not participating in RSTP. Can you try and set it to Role Backup ?

Port 8 is participating in RSTP, bus as I wrote in one of my previous posts, cable is unplugged due to loop.
STP sets the role, and I can only see the status, not to set it manually.

If you don't have a fully connected STP topology then you can't expect STP to converge correctly.

 

You have two possible options:

* Use Layer3 links between your two Sites and run an IGP between them. You could tune this to get sub-second failover. Unfortunately the SG300 does not support any dynamic routing protocols.

* q-in-q : providing the 'ISP MAN' supports it and explicitly allows tunnelling of STP frames. This would allow STP to view the link across  ISP MAN as a shared segment and operate correctly.

 

cheers,

Seb.

Thanks Seb,

Obviously existing topology and devices are bottleneck for my idea. So i have to think about some changes.

Hello,

 

on a side note, how did you configure Port 8 on the SG350, as Role - Backup (page 229 of the attached user guide) ?

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf

Hello,
Sorry, but the role of STP can not be set ... or I miss something?

What are the current RSTP interface settings for both ports (8 and 10) on the SG350 ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco