08-22-2018 07:46 AM
Hi everybody,
I have a strange problem. Below is the topology in which the backup link must be in a blocked state. Ports 8 and 10, however, are constantly on the forwarding mode and the connection breaks.
If someone would/want to help, I can send him conf files.
08-22-2018 07:56 AM
Hi there,
I assume 'ROUTER' is the STP root-bridge in your topology?
If it is, you would expect port8 and port10 to be Designated and forwarding.
The blocked port would be port1 at SiteA. This assumes that 'ISP MAN' is actually participating in STP and not running a BPDU filter. If it is filtering BPDU's then you will not get a blocked port at SiteA and will most likely end up with a Layer2 loop.
cheers,
Seb.
08-22-2018 11:42 PM
08-23-2018 12:24 AM
What is the STP state of SG300 Port1 ? If all the highlighted ports are Desg FWD then this indicates that 'ISP MAN' is not participating in STP, therefore you have a high risk of a Layer2 loop. If 'ISP MAN' were participating then I would expect SG300 Port1 to be a Blocking state as the cost to SG350 is higher (assuming default costs).
If you want SG300 port1 to always be forwarding then configure it with a BPDU filter.
You mention you want SG350 to switch between Port8 and Port10, in a correctly functioning STP topology this would be dependent on the position of the root-bridge. If it were the Router or SG350 then both parts would be Forwarding. If SG300 were the root-bridge, then on of the ports on SG350 would be in a Blocking state and you would get the automatic switching which you want.
To re-iterate, I believe 'ISP MAN' is the root cause of your STP problems.
cheers,
Seb.
08-23-2018 12:55 AM
08-23-2018 01:33 AM
08-23-2018 01:40 AM
Hello,
your port 8 is not participating in RSTP. Can you try and set it to Role Backup ?
08-23-2018 02:01 AM
08-23-2018 01:39 AM - edited 08-23-2018 01:55 AM
If you don't have a fully connected STP topology then you can't expect STP to converge correctly.
You have two possible options:
* Use Layer3 links between your two Sites and run an IGP between them. You could tune this to get sub-second failover. Unfortunately the SG300 does not support any dynamic routing protocols.
* q-in-q : providing the 'ISP MAN' supports it and explicitly allows tunnelling of STP frames. This would allow STP to view the link across ISP MAN as a shared segment and operate correctly.
cheers,
Seb.
08-23-2018 01:54 AM
08-23-2018 01:08 AM
Hello,
on a side note, how did you configure Port 8 on the SG350, as Role - Backup (page 229 of the attached user guide) ?
https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf
08-23-2018 01:19 AM
08-23-2018 01:29 AM
What are the current RSTP interface settings for both ports (8 and 10) on the SG350 ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide