I have a strange problem. Below is the topology in which the backup link must be in a blocked state. Ports 8 and 10, however, are constantly on the forwarding mode and the connection breaks.
If someone would/want to help, I can send him conf files.
I assume 'ROUTER' is the STP root-bridge in your topology?
If it is, you would expect port8 and port10 to be Designated and forwarding.
The blocked port would be port1 at SiteA. This assumes that 'ISP MAN' is actually participating in STP and not running a BPDU filter. If it is filtering BPDU's then you will not get a blocked port at SiteA and will most likely end up with a Layer2 loop.
What is the STP state of SG300 Port1 ? If all the highlighted ports are Desg FWD then this indicates that 'ISP MAN' is not participating in STP, therefore you have a high risk of a Layer2 loop. If 'ISP MAN' were participating then I would expect SG300 Port1 to be a Blocking state as the cost to SG350 is higher (assuming default costs).
If you want SG300 port1 to always be forwarding then configure it with a BPDU filter.
You mention you want SG350 to switch between Port8 and Port10, in a correctly functioning STP topology this would be dependent on the position of the root-bridge. If it were the Router or SG350 then both parts would be Forwarding. If SG300 were the root-bridge, then on of the ports on SG350 would be in a Blocking state and you would get the automatic switching which you want.
To re-iterate, I believe 'ISP MAN' is the root cause of your STP problems.
If you don't have a fully connected STP topology then you can't expect STP to converge correctly.
You have two possible options:
* Use Layer3 links between your two Sites and run an IGP between them. You could tune this to get sub-second failover. Unfortunately the SG300 does not support any dynamic routing protocols.
* q-in-q : providing the 'ISP MAN' supports it and explicitly allows tunnelling of STP frames. This would allow STP to view the link across ISP MAN as a shared segment and operate correctly.
on a side note, how did you configure Port 8 on the SG350, as Role - Backup (page 229 of the attached user guide) ?