11-19-2018 01:21 PM - edited 03-08-2019 04:38 PM
Okay, up front, I know almost nothing about switches and routers. We had an issue with our network a little while ago that ended being caused by a spanning tree setting (fixed by making the main Cisco switches to be the preferred spanning tree root by lowering its priority.) We had to contact a local vendor to get it fixed. They want additional money to help us and I’ve been tasked to get these answers without doing so, so please bear with me. His parting words were "While having a stable spanning tree root is ideal it should also work with the default priority" so, since it didn't, it could mean we could potentially still have issues.
We have a subnet created for security cameras. This allows the personnel who need access to them to have it and to keep the cameras secure from the rest of our network.
I know this isn't Cisco but thought you may need it for the information, from our firewall = SonicWall NSA 5600
The X4 interface is set up to use its own named zone with Security Type set to Trusted
The four switches on our main network are managed via a single IP.
Because of the security and locations of the .25 subnet (VLAN?) switches, replacing them will be a major, expensive undertaking so we want to make sure they are okay as-is, that is, not having an adverse effect on our main network. I heard terms like broadcast storms and loops – can these be caused by the passive/unmanaged switches on the .25 subnet? Would any of the switches on the .25 subnet have had an influence on the spanning tree of the “main” network? What potentially adverse effects could they have on the main network?
This may be a different discussion but how does one implement an end-to-end spanning tree with the switches configured as they are (some on main network, some on subnet)?
11-19-2018 02:36 PM
Hello,
to be honest, I am not really clear on what you are asking. To get an answer that really helps you, it might be best to post a schematic drawing of your topology, and indicate which devices you want to replace.
A generic answer would be: if you set the spanning tree priority so that the spanning tree root doesn't change, adding or removing switches shouldn't matter or cause any problems.
How did the vendor set the priority ? I am just asking because in case he was using the 'spanning-tree root' command, that doesn't necessarily ensure that the root switch remains the root...
11-19-2018 02:55 PM
We do NOT want to replace the switches on the 25 VLAN/subnet if we do not have to BUT the objective is to create a network whereby we don't lose connectivity on our main 1.1 network because of an issue a switch on the 1.25 VLAN could cause. We aren't sure if one of those .25 switches caused the problem we had but changing the spanning tree on our main Cisco managed switches got the 1.1 network back up.
I was trying to write down as quickly as I could what the vendor was saying and doing and all I have in my notes is "sh spanning-tree" and next to it "making these preferred spanning tree root (by lowering its priority, make sure it is more stable)". Sorry.
I'm attaching a generic layout of our LAN.
Would putting a router as the first device on the .25 VLAN stop any issues the .25 switches could potentially cause??
11-19-2018 03:45 PM
From what I can tell, the Sonic firewall is a layer 3 device ? If so, the. 25 VLAN does not participate in the same spanning tree domain as your switches 1,2,3, and 4. Which of the 4 switches is currently the root for the .1 VLAN ?
11-20-2018 09:48 AM
Yes, the SonicWall firewall is a layer 3 device.
I'm not sure which of the four main switches are the root for the main 1.1 network. Switch four is connected directly to the firewall, the other three as shown in the diagram are connected to the preceding/following switches; all four are administered using the same IP address.
11-20-2018 02:10 PM
Hello
@alexoncisco wrote:
all four are administered using the same IP address.
How are you accessing these switches?
Looking at you topology i dont see how a switching loop can occur unless it was introduced via a rouge wifi device looping backing on itself unless this isnt the whole representation of you network but not knowing what problems you were actually experiencing or what errors were being reported its hard to say what caused your outage
@alexoncisco wrote:
"While having a stable spanning tree root is ideal it should also work with the default priority"
I think this very misleading - you should always try to be as deterministic as possible so leaving stp to negotiate itself the stp root isn't a good idea, it is correct in saying stp should work but that is only until something eventually triggers a stp change and then you could then experience unnecessary switching issues.
@alexoncisco wrote:
I heard terms like broadcast storms and loops – can these be caused by the passive/unmanaged switches on the .25 subnet? Would any of the switches on the .25 subnet have had an influence on the spanning tree of the “main” network? What potentially adverse effects could they have on the main network?
If you do have unmamanged switches on your network you should accommodate them in your configuration and tie them down as much as possible because if you dont you are again leaving yourself open to a lots of potential network problems.
This can be done with applying some Layer 2 security and stp features such as ( port-security,storm control, dhcp snooping,udld,spanning tree bpduguard, loopguard, etc...)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide