Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
0
Replies

Unexpected behavior of MSTP in our network.

mike.martone
Level 1
Level 1

‎10-14-2021 11:57 AM

 

We are trying to migrate a network made up of three Layer 2 Switches running RPVST+ to running MSTP.  The network operates fine using PVST. However, when we configure for MSTP we see that one of the ports in the network is disabled.  If our understanding of MSTP is correct we are not expecting the entire port to be disabled,  we are only expecting the particular VLAN with the loop to be stopped.

I’ll use the diagram below to help explain my issues and questions. There are two Single Board Computers (SBC) connected to a Switch. Both switches have two connections between them.

Both switches share the same configuration.

2 switches capture.JPG

Switch Configuration for Packet Flow from Single Board Computer to network.

  • Port 1:  is configured as a Trunk, where only VLAN’s 1, and 11 are allowed and transmitted to the Network.
  • Port 2:  is configured as a Trunk, where only VLAN’s 1, and 12 are allowed and transmitted to the Network.
  • Port 8:  is configured as a Trunk with VLAN’s 1, 11, and 13
  • All other ports on the switch have no VLANs configured and just carry untagged traffic.  

Configuration for Packet Flow from Network to Single Board Computer (VLAN ID Translation used)

In addition to the configuration above, Ports 1 through 2 use VLAN translation to translate Tagged packets from the network as follows:

  • Port 1 will translate incoming network packets with a VLAN Tags of 12, to VLAN Tags 11 (Tags 1 and 11 are unmodified, and all others are dropped).
  • Port 2 will translate incoming network packets with a VLAN Tags of 11, to VLAN Tags 12 (Tags 1 and 12 are unmodified, and all others are dropped).

 

MSTP Configuration:

In order to make MSTP behave the same as PVST we configured an MSTI for each VLAN ID we are using.  Since we have only three VLANs we only need  three MSTI’s:

MSTI1  contains VLAN 1

MSTI2  contains VLAN 10

MSTI3  contains VLAN 11

 

Needless to say there is a loop in the network, but only for VLAN 1 traffic, and not for VLAN 11 or 12 traffic. When either SBC sends a packet tagged with either VLAN ID 11 or 12 it be terminated at the other SBC and not fed back into the network. Effectively acting like a point to point connection.  On the other hand, when either SBC sends a packet tagged with VLAN ID 1 or untagged packet, it will continuously wrap around the network ustil stopped by MSTP.

 

Observations using STP, PVST, and MSTP

STP Operation Observed:

  • When we configure switches to use STP,  it disables one of the ports to break the loop. Unfortunately this stops other VLAN traffic from using that port.  
  • This is the expected operation for STP.

PVST Operation Observed:

  • When we configure switches to use PVST,  unlike STP, it does not disable the entire port. It breaks the connection for VLAN 1 only. All other VLAN packets are still allowed to pass. 
  • This is the expected operation for PVST.

MSTP Operation Observed:

  • When we configure switches to use MSTP,  it is acting like STP. and it is disabling the entire port.  
  • This is  not the expected operation for MSTP.   
  • This operation is not consistant with our expectations and understanding of MSTP.  Instead, since like PVST we configured MSTP have a separate instantiation of STP for each VLAN, we expected MSTP to behave exactly like PVST. In that, it would only disable VLAN ID 1 and still allow VLAN 11 and 12 packets to flow unobstructed.

 

Questions:

Again I suspect I may have something configured incorrectly but here are my questions: 

  1. Is it correct for us  to expect the MSTP to match the operation of PVST if we have an MSTI for each VLAN ID in our network? 
  2. If we configure VLAN 1 to be part of MSTI1 will that include all untagged traffic as well or do I need to do something special for the untagged traffic? 
  3. The switch we are using has a Common Spanning Tree Instance (CSTI) is this just another name for the Internal Spanning Tree  (IST)?
  4. The switch configuration allows you to configure the Common Spanning Tree Instance ( CSTI). As I understand, the VLANS not part of any MSTI will be put into the CSTI automatically
  5. Does CSTI operate like generic STP where it closes the entire port not just a particular MSTx group of VLANs?
  6. Could the CSTI be interfering with the MSTP operation? 
  7. Even if I don't have any VLANs that are not part of an MSTI, (nothing in the CSTI) will CSTI still close the port if it detects a loop?
  8. Is there a way to completely disable CSTI if I don't need it? 
  9. Is there anything you can think of in the configuration that might be causing MSTP to disable the port instead of only VLAN 1 traffic?
  10. There is some configuration for each MSTI that allows you assign priorities to each of the Switch Ports.  I am assuming this is to allow the switch to decide which ports are primary paths and which are secondary paths to destination so the Switch can determine which to use and which to disable for each MSTI. The secondary remains closed to break a loop until the primary is lost.
    • I am thinking I don't need to adjust priorities for each MSTI2 (VLAN 11) or MSTI3 (VLAN 12) since they are point to point and do not have backup paths and there should be no loops detected. Does that make sense?     
    • I am thinking I don't need to adjust priorities for MSTI1 (VLAN 1)  since I don't care which path is blocked to prevent the loop on VLAN 1, I only care that the other VLANs are not blocked.  Does that make sense? 
  11. We have some other ports (3 though 7) on the Switch that have no VLANs or VLAN translation configured. Will they only allow untagged, and VLAN 1 traffic to pass? Will they block all other tagged traffic?  Or do I need to configure them to Block unwanted VLAN ID’s or is it automatic by not allowing them? 
  12. Not sure if I need to do anything special for the other ports (3 though 7) for MSTP operation?
  13. Does VLAN Translation interfere with MSTP operation?
  14. Is there anyway to diagnose the cause of why the port closed? Which VLAN the loop was detected on?

I apologize for my longwinded post. I was not sure what information would be needed to help diagnose my issue. I would appreciate any help or insight into understanding what's causing this issue.  Any question are welcome.  

Thanks in advance.  – mike

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card