Spanning -tree-Dlink Switch

Unanswered Question
May 19th, 2009

Dear All,

Please find attached one of our Switch configuration. this switch has been interconnected another switches in the network.

Today morning one of the user brought a Dlink switch and connected two port to the attached switch. there was two connection were dropped in cabin from the switch. suddenly all our other switch including the attached switch were started blinking . network is tottaly collapsed...no one was able to work.

atlast we idenfied the culprit and switched of the Dlink switch.

As per my understading Spanning -tree is been configured in the swiches. why it was not blocking the other link from the Dlink switch?

Could you please check the attached configuration a and guide me to prevent such incidents in future.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pestebogdan Tue, 05/19/2009 - 06:17

If you say a user brought it to work, I assume it's one of those cheap-o, 3 for a buck, home-user switches. Those don't have spanning tree. All the switches in the topology need to have spanning-tree enabled. I believe what happened was the dumb D-Link switch, not knowing spanning tree, doesn't participate in the whole BPDU, this port is forwarding, this port is blocking message exchange, so both links on both switched were in FWD mode. It probably only took a couple of broadcasts to take your network down.

I encountered this scenario about a year back, and what I did was enable Broadcast Storm Control on the "Smart Switch" (P.S: It wasn't CISCO)

Shibu1978 Tue, 05/19/2009 - 08:24

Thanks for the reply.

In Cisco switch side already spanning tree is configured and running. will not be cisco switch blocking one of the port which connects to Dlink switch ?

One more thing i noticed in cisco switch side that "spanning tree portfast" was enabled in those ports. in that case looping will occur right ?

I dont want such incidents happen again in future. please help a way out for it .

Thanks

Shibu,

I would rework your config:

Global Config:

spanning-tree portfast default

spanning-tree portfast bpduguard default

Access port config:

switchport access vlan XX

switchport mode access

switchport nonegotiate

Trunk port config:

switchport trunk encapsulation dot1q

switchport trunk native vlan XX

switchport mode trunk

switchport trunk allowed vlan XX

Giuseppe Larosa Tue, 05/19/2009 - 13:17

Hello Bret,

I agree with you

>> spanning-tree portfast bpdufilter default

Shibu:

this causes problems on enterprise networks because makes a switch vulnerable to simply connecting two ports of same switch together !

bpdu filter is there to be used by SP to avoid to participate in customer's STP.

It is is bpdu guard the right tool.

We use it with storm-control on host ports.

We use loop guard + storm control on uplinks

Hope to help

Giuseppe

Actions

This Discussion