SGE2010 switches, VLAN's and a blocked port in spanning-tree

Answered Question
Aug 21st, 2012
User Badges:

Folks,


I have 2 switch groups.


2 SGE2010's with VLAN's defined as 10,20 and 30


Vlan 10 is the management VLAN, and it uplinks to our border router.

Vlan 20 is the workstation VLAN, and all workstations point to the switch as their default GW

Vlan 30 is the ip phone VLAN, and all phones use this as their gateway.


I would like to put a LAG between said switches, we have some servers on the ip phone switch that need to be accessed by the workstation clients, and the single 100mb link through the router is probably not going to be enough.


As I understand it, because the switches have different networks on them, a simple lag will not work. I did create a lag, and assign ip addresses to each side, however in that mode, it doesn't appear I can block vlan 10 from transiting the LAG, and with out that block I will end up with a logical loop, and spanning-tree will block one of the uplinks, or the LAG itself.


I have attached an image with a diagram of our current set up.


Any help/advice would be much appreciated.

Correct Answer by Tom Watts about 4 years 12 months ago

Hi John, the vlan 1 isn't relevant. I think I goofed making the picture is all.

But the same thing applies, there is vlan 10, 20, 30.

Vlan 10 link is 10u and 20t and the other link is 10u, 30t.


The trick is not putting all of the vlans on all the links and the mstp should separate it from there.



-Tom

Correct Answer by Tom Watts about 4 years 12 months ago

John, the original 802.1q standard specifies there is only global spanning tree regardless of the vlan membership. That is why you're running in to problems. Cisco developed PVST to run over ISL trunks. MSTP was originally defined as 802.1S which is a combination of 802.1q + RSTP. The 802.1s was later ammended to become a part of the 802.1q.


The person is incorrect as they quote "since spanning tree is construct per vlan." They are incorrect because you have to define spanning tree properties to allow spanning tree per vlan. The small business switches do not support Cisco proprietary PVST or PVST+. However, the SB switches support MSTP which is an IEEE standard.


How the MSTP works is you have what is called Instance, which is each spanning tree construct. Then you have region, the SB switches support only 1 region. The region maintains the instances. Essentially how it works, you enable the MSTP globally. You then specify the instance. As example, vlan 1 is instance 1. Vlan 2 is instance 2.  This will allow you to run 2 physical wire between the switches on different vlan without looping. If you use classic STP or RSTP, the lower cost path will go to block/discard state which is working as intended.



-Tom

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Tom Watts Tue, 08/21/2012 - 10:41
User Badges:
  • Green, 3000 points or more

Hi John,


With the MSTP, you may specify a per vlan spanning tree, essentially making each VLAN their own STP groups. Classic spanning tree and RSTP will do exactly as you describe, bring 1 link down.


Did you get that situated from before around 3 weeks ago? What was the result?



-Tom

searchoptics_2011 Tue, 08/21/2012 - 10:55
User Badges:

Tom,


I remember our conversation a few weeks ago. I did not get a chance to have a go at MSTP, mainly because I have no expierence with it, and looking at the configuration properities, it looks a little daunting.


It has also been a very busy few weeks with the deployment of 200+ phones across several sites, and the system is functioning great with out the LAG trunk, I am just trying to plan for the future.


I made a few postings a few weeks ago, one here and one on the Cisco forums on reddit, and a user there gave me some advice I have been unable to make work (I think it's just wrong), but I would love to go this route if it is in fact possible.


Here is the thread : http://www.reddit.com/r/Cisco/comments/x91tc/vlan_trunks_spanning_tree_and_a_port_blocked/c5kskch


This user implies it's possible to block a VLAN across the LAG which would end the logical loop problems.


It looks like his advice is to make the LAG into a trunk, and then block specific VLAN's from transiting it, but in trunk mode, I can't assign it an IP, so I am sorta wondering how exactly you transport packets across it.


Can you confirm that his advice is in fact incorrect?


If MSTP is my only route, then I suppose it's time to dig into the docs and see If I cant get it up and running.

Correct Answer
Tom Watts Tue, 08/21/2012 - 11:08
User Badges:
  • Green, 3000 points or more

John, the original 802.1q standard specifies there is only global spanning tree regardless of the vlan membership. That is why you're running in to problems. Cisco developed PVST to run over ISL trunks. MSTP was originally defined as 802.1S which is a combination of 802.1q + RSTP. The 802.1s was later ammended to become a part of the 802.1q.


The person is incorrect as they quote "since spanning tree is construct per vlan." They are incorrect because you have to define spanning tree properties to allow spanning tree per vlan. The small business switches do not support Cisco proprietary PVST or PVST+. However, the SB switches support MSTP which is an IEEE standard.


How the MSTP works is you have what is called Instance, which is each spanning tree construct. Then you have region, the SB switches support only 1 region. The region maintains the instances. Essentially how it works, you enable the MSTP globally. You then specify the instance. As example, vlan 1 is instance 1. Vlan 2 is instance 2.  This will allow you to run 2 physical wire between the switches on different vlan without looping. If you use classic STP or RSTP, the lower cost path will go to block/discard state which is working as intended.



-Tom

searchoptics_2011 Tue, 08/21/2012 - 11:10
User Badges:

Tom,


Thanks for all your help.


I guess it's time to have a look at MSTP and see if I cant get this up and running before these go into production.


I really appreciate your advice!

searchoptics_2011 Wed, 08/22/2012 - 11:43
User Badges:

Ok so a quick question here.


It doesnt appear my cisco 890 supports MSTP.


But both switches do.


How exactly do I go about this?


Basically vlan 10 needs to be available on both switch's uplink ports but not on the LAG, vlan 20 and 30 need to be available on the LAG but not on the uplinks.


So put both switches in the same region and give every vlan its own instance?

Tom Watts Wed, 08/22/2012 - 12:05
User Badges:
  • Green, 3000 points or more

Hi John,


Reference my picture below. The vlan 10 instance picture, shows how your network normally would look. Obviously the ports will go down.

The vlan 20/30 instance picture, notice the links between the left switch and right switch.  The router is sort of a wild card. I don't know how it will behave but with the switch configuration if you make each vlan their own instance and configure as my diagram, it should work, provided the router won't hose you up.





-Tom

searchoptics_2011 Wed, 08/22/2012 - 12:10
User Badges:

Two questions,


Why the U vlan 1? We basically have that shut down.


For the 20/30 instance. I need 10 on the firewall uplink (so it can route out).


Otherwise this looks pretty simple.

Correct Answer
Tom Watts Wed, 08/22/2012 - 12:36
User Badges:
  • Green, 3000 points or more

Hi John, the vlan 1 isn't relevant. I think I goofed making the picture is all.

But the same thing applies, there is vlan 10, 20, 30.

Vlan 10 link is 10u and 20t and the other link is 10u, 30t.


The trick is not putting all of the vlans on all the links and the mstp should separate it from there.



-Tom

searchoptics_2011 Wed, 08/22/2012 - 12:38
User Badges:

Got it, thanks again.


6PM PST tonight this goes into play and we will see if it flys with the router!


Appreciate all your help, if you're ever in San Diego, I owe ya a beer!



edit.. Just for clarity, both switches go in the same region with teh same revision # ?

Tom Watts Wed, 08/22/2012 - 12:44
User Badges:
  • Green, 3000 points or more

The MSTP revision levels should be the same on all devices. The MSTP region must also be the same as the switches only support 1 region.



-Tom