Solved

Cisco and Mikrotik STP

Posted on 2012-04-06
24
4,597 Views
Last Modified: 2016-09-21
Hello !

We have 2 links and one end there is Mikrotik and other is Cisco Switch, can we have STP here as the links are wireless and fiber and at times our primary is not working. Can somebody help with configuration steps on mikrotik ?

Thanks,
0
Comment
Question by:skywalker7
  • 13
  • 10
24 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37818871
The config would depend on your exact devices. Older Cisco switches only support PVST, or Rapid PVST, while Mikrotik supports STP and RSTP.
Basically, it should work, especially if you don't use tagged vlans on the links.
A little drawing and exact device types would be nice.

Tamas
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37822853
Thanks a lot for the answer, its very simple as below :-

Internet:  
Switch cisco 2960 switch
path 1 Fiber :
path 2: Wireless:  ------------------------------    mikrotik 1200 router ------------------ LAN

on the internet side the ISP has switch which is cisco 2960, and has 2 links attached, wireless and fiber, so we have to choose what works.

Can you explain what should be enabled on cisco and mikrotik ? i am little worried as its our main link and would not want to play with it.

Thanks,
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37841439
If it's a layer 2 failover scenario, you'd have to configure 2 ports on the mikrotik as a bridge:
http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge

You can run RSTP on the mikrotik, and either MSTP or RPVST on the cisco.

One thing you may need to adjust is the "path-cost", to make sure it prefers the fiber connection.
0
 
LVL 1

Author Closing Comment

by:skywalker7
ID: 37846178
Fantastic !
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37846192
Just a quick question, do i have to enable root router or something on cisco ?

As you know i have 3 ports active on mikrotik, yes we are talking of layer 2 failover.

1 - connecting to lan
2 - wireless
3 - fiber

so i make a bridge of 2 and 3 ? and how would it link to port 1 ?  as it can be either port 1 and 2 or port 1 and 3.

thanks.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37846936
If you use the Mikrotik as a router (it can be used as a plain-switch also), you'll have two layer3 (routed) interfaces: the bridge (made of port 2 and 3) and the link to the lan (port 1).
Before enabling the failover scenario, I assume you had two layer3 interfaces: port 3 and port 1.

The STP root bridge will depend on the "bridge priority" and the MAC address of the bridge. By default, priority is 32768, so it'll depend on MAC. If we only have these 2 devices participating in the STP, we don't really care who the root bridge is. If one of the devices goes down, we lose any connectivity either way.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37848144
I am using Mikrotik as plan switch, as i have bridge at the moment to the interface which works, either 1 and 2 and 1 and 3. To implement fail over i need to put in bridge interface 2 and 3 and then configure it with cisco, but how would the traffic flow from interface 1 to this new bridge ?

Thanks a lot for you time.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37848302
I see. In that case, put all 3 interfaces in one bridge. (I assumed you do the routing on the Mikrotik.)

On the other hand, this makes the matter of the root bridge more interesting, since your LAN port (and possible downstream switches) also participate in STP. In that case, you should select either the Mikrotik, or a downstream "main/core" switch as root.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37897162
I was testing this in lab and on our downstream switch the port was blocked which was connected to mikrotik, as root guard !

LAN Cisco switch ----- mikrotik ======  Cisco switch at Internet Provide

the double line is 2 links.

when the LAN cisco found out that there is another advertise as superior, the port was disabled.

any suggestion here ?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37897222
If you want to run STP on a port, disable root-guard and bpdu-guard features, as these are protection against STP.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37914032
the stp worked perfect in lab, but when implementing, it cut the lan link off, the dual link were ok, disabled the wireless and was working on fiber. any more advice ? or 2 bridges ?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37915640
Was the LAN link err-disabled, or STP simply blocked it? If the first, we have STP protection in place that we don't want. If the latter, then we have a loop somewhere.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:skywalker7
ID: 37915687
I am on the LAN side, and we have a Mikrotik Router but when i turned on the rstp on mikrotik and added all the ports to bridge, the mikrotik router bridge became the root, but then cut us off, till somebody disabled the wireless link and then i was able to connect and disabled the stp. as the bridge is on the other side of the island i would need to go there and check for errors.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37915773
I tried again, same thing. i cannot ping even from mikrotik router to any device in between till bridge.

lan users --- mik router ----wireless link---- bridge ==== dual link ==== cisco switch --- cisco router to internet.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37916037
Okay, just so I see clearly, is the topology like in the attachment, or is anything left out?
cisco-microtik-stp-v1.txt
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37916230
Yes that exactly like it is, just wireless on port 3 and fiber on port 2 !
on LAN, we have mikrotik router (this does the routing) behind that we have the real users.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37916305
What can cause the loop?
Is it possible that a client PC is attached to the wireless bridge, and the wired lan?
Also, how does the second mikrotik router attach to the network? Could you place it on the 'drawing'?
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37916548
I really don't know, i have the Rstp running but wireless port disable, when i enable this port the connectivity to the bridge is lost, i tried from other end, i could not even reach. I am not sure if the ISP has really enabled the rstp on cisco, as that is on their end. I tried to enable the wireless port to check again, the ports still say designated port and they do not change to disabled port. as one should turn disabled. Is there log i can enable on mikrotik ? something is not right here ! Thanks for helping out.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37918318
There's a default syslog in mikrotik, or you can output it to a syslog server:
http://wiki.mikrotik.com/wiki/Manual:System/Log
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37933431
i have that, but what topic should i log ? and also do i need neighbour enabled on the interfaces ?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37933497
I'm not too familiar with the Mikrotik logging topics myself... You could try 'calc, event, system, route' topics, preferable with debug level.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37933865
I tried a test, just keeping 2 ports on bridge the fiber and wireless, and rstp, event hen i was unable to ping the other side. I could only reach mikrotik, looks like mikrotik is not happy talking to cisco. i think best would be putting a mikrotk router on other end and test. On  cisco side these are the commands :
spanning-tree mode rapid-pvst
spanning-tree extend system-id
0
 
LVL 1

Author Comment

by:skywalker7
ID: 38267719
Hello,

I was able to change the cisco switch to mikrotik and test, but the ports would not change to root bridge, they all remain in designated port, and not as failover or root port. i have changed one bridge priority to 1000, to see if it gets elected as root bridge but that also did not happen.

can you kindly help ?

thanks.
0
 

Expert Comment

by:r barnhart
ID: 41809518
If the mikrotik link is bridged, set protocol from STP to none on this  bridge interface on the mikrotik OS (on both sides of the link), this will allow the physical interface to negotiate with the cisco switch. As long as STP is running on the switch then there will be no loops causing issues in the future, otherwise, in the case of the RB-SXTs the physical interface will not negotiate to the mikrotik on the cisco switch .  shows no link as STP in the switch thinks there is a problem even though there is not.....
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now