Cisco and Mikrotik STP

Hello !

We have 2 links and one end there is Mikrotik and other is Cisco Switch, can we have STP here as the links are wireless and fiber and at times our primary is not working. Can somebody help with configuration steps on mikrotik ?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TimotiStDatacenter TechnicianCommented:
The config would depend on your exact devices. Older Cisco switches only support PVST, or Rapid PVST, while Mikrotik supports STP and RSTP.
Basically, it should work, especially if you don't use tagged vlans on the links.
A little drawing and exact device types would be nice.

skywalker7Author Commented:
Thanks a lot for the answer, its very simple as below :-

Switch cisco 2960 switch
path 1 Fiber :
path 2: Wireless:  ------------------------------    mikrotik 1200 router ------------------ LAN

on the internet side the ISP has switch which is cisco 2960, and has 2 links attached, wireless and fiber, so we have to choose what works.

Can you explain what should be enabled on cisco and mikrotik ? i am little worried as its our main link and would not want to play with it.

TimotiStDatacenter TechnicianCommented:
If it's a layer 2 failover scenario, you'd have to configure 2 ports on the mikrotik as a bridge:

You can run RSTP on the mikrotik, and either MSTP or RPVST on the cisco.

One thing you may need to adjust is the "path-cost", to make sure it prefers the fiber connection.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

skywalker7Author Commented:
Fantastic !
skywalker7Author Commented:
Just a quick question, do i have to enable root router or something on cisco ?

As you know i have 3 ports active on mikrotik, yes we are talking of layer 2 failover.

1 - connecting to lan
2 - wireless
3 - fiber

so i make a bridge of 2 and 3 ? and how would it link to port 1 ?  as it can be either port 1 and 2 or port 1 and 3.

TimotiStDatacenter TechnicianCommented:
If you use the Mikrotik as a router (it can be used as a plain-switch also), you'll have two layer3 (routed) interfaces: the bridge (made of port 2 and 3) and the link to the lan (port 1).
Before enabling the failover scenario, I assume you had two layer3 interfaces: port 3 and port 1.

The STP root bridge will depend on the "bridge priority" and the MAC address of the bridge. By default, priority is 32768, so it'll depend on MAC. If we only have these 2 devices participating in the STP, we don't really care who the root bridge is. If one of the devices goes down, we lose any connectivity either way.
skywalker7Author Commented:
I am using Mikrotik as plan switch, as i have bridge at the moment to the interface which works, either 1 and 2 and 1 and 3. To implement fail over i need to put in bridge interface 2 and 3 and then configure it with cisco, but how would the traffic flow from interface 1 to this new bridge ?

Thanks a lot for you time.
TimotiStDatacenter TechnicianCommented:
I see. In that case, put all 3 interfaces in one bridge. (I assumed you do the routing on the Mikrotik.)

On the other hand, this makes the matter of the root bridge more interesting, since your LAN port (and possible downstream switches) also participate in STP. In that case, you should select either the Mikrotik, or a downstream "main/core" switch as root.
skywalker7Author Commented:
I was testing this in lab and on our downstream switch the port was blocked which was connected to mikrotik, as root guard !

LAN Cisco switch ----- mikrotik ======  Cisco switch at Internet Provide

the double line is 2 links.

when the LAN cisco found out that there is another advertise as superior, the port was disabled.

any suggestion here ?
TimotiStDatacenter TechnicianCommented:
If you want to run STP on a port, disable root-guard and bpdu-guard features, as these are protection against STP.
skywalker7Author Commented:
the stp worked perfect in lab, but when implementing, it cut the lan link off, the dual link were ok, disabled the wireless and was working on fiber. any more advice ? or 2 bridges ?
TimotiStDatacenter TechnicianCommented:
Was the LAN link err-disabled, or STP simply blocked it? If the first, we have STP protection in place that we don't want. If the latter, then we have a loop somewhere.
skywalker7Author Commented:
I am on the LAN side, and we have a Mikrotik Router but when i turned on the rstp on mikrotik and added all the ports to bridge, the mikrotik router bridge became the root, but then cut us off, till somebody disabled the wireless link and then i was able to connect and disabled the stp. as the bridge is on the other side of the island i would need to go there and check for errors.
skywalker7Author Commented:
I tried again, same thing. i cannot ping even from mikrotik router to any device in between till bridge.

lan users --- mik router ----wireless link---- bridge ==== dual link ==== cisco switch --- cisco router to internet.
TimotiStDatacenter TechnicianCommented:
Okay, just so I see clearly, is the topology like in the attachment, or is anything left out?
skywalker7Author Commented:
Yes that exactly like it is, just wireless on port 3 and fiber on port 2 !
on LAN, we have mikrotik router (this does the routing) behind that we have the real users.
TimotiStDatacenter TechnicianCommented:
What can cause the loop?
Is it possible that a client PC is attached to the wireless bridge, and the wired lan?
Also, how does the second mikrotik router attach to the network? Could you place it on the 'drawing'?
skywalker7Author Commented:
I really don't know, i have the Rstp running but wireless port disable, when i enable this port the connectivity to the bridge is lost, i tried from other end, i could not even reach. I am not sure if the ISP has really enabled the rstp on cisco, as that is on their end. I tried to enable the wireless port to check again, the ports still say designated port and they do not change to disabled port. as one should turn disabled. Is there log i can enable on mikrotik ? something is not right here ! Thanks for helping out.
TimotiStDatacenter TechnicianCommented:
There's a default syslog in mikrotik, or you can output it to a syslog server:
skywalker7Author Commented:
i have that, but what topic should i log ? and also do i need neighbour enabled on the interfaces ?
TimotiStDatacenter TechnicianCommented:
I'm not too familiar with the Mikrotik logging topics myself... You could try 'calc, event, system, route' topics, preferable with debug level.
skywalker7Author Commented:
I tried a test, just keeping 2 ports on bridge the fiber and wireless, and rstp, event hen i was unable to ping the other side. I could only reach mikrotik, looks like mikrotik is not happy talking to cisco. i think best would be putting a mikrotk router on other end and test. On  cisco side these are the commands :
spanning-tree mode rapid-pvst
spanning-tree extend system-id
skywalker7Author Commented:

I was able to change the cisco switch to mikrotik and test, but the ports would not change to root bridge, they all remain in designated port, and not as failover or root port. i have changed one bridge priority to 1000, to see if it gets elected as root bridge but that also did not happen.

can you kindly help ?

r barnhartCommented:
If the mikrotik link is bridged, set protocol from STP to none on this  bridge interface on the mikrotik OS (on both sides of the link), this will allow the physical interface to negotiate with the cisco switch. As long as STP is running on the switch then there will be no loops causing issues in the future, otherwise, in the case of the RB-SXTs the physical interface will not negotiate to the mikrotik on the cisco switch .  shows no link as STP in the switch thinks there is a problem even though there is not.....
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.