Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco and Mikrotik STP

Posted on 2012-04-06
24
5,031 Views
Last Modified: 2016-09-21
Hello !

We have 2 links and one end there is Mikrotik and other is Cisco Switch, can we have STP here as the links are wireless and fiber and at times our primary is not working. Can somebody help with configuration steps on mikrotik ?

Thanks,
0
Comment
Question by:skywalker7
  • 13
  • 10
24 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37818871
The config would depend on your exact devices. Older Cisco switches only support PVST, or Rapid PVST, while Mikrotik supports STP and RSTP.
Basically, it should work, especially if you don't use tagged vlans on the links.
A little drawing and exact device types would be nice.

Tamas
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37822853
Thanks a lot for the answer, its very simple as below :-

Internet:  
Switch cisco 2960 switch
path 1 Fiber :
path 2: Wireless:  ------------------------------    mikrotik 1200 router ------------------ LAN

on the internet side the ISP has switch which is cisco 2960, and has 2 links attached, wireless and fiber, so we have to choose what works.

Can you explain what should be enabled on cisco and mikrotik ? i am little worried as its our main link and would not want to play with it.

Thanks,
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37841439
If it's a layer 2 failover scenario, you'd have to configure 2 ports on the mikrotik as a bridge:
http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge

You can run RSTP on the mikrotik, and either MSTP or RPVST on the cisco.

One thing you may need to adjust is the "path-cost", to make sure it prefers the fiber connection.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 1

Author Closing Comment

by:skywalker7
ID: 37846178
Fantastic !
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37846192
Just a quick question, do i have to enable root router or something on cisco ?

As you know i have 3 ports active on mikrotik, yes we are talking of layer 2 failover.

1 - connecting to lan
2 - wireless
3 - fiber

so i make a bridge of 2 and 3 ? and how would it link to port 1 ?  as it can be either port 1 and 2 or port 1 and 3.

thanks.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37846936
If you use the Mikrotik as a router (it can be used as a plain-switch also), you'll have two layer3 (routed) interfaces: the bridge (made of port 2 and 3) and the link to the lan (port 1).
Before enabling the failover scenario, I assume you had two layer3 interfaces: port 3 and port 1.

The STP root bridge will depend on the "bridge priority" and the MAC address of the bridge. By default, priority is 32768, so it'll depend on MAC. If we only have these 2 devices participating in the STP, we don't really care who the root bridge is. If one of the devices goes down, we lose any connectivity either way.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37848144
I am using Mikrotik as plan switch, as i have bridge at the moment to the interface which works, either 1 and 2 and 1 and 3. To implement fail over i need to put in bridge interface 2 and 3 and then configure it with cisco, but how would the traffic flow from interface 1 to this new bridge ?

Thanks a lot for you time.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37848302
I see. In that case, put all 3 interfaces in one bridge. (I assumed you do the routing on the Mikrotik.)

On the other hand, this makes the matter of the root bridge more interesting, since your LAN port (and possible downstream switches) also participate in STP. In that case, you should select either the Mikrotik, or a downstream "main/core" switch as root.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37897162
I was testing this in lab and on our downstream switch the port was blocked which was connected to mikrotik, as root guard !

LAN Cisco switch ----- mikrotik ======  Cisco switch at Internet Provide

the double line is 2 links.

when the LAN cisco found out that there is another advertise as superior, the port was disabled.

any suggestion here ?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37897222
If you want to run STP on a port, disable root-guard and bpdu-guard features, as these are protection against STP.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37914032
the stp worked perfect in lab, but when implementing, it cut the lan link off, the dual link were ok, disabled the wireless and was working on fiber. any more advice ? or 2 bridges ?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37915640
Was the LAN link err-disabled, or STP simply blocked it? If the first, we have STP protection in place that we don't want. If the latter, then we have a loop somewhere.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37915687
I am on the LAN side, and we have a Mikrotik Router but when i turned on the rstp on mikrotik and added all the ports to bridge, the mikrotik router bridge became the root, but then cut us off, till somebody disabled the wireless link and then i was able to connect and disabled the stp. as the bridge is on the other side of the island i would need to go there and check for errors.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37915773
I tried again, same thing. i cannot ping even from mikrotik router to any device in between till bridge.

lan users --- mik router ----wireless link---- bridge ==== dual link ==== cisco switch --- cisco router to internet.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37916037
Okay, just so I see clearly, is the topology like in the attachment, or is anything left out?
cisco-microtik-stp-v1.txt
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37916230
Yes that exactly like it is, just wireless on port 3 and fiber on port 2 !
on LAN, we have mikrotik router (this does the routing) behind that we have the real users.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37916305
What can cause the loop?
Is it possible that a client PC is attached to the wireless bridge, and the wired lan?
Also, how does the second mikrotik router attach to the network? Could you place it on the 'drawing'?
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37916548
I really don't know, i have the Rstp running but wireless port disable, when i enable this port the connectivity to the bridge is lost, i tried from other end, i could not even reach. I am not sure if the ISP has really enabled the rstp on cisco, as that is on their end. I tried to enable the wireless port to check again, the ports still say designated port and they do not change to disabled port. as one should turn disabled. Is there log i can enable on mikrotik ? something is not right here ! Thanks for helping out.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37918318
There's a default syslog in mikrotik, or you can output it to a syslog server:
http://wiki.mikrotik.com/wiki/Manual:System/Log
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37933431
i have that, but what topic should i log ? and also do i need neighbour enabled on the interfaces ?
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 37933497
I'm not too familiar with the Mikrotik logging topics myself... You could try 'calc, event, system, route' topics, preferable with debug level.
0
 
LVL 1

Author Comment

by:skywalker7
ID: 37933865
I tried a test, just keeping 2 ports on bridge the fiber and wireless, and rstp, event hen i was unable to ping the other side. I could only reach mikrotik, looks like mikrotik is not happy talking to cisco. i think best would be putting a mikrotk router on other end and test. On  cisco side these are the commands :
spanning-tree mode rapid-pvst
spanning-tree extend system-id
0
 
LVL 1

Author Comment

by:skywalker7
ID: 38267719
Hello,

I was able to change the cisco switch to mikrotik and test, but the ports would not change to root bridge, they all remain in designated port, and not as failover or root port. i have changed one bridge priority to 1000, to see if it gets elected as root bridge but that also did not happen.

can you kindly help ?

thanks.
0
 

Expert Comment

by:r barnhart
ID: 41809518
If the mikrotik link is bridged, set protocol from STP to none on this  bridge interface on the mikrotik OS (on both sides of the link), this will allow the physical interface to negotiate with the cisco switch. As long as STP is running on the switch then there will be no loops causing issues in the future, otherwise, in the case of the RB-SXTs the physical interface will not negotiate to the mikrotik on the cisco switch .  shows no link as STP in the switch thinks there is a problem even though there is not.....
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet link load balancer 6 67
Cisco 2960 unable to add SFP modules to device 9 64
Changing Lease Duration for DHCP clients 34 32
cannot view videos at msnbc 12 36
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question