Pkafkas
asked on
Why did a Spanning Tree enabled switch port bring another switch off-line?
How did an ethernet port (on Switch1) with Spanning Tree Protocol enabled bring another ethernet switch (Switch2) off-line when connected to it? Switch2 did not have spanning tree enabled.
I was setting up a new Wireless Controller (switch1) in our test lab. The test lab has an HP ProCurve Switch(Switch2). The Wireless Controller is essentially an Ethernet Switch with several Ethernet ports and a bit more functionality. Apparently the new Aruba Wireless Controller (Switch1) has all of its ethernet ports automatically enabled with Spanning Tree.
When I plugged the Spanning Tree Port 0/0/0 (switch1) into another Ethernet switch port (Switch2) in about 30 seconds … Switch2 became off-line. As a result aoof the other devices connected to Switch2 were off-line as well. When I un-lugged the Aruba Wireless Controller (Switch1) connection from Switch2 port that Switch came back on-line. The Aruba tech noticed that the Aruba (Switch1) port 0/0/0 was in 'Blocking' STP mode when it connected to the Switch2 so the Aruba Tech disabled the Spanning Tree Protocol for that interface port and then the problem went away.
I wish to understand how STP works and why did that switch port with STP enabled brought the other switch off-line. I have reviewed some material on-line: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol But I still have questions that I wish to clarify.
Question1: Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?
Question2: Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?
I was setting up a new Wireless Controller (switch1) in our test lab. The test lab has an HP ProCurve Switch(Switch2). The Wireless Controller is essentially an Ethernet Switch with several Ethernet ports and a bit more functionality. Apparently the new Aruba Wireless Controller (Switch1) has all of its ethernet ports automatically enabled with Spanning Tree.
When I plugged the Spanning Tree Port 0/0/0 (switch1) into another Ethernet switch port (Switch2) in about 30 seconds … Switch2 became off-line. As a result aoof the other devices connected to Switch2 were off-line as well. When I un-lugged the Aruba Wireless Controller (Switch1) connection from Switch2 port that Switch came back on-line. The Aruba tech noticed that the Aruba (Switch1) port 0/0/0 was in 'Blocking' STP mode when it connected to the Switch2 so the Aruba Tech disabled the Spanning Tree Protocol for that interface port and then the problem went away.
I wish to understand how STP works and why did that switch port with STP enabled brought the other switch off-line. I have reviewed some material on-line: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol But I still have questions that I wish to clarify.
Question1: Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?
Question2: Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?
ASKER
Noci, thank you for the response.
I am in curious, on my case the Test Lab switch (Switch2) has 8 ethernet ports with several VLans.
1. VOIP,
2. IT wired Vlan,
3. Employee Wired vlan
4. Wireless VLan (where Access Points and controllers connect) with a wired connection.
5. Switch Infrastructure VLan.
I connected the new Aruba Wireless Controller (switch1) to a port that has the Wireless VLan. No other ethernet connections from the Aruba were connected to Switch2. Hence, switch2 has 2 trunked ports. 1 for the Switch Infrastructure VLan and the 2nd port for the Aruba. Did the Spanning Tree Protocol think that there there should only be 1 trunked port per switch otherwise there may be a loop created?
I am in curious, on my case the Test Lab switch (Switch2) has 8 ethernet ports with several VLans.
1. VOIP,
2. IT wired Vlan,
3. Employee Wired vlan
4. Wireless VLan (where Access Points and controllers connect) with a wired connection.
5. Switch Infrastructure VLan.
I connected the new Aruba Wireless Controller (switch1) to a port that has the Wireless VLan. No other ethernet connections from the Aruba were connected to Switch2. Hence, switch2 has 2 trunked ports. 1 for the Switch Infrastructure VLan and the 2nd port for the Aruba. Did the Spanning Tree Protocol think that there there should only be 1 trunked port per switch otherwise there may be a loop created?
STP is done per VLAN. Different interfaces can be closed if a loop is detected, but only closed for the VLAN that has a loop.
If the trunk is declared on BOTH sides the same way it is considered ONE connection.. (and they will both go down if the link closes).
The trunk will be closed. Now if it was a trunk on one side and not on the other there would be a configuration error with unpredictible (non-functional) results.
You can send multiple VLAN's across a trunk. (just like any other link).
Try static trunks btw. I have seen dynamic trunks fail under read network load, due to some management packets getting lost.
If the trunk is declared on BOTH sides the same way it is considered ONE connection.. (and they will both go down if the link closes).
The trunk will be closed. Now if it was a trunk on one side and not on the other there would be a configuration error with unpredictible (non-functional) results.
You can send multiple VLAN's across a trunk. (just like any other link).
Try static trunks btw. I have seen dynamic trunks fail under read network load, due to some management packets getting lost.
ASKER
Can anyone explain to me why Switch2 (test lab switch) went off-line after the Switch1 port connected to it?
The Switch1 port did have STP enabled. But the Switch2 port did not have STP enabled on that end.
Also why did disabling STP from the Aruba Switch1 port fix the problem?
The Switch1 port did have STP enabled. But the Switch2 port did not have STP enabled on that end.
Also why did disabling STP from the Aruba Switch1 port fix the problem?
It sounds like your switch port had some type of bddu guard enabled. When it detected a bpdu from the Aruba, it shut the port down.
Disabling STP on the Aruba fixed it because the Aruba was no longer sending BPDU's that triggered the switch port to shut off.
Question1: Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?Yes.
Question2: Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?That is design dependable, but it is generally considered mandatory to run STP on edge switches.
How many switches were involved in this? If there were other switches involved did those switches running STP? Can you please draw topology and what you exactly connected and provide details on STP on involved devices. Since, if only one port between Aruba and HP switch were involved and STP was running only on one switch - Switch2 would have only port to Aruba switch down for 30 seconds, other ports would not be affected.
From details that were provided, I would guess that at least some of other switches were running STP too and there is possibility that Aruba was becoming new root bridge (STP priority of current root bridge was never changed to be lowest value in broadcast domain, so lowest MAC address is deciding which switch will become root bridge).
@noci
STP , by default, on HP switches is not doing per VLAN, there is just one STP (common spanning tree) not PVST.
Standard Spanning tree runs every 30 seconds, rapid spanning tree will react to interface state changesI am not sure how to understand this sentence, but running every 30 seconds is not behavior of STP.
ASKER
there were 3 switches involved in this. 1. The company's core switch.
2. The main core which connected directly to the test lab switch.
3. The test lab switch connected directly to the Aruba switch or controller.
2. The main core which connected directly to the test lab switch.
3. The test lab switch connected directly to the Aruba switch or controller.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Justincase: 30 seconds is the simplification of Listening & Learning....
Rapid STP does not do this BTW, then an interface change will trigger recalculation, and if needed update the Spanning Tree.
Rapid STP is compatible with PVSTP so those can be mixed (STP will still use the old "30"-seconds rule) but not MSTP.
(right naem for RapidSTP).
Rapid STP does not do this BTW, then an interface change will trigger recalculation, and if needed update the Spanning Tree.
Rapid STP is compatible with PVSTP so those can be mixed (STP will still use the old "30"-seconds rule) but not MSTP.
(right naem for RapidSTP).
ASKER
I think JuntinCase, Noci, and Soulja have brought up some good points.
I will inquire if other switches in our company network have Spanning Tree Protocol enabled. I know for a fact that the other Aruba Controllers that are already setup on our network have not disabled STP on each of their ports. Hence, there must be something unique with the test lab switch.
I will inquire about our other switches. I believe that may be the case.
I will inquire if other switches in our company network have Spanning Tree Protocol enabled. I know for a fact that the other Aruba Controllers that are already setup on our network have not disabled STP on each of their ports. Hence, there must be something unique with the test lab switch.
I will inquire about our other switches. I believe that may be the case.
ASKER
We do not have spanning tree enabled on outer switches. But it was enabled o the test lab switch.
I believe Justincase provided the solution.
I believe Justincase provided the solution.
(If STP is disabled, then the device is consideren non existing btw.. (and is transparant, it will just forward all BDPU's).
A1: Yes all devices that can use STP should use STP, or NONE.. in the latter case any loop will bring down the complete network in seconds.
A2: No, STP is completely deterministic.
In your case there probably were 2 connections to SW2 (somehow) and one was closed.
a BDPU is sent around if a device finds a BDPU sent on one port to return on another , there is a loop. To break the loop forwarding is stopped by disabling a port.
The algorithm to detect the loop makes a graph, the Spanning tree. as long as it is a tree it will live, it will break any loops that are detected.
Standard Spanning tree runs every 30 seconds, rapid spanning tree will react to interface state changes.. wich is much faster.
If you have a network were there are guaranteed NO loops, STP can be disabled.