Why did a Spanning Tree enabled switch port bring another switch off-line?

Pkafkas
Pkafkas used Ask the Experts™
on
How did an ethernet port (on Switch1) with Spanning Tree Protocol enabled bring another ethernet switch (Switch2) off-line when connected to it?  Switch2 did not have spanning tree enabled.

I was setting up a new Wireless Controller (switch1) in our test lab.  The test lab has an HP ProCurve Switch(Switch2).  The Wireless Controller is essentially an Ethernet Switch with several Ethernet ports and a bit more functionality.  Apparently the new Aruba Wireless Controller (Switch1) has all of its ethernet ports automatically enabled with Spanning Tree.

When I plugged the Spanning Tree Port 0/0/0 (switch1) into another Ethernet switch port (Switch2) in about 30 seconds … Switch2 became off-line.  As a result aoof the other devices connected to Switch2 were off-line as well.  When I un-lugged the Aruba Wireless Controller (Switch1) connection from Switch2 port that Switch came back on-line.  The Aruba tech noticed that the Aruba (Switch1) port 0/0/0 was in 'Blocking' STP mode when it connected to the Switch2 so the Aruba Tech disabled the Spanning Tree Protocol for that interface port and then the problem went away.  

I wish to understand how STP works and why did that switch port with STP enabled brought the other switch off-line.  I have reviewed some material on-line: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol   But I still have questions that I wish to clarify.

Question1:  Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?  


Question2:  Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Probably there was another connection through that switch..., is Rapid STP enabled?  if not then there is a 30 second waiting time before forwarding is enabled. (First check for circular connections..., then if there are none select the root switch selects the paths that should be enabled.

(If STP is disabled, then the device is consideren non existing btw.. (and is transparant, it will just forward all BDPU's).

A1: Yes all devices that can use STP should use STP, or NONE.. in the latter case any loop will bring down the complete network in seconds.
A2: No, STP is completely deterministic.


In your case there probably were 2 connections to SW2 (somehow) and one was closed.
a BDPU is sent around if a device finds a BDPU sent on one port to return on another , there is a loop. To break the loop forwarding is stopped by disabling a port.
The algorithm to detect the loop makes a graph, the Spanning tree. as long as it is a tree it will live, it will break any loops that are detected.

Standard Spanning tree runs every 30 seconds, rapid spanning tree will react to interface state changes.. wich is much faster.
If you have a network were there are guaranteed NO loops, STP can be disabled.
PkafkasNetwork Engineer

Author

Commented:
Noci, thank you for the response.

I am in curious, on my case the Test Lab switch (Switch2) has 8 ethernet ports with several VLans.  

1.  VOIP,
2.  IT wired Vlan,
3.  Employee Wired vlan
4.  Wireless VLan (where Access Points and controllers connect) with a wired connection.
5.  Switch Infrastructure VLan.


I connected the new Aruba Wireless Controller (switch1) to a port that has the Wireless VLan.  No other ethernet connections from the Aruba were connected to Switch2.  Hence, switch2 has 2 trunked ports.  1 for the Switch Infrastructure VLan and the 2nd port for the Aruba.  Did the Spanning Tree Protocol think that there there should only be 1 trunked port per switch otherwise there may be a loop created?
nociSoftware Engineer
Distinguished Expert 2018

Commented:
STP is done per VLAN. Different interfaces can be closed if a loop is detected, but only closed for the VLAN that has a loop.

If the trunk is declared on BOTH sides the same way it is considered ONE connection.. (and they will both go down if the link closes).
The trunk will be closed.  Now if it was a trunk on one side and not on the other there would be a configuration error with unpredictible (non-functional) results.
You can send multiple VLAN's across a trunk. (just like any other link).
Try static trunks btw. I have seen dynamic trunks fail under read network load, due to some management packets getting lost.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

PkafkasNetwork Engineer

Author

Commented:
Can anyone explain to me why Switch2 (test lab switch) went off-line after the Switch1 port connected to it?  

The Switch1 port did have STP enabled.   But the Switch2 port did not have STP enabled on that end.


Also why did disabling STP from the Aruba Switch1 port fix the problem?
SouljaSr.Net.Eng
Top Expert 2011

Commented:
It sounds like your switch port had some type of bddu guard enabled. When it detected a bpdu from the Aruba, it shut the port down.
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Disabling STP on the Aruba fixed it because the Aruba was no longer sending BPDU's that triggered the switch port to shut off.
Distinguished Expert 2018

Commented:
Question1:  Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?  
Yes.
Question2:  Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?
That is design dependable, but it is generally considered mandatory to run STP on edge switches.

How many switches were involved in this? If there were other switches involved did those switches running STP? Can you please draw  topology and what you exactly connected and provide details on STP on involved devices. Since, if only one port between Aruba and HP switch were involved and STP was running only on one switch -  Switch2 would have only port to Aruba switch down for 30 seconds, other ports would not be affected.

From details that were provided, I would guess that at least some of other switches were running STP too and there is possibility that Aruba was becoming new root bridge (STP priority of current root bridge was never changed to be lowest value in broadcast domain, so lowest MAC address is deciding which switch will become root bridge).

@noci
STP , by default, on HP switches is not doing per VLAN, there is just one STP (common spanning tree) not PVST.
Standard Spanning tree runs every 30 seconds, rapid spanning tree will react to interface state changes
I am not sure how to understand this sentence, but running every 30 seconds is not behavior of STP.
PkafkasNetwork Engineer

Author

Commented:
there were 3 switches involved in this. 1. The company's core switch.

2.  The main core which connected directly to the test lab switch.

3.  The test lab switch connected directly to the Aruba switch or controller.
Distinguished Expert 2018
Commented:
Still you are not providing even close to enough details to have whole picture. If you want to know exactly "Why?" with STP involved, then way much more configuration details should be provided.
Can anyone explain to me why Switch2 (test lab switch) went off-line after the Switch1 port connected to it?  
What most likely happened, is that Core and Aruba switches received each other BPDUs (transparently forwarded through Switch2) and links - Aruba to Switch2 and Core to Switch2 were blocked since STP convergence process had to start (since STP topology was changed).
Before port can go from blocking to forwarding state it needs to go through listening (15 seconds) and learning (15 seconds) phase (let's ignore Max Age timer for now). Until STP convergence phase is finished no traffic can be forwarded.
If new switch has superior (lower) bridge ID than current Root bridge switch Superior BPDU will be propagated through whole network, then whole network will start STP reconvergence process (all links will not forward traffic for 30 seconds, since, during reconvergence new port roles/states need to be determine (even if end result may be exactly the same as old port roles/states)).
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@Justincase: 30 seconds is the simplification of Listening & Learning....
Rapid STP does not do this BTW, then an interface change will trigger recalculation, and if needed update the Spanning Tree.
Rapid STP is compatible with PVSTP so those can be mixed (STP will still use the old "30"-seconds rule)  but not MSTP.
(right naem for RapidSTP).
PkafkasNetwork Engineer

Author

Commented:
I think JuntinCase, Noci, and Soulja have brought up some good points.

I will inquire if other switches in our company network have Spanning Tree Protocol enabled.  I know for a fact that the other Aruba Controllers that are already setup on our network have not disabled STP on each of their ports.  Hence, there must be something unique with the test lab switch.

I will inquire about our other switches.  I believe that may be the case.
PkafkasNetwork Engineer

Author

Commented:
We do not have spanning tree enabled on outer switches.  But it was enabled o the test lab switch.

I believe Justincase provided the solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial