Why did a Spanning Tree enabled switch port bring another switch off-line?

How did an ethernet port (on Switch1) with Spanning Tree Protocol enabled bring another ethernet switch (Switch2) off-line when connected to it?  Switch2 did not have spanning tree enabled.

I was setting up a new Wireless Controller (switch1) in our test lab.  The test lab has an HP ProCurve Switch(Switch2).  The Wireless Controller is essentially an Ethernet Switch with several Ethernet ports and a bit more functionality.  Apparently the new Aruba Wireless Controller (Switch1) has all of its ethernet ports automatically enabled with Spanning Tree.

When I plugged the Spanning Tree Port 0/0/0 (switch1) into another Ethernet switch port (Switch2) in about 30 seconds … Switch2 became off-line.  As a result aoof the other devices connected to Switch2 were off-line as well.  When I un-lugged the Aruba Wireless Controller (Switch1) connection from Switch2 port that Switch came back on-line.  The Aruba tech noticed that the Aruba (Switch1) port 0/0/0 was in 'Blocking' STP mode when it connected to the Switch2 so the Aruba Tech disabled the Spanning Tree Protocol for that interface port and then the problem went away.  

I wish to understand how STP works and why did that switch port with STP enabled brought the other switch off-line.  I have reviewed some material on-line: https://en.wikipedia.org/wiki/Spanning_Tree_Protocol   But I still have questions that I wish to clarify.

Question1:  Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?  


Question2:  Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?
LVL 1
PkafkasNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Probably there was another connection through that switch..., is Rapid STP enabled?  if not then there is a 30 second waiting time before forwarding is enabled. (First check for circular connections..., then if there are none select the root switch selects the paths that should be enabled.

(If STP is disabled, then the device is consideren non existing btw.. (and is transparant, it will just forward all BDPU's).

A1: Yes all devices that can use STP should use STP, or NONE.. in the latter case any loop will bring down the complete network in seconds.
A2: No, STP is completely deterministic.


In your case there probably were 2 connections to SW2 (somehow) and one was closed.
a BDPU is sent around if a device finds a BDPU sent on one port to return on another , there is a loop. To break the loop forwarding is stopped by disabling a port.
The algorithm to detect the loop makes a graph, the Spanning tree. as long as it is a tree it will live, it will break any loops that are detected.

Standard Spanning tree runs every 30 seconds, rapid spanning tree will react to interface state changes.. wich is much faster.
If you have a network were there are guaranteed NO loops, STP can be disabled.
PkafkasNetwork EngineerAuthor Commented:
Noci, thank you for the response.

I am in curious, on my case the Test Lab switch (Switch2) has 8 ethernet ports with several VLans.  

1.  VOIP,
2.  IT wired Vlan,
3.  Employee Wired vlan
4.  Wireless VLan (where Access Points and controllers connect) with a wired connection.
5.  Switch Infrastructure VLan.


I connected the new Aruba Wireless Controller (switch1) to a port that has the Wireless VLan.  No other ethernet connections from the Aruba were connected to Switch2.  Hence, switch2 has 2 trunked ports.  1 for the Switch Infrastructure VLan and the 2nd port for the Aruba.  Did the Spanning Tree Protocol think that there there should only be 1 trunked port per switch otherwise there may be a loop created?
nociSoftware EngineerCommented:
STP is done per VLAN. Different interfaces can be closed if a loop is detected, but only closed for the VLAN that has a loop.

If the trunk is declared on BOTH sides the same way it is considered ONE connection.. (and they will both go down if the link closes).
The trunk will be closed.  Now if it was a trunk on one side and not on the other there would be a configuration error with unpredictible (non-functional) results.
You can send multiple VLAN's across a trunk. (just like any other link).
Try static trunks btw. I have seen dynamic trunks fail under read network load, due to some management packets getting lost.
Monitor and Analyze Slow Network Performance

SolarWinds® Bandwidth Analyzer Pack, is designed to detect, diagnose, and resolve network performance issues, and monitor and test network throughput and traffic patterns from a single customizable console.

PkafkasNetwork EngineerAuthor Commented:
Can anyone explain to me why Switch2 (test lab switch) went off-line after the Switch1 port connected to it?  

The Switch1 port did have STP enabled.   But the Switch2 port did not have STP enabled on that end.


Also why did disabling STP from the Aruba Switch1 port fix the problem?
N. SpearsSr.Net.EngCommented:
It sounds like your switch port had some type of bddu guard enabled. When it detected a bpdu from the Aruba, it shut the port down.
N. SpearsSr.Net.EngCommented:
Disabling STP on the Aruba fixed it because the Aruba was no longer sending BPDU's that triggered the switch port to shut off.
JustInCaseCommented:
Question1:  Am I to understand for STP to work correctly that every other switch on the network needs to have STP enabled as well?  
Yes.
Question2:  Or am I to understand that STP is so unpredictable that it should only be enabled for Access/untagged ports that are connected directly to computers/devices and not connected to other Ethernet switches?
That is design dependable, but it is generally considered mandatory to run STP on edge switches.

How many switches were involved in this? If there were other switches involved did those switches running STP? Can you please draw  topology and what you exactly connected and provide details on STP on involved devices. Since, if only one port between Aruba and HP switch were involved and STP was running only on one switch -  Switch2 would have only port to Aruba switch down for 30 seconds, other ports would not be affected.

From details that were provided, I would guess that at least some of other switches were running STP too and there is possibility that Aruba was becoming new root bridge (STP priority of current root bridge was never changed to be lowest value in broadcast domain, so lowest MAC address is deciding which switch will become root bridge).

@noci
STP , by default, on HP switches is not doing per VLAN, there is just one STP (common spanning tree) not PVST.
Standard Spanning tree runs every 30 seconds, rapid spanning tree will react to interface state changes
I am not sure how to understand this sentence, but running every 30 seconds is not behavior of STP.
PkafkasNetwork EngineerAuthor Commented:
there were 3 switches involved in this. 1. The company's core switch.

2.  The main core which connected directly to the test lab switch.

3.  The test lab switch connected directly to the Aruba switch or controller.
JustInCaseCommented:
Still you are not providing even close to enough details to have whole picture. If you want to know exactly "Why?" with STP involved, then way much more configuration details should be provided.
Can anyone explain to me why Switch2 (test lab switch) went off-line after the Switch1 port connected to it?  
What most likely happened, is that Core and Aruba switches received each other BPDUs (transparently forwarded through Switch2) and links - Aruba to Switch2 and Core to Switch2 were blocked since STP convergence process had to start (since STP topology was changed).
Before port can go from blocking to forwarding state it needs to go through listening (15 seconds) and learning (15 seconds) phase (let's ignore Max Age timer for now). Until STP convergence phase is finished no traffic can be forwarded.
If new switch has superior (lower) bridge ID than current Root bridge switch Superior BPDU will be propagated through whole network, then whole network will start STP reconvergence process (all links will not forward traffic for 30 seconds, since, during reconvergence new port roles/states need to be determine (even if end result may be exactly the same as old port roles/states)).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
@Justincase: 30 seconds is the simplification of Listening & Learning....
Rapid STP does not do this BTW, then an interface change will trigger recalculation, and if needed update the Spanning Tree.
Rapid STP is compatible with PVSTP so those can be mixed (STP will still use the old "30"-seconds rule)  but not MSTP.
(right naem for RapidSTP).
PkafkasNetwork EngineerAuthor Commented:
I think JuntinCase, Noci, and Soulja have brought up some good points.

I will inquire if other switches in our company network have Spanning Tree Protocol enabled.  I know for a fact that the other Aruba Controllers that are already setup on our network have not disabled STP on each of their ports.  Hence, there must be something unique with the test lab switch.

I will inquire about our other switches.  I believe that may be the case.
PkafkasNetwork EngineerAuthor Commented:
We do not have spanning tree enabled on outer switches.  But it was enabled o the test lab switch.

I believe Justincase provided the solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.