Pkafkas
asked on
What can cause a port to be blocked from spanning tree protocol and how to fix it.
Spanning tree and working production environment.
Greetings, my work place has spanning tree and I have limited experience with Spanning tree. I was charged with setting up new Wireless controllers and to route internet only traffic through a specific "Internet Only" VLan. I have setup the configuration how the vendor suggested. Basically:
- Create DHCP scope and assign the DHCP Gateway to a VLAN on the controller (created for the Guest VLan).
- Then create a Vlan for Internet Only and assign an IP address to that VLAN(From the DHCP Scope).
- Then assign that Internet Only VLAN to an available untagged port on the Wireless Controller.
- The assign an available IP address from the Internet only VLAN on teh wireless controller.
- Then connect that port (0/0/3) to the Internet Only VLAN with its own separate connection.
The problem, is that the Wireless controller is showing that port 0/0/3 is blocking. Port 0/0/3 is the port connected to the Internet Only VLan.
Port Status
-----------
Slot-Port PortType AdminState OperState PoE Trusted SpanningTree PortMode Speed Duplex PortError
--------- -------- ---------- --------- --- ------- ------------ -------- ----- ------ ---------
0/0/0 GE Enabled Down N/A Yes Disabled Trunk Auto Auto -
0/0/1 GE Enabled Up N/A Yes Forwarding Trunk 1 Gbps Full -
0/0/3 GE Enabled Up N/A Yes Blocking Access 1 Gbps Full -
Greetings, my work place has spanning tree and I have limited experience with Spanning tree. I was charged with setting up new Wireless controllers and to route internet only traffic through a specific "Internet Only" VLan. I have setup the configuration how the vendor suggested. Basically:
- Create DHCP scope and assign the DHCP Gateway to a VLAN on the controller (created for the Guest VLan).
- Then create a Vlan for Internet Only and assign an IP address to that VLAN(From the DHCP Scope).
- Then assign that Internet Only VLAN to an available untagged port on the Wireless Controller.
- The assign an available IP address from the Internet only VLAN on teh wireless controller.
- Then connect that port (0/0/3) to the Internet Only VLAN with its own separate connection.
The problem, is that the Wireless controller is showing that port 0/0/3 is blocking. Port 0/0/3 is the port connected to the Internet Only VLan.
Port Status
-----------
Slot-Port PortType AdminState OperState PoE Trusted SpanningTree PortMode Speed Duplex PortError
--------- -------- ---------- --------- --- ------- ------------ -------- ----- ------ ---------
0/0/0 GE Enabled Down N/A Yes Disabled Trunk Auto Auto -
0/0/1 GE Enabled Up N/A Yes Forwarding Trunk 1 Gbps Full -
0/0/3 GE Enabled Up N/A Yes Blocking Access 1 Gbps Full -
Not completely clear on your setup, but are you tagging the internet vlan on G0/0/1? If so, then that could be the reason the access port is blocked.
ASKER
Hello Souja,
The Internet Only VLan is not tagged on the Trunked port.
The Internet Only VLan is not tagged on the Trunked port.
Can you share your port configurations from the switch that this controller is connected two? Also the controller configurations for the two ports in question.
ASKER
I can say that the other 2 ports state (connected to the network switches directly not the wireless controllers) are in a "forwarding" state.
I can tell you that we disabled spanning tree on those ports on the wireless controller and the network still stayed up. We were thinking the loop has to do with the the 2 wireless controllers have a Virtual Connection (Virtual IP address) to each other. Then each Wireless controller is connected to the same network switch(different ports).
I can tell you that we disabled spanning tree on those ports on the wireless controller and the network still stayed up. We were thinking the loop has to do with the the 2 wireless controllers have a Virtual Connection (Virtual IP address) to each other. Then each Wireless controller is connected to the same network switch(different ports).
I just spent the better part of a half an hour writing out an extended explanation of STP to gets us moving on troubleshooting this. Before I posted I scrolled back up to your original question and data to get a couple of pieces of information. I just deleted that dissertation and have truncated it down to the following summary.
The controller is telling you three things:
1. I'm participating in Spanning Tree
2. I see more than one path to the Root Bridge for the same vlan
3. I have placed one of those ports in Blocking state
So what's going on with the controller? Gig 0/1 and Gig 0/2 are in trunk mode. Gig 0/3 is in access mode. Your controller is seeing the Gig 0/3 Access VLAN on both Gig 0/3 and Gig0/2. Gig 0/2 is winning port election because it is the lower port number (0/2 trumps 0/3). 0/3 is placed into blocking state.
How to fix this -
Fastest route - limit VLANs on Gig0/2 to only those that are necessary. In other words, remove the Access VLAN for Gig0/3 from the Gig0/2 Trunk. After you have done this, bounce Gig 0/3. It should come up after initial STP processing.
The controller is telling you three things:
1. I'm participating in Spanning Tree
2. I see more than one path to the Root Bridge for the same vlan
3. I have placed one of those ports in Blocking state
So what's going on with the controller? Gig 0/1 and Gig 0/2 are in trunk mode. Gig 0/3 is in access mode. Your controller is seeing the Gig 0/3 Access VLAN on both Gig 0/3 and Gig0/2. Gig 0/2 is winning port election because it is the lower port number (0/2 trumps 0/3). 0/3 is placed into blocking state.
How to fix this -
Fastest route - limit VLANs on Gig0/2 to only those that are necessary. In other words, remove the Access VLAN for Gig0/3 from the Gig0/2 Trunk. After you have done this, bounce Gig 0/3. It should come up after initial STP processing.
ASKER
The VLan on access port 0/0/3 is not included in the configuration for the allowed trunked vlans on 0/0/1. There is not association with those vlans or ports.
If I disable spanning tree on 0/0/3 then there is no problem with the network.
I would appreciate the detailed explanation of Spanning tree.
If I disable spanning tree on 0/0/3 then there is no problem with the network.
I would appreciate the detailed explanation of Spanning tree.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is the VLAN on 0/0/3 VLAN 1? Blocked ports will always point toward the root bridge. With the port being set up as an access port, you are telling it that it is connected to an end host or other non-STP device.
Change the port to a trunk.
Change the port to a trunk.
With the port being set up as an access port, you are telling it that it is connected to an end host or other non-STP device.This is actually not true. You can have a flat network with multiple switches connected with just access ports and STP would still be needed to prevent loops and work the same. It would be just for one vlan though.
I think we are so used to seeing trunks and multiple vlans between switches in regards to spanning-tree, we forget that spanning tree works as an instance per vlan or in common spanning tree's case all vlans per instance. This Aruba probably using common spanning tree is what I am thinking, so it doesn't care what vlans are on the connections. It just sees two connections receiving bpdu's so it blocks one.
ASKER
The VLan assigned to port 0/0/3 (access port mode) is not VLan-1.
If there is a physical loop in the network but you need the path to be up, you can try limiting that port and its peer to only pass the vlans absolutely necessary for the desired traffic.