Aruba & ProVision-based

2910al: untagged VLAN & STP issues

 
upietz
Occasional Contributor

2910al: untagged VLAN & STP issues

Hello all,

 

I'm having a hard time configuring the following setup:

 

1x 2910al Switch

...having 2 VLANs: DEFAULT_VLAN (1) and DMZ_VLAN (2)

...VID1: Ports 1-12 (untagged)

...VID2: Ports 13-48 (untagged)

To connect both VLANs I want to use a box with bridged nics (nic1->port12, nic2->port13, bridge: nic1<->nic2)

 

Now for the trouble: As soon as I turn on spanning tree on the Switch nic2 gets blocked by stp. All boxes connected to VLAN2 are connected only to VLAN2 and there is no path out of it. nic2 is the only uplink. So why block it?

(When STP is turned off on the switch everything works as expected, at least by me)

 

After hours of googling and reading (I'm not very familiar with stp) the problem seems to be that the stp instance on the switch cannot distinguish between two seperate VLANs, even if the very same switch is configuring them.

 

Now my questions:

 

- Is it correct that I have to create separate instances for my VLANs, even if residing on the same switch?

- If so, how do I do it? I seem to find only configurations where 2 or more switches are involved, nothing for my needs...

 

Thanks for reading,

 

stefan...

8 REPLIES 8
Chrisd131313
Trusted Contributor

Re: 2910al: untagged VLAN & STP issues

Hi Stefan,

 

You will need to use MSTP if it is available on the 1910al switches. This will allow you to have a STP instance per VLAN (in your scenario, but it also lets you group VLANs together in STP instances). If MSTP is available then you should be able to see it listed under "span force-version ?".

 

By using MSTP you can create 2 instances and add each VLAN to each instance. STP & RSTP historically are Layer2 based so they only cared about physical ports and loops, so when VLANs come in to play STP thinks there are loops when logically there are not - that is why MSTP and PVSTP(+), on Cisco kit, came about.

 

HTH

 

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
Richard Brodie_1
Honored Contributor

Re: 2910al: untagged VLAN & STP issues

Normal spanning tree: STP or RSTP doesn't care about VLANs at all, it just prevents loops. MSTP doesn't care much about VLANs but you can play with the configuration until it mostly does what you want. A lot people assume that spanning tree will figure out how their VLANs are configured and do what they want but unfortuntely you only get that with Cisco's proprietary PVST(+). HP have that on some Procurves (under licence, I imagine), not sure about the 2910.

 

If not, you could play around with a fancy MSTP configuration to get what you want but I would probably just bpdu-filter on ports 12 and 13 and have done with it.

upietz
Occasional Contributor

Re: 2910al: untagged VLAN & STP issues

Thanks for your answers.

 

I got the point concerning VLANs and STP, sometimes it's just too obvious.

 

But after reading up on MSTP I really thought I had it there... 2 instances, 2 VLANs, 0 problems, but it just doesn't work as I expected it would... the port still got blocked. What am I missing?


The workaround with the bpdu-filter was a good hint, I configured it and it works. But still... what's the point of having MSTP around if the different instances don't respect the vlans configured for them? Or is it just the setup on a single physical switch?

Chrisd131313
Trusted Contributor

Re: 2910al: untagged VLAN & STP issues

Hi upietz,

 

The MSTP implementation would work if the "uplinks" between your bridged PC and switch were tagged and both VLANs were forwarded on ther "Uplinks". As you are just seperating the VLANs on the single switch in to destinct port ranges I dont think it would work for you.

 

Extract from MSTP Operation....

 

Multiple-Instance spanning tree operation (802.1s) ensures that only one active path exists between any two nodes in a spanning tree instance. A spanning tree instance comprises a unique set ofVLANs, and belongs to a specific spanning tree region. A region can comprise multiple spanning tree instances (each with a different set of VLANs), and allows one active path among regions in a network. Applying VLAN tagging to the ports in a multiple-instance spanning tree network enables blocking of redundant links in one instance while allowing forwarding over the same links for
non-redundant use by another instance.

 

You could look at trying RPVST+ on the switch to see if this makes any difference "span mode rapid-pvst" otherwise your scenario would only work with bpdu-filters in place.

 

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
upietz
Occasional Contributor

Re: 2910al: untagged VLAN & STP issues

Hi Chris,

 

thank you. I don't think I really understand the problems in my setup, but the filtering is fine for now.

 

Is there any documentation on "spanning-tree mode rapid-pvst"? I cannot find it in the manuals...

Chrisd131313
Trusted Contributor

Re: 2910al: untagged VLAN & STP issues

Hi upietz,

 

I could well be that rapid-pvst is not available on the 2910al range of switches. I use 5400zl switches and they have it as an option. If your range of switches have the option it will be listed inteh advanced Traffic Management Guide pdf.

 

 

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
Richard Brodie_1
Honored Contributor

Re: 2910al: untagged VLAN & STP issues

what's the point of having MSTP around if the different instances don't respect the vlans configured for them?

 

MSTP is fairly good for load balancing. So you can have one link active in VLAN 1, and standby in VLAN 2 and another active in VLAN 2 and standby in VLAN 1. When you start pruning VLANs, it gets a little more complicated.

 

But after reading up on MSTP I really thought I had it there... 2 instances, 2 VLANs, 0 problems, but it just doesn't work as I expected it would... the port still got blocked. What am I missing?

 

With the default spanning tree parameters, the two instances are going to have the same topology. The same links will be disabled in both instances. That would be the higher numbered port, I think. You would have to lower the priority of the blocked port in the instance where you want it unblocked. Unfortunately, you can't just throw a VLAN configuation at MSTP and let it sort it out.

 

snakkes
Occasional Contributor

Re: 2910al: untagged VLAN & STP issues

Although not exactly the same problem im experiencing, but very similar.

 

http://h30499.www3.hp.com/t5/ProCurve-ProVision-Based/zl5406-and-mstp-spanning-tree/m-p/6429284#M5857

 

Any comment wuld be appreciated.

 

Regards''snakkes

Snakkes