HPE Community
Aruba & ProVision-based
1752631 Members
5984 Online
108788 Solutions
New Discussion юеВ

ProCurve 2848 MSTP Blocking Ports when it shouldn't

 
SOLVED
Go to solution
Marc Haber
Advisor

тАО08-22-2008 05:20 AM - last edited on тАО03-03-2014 06:06 PM by

тАО08-22-2008 05:20 AM - last edited on тАО03-03-2014 06:06 PM by

ProCurve 2848 MSTP Blocking Ports when it shouldn't

Hi,

I am currently experimenting with a few of ProCurve 2848 with MSTP. Here is my test setup:

| Access
| 43
---------
| sw612 |-------------------------|
--------- 31 |
| 41 |
| |
| VLANs 401, 403 |
| untagged VLAN 1 |
| |
| 41 |
--------- | VLANs 401, 402, 403
| sw613 | | untagged VLAN 1
--------- |
| 17 |
| |
| VLANs 401, 402, 403 |
| untagged VLAN 1 |
| |
| 17 |
--------- |
| sw614 |-------------------------|
--------- 31

(a better readable version of the ascii graph is also in the attachment, which you should view with a fixed-width font)

As you can see, there VLAN 402 is not configured on the link between Switches 612 and 613 (Port numbers 41). I know this does not make sense in practice, but this is a simplified lab setup destined to make me understand what's going on here.

Unfortunately, this does not work as intended and Port 17 on Switch 614 goes into Blocking mode even in MSTP instance 2 where it shouldn't. That way, Switch 613 is not reachable from the Access port in VLAN 402.

The attachment has all switches' full configuration as well as the output of show spanning-tree, show spanning-tree instance 1 and show spanning-tree instance 2 for your reference. If you need more input, I'll happily deliver it.

Any hints will be appreciated, thanks in advance.

Greetings
Marc

 

 

P.S. This thread has been moevd from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. - Hp Forum Moderator

0 Kudos
13 REPLIES 13
Jarret Workman
HPE Pro

тАО08-22-2008 08:22 AM

тАО08-22-2008 08:22 AM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

Hi Marc,

You might try changing the priority of the instances on sw614. As it currently stands, sw612 is the root bridge for everything, so it makes sense that port 17 is being blocked.

Drawing it out, I think it might work if on sw614 you make instance 1 priority 1 and instance 2 priority 0. I believe this would allow sw614 to forward out both port 17 and 31 for instance 2.

Regards,

Jarret

Accept or Kudo

0 Kudos
Marc Haber
Advisor

тАО08-22-2008 09:25 AM

тАО08-22-2008 09:25 AM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

Hi Jarret,

the ring is not closed for VLAN 402, so no port should be blocking in MSTP instance 2 at all regardless of priorities and other settings. Blocking on any port in MSTP instance 2 is always wrong since there is no loop for VLAN 402.

I must be missing something.

Greetings
Marc
0 Kudos
Jarret Workman
HPE Pro

тАО08-22-2008 01:10 PM

тАО08-22-2008 01:10 PM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

Hi Marc,

I tested this setup on three 3500 switches this afternoon.

I encountered a blocked port in instance 2 in the same location.

I ended up changing the spanning tree priorities on sw613 and sw614 to have instance 1 as priority 1 and instance 2 as priority 0.

Once I made this change on both sw613 and sw614, all ports are now open in both instances and I can ping all three vlans on all 3 switches from any switch.

Regards,

Jarret

Accept or Kudo

0 Kudos
Richard Brodie_1
Honored Contributor

тАО08-22-2008 04:36 PM

тАО08-22-2008 04:36 PM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

"I must be missing something."

You're looking at things the wrong way round; what you are describing is something like PVST, where each VLAN has its own spanning tree.

With MST, VLANs are logically above the spanning tree. Nothing in the vlan section of the config file will change the spanning tree topology. It sees your diagram with the VLAN information deleted, effectively.

To put it another way, you ought logically to draw MSTP instance diagrams before VLAN ones.
0 Kudos
Marc Haber
Advisor

тАО08-26-2008 05:25 AM

тАО08-26-2008 05:25 AM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

Hi Richard,

I see. I admit having only used PVST on Cisco before in non-trivial setups, and MSTP is rather new for me.

So, I need to look at things the following way:

MSTP Instance 1

| Access
| 43
---------
| sw612 |-------------------------|
--------- 31 |
| 41 |
| |
| |
| |
| |
| 41 |
--------- |
| sw613 | |
--------- |
| 17 |
| |
| |
| |
| |
| 17 |
--------- |
| sw614 |-------------------------|
--------- 31



MSTP Instance 2

| Access
| 43
---------
| sw612 |-------------------------|
--------- 31 |
|
|
|
|
|
|
--------- |
| sw613 | |
--------- |
| 17 |
| |
| |
| |
| |
| 17 |
--------- |
| sw614 |-------------------------|
--------- 31


(better readable version in the attachment)

Now, how do I tell the MSTP instance 2 to treat the link between sw612/41 and sw613/41 as non-existent?

Greetings
Marc
0 Kudos
Richard Brodie_1
Honored Contributor

тАО08-26-2008 04:16 PM

тАО08-26-2008 04:16 PM

Solution

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

You can't disable the link in MSTI 2 but you can make it less attractive to use. One way would to make the port path cost for that link in MSTI 2 stupidly large.

As Jarret says, lowering the numerical priority on sw614 on instance 2 is the simplest thing to do though. You might like to lower the priority explicitly (for sw612) in instance 1 also, so that your results are reproducable outside the lab.

The trees will always failover if one of the links goes down. If you want to administratively block VLAN 402 so that it's blocked in the failover state you can. Unfortunately, it's your responsibility to make sure instance tree 2 doesn't use the 41-41 link in nornal operation.
Marc Haber
Advisor

тАО08-28-2008 06:03 AM

тАО08-28-2008 06:03 AM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

But I would still need to configure all VLANs on all switches. That's the thing I would like to avoid.

I have a bunch of VLANs that are only used inside the datacenter, and they should not be available outside the datacenter.

Currently, with RSTP, I have to configure all VLANs on all switches and all trunks to avoid the case that RSTP blocks a port that partitions one of the DC-only VLANs. I hope to get around with not configuring the DC-only VLANs on non-DC switches.

Am I too confused to write coherently, or are my intentions clear now?

Greetings
Marc
0 Kudos
Richard Brodie_1
Honored Contributor

тАО08-28-2008 12:48 PM

тАО08-28-2008 12:48 PM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

We are only talking about a one line change to your existing configuration:

sw614> spanning-tree instance 2 priority 0

You don't want spanning tree to block either of the ports on sw614 in instance 2. If it's the root they won't be. You can leave the VLAN trunks pruned as before.

For a larger configuration, it's easier if an MST region has the same VLANs available throughout. So, you might want to create a separate region for your datacentre. Then any internal spanning tree won't loop outside by definition. That's getting away with what you can demonstrate with only 3 switches though.
Marc Haber
Advisor

тАО08-29-2008 02:58 AM

тАО08-29-2008 02:58 AM

Re: ProCurve 2848 MSTP Blocking Ports when it shouldn't

I begin to understand. To try with more than one Region, I need to throw some more switches into the lab. Would this setup here (better picture attached) give more insight?

Access
| 43
---------
| sw11 |---------------------|
--------- 31 |
| 32 Data |
| Center |
| 401-403t | 401-403t
| 1u | 1u
| |
| 32 | 31
--------- 401-403t ---------
| sw12 |-----------------| sw 13 |
--------- 33 1u 33 ---------
| 24 25 |
| |
| 401t, 403t | 401t, 403t
| 1u | 1u
| |
| 24 25 |
--------- 401t,403t ---------
| sw24 |-----------------| sw 25 |
--------- 28 1u 28 ---------
| 26 27 |
| |
| 401t, 403t | 401t, 403t
| 1u offices | 1u
| |
| 26 |
--------- 27 |
| sw26 |---------------------|
---------

Switches 11, 12 and 13 would be the datacenter, Switches 24, 25 and 26 the office switches (that don't have VLAN 402). That way, the links on ports 24 and 25 would be the inter-region links, right? Do I need the link between sw24 and sw25 (ports 28) for redundancy, or would sw24 and sw 25 be able to talk to each other via the data center should sw26 fail?

Greetings
Marc
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.