Aruba & ProVision-based
1748279 Members
4087 Online
108761 Solutions
New Discussion

Re: Spanning Tree and SonicWall SonicPoints

 

Spanning Tree and SonicWall SonicPoints

We have an E5412zl as our core switches. It has redundant connection to our E6600 top-of-rack switches, so we have MSTP configured to manage those connections. We then have two E2510 egde switches on another floor and another building.  We also have SonicWall E5500 UTM devices (2 in an HA pair) acting as our firewalls and also as controllers for our SonicPoint WAPs.  One WAP is directly connected to the core switch. And the other is connected to one of the E2510 edge switches. 

 

SonicPoints use some proprietary Layer-2 protocols for controlling and provisioing their SonicPoint WAPs. Since we have deployed the SonicPoints WAPs they have worked great for between a couple hours and a day or two.  They then go into a non-responsive state until they are rebooted.   We have a ticket open with Sonicwall and they are blaming spanning tree.  They want me to "completely disable spanning tree for all ports in the SonicPoint network."   My question is how do I do this?  I have enabled bdu-protection and admin-edge-port for all ports involved, but we are still getting the non-responsive state.   Is there anything else I can do to exclude these ports from STP?  Below are the relevant snippets of the config. Port B1 connects to the WAP, B15-B16 connect to the Sonicwalls, B21 & B23 connect to the E2510 edge switches. VLAN1050 is for the SonicPoint control/provisioning network, and VLAN1051 is the actual guest network.

 

vlan 1050 
   name "SonicPoint" 
   untagged B1,B15-B16 
   tagged B21,B23 
   no ip address 
   exit 
vlan 1051 
   name "GuestWLAN" 
   untagged B2 
   tagged B1,B15-B16,B21,B23 
   no ip address 
   exit 

 

spanning-tree
spanning-tree B1 admin-edge-port
spanning-tree B1 bpdu-protection
spanning-tree B2 admin-edge-port
spanning-tree B15 admin-edge-port
spanning-tree B15 bpdu-protection
spanning-tree B16 admin-edge-port
spanning-tree B16 bpdu-protection
spanning-tree B21 admin-edge-port
spanning-tree B21 bpdu-protection
spanning-tree B23 admin-edge-port
spanning-tree B23 bpdu-protection
spanning-tree config-name "ARB MSTP Config"
spanning-tree config-revision 1
spanning-tree instance 1 vlan 165 201 202
spanning-tree instance 1 priority 3
spanning-tree instance 2 vlan 169 200 204
spanning-tree instance 2 priority 3
spanning-tree bpdu-protection-timeout 300

 

 

 

 

 

 

 

 

16 REPLIES 16
Antonio Milanese
Trusted Contributor

Re: Spanning Tree and SonicWall SonicPoints

Hello,

 

spanning-tree  <port-list> bpdu-filter

spanning-tree <port-list> pvst-filter

 

Regards,

 

Antonio

cenk sasmaztin
Honored Contributor

Re: Spanning Tree and SonicWall SonicPoints

ok...

 

fristly

we must analyz port status**********

Port B1 connects to the WAP

spanning-tree B1 admin-edge-port
spanning-tree B1 bpdu-protection

B15-B16 connect to the Sonicwalls

spanning-tree B15 admin-edge-port
spanning-tree B15 bpdu-protection
spanning-tree B16 admin-edge-port
spanning-tree B16 bpdu-protection

B21 & B23 connect to the E2510 edge switches

spanning-tree B21 admin-edge-port
spanning-tree B21 bpdu-protection
spanning-tree B23 admin-edge-port
spanning-tree B23 bpdu-protection

 

Finally your spanning tree configuration False

SOLUTİONS

have been two port status stp configuration

 

frist  auto edge port 

The auto edge port feature enable by default to automatically distinguish the port network device running spanning tree to other ports listeaning to spanning tree information during 3 seconds

secondly

admin edge port this port status for network device pc.printer,phone etc.

 

you setup all uplink port (sonicwall,edge swtch ,wap) admin edge port status this is false all device port must have auto edge port

and You set all uplink port bpdu protect mode

BPDU protection prevents unwanted BPDUs to enter the spanning-tree domain. It is usually used on ports connected

to devices that do not support spanning-tree. When enabled on a port, BPDU protection will disable the port for a

given period (configurable timeout) if a BPDU is received. In our case the 300s timeout will be used for port

deactivation.

 

finally 2

all uplink port must have auto edge port

and all uplink port must have dont't active bpdu protect mode

 

 

 

 

 

 

cenk

Re: Spanning Tree and SonicWall SonicPoints

I'm not sure I'm understanding your proposed solution. 

 

auto-edge-port is enabled on all ports by default. I've confirmed this by running "show spanning-tree config"

 

I should have mentioned I have also tried bpdu-filtering and that didn't seem to work either. I didn't try pvst-filtering, but I don't have any pvst switches on the network.

 

Also, the E2510's have no spanning tree configuration. 

 

The goal is to exclude ports B1,B15,B16,B21,B23 from all spanning tree operations. What should the settings be for each port.

cenk sasmaztin
Honored Contributor

Re: Spanning Tree and SonicWall SonicPoints

finally 2

all uplink port must have auto edge port

and all uplink port must have dont't active bpdu protect mode

 

cenk

Re: Spanning Tree and SonicWall SonicPoints

All ports already have auto-edge port enabled

                 | Path      Prio Admin Auto Admin Hello  Root  TCN   BPDU
 Port  Type      | Cost      rity Edge Edge PtP   Time   Guard Guard Flt
 ----- --------- + --------- ---- ---- ---- ----- ------ ----- ----- ---
 B1    100/1000T | Auto      128  Yes  Yes  True  Global No    No    No
 B15   100/1000T | Auto      128  Yes  Yes  True  Global No    No    No
 B16   100/1000T | Auto      128  Yes  Yes  True  Global No    No    No
 B21   1000SX    | Auto      128  Yes  Yes  True  Global No    No    No
 B23   1000SX    | Auto      128  Yes  Yes  True  Global No    No    No

Admin-edge-mode was enabled as a troubleshooting step to fix this issue, but it had no effect.

 

 BPDU protection was just enabled yesterday. The issue existed before and after enabling BPDU protection.  So it does not appear enabling it or disabling has any effect on the issue. bpdu-filter was also enabled and then disabled and the issue continued to occur.

Antonio Milanese
Trusted Contributor

Re: Spanning Tree and SonicWall SonicPoints

Hi

 
Well i've overlooked your message and pressed "post" but i was in a hurry to go home =)

looking at sonicwall docs they suggest this port config to minimize "sensitive" SDP/SSPP protocols

no lacp
no cdp
power critical
no power-pre-std-detect
spanning-tree xx admin-edge-port
mdix-mode mdix

ok now how those ports could have been blocked by an STP BPDU is beyond my imagination since you've both admin-edge-port + bpdu filter and w/o bpdu-protection/guard

I suspect the problem lies elsewhere...

However

>spanning-tree instance 1 vlan 165 201 202
>spanning-tree instance 1 priority 3
>spanning-tree instance 2 vlan 169 200 204
>spanning-tree instance 2 priority 3

the same priority on both instances it's not a good idea =)

and plese post the following commands outputs

sh span instance ist
sh span instance 1
sh span instance 2
sh span debug-counters ports B1,B15-B16,B21,B23 instance 0
sh span debug-counters ports B1,B15-B16,B21,B23 instance 1
sh span debug-counters ports B1,B15-B16,B21,B23 instance 2

show power bri
show log -r -w

Regards,

Antonio

Re: Spanning Tree and SonicWall SonicPoints

The attached zip has the requested output from the commands you reqested.  On the log I did notice that time on my switch isn't correct. 

You'll also notice a lot of POE errors due a power issue we had a few weeks ago. We are adding more power supplies to address that.

 

I guess I misunderstood the MSTP instance priority.  I understood that was the priority per instance compared to other switches in the same instance.  So in this case I want this core switch to be the 3 choice for root in both instances.

Antonio Milanese
Trusted Contributor

Re: Spanning Tree and SonicWall SonicPoints

Hi

>I understood that was the priority per instance compared to other switches in the same instance. 
>So in this case I want this core switch to be the 3 choice for root in both instances.
oh well rather the one who has misunderstood it was me since I assumed that this meant that you wanted
to coalesce each instance root to core in a triangle topology but from "show span" commands I see that you have assigned different root per instance to ToR switches and left core as root only for cist..it's fine

anyway I think that the problem is not related to STP blocking or interfering with WAPs ports during FWD state
given that stp debug counters are OK!
I'm more inclined to think that depends on a problem related to the POE (even not taking into account your logs and mentioned failure) ..try to disable LLDP on those ports and allocating by value (see sonicwall specs for that)

int <port> power-over-ethernet critical
int <port> poe-allocate-by value
no int <port> lldp

Regards,

Antonio

Re: Spanning Tree and SonicWall SonicPoints

Thanks. 

 

I've already set PoE to critical, but I don't think this is a PoE issue as the issue occured even when the SonicPoints were using their power adapters.