Re: Help with VLAN 5130 El switch series configuration

Hi!

IMHO the given issue description is not very clear (sentences like: "Now we added a 5130 el swith series jg933a." and "I'm trying to configure this switch as the others" aren't very helpful to figure out what is happening and why it happens. You and you only know what is your network topology and what is the resulting behaviour of its configuration): I suggest you to share here a drawing of your current network topology (particularly with details related to your new HPE 5130 EI Switch unit with all the involved physical links) and try to better describe how your network runs without/with the addition of the HPE 5130 EI Switch and what are you trying to achieve by adding the new Switch so Community users will better understand what is your current issue, what caused it and, possibly, how to solve the problem you're facing.

I'm not an HPE Employee

Good morning parnassus,

I agree with you, and I'm sorry about this lack of information, maybe part of this lack is due to the difficulties I have to explain this in English.

We have two 3c switches 5500G-EI SFP SS4 24-Port connected to a mikrotik router from which hangs the rest of our network. All the VLANS we have pass trough them. Now we want to replace this 5130 with the two old ones 3C fiber switches. The first thing I did was to manually copy the entire configuration of these two switches to the new one, but the network did not work, perhaps because the VLANS did not get through their trunk ports, so I went to simpler approaches.

This is what i have now in the new switch, one cupper trunk port connected to the router, with one single tagged VLAN and one Access port to this VLAN. I made this work, I mean, I recieve IP from DHCP and i can see the traffic from this vlan mirroring the trunk port, with the correct tag with wireshark.

From this point, I have another copper port configured as trunk to connect to another switch and receive a different vlan, and another port access belonging to another vlan, which also works "separately".

The things gone "weird" at this point: when i connect this second port to this other switch, It seems that the trunk port connected to the router is blocked, and I can not see any traffic from my port configured as monitor, the only thing I see is STP traffic.

Same happens when i connect a fiber trunk port to another switch, even if that fiber port is configured as an access port, it "blocks" the others trunk ports connected to other networking devices.

I know this is really strange, and seems a misconfiguration, but we have so many other hp and 3com switches with the same configuration as that one.

Maybe is more "clear" now?

A drawing is worth hundreds words...

A first question: you wrote you have two 3Com SuperStack 4 5500G-EI SFP 24-Ports (3CR17259-91) Switches connected to a MicroTik Router ("We have two 3c switches 5500G-EI SFP SS4 24-Port connected to a mikrotik router from which hangs the rest of our network")...OK...in which way the MicroTik router is connected to them? is it connected to both of them (it's possible!)? is it connected to just one of them? if so, which one? are those 3Com SuperStack 4 Switches backplane stacked (it's possible! you didn't mention that) together? or there is just a single physical link - or a LAG - between them for inter-Switch communication?

You wrote: "Now we want to replace this 5130 with the two old ones 3C fiber switches"...but, sorry, isn't the contrary the action you're doing? don't you want to replace the two old 3Com Switches with the new HPE 5130 making it the new "core"? I'm a little bit puzzled....sorry.

I'm with you (I'm not an english mother tongue member...so I exactly know what you mean when you say that describing a networking scenario is somewhat difficult) but, again, for the benefit of other Community users that can be of help to you, do an handmade drawing: it worths hundreds words and, maybe, it clarifies the scenario also for you.

Probably you are creating (somewhere) a Loop and STP is doing the right job seizing the offending link(s) which are causing the loop...

I'm not an HPE Employee

Hello again, thank you for the advices, but I'm not good doing draws,

Ok, I'll try to answer your questions, the router is connected with cupper to the cupper uplinks port of each switch trough different router interfaces (one is for services anf the other one for customers) so each of one handle different vlans. From each 5500 fiber switch, hangs the rest of our infraestructure via sfp links. So we have two "different" physical networks from here, so the switches aren't backplaned, and there is no inter-switch communication.

"Now we want to replace this 5130 with the two old ones 3C fiber switches", sorry, yes, you are right. The 5130 is the one we want to use.

"Probably you are creating (somewhere) a Loop and STP is doing the right job seizing the offending link(s) which are causing the loop..."

Yes, I've thought about this and it's one of the reasons I've simplified the scenario, but I don't really see where the loop can happen since every trunk port has configured one single and different tagged VLAN.

Thank you,

Hi,

You really need to be way more specific. We can't help you if we are blind.

(This is getting a general problem here in these forums. People do not post the relevant info)

If we are to debug, by any chance, we need to know how your switches are configured. Because a 5130 is not just a plug and play switch, is a managed device, and the configuration means everything when it comes to how the device works.

So. We need to see that configuration. Lets say the interface of interest is called Gi1/0/1. We need you to post for the output of the command :

[HP-5130-switch]display current-configuration interface gi1/0/1

we need to see the spanning tree configuration.

The 5130 has combo interfaces, that means, that you have 8 SFP-containers and 8 RJ-45 Copper connectors where only one of them works at a time. So we really need you to post the relavant configuration. The logs are also interesting especially when the link goes down.  What router is on the other side? How is that router configured? etc etc.

Please.

Regards.

Good evening Søren,

Thanks for helping me, and again, my appologies for this lack of information. First thing I have to say, is the large amounf of "unexpected behaviour" we found in this device: sometimes you make changes from the web gui, and sometimes the dialog pops up of applied configuration and others do not, in other occasions they do not occur even after having saved the configuration, you update and the changes are not reflected.

I have enabled ssh and telnet for my administrator (user-role 15, network administrator; permited acces type: FTP, HTTP, HTTPS, SSH, telnet) and I've checked the ports with nmap, and neither of the two services seems to work, the system log says accept my password but after that the server close the session. Same happens with telnet...

images ref: (092)

Well, I'll try to give you the information, if I really should go to cli interface, please tell me.

For simplicity I will use:
2 VLANS configured on all devices: 134 and 200.
4 ports on switch 5130 (interface  17-20) 2 trunks: one of them connected by copper directly to an interface of a mikrotik router (RB1100 AH) and another connected by copper also to another HP switch that connects in turn with the router through a fourth Switch; And 2 access, one for each configured VLAN.

Regarding the router, I do not know what kind of information may be relevant in this case. At least I can say that the interface is configured only to pass the VLAN 200.

This is the port configuration:

interface GigabitEthernet1/0/17
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
combo enable copper
mirroring-group 1 mirroring-port inbound
#
interface GigabitEthernet1/0/18
port access vlan 200
combo enable copper
#
interface GigabitEthernet1/0/19
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 134
combo enable copper
#
interface GigabitEthernet1/0/20
port access vlan 134
combo enable copper
#

SPanning tree: I didn't make anything at this field, everything is by default. It's MSTP enabled.

This is the switch info about the previous condition (only one trunk to the router (port 17), and one working access port (port 18).  (port 24 is only to management)

image ref: 095,096.

And this is when I connect the other trunk port to the the HP switch (port 19). This is the point when wireshark can only see STP  traffic trough the monitor port.

image ref: 097,098.

If this is not enough, please tell me what specific information do you need about the STP configuration or the router conf.

Thank you very much,

I seriously think you need to make a diagram - it would be much quicker than trying to describe your topology in words, and much easier to interpret for troubleshooting.
Also, if you gave us entire configs (sanitised of course) then we could spend less time guessing and more time actually troubleshooting.

What I am getting from what you've written is that this network is turning into a bit of a rabbit warren (probably because you aren't documenting it) - what you seem to have is a loop involving your 2 switches and the router.

Without seeing your full config, I think what you need to do is put VLAN134 in a different STP instance.

Hi,

First of the CLI. I think its a good idea to access it if you can. For me personally - I use nothing else.

OK.

As i read it. You're connecting the 2 trunk-ports to the router (ie Gi1/0/17 and Gi1/0/19).

This means that, you're connecting the two access-ports to the LAN-segment. This could work, but i would expect it to work the other way around. If the interfaces on your LAN segment switch(es) are not configured correctly, you could be short circuiting vlan 134 and vlan 200. (possibly inducing a loop)

If you're not a Spanning tree expert, you might want to use PVST, which is a lot easier to configure, because you don't need to think and plan (basically) . But, AND THIS IS IMPORTANT, if the rest of your LAN segment network is already runing MSTP, then stick with that.

1: First off its allways - in any scenario - nice to know what software version you're running, because the software might have bugs and features depending on the version, so (issue in the CLI and post the output here:) The command is highligted in bold, the rest is output from my switch as an example.

]display version
HPE Comware Software, Version 7.1.045, Release 3115P05
Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
HPE 5130 24G SFP 4SFP+ EI Switch uptime is 0 weeks, 0 days, 0 hours, 6 minutes
Last reboot reason : USER reboot

Boot image: flash:/5130ei-cmw710-boot-r3115p05.bin
Boot image version: 7.1.045, Release 3115P05
 Compiled Oct 17 2016 16:00:00
System image: flash:/5130ei-cmw710-system-r3115p05.bin
System image version: 7.1.045, Release 3115P05
 Compiled Oct 17 2016 16:00:00


Slot 1:
Uptime is 0 weeks,0 days,0 hours,6 minutes
HPE 5130 24G SFP 4SFP+ EI JG933A with 1 Processor
BOARD TYPE: 5130-24G-SFP-4SFP+ EI
DRAM: 1024M bytes
FLASH: 512M bytes
PCB 1 Version: VER.B
Bootrom Version: 145
CPLD 1 Version: 002
Release Version: HPE 5130 24G SFP 4SFP+ EI JG933A-3115P05
Patch Version : None
Reboot Cause : UserReboot
[SubSlot 0] 16GE+8COMBO+4SFP Plus

As you can see I run release 3115P05 on my switch .

2: Spanning tree for the relevant VLANs : (log into CLI and do:)

]display stp vlan 200

and

]display stp vlan 134

You can also se the spanning tree state-transistion history in a VLAN (for example for VLAN 134)

]display stp vlan 134 history

To see how spanning tree is globally configured on the switch, do:

]display current-configuration configuration system  | incl "^ stp"
 stp mode pvst
 stp bpdu-protection
 stp pathcost-standard dot1t
 stp global enable

Try doing these and post the output results here.

Regards

Note: I posted this before I saw 2 Soren's message.

Good evening,

As it seems that the information I provided is not relevant to anyone, I have decided to start again and make tests even easier.

The first test I have done you can see it in image 01. I have placed the switch in an endpoint of the network, connected to two switches HP1910 without connection between them and that links with the router mikrotik RB1100AH, from which I pass a single VLAN over a trunk port. At this point I do not see how a loop could be produced in any way, correct me if I'm wrong.

Separately the two links work, but when they are together, one of them stops working. The switch log doesn't say anything except to report a topology change.

The second test is even simpler (Figure 02), I only connect the 5130 to the router, through an interface that is running smoothly with the 5500G-EI SFP 24 switch. In this switch, and in all others, it hasn't been touched STP protocol ever, so everything is by default. This interface carries different VLANs, but the link does not seem to work, since no port access belonging to those networks works.

However, a new interface configured on the router to pass only one vlan works with the 5130 switch.

It is possible that you again tell me that information is missing, but I would like to know if you know how to explain such behavior, (assuming I understand "something" of what I am doing).