Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Help with VLAN 5130 El switch series configuration

lobo83
Occasional Advisor

Help with VLAN 5130 El switch series configuration

Good evening,

Good evening,

We have several hp and 3com switches in our infraestructure and the work as expected regarding vlan and ports configuration. Now we added a 5130 el swith series jg933a.

I'm trying to configure this switch as the others. The weird thing comes here:  I setup only two vlan trunk ports and two access ports, and they work separately, but, when I have one single trunk port working correctly and I add a second trunk port, the first one stops working. Besides, this happens with a strange  "hierarchy". The trunk port connected to another hp switch makes the one attached to a mikrotik router to doesn't work, and if a connect a fiber trunk port it makes the other one (connected to other hp copper port or mikrotik router) to doesnt work.

Any ideas?, i'm breaking my head....

13 REPLIES
parnassus
Honored Contributor

Re: Help with VLAN 5130 El switch series configuration

Hi!

IMHO the given issue description is not very clear (sentences like: "Now we added a 5130 el swith series jg933a." and "I'm trying to configure this switch as the others" aren't very helpful to figure out what is happening and why it happens. You and you only know what is your network topology and what is the resulting behaviour of its configuration): I suggest you to share here a drawing of your current network topology (particularly with details related to your new HPE 5130 EI Switch unit with all the involved physical links) and try to better describe how your network runs without/with the addition of the HPE 5130 EI Switch and what are you trying to achieve by adding the new Switch so Community users will better understand what is your current issue, what caused it and, possibly, how to solve the problem you're facing.

lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Good morning parnassus,

I agree with you, and I'm sorry about this lack of information, maybe part of this lack is due to the difficulties I have to explain this in English.

We have two 3c switches 5500G-EI SFP SS4 24-Port connected to a mikrotik router from which hangs the rest of our network. All the VLANS we have pass trough them. Now we want to replace this 5130 with the two old ones 3C fiber switches. The first thing I did was to manually copy the entire configuration of these two switches to the new one, but the network did not work, perhaps because the VLANS did not get through their trunk ports, so I went to simpler approaches.

This is what i have now in the new switch, one cupper trunk port connected to the router, with one single tagged VLAN and one Access port to this VLAN. I made this work, I mean, I recieve IP from DHCP and i can see the traffic from this vlan mirroring the trunk port, with the correct tag with wireshark.

From this point, I have another copper port configured as trunk to connect to another switch and receive a different vlan, and another port access belonging to another vlan, which also works "separately".

The things gone "weird" at this point: when i connect this second port to this other switch, It seems that the trunk port connected to the router is blocked, and I can not see any traffic from my port configured as monitor, the only thing I see is STP traffic.

Same happens when i connect a fiber trunk port to another switch, even if that fiber port is configured as an access port, it "blocks" the others trunk ports connected to other networking devices.

I know this is really strange, and seems a misconfiguration, but we have so many other hp and 3com switches with the same configuration as that one.

Maybe is more "clear" now?

 

 

 

parnassus
Honored Contributor

Re: Help with VLAN 5130 El switch series configuration

A drawing is worth hundreds words...

A first question: you wrote you have two 3Com SuperStack 4 5500G-EI SFP 24-Ports (3CR17259-91) Switches connected to a MicroTik Router ("We have two 3c switches 5500G-EI SFP SS4 24-Port connected to a mikrotik router from which hangs the rest of our network")...OK...in which way the MicroTik router is connected to them? is it connected to both of them (it's possible!)? is it connected to just one of them? if so, which one? are those 3Com SuperStack 4 Switches backplane stacked (it's possible! you didn't mention that) together? or there is just a single physical link - or a LAG - between them for inter-Switch communication?

You wrote: "Now we want to replace this 5130 with the two old ones 3C fiber switches"...but, sorry, isn't the contrary the action you're doing? don't you want to replace the two old 3Com Switches with the new HPE 5130 making it the new "core"? I'm a little bit puzzled....sorry.

I'm with you (I'm not an english mother tongue member...so I exactly know what you mean when you say that describing a networking scenario is somewhat difficult) but, again, for the benefit of other Community users that can be of help to you, do an handmade drawing: it worths hundreds words and, maybe, it clarifies the scenario also for you.

Probably you are creating (somewhere) a Loop and STP is doing the right job seizing the offending link(s) which are causing the loop...

lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Hello again, thank you for the advices, but I'm not good doing draws,

Ok, I'll try to answer your questions, the router is connected with cupper to the cupper uplinks port of each switch trough different router interfaces (one is for services anf the other one for customers) so each of one handle different vlans. From each 5500 fiber switch, hangs the rest of our infraestructure via sfp links. So we have two "different" physical networks from here, so the switches aren't backplaned, and there is no inter-switch communication.

"Now we want to replace this 5130 with the two old ones 3C fiber switches", sorry, yes, you are right. The 5130 is the one we want to use.

"Probably you are creating (somewhere) a Loop and STP is doing the right job seizing the offending link(s) which are causing the loop..."

Yes, I've thought about this and it's one of the reasons I've simplified the scenario, but I don't really see where the loop can happen since every trunk port has configured one single and different tagged VLAN.

Thank you,

sdide
Respected Contributor

Re: Help with VLAN 5130 El switch series configuration

Hi,

You really need to be way more specific. We can't help you if we are blind.

(This is getting a general problem here in these forums. People do not post the relevant info)

If we are to debug, by any chance, we need to know how your switches are configured. Because a 5130 is not just a plug and play switch, is a managed device, and the configuration means everything when it comes to how the device works.

So. We need to see that configuration. Lets say the interface of interest is called Gi1/0/1. We need you to post for the output of the command :

[HP-5130-switch]display current-configuration interface gi1/0/1

we need to see the spanning tree configuration.

The 5130 has combo interfaces, that means, that you have 8 SFP-containers and 8 RJ-45 Copper connectors where only one of them works at a time. So we really need you to post the relavant configuration. The logs are also interesting especially when the link goes down.  What router is on the other side? How is that router configured? etc etc.

Please.

Regards.

 

 

Søren Dideriksen, Network Administrator
Region Midtjylland
lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Good evening Søren,

Thanks for helping me, and again, my appologies for this lack of information. First thing I have to say, is the large amounf of "unexpected behaviour" we found in this device: sometimes you make changes from the web gui, and sometimes the dialog pops up of applied configuration and others do not, in other occasions they do not occur even after having saved the configuration, you update and the changes are not reflected.

I have enabled ssh and telnet for my administrator (user-role 15, network administrator; permited acces type: FTP, HTTP, HTTPS, SSH, telnet) and I've checked the ports with nmap, and neither of the two services seems to work, the system log says accept my password but after that the server close the session. Same happens with telnet...

images ref: (092)

Well, I'll try to give you the information, if I really should go to cli interface, please tell me.

For simplicity I will use:
2 VLANS configured on all devices: 134 and 200.
4 ports on switch 5130 (interface  17-20) 2 trunks: one of them connected by copper directly to an interface of a mikrotik router (RB1100 AH) and another connected by copper also to another HP switch that connects in turn with the router through a fourth Switch; And 2 access, one for each configured VLAN.

Regarding the router, I do not know what kind of information may be relevant in this case. At least I can say that the interface is configured only to pass the VLAN 200.

This is the port configuration:

interface GigabitEthernet1/0/17
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 200
combo enable copper
mirroring-group 1 mirroring-port inbound
#
interface GigabitEthernet1/0/18
port access vlan 200
combo enable copper
#
interface GigabitEthernet1/0/19
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 134
combo enable copper
#
interface GigabitEthernet1/0/20
port access vlan 134
combo enable copper
#

SPanning tree: I didn't make anything at this field, everything is by default. It's MSTP enabled.

This is the switch info about the previous condition (only one trunk to the router (port 17), and one working access port (port 18).  (port 24 is only to management)

image ref: 095,096.

And this is when I connect the other trunk port to the the HP switch (port 19). This is the point when wireshark can only see STP  traffic trough the monitor port.

image ref: 097,098.

If this is not enough, please tell me what specific information do you need about the STP configuration or the router conf.

Thank you very much,

 

Vince-Whirlwind
Honored Contributor

Re: Help with VLAN 5130 El switch series configuration

I seriously think you need to make a diagram - it would be much quicker than trying to describe your topology in words, and much easier to interpret for troubleshooting.
Also, if you gave us entire configs (sanitised of course) then we could spend less time guessing and more time actually troubleshooting.

What I am getting from what you've written is that this network is turning into a bit of a rabbit warren (probably because you aren't documenting it) - what you seem to have is a loop involving your 2 switches and the router.

Without seeing your full config, I think what you need to do is put VLAN134 in a different STP instance.

sdide
Respected Contributor

Re: Help with VLAN 5130 El switch series configuration

Hi,

First of the CLI. I think its a good idea to access it if you can. For me personally - I use nothing else.

OK.

As i read it. You're connecting the 2 trunk-ports to the router (ie Gi1/0/17 and Gi1/0/19).

This means that, you're connecting the two access-ports to the LAN-segment. This could work, but i would expect it to work the other way around. If the interfaces on your LAN segment switch(es) are not configured correctly, you could be short circuiting vlan 134 and vlan 200. (possibly inducing a loop)

If you're not a Spanning tree expert, you might want to use PVST, which is a lot easier to configure, because you don't need to think and plan (basically) . But, AND THIS IS IMPORTANT, if the rest of your LAN segment network is already runing MSTP, then stick with that.

1: First off its allways - in any scenario - nice to know what software version you're running, because the software might have bugs and features depending on the version, so (issue in the CLI and post the output here:) The command is highligted in bold, the rest is output from my switch as an example.

]display version
HPE Comware Software, Version 7.1.045, Release 3115P05
Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
HPE 5130 24G SFP 4SFP+ EI Switch uptime is 0 weeks, 0 days, 0 hours, 6 minutes
Last reboot reason : USER reboot

Boot image: flash:/5130ei-cmw710-boot-r3115p05.bin
Boot image version: 7.1.045, Release 3115P05
Compiled Oct 17 2016 16:00:00
System image: flash:/5130ei-cmw710-system-r3115p05.bin
System image version: 7.1.045, Release 3115P05
Compiled Oct 17 2016 16:00:00


Slot 1:
Uptime is 0 weeks,0 days,0 hours,6 minutes
HPE 5130 24G SFP 4SFP+ EI JG933A with 1 Processor
BOARD TYPE: 5130-24G-SFP-4SFP+ EI
DRAM: 1024M bytes
FLASH: 512M bytes
PCB 1 Version: VER.B
Bootrom Version: 145
CPLD 1 Version: 002
Release Version: HPE 5130 24G SFP 4SFP+ EI JG933A-3115P05
Patch Version : None
Reboot Cause : UserReboot
[SubSlot 0] 16GE+8COMBO+4SFP Plus

As you can see I run release 3115P05 on my switch .

2: Spanning tree for the relevant VLANs : (log into CLI and do:)

]display stp vlan 200

and

]display stp vlan 134

You can also se the spanning tree state-transistion history in a VLAN (for example for VLAN 134)

]display stp vlan 134 history

To see how spanning tree is globally configured on the switch, do:

]display current-configuration configuration system  | incl "^ stp"
stp mode pvst
stp bpdu-protection
stp pathcost-standard dot1t
stp global enable

Try doing these and post the output results here.

Regards

Søren Dideriksen, Network Administrator
Region Midtjylland
lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Note: I posted this before I saw 2 Soren's message.

 

Good evening,

As it seems that the information I provided is not relevant to anyone, I have decided to start again and make tests even easier.

The first test I have done you can see it in image 01. I have placed the switch in an endpoint of the network, connected to two switches HP1910 without connection between them and that links with the router mikrotik RB1100AH, from which I pass a single VLAN over a trunk port. At this point I do not see how a loop could be produced in any way, correct me if I'm wrong.

Separately the two links work, but when they are together, one of them stops working. The switch log doesn't say anything except to report a topology change.

The second test is even simpler (Figure 02), I only connect the 5130 to the router, through an interface that is running smoothly with the 5500G-EI SFP 24 switch. In this switch, and in all others, it hasn't been touched STP protocol ever, so everything is by default. This interface carries different VLANs, but the link does not seem to work, since no port access belonging to those networks works.

However, a new interface configured on the router to pass only one vlan works with the 5130 switch.

It is possible that you again tell me that information is missing, but I would like to know if you know how to explain such behavior, (assuming I understand "something" of what I am doing).

lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Good evening forum,

Ok Soren, I've connected by serial, don't understand why ssh or telnet aren't working, I'll try to give you the info if you can help me with that too.

"This means that, you're connecting the two access-ports to the LAN-segment. This could work, but i would expect it to work the other way around. If the interfaces on your LAN segment switch(es) are not configured correctly, you could be short circuiting vlan 134 and vlan 200. (possibly inducing a loop)"

I understand that you are refering to all switches involved in that path. I'll try to give you the config of all the ports, besides their STP configuration. I have take a look at the stp configuration of our switches, some of them are running MSTP; and some others are running RSTP, that could be a problem? I didn't design this network, and who did it, didn't care about STP, so everything is by default. By the way, I heard "HP procurve will drop to RSTP if they find another network devices using RSTP", is that true?

Ok, i'm posting the config of the three switches involved in the diagram from my last post. 5130 and two HP 1910 switches.

Version of 5130:

 

[HPE]display version
HPE Comware Software, Version 7.1.045, Release 3115P05
Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
HPE 5130 24G SFP 4SFP+ EI Switch uptime is 1 week, 0 days, 23 hours, 34 minutes
Last reboot reason : USER reboot

Boot image: flash:/5130ei-cmw710-boot-r3115p05.bin
Boot image version: 7.1.045, Release 3115P05
  Compiled Oct 17 2016 16:00:00
System image: flash:/5130ei-cmw710-system-r3115p05.bin
System image version: 7.1.045, Release 3115P05
  Compiled Oct 17 2016 16:00:00

STP:

 

 

[HPE]display current-configuration configuration system  | incl "^ stp"
 stp global enable

 

 

[HPE]display stp
-------[CIST Global Info][Mode MSTP]-------
 Bridge ID           : 32768.e8f7-249f-e010
 Bridge times        : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
 Root ID/ERPC        : 32768.001a-c1e0-1780, 40060
 RegRoot ID/IRPC     : 32768.e8f7-249f-e010, 0
 RootPort ID         : 128.17
 BPDU-Protection     : Disabled
 Bridge Config-
 Digest-Snooping     : Disabled
 TC or TCN received  : 395
 Time since last TC  : 0 days 0h:27m:46s

 

Ports:

 

#
interface GigabitEthernet1/0/17
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 135
 combo enable copper
#
interface GigabitEthernet1/0/18
 port access vlan 200
 combo enable copper
#
interface GigabitEthernet1/0/19
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 134
 combo enable copper
 mirroring-group 1 mirroring-port inbound
#
interface GigabitEthernet1/0/20
 port access vlan 134
 combo enable copper
#

 

HP1910 Switches configuration:

 

[ServeisBaixa1-HP1910]display version
HP Comware Platform Software
Comware Software, Version 5.20, Release 1513P62
Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
HP V1910-48G Switch uptime is 0 week, 6 days, 22 hours, 4 minutes

STP:

 

 

[ServeisBaixa1-HP1910]display current-configuration configuration system  | incl "^ stp"
[ServeisBaixa1-HP1910]
[ServeisBaixa1-HP1910]display stp                                               -------[CIST Global Info][Mode MSTP]-------
CIST Bridge         :32768.bcea-fa39-14be
Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC      :32768.001a-c1e0-1780 / 40040
CIST RegRoot/IRPC   :32768.bcea-fa39-14be / 0
CIST RootPortId     :128.1
BPDU-Protection     :disabled
Bridge Config-
Digest-Snooping     :disabled
TC or TCN received  :258
Time since last TC  :0 days 0h:40m:10s

Port involved:

 

 

#
interface GigabitEthernet1/0/46
 port link-type trunk
 port trunk permit vlan 1 135
 stp edged-port enable
#

Other HP1910:

 

Version:

 

HP Comware Platform Software
Comware Software, Version 5.20, Release 1513P62
Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
HP V1910-48G Switch uptime is 0 week, 6 days, 22 hours, 12 minutes

STP (your command doesn't output anything in this case:

 

 

[ServeisBaixa2-HP1910]display current-configuration configuration system  | incl "^ stp"
[ServeisBaixa2-HP1910]dsiplay stp
                      ^
 % Unrecognized command found at '^' position.
[ServeisBaixa2-HP1910]display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge         :32768.bcea-fa3c-7cee
Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC      :32768.001a-c1e0-1780 / 40040
CIST RegRoot/IRPC   :32768.bcea-fa3c-7cee / 0
CIST RootPortId     :128.1
BPDU-Protection     :disabled
Bridge Config-
Digest-Snooping     :disabled
TC or TCN received  :219
Time since last TC  :0 days 0h:45m:56s

Ports:

 

 

#
interface GigabitEthernet1/0/44
 port link-type trunk
 port trunk permit vlan 1 134
 stp edged-port enable
#

 

PD: I can't show you the output of display stp vlan *, since I'm not using PVST.

Regarding admin permits, this is what i have:

Captura12.PNG

 Captura14.PNG

 

lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Good morning,

Is anyone willing to help me with this?

I have more information but I don't know if anybody is going to learn this. Most swithches are runnig mstp, except a few that are running RSTP. MSTP is by default, so 1 single instance and all the VLAN's mapped to it. No BDPU guard or filter or ports are configured. I suppose they could work together, but some switches noticed a incompatible BDPU format, how could I avoid this?

The bridge root I think is not well placed, in fact, the priorities are by default, you know what I mean. I suppose I can change it even if it is in production and has a small congestion due to the new convergence.

We don't have any redundant link at any point, and no stp protection of any kind, so I guess is like having stp disabled. Any switch has any port in a discarding state.

I don't know why this switch is working like this. Any clue?

 

sdide
Respected Contributor

Re: Help with VLAN 5130 El switch series configuration

Hi,

I'm a bit confused, because in every second post or so, you change the setup physically and logically.

is it vlan 135 or vlan 200? Please stick with the physical and logical setup you want.

I've made a drawing from what you said - under some assumptions. Its attached.

I see a few errors.

  1. On your HP1910 switches you have "stp edged-port enable" on inter-switch trunks. Remove that.
  2. You have specifically removed vlan 1 from your trunks on the 5130, but its still explicit present on the 1910s, Why? Remove them.
  3. We still need to see the configuration on the Mikrotik router interfaces.
  4. We still need confirmation on what how the interfaces are connected. My drawing is guesswork. for example a list would suffice: "5130 interface gi1/0/19" -> "1910-2 interface gi1/0/44"  

NB: Somewhere in the many above posts i got the impression that you had the access ports (Port A and Port C on my drawing) connected to the ports on the 1910s (resp. port F and port E). If that was the case, because vlan 1 is default PVID (untagged) , you would have shourcircuited vlan 134 and 200 and possibly something would not work (loop)

Regards

Søren Dideriksen, Network Administrator
Region Midtjylland
lobo83
Occasional Advisor

Re: Help with VLAN 5130 El switch series configuration

Good evening Soren,

Thank you for your effort and my apologies for constantly changing the network topology, but I need to isolate the switch to understand it.

I'm not a network expert and I'm facing this for the first time. Firts, Ill try to answer to your questions.

1. On your HP1910 switches you have "stp edged-port enable" on inter-switch trunks. Remove that.

This is the terminal output, but, the config is by default, so in auto-mode. Maybe I got the output when the switch wasn't connected. I rechecked this, if a switch is connected, point-to-point is activated.

2. You have specifically removed vlan 1 from your trunks on the 5130, but its still explicit present on the 1910s, Why? Remove them.

I have not done it on purpose. I did it from the webgui. When I change an acccess port to a trunk, the output of the cli gives this result. I did not do any kind of undo from terminal. But yes, I will remove the vlan 1 from all the switches.

4. Ok

5. NB: access ports (A and C) are connected to PC's.

I assume we have a misconfiguration in our stp config, so I've decided to isolate the switch. Now is connected only to a backup router.

This is what I have: mikrotik rb1100AH interface 06 - clients hotspot from the mikrotik router (you can see the config in the attached screenshots). connected to sw5130 interface sw.1/0/23

Switch 5130: all interfaces shut down, except 2 ports: 1/0/23: trunk that permit all vlans and 1/0/24 access port for vlan 135.

You can see the port and stp configuration at the screenshots. SW5130 is the switch root, ¿why is discarding 1/0/23?

I made some testing to know why the port is in discarding state, it detects the port as boundary, so I dive into router interfaces. I have some screenshots of this, they are attached.

Test1:

Mode MSPT, you can see the result at the screenshots. RSTP or STP did the same. PVST enabled made it work. Disabling STP too.

With MSPT enabled and different router configurations:

At the router side, if a connect the switch to an interface with bridges with stp enabled, the port goes to discarding state, if I disable stp at all router's bridges, the port goes to forwarding state. If the interface hasn't have any bridges, it works too.

Why if I enable PVST in the switch and RSTP at the router works? I expect some incompatibility... And why if both are running RSPT or MSTP and only one port is connected it goes to discarding state?