Comware Based
1748074 Members
5482 Online
108758 Solutions
New Discussion юеВ

Re: wrong duplicate IP error messages on A5500

 
16again
Respected Contributor

Re: wrong duplicate IP error messages on A5500

at least, make sure STP root priority on root is superior (=lower).

If somehow a single STP domain is created , instead of multiple domains across L3 links, ports from core will never be blocked by STP

it_ejvnior
Frequent Advisor

Re: wrong duplicate IP error messages on A5500

I did not realize this procedure yet and I have the follow situation.

When I shutdown the core switch port (GI1/0/2 - L2 through ISP switches to the building #2 for an example) I loss the conectivity with the machines inside the building #1.

Through LLDP neighborhood I am unable to discover the building #2 leg.

I have a VPN tunnel from Equinix Data Center to the environment #1, so I log in in the core through this VPN and reboot the device. After this the machines appear online again and I am able to ping some specific devices through this tunnel.

This is a very strange behaviour. Yesterday I reboot the domain controller and the same situation happen, loss of conectivity obligating me to reboot the device.

Do you think that RSTP can solve this breaks?

Again, thanks in advance.

16again
Respected Contributor

Re: wrong duplicate IP error messages on A5500

Normally after STP changes, the network should converge .  After rebooting a switch, the network should converge....to the same situation.
However if some port protection mechanisms (like port security , bpdu guard) has kicked in, and no auto-recovery is configured, a reboot is a way to get connectivity back.   (a crude way I might add)
Prior to reboot, review switch log files



it_ejvnior
Frequent Advisor

Re: wrong duplicate IP error messages on A5500

Well, what I did last friday I will list below. All procedures are did on the core switch.

Through ssh connection I list the stp brief.

All ports was listed as "forwarding" and BPDU protection are disabled.

So, in the ports that are connected the servers I did the command enable stp edge-port. After this the BPDU protection is enable listing in stp brief.

A doubt appear after. The GI1/0/48 is the firewall ASA 5505 port. Should I enable stp edge-port in this port too?

After this procedure I did the command undo shutdown on the GI1/0/2 which is a trunk port to the building #2. The convergence time was the loss of 8 pings to the firewall and it starts to ping again but I think the convergence time could be more faster or am I wrong?

Thanks in advance 16again.

EDIT #1: About auto recovery. Where I can enable this feature?

16again
Respected Contributor

Re: wrong duplicate IP error messages on A5500

The ASA5505 doesn't run STP, so you can use edge port settings.
Port recovery is configured with "shutdown-interval <number of seconds>" command.
Default recovery =30 seconds, don't set to 0 (=no recovery)

On the ISP L2 link, you might consider blocking all incoming/outgoing BPDUs on attached ports. There's only one path between building so loops can't be formed there.

Are you running a routing protocol? If the 5500 route table is messed up, you'll also lose connectivity. (what's 5500 config?)

it_ejvnior
Frequent Advisor

Re: wrong duplicate IP error messages on A5500

Hi.

I will do the command in the firewall port after the job hour.

The core switch config is attached.

How can I block the BPDU over L2 link port?

Thanks a lot and I let you know about the procedure on GI1/0/48 (FW). I set up the shutdown-interval in 10 seconds.

The routing table was automatically generated when the vlans was created. About the port description, it is wrong.

16again
Respected Contributor

Re: wrong duplicate IP error messages on A5500

 use the interface command "undo stp enable" on specific port to disable spanning tree on the port

it_ejvnior
Frequent Advisor

Re: wrong duplicate IP error messages on A5500

I did the command undo stp in the L2 ISP link and stp edged enable in the firewall port.

Did you see something wrong in the routing table?

Mike_ES
Valued Contributor

Re: wrong duplicate IP error messages on A5500


@16again wrote:

 use the interface command "undo stp enable" on specific port to disable spanning tree on the port


Hi,

Based on my experience, this command don't filter BPDU frames (input, output) but only disables STP process for selected L2 port.

Was your intention to exlude one port from STP process?

Br,

Michal

it_ejvnior
Frequent Advisor

Re: wrong duplicate IP error messages on A5500

This port is a trunk to another building and on the other edge has another L2 switch (HPE V1910).

The intention was to disable BPDU not RSTP at all.

The duplicated IP address messages still on but until now the LAN does not stop working.

Thanks in advance.