Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Very serious spanning tree problems (I guess).

SOLVED
Go to solution
JMAlexandre
Occasional Advisor

Very serious spanning tree problems (I guess).

Hi All,

 

I've already searched the forums and arrive to the conclusion that we're suffering from a misconfigured spanning tree in our all HP switches. The guys that latetly looked at our configuration didn't report anything.

 

This problems got worst when we've replaced all our workstations from XP to Windows 7, having alot of PCs with connections problems.

 

I do need from you expert, or not, some help so that this weekend I can properly configure our switches.

 

First things first, describing the network:

 

Hardware:

1. We've a backbone switch 4204vl (J8770A) with the latest firmware (L.11.24) at our datacenter

2. We've near and connected to the backbone a 2824 (J4903A) with I.10.77 firmware, that I believe could be used in a failover redesign (it's now simply connected to the backbone)

3. We've 5 floors with at least 3 switches, 1 of them has 4 switches and another one has only one, they all are 2626 (J4900B) with H.10.83 firmware and the one that is alone is a 2610-24 (J9085A) with R.11.72 firmware

4. We've also 2610-24 (J9085A) with R.11.72 firmware connected in the IT room to one of the 4 switch group floor

 

Connections:

1. Floor connection 4 switch example (assuming switch #1, #2, #3 or #4):

- Switch #1 = port #25 is connected to the backbone and port #26 to port #25 of switch #2

- Switch #2 = port #25 is connected to switch #1 port #26 and port #26 is connected to port #25 of swicth #3

- Switch #3 = port #25 is connected to switch #2 port #26 and port #26 is connected to port #25 of swicth #4

- Switch #4 = port #25 is connected to switch #3 port #26 and port #26 connects to the backone

 

Configs:

1. Standard config of floor switches:

; J4900B Configuration Editor; Created on release #H.10.83

hostname "SW1001"
time daylight-time-rule Middle-Europe-and-Portugal
ip default-gateway 10.10.0.251
sntp server 10.10.0.211
timesync sntp
sntp unicast
sntp 30
logging 10.10.0.144
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 10.10.0.104 255.255.252.0
ip igmp
exit
stack join 0021f7516b00
spanning-tree
password manager

 

2. Backbone config:

; J8770A Configuration Editor; Created on release #L.11.24

hostname "BB0700"
time daylight-time-rule Middle-Europe-and-Portugal
mirror-port A6
module 1 type J8768A
module 2 type J9033A
module 4 type J8768A
ip default-gateway 10.10.0.251
sntp server 10.10.0.211
ip routing
timesync sntp
sntp unicast
sntp 30
logging 10.10.0.144
snmp-server community "public" Unrestricted
snmp-server host 10.10.0.66 "public"
vlan 1
name "DEFAULT_VLAN"
untagged A1-A24,B1-B19,B21-B24,D1-D23
ip address 10.10.0.100 255.255.252.0
no untagged B20,D24
ip igmp
exit
vlan 100
name "VLAN_VOIP"
untagged B20
ip address 10.22.0.254 255.255.252.0
ip igmp
exit
vlan 201
name "VLAN_SAN1"
untagged D24
ip address 10.21.0.254 255.255.255.0
ip igmp
exit
interface A15,A23,B13
monitor
exit
ip route 0.0.0.0 0.0.0.0 10.10.0.251
stack commander "XPTO_LI"
stack auto-grab
stack member 1 mac-address 001321a4cd40
stack member 2 mac-address 001321a4eb00

stack member 3 mac-address 001321a55200
stack member 4 mac-address 001321a5c000
stack member 5 mac-address 001321a62b40
stack member 6 mac-address 001321a64ac0
stack member 9 mac-address 0017a45f3200
stack member 11 mac-address 0017a45fc000
stack member 12 mac-address 0017a45fe100
stack member 13 mac-address 0018fec15c40
stack member 14 mac-address 001f28edd200
stack member 7 mac-address 0017a45fa3c0
stack member 8 mac-address 001321a67480
stack member 10 mac-address 001438efd540
stack member 15 mac-address 00170876a4c0
spanning-tree
password manager

 

NOTE: All switches have "spanning-tree" in the configuration.

 

Logs:

Whenever we've problems (loosing network) these are the logs:

(attached Backbone.txt and FloorSwitch.txt)

 

I guess, this lacks configuration.

 

Can someone please help me?

 

If you need more info, please ask.

 

Best regards,

 

JMAlexandre

 

 

 

11 REPLIES
Richard Brodie_1
Honored Contributor

Re: Very serious spanning tree problems (I guess).

The first thing I would do would be to pick a root switch; a change of root will ripple all the way through the network. Somewhere stable, at the centre of the network is best.

 

Switches are identified by priority:mac-address, with the lowest winning. It's always troubling when the root switch has the default priority (8 but it's in steps of 4096). From your logs the root has switched between 32768:001185-4e09c0 and 32768:0012cf-9befa0.

 

Anyway, the first thing I would do is 'span priority 0' on your backbone switch.

JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi Richard,

 

Thank you very much for your support.

 

I'm trying to do my home work, but I've read about some different configurations/solutions and I don't know what it would be the best for my scenario. I would use RSTP, but what about MSTP?

 

1. I would configure the 4204vl as core #1 and the 2824 as core #2

 

2. The 4204vl and 2824 are connected with each other and from the 2 cables that come from each floor I would connect 1 to the 4204vl and the other to the 2824

 

3. Proposed configurations (only spanning tree related lines):

 

3.1. - 4204vl (core #1)

spanning-tree force-version RSTP-operation
spanning-tree Ax-Axx admin-edge-port (on all ports except the ones connecting to other switches)
spanning-tree priority 0
spanning-tree

3.2. - 2824 (core #2)
spanning-tree force-version RSTP-operation
spanning-tree Ax-Axx admin-edge-port (on all ports except the ones connecting to other switches)
spanning-tree priority 1
spanning-tree

3.3. - 2626 (all floor switches)
spanning-tree force-version RSTP-operation
spanning-tree 1-24 admin-edge-port
spanning-tree

 

Doubts:

A. We've one 2610-24 alone that connectes directly to core #1. Do we've to enable spanning tree on this one? And if we needed to connect another switch to this one?

 

B. We've another 2610-24 that it's connected to one of the floor's multiple switches. Does this one need spanning tree configured?

 

C. Should we use the following commands? If so in all ports or only on the ports that don't have known infrastructure switches attached?

 

spanning-tree BPDU protection 1-20
spanning-tree BPDU-protection-timeout 300

 

Any other tip/clue/recommendation/best practice? Am I forgeting something?

 

All the help from you guys would be very much appreciated as this weekend I've work todo.

 

Thank you Richard, once more.

 

Regards,

 

JMAlexandre

 

JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi All,

 

Just some more info.

 

The command "show spanning-tree" on our 4204vl returns the following:

 

Multiple Spanning Tree (MST) Information

STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : 0021f7-516b00
Switch Priority : 32768
Max Age : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count : 25,329
Time Since Last Change : 36 mins

CST Root MAC Address : 0012cf-9befa0
CST Root Priority : 32768
CST Root Path Cost : 20019
CST Root Port : B20

IST Regional Root MAC Address : 0021f7-516b00
IST Regional Root Priority : 32768
IST Regional Root Path Cost : 0
IST Remaining Hops : 20

Root Guard Ports :
TCN Guard Ports :
Protected Ports :
Filtered Ports :

| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
----- --------- + --------- ----- ---------- + ------------- ----- --- ----
A1 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A2 100/1000T | Auto 128 Disabled |
A3 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A4 100/1000T | 200000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A5 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes No
A6 100/1000T | 200000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A7 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A8 100/1000T | Auto 128 Disabled |
A9 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes No
A10 100/1000T | 200000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A11 100/1000T | Auto 128 Disabled |
A12 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A13 100/1000T | Auto 128 Disabled |
A14 100/1000T | 20000 128 Forwarding | 0021f7-516b00 2 Yes Yes
A15 100/1000T | 200000 128 Forwarding | 0021f7-516b00 2 Yes Yes

...

 

Should we use MSTP?

 

At this 4204vl we've a VLAN that connects and routes traffic to 2 2910al-24G that are part of an iSCSI (VMware and HP LeftHand equipments), they have also spanning-tree active but on these switches I didn't want to mess up anything. The same commands returns the following:

 

Multiple Spanning Tree (MST) Information

STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : 002347-bf7a40
Switch Priority : 32768
Max Age : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count : 2272
Time Since Last Change : 50 mins

CST Root MAC Address : 0012cf-9befa0
CST Root Priority : 32768
CST Root Path Cost : 40019
CST Root Port : 21

IST Regional Root MAC Address : 002347-bf7a40
IST Regional Root Priority : 32768
IST Regional Root Path Cost : 0
IST Remaining Hops : 20

Root Guard Ports :
TCN Guard Ports :
BPDU Protected Ports :
BPDU Filtered Ports :
PVST Protected Ports :
PVST Filtered Ports :

| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
----- --------- + --------- ---- ---------- + ------------- ---- --- ----
1 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes
2 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes
3 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes
4 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes
5 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes
6 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes
7 100/1000T | Auto 128 Disabled |
8 100/1000T | Auto 128 Disabled |
9 100/1000T | 200000 128 Forwarding | 002347-bf7a40 2 Yes Yes
10 100/1000T | Auto 128 Disabled |
11 100/1000T | Auto 128 Disabled |
12 100/1000T | Auto 128 Disabled |
13 100/1000T | 20000 128 Forwarding | 002347-bf7a40 2 Yes Yes

 

What percaution should I take with this VLAN?

 

Thanks,

 

JMAlexandre

 

Richard Brodie_1
Honored Contributor

Re: Very serious spanning tree problems (I guess).

For now, this tells you about the root switch:

 

CST Root MAC Address : 0012cf-9befa0
CST Root Priority : 32768
CST Root Path Cost : 20019
CST Root Port : B20

 

This tells you the current root switch: 0012cf-9befa0, and its priority, 8 (*4096)

It's connected via port B20 on 4204vl; the 19 part of the cost is using the old STP scales.

 

So it's probably two hops away; if you repeat on whatever is on port B20, that should locate the actual root for you.

JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi Richard,

 

Thanks again.

 

And what about my previous post and the proposed configuration? Is it OK?

 

Cheers,

 

JMAlexandre

 

JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi All,

 

I do know that this is a not an answering machine, but as I need to do something on our switches this weekend could anyone, besides Richard that already helped me, please comment my porposed configurantion on my 2nd post.

 

Sorry, but I'm really in unknown waters.

 

Thanks in advance.

 

Regards,

 

JMAlexandre

 

Richard Brodie_1
Honored Contributor
Solution

Re: Very serious spanning tree problems (I guess).

The configuration looks fine to me, good luck!

 

A, B. If you don't have any redundant links, it's not essential to enable spanning tree. I usually enable it on switches that are 'permanenly on'.

 

C BPDU protection will disable a port if it sees incoming spanning tree messages. That will prevent a switch not under your control from taking part in the spanning tree, and reduce the number of spanning tree reconfigurations rippling through the network.

 

It is probably a good idea to harden the network that way; definitely not on ports that connect to other switches that have spanning tree enabled. Also, it protects the network by taking the port offline, so if you have any spanning tree enabled switches that you aren't aware of they may lose access.

JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi Richard, Thanks again for your help. For personal reasons I wasn't able to reconfigure our switches this weekend, but I certainly will do it the next one. I'll get back as soon as I apply these configs. Have a nice weekend. Regards, JMAlexandre
JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi Richard,

 

Just one last question.

 

Is it OK to have "cdp run" command on all switches while using "spanning tree"?

 

I would like to use Nedi, at least try it, and as it is a little bit Cisco centric, it would require the "cdp run" command active.

 

Cheers,

 

JMAlexandre

Richard Brodie_1
Honored Contributor

Re: Very serious spanning tree problems (I guess).

Is it OK to have "cdp run" command on all switches while using "spanning tree"?

Yes, that's fine.
JMAlexandre
Occasional Advisor

Re: Very serious spanning tree problems (I guess).

Hi Richard,

I've reconfigured our core switches according with the purposed configuration and for now all seems OK.

The following commands on our floor switches only "worked" on the 2610-24 (J9085A), the 2626 (J4900B) with H.10.83 firmware (we've 13 of them) ignored them:

spanning-tree force-version RSTP-operation
spanning-tree 1-24 admin-edge-port

 

I don't know why but these don't show up in "show config", probably they don't support these.

 

The core #2, 2824 (J4903A) with I.10.77 firmware, ignores the "spanning-tree force-version RSTP-operation" at least in "show config", also "show spanning-tree" looks like this:

 

Rapid Spanning Tree (RSTP) Information

STP Enabled : Yes
Force Version : RSTP-operation

Switch Priority : 4096 Hello Time : 2
Max Age : 20 Forward Delay : 15

Topology Change Count : 53
Time Since Last Change : 3 hours

 

Why the "Switch Priority : 4096" if in config is "spanning-tree priority 1".

 

We continue to see the following on our floor switches:

"Today 12:21:01","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is now on-line"
"Today 12:21:01","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is Blocked by STP"
"Today 12:20:58","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is Blocked by LACP"
"Today 12:20:56","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is now off-line"
"Today 12:20:39","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is Blocked by STP"
"Today 12:20:39","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is Blocked by LACP"
"Today 12:20:37","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is now off-line"
"Today 12:20:35","USER","INFO","10.10.0.103","ports:","","Syslog"," port 11 is Blocked by LACP"

Is this a normal behavior?

 

Well, overall I think that, with your help, the switches are now properly configured, maybe some more fine tunning if it's necessary.

 

Thanks once more.

 

Cheers,

 

Joao M. Alexandre