Switches, Hubs, and Modems
1748219 Members
4716 Online
108759 Solutions
New Discussion юеВ

Re: Procurve Networking Weirdness

 
Gavin Williams ACT
Occasional Advisor

Procurve Networking Weirdness

HI there,

We are experiencing some weird issues with our ProCurve network setup...

We have 2x 2910al-24G switches which form our Core network stack. These are split into 2 Port-based VLANS.
VLAN 1 = Production, Tagged P1-2, Untagged P3-16.
VLAN 2 = DMZ, Tagged P1-2, Untagged P3-16.
Port 1 and 2 are used to link the 2 switches togeather using 2 Cat5e cables.
Spanning tree is enabled on both switches.

Going into these switches are 4 Cables provided from our suppliers' upstream network. The 4 cables are split into 2 VLAN's - Prod and DMZ - and are plumbed into the switches based on the Port Based VLAN. These form 2 Subnets - Production on 10.0.0.0/255.255.224.0 and DMZ on 172.16.16.0/255.255.240.0.

Upstream of the core stack is a Virtualised Firewall which is used to control access, aswell as route between VLAN's, listening on 10.0.31.254 and 172.16.31.254.

We can plug in both DMZ 2 uplink cables and they work perfectly. We can get access to the firewall and the internet beyond.

However when we plug in the DMZ 1 uplink cables, we loose all connectivity on the DMZ 2 uplink. DMZ 1 continues to work and we can get out to the internet.

Having discussed this with our suppliers networks team, they think the issue is being caused by Spanning Tree.
They have recommended the following setup - image attached.

Does this make sense? Will it work? How easy is it to configure the necessary Trunk links and priorities?

Apologies for the long-windedness - advanced network config like this is pretty new to me...

Any info appreciated.

Cheers
Gavin
6 REPLIES 6
Olaf Borowski
Respected Contributor

Re: Procurve Networking Weirdness

Gavin,
What "version" of spanning-tree are you running on the Cisco side? RPVST+, RSTP, STP, MST? If you want "true" interoperability, you need to run a standard protocol, not Cisco's version. When you plug in the DMZ1 uplink cable, look at the spanning tree states of the cisco boxes. Blocking? ErrorDisable? Also look at the log on the cisco boxes. A lot of times it will tell you what is going on.
Gavin Williams ACT
Occasional Advisor

Re: Procurve Networking Weirdness

Hi there,

Unfortunately i have no access to any of the hardware upstream of our hardware. However i'll raise it with the supplier and see if they can help...

Cheers
Gavin
Olaf Borowski
Respected Contributor

Re: Procurve Networking Weirdness

Gavin,
Most of the time, the Cisco shops don't change the default of PVST and that gets you into trouble. At layer 2, you have to agree on a standard that everyone support or else you get stuck with a propriatory solution.
Solution: Agree on "common" spanning tree protocol or let the 2910s route (no layer 2 interaction). Configure static routes on your 2910s and let the core know about the networks you have.
Gavin Williams ACT
Occasional Advisor

Re: Procurve Networking Weirdness

Ok, i'll try and get the information out of our suppliers...

The feedback they previously gave us is to setup priorities on the various links. We're going to re-configure the network tomorrow to use the same VID's as the suppliers network, and pass those VIDs through the Tagged uplink ports.

Now that in itself seems fairly straight-forward. However I am unsure currently around the best way to configure Spanning Tree.

Do i just leave it with the default spanning tree set-up, and assign a different priority to each core switch? Or am I better off configuring MSTP, with 2 groups - one group for each VLAN and one group Root'd on each Core switch?

Thoughts?

Cheers
Gavin
Olaf Borowski
Respected Contributor

Re: Procurve Networking Weirdness

Gavin,
Not that simple. You first need to find out what version of STP the are running. If PVST or RPVST+, no way to interoperate. BPDUs are send out for each VLAN (tagged). ProCurve doesn't know what to do with it. It is Cisco propriatory. You need a common protocol first and then worry about optimizing it.
Gavin Williams ACT
Occasional Advisor

Re: Procurve Networking Weirdness

AS an update to this, we had a very successful day yesterday.

Rebuilt the core switches from the ground up, creating the necessary VLANs, changed the primary, set up trunk uplink ports on the stack, assigned the necessary spanning tree priorities to the switches, plugged in the uplink cables, and it all worked perfectly - spanning tree behaved, could get out to both gateways and failover worked aswell :)

Switch configs' for reference are:
ACT-STAR-SW01: www.card.co.uk/files/ACT-STAR-SW01.txt
ACT-STAR-SW02: www.card.co.uk/files/ACT-STAR-SW02.txt

Then proceeded to build the distribution switches, following much the same process as above on the first 2, and a single VLAN setup on the last 4, and these also worked perfectly :)

A couple of configs' for reference are:
ACT-STAR-SW03 - Multi-VLAN setup: www.card.co.uk/files/ACT-STAR-SW03.txt
ACT-STAR-SW05 - SIngle VLAN setup: www.card.co.uk/files/ACT-STAR-SW05.txt

SO thanks for all the assistance...

If anybody has any comments on the above configs in order to improve, please feel free :)

Cheers
Gavin