Unsolved
This post is more than 5 years old
3 Posts
0
10526
May 25th, 2010 13:00
5448 VLAN Bridge Root Problem
I was wondering if anybody would be able to comment on the STP behavior I am witnessing on my networks when I add a 5448 that has been VLAN'd.
Brief description of my network:
My environment is a mix of 52xx, 53xx and 54xx powerconnect switches.
I have four separate layer 2 networks in my building - MGMT, Trust, DMZ, SQL. Each L2 network is configured in a hierarchical manner, and each L2 network has it's own dedicated Root Bridge switch next to my router. Each L2 Root Bridge has a manually configured spanning-tree priority of 0. All the distribution switches below each Root Bridge switch have the default spanning-tree priority of 32768. As it stands, I am using RSTP on all my L2 switches. When I pull up 'show span' on any distribution or root switch, I can verify that each switch properly recognizes it's root, and has proper root and designated ports based upon how I planned my network. One L2 network can't talk to another L2 network without traversing my L3 router. All in all I am happy with my layout.
All this falls apart when I add a new 5448 which I VLAN'd out for each of my 4 networks, and then uplink it to each of my four Root Bridge switches.
(quick breakdown of the VLAN'd 5448)
VLAN 100 - MGMT (uplink g45 untagged)
VLAN 400 - Trust (uplink g46 untagged)
VLAN 500 - DMZ (uplink g47 untagged)
VLAN 600 - SQL (uplink g48 untagged)
Ports g31-36 tagged as trunks to my 6 ESX machines.
My network doesn't stop 'working' per se. I don't experience any STP loops, or packet loss, or broadcast storms. However when I pull up 'show span' on any of my root or distribution switches, the MGMT (VLAN 100) Root Bridge is listed as the new Bridge Root across all my L2 networks. If I unplug my VLAN'd 5448, the various Spanning Trees across my L2 networks return to what I consider normal.
It would seem with the addition of my VLAN'd 5448, I am collapsing my four L2 Spanning Trees into a single Spanning Tree. From what I've read this is a limitation of Dell Switches and/or the RSTP standard.
Is the collapsing of my Spanning Trees into a single Tree something I need to worry about? I find it hard to believe Dell would allow their switches to support VLANing, only to throw in the caveat that it will mess up your L2 spanning trees.
Am I missing something, or am I making a big deal out of nothing?
Thanks for any feedback.
Dan
bh1633
909 Posts
0
May 25th, 2010 13:00
By default the powerconnect switches run a single spanning tree. So if you have a physical loop, STP may remove a link even if you do not have a logical loop. By a logical loop, I mean a loop within a vlan. SO your network may not have a loop because of your vlan configuration, but STP will still see physical loops and change the connectivity of your network.
dbrandel
3 Posts
0
May 26th, 2010 08:00
Even with the VLAN'd 5448 in place, I don't have any physical loops.
I appreciate the response, but it doesn't answer my question :(
dbrandel
3 Posts
0
May 26th, 2010 14:00
That is correct.
Yup, that's what I noticed. No Per-VLAN STP.
That's kinda what I figured I'd end up having to do. I was hoping someone would say "HEY! If you knock your heels together three times and wish on a shooting star, and enter this command at the CLI - Then you'll have seperate spanning trees on the 5448!"
I'll disable STP on the combo port uplinks tonight. Thank for the advice.
bh1633
909 Posts
0
May 26th, 2010 14:00
PVST is not support on PowerConnect switches. It is a Cisco propretary protocol.
However, you could use MSTP, which is standards based and even Cisco supports. This might be a fun exercise for you, but configuring MSTP can be complex. Given your relatively simple network, I would stick with RSTP and disable STP on the ports as I described.
bh1633
909 Posts
0
May 26th, 2010 14:00
So it appears that you had physically separate netwoks, each running its own spanning tree. Then you added a 5448 that physically connected these networks, but was configured with vlans to keep the networks separate. Correct?
The issue I described before still applies to your network. You created a single physical network by tying the networks together with the 5448. The STP on these switches acts on the physical network and elected a single root, regardless of the vlan configuration.
To correct this, disable STP on the 5448 ports connected to your separate networks: g45-g48.