dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
665
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

Network Loop - what did I do wrong?

Lets say I have fa0/1 and fa0/2 and if they were both enabled I'd create a loop.

So I place fa 0/2 in a different VLAN simply by doing a switchport access vlan 200 and fa0/1 is Vlan 1 by default.

Spanning tree still shuts a port down. Why? the ports are in different VLAN's.

ua_hockey
join:2003-08-07
Columbus, OH

2 recommendations

ua_hockey

Member

BPDU guard. Fa0/2 sees bpdus from itself (fa0/1). Dumb question, but why are you intentionally creating a bridge loop? If you really must have a bridge loop, you can disable bpduguard on those interfaces or make them into trunk interfaces. Again, if it really is a bridge loop, expect your cpu to peg at 100% within a few seconds and for the switch to stop forwarding traffic.
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

Switch is located at a tower that feeds multiple other towers. The incoming link is congested so I want to VLAN off a couple of the outgoing links with the backup link for load balancing. Is there a better way to accomplish this? Seems like the switch shouldn't consider traffic in different VLAN's.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

linking one vlan to another like that would not do any load balancing.

and the mac address table isn't limited by vlans so it'll see itself which always leads to a L2 loop (IE network failure)

ua_hockey
join:2003-08-07
Columbus, OH

ua_hockey to wirelessdog

Member

to wirelessdog
OK, now I understand. Use Etherchannel. You should have no problem load balancing across links that way, and can add additional links to the channel group if you start overrunning them. Should be good to go, up to 8 interfaces in the channel group. If you need multiple VLANS, just set up the channel interface as a trunk.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to wirelessdog

MVM

to wirelessdog
said by wirelessdog:

The incoming link is congested so I want to VLAN off a couple of the outgoing links with the backup link for load balancing. Is there a better way to accomplish this?

Second ua_hockey See Profile... the only way to increase capacity is a bigger uplink or to portchannel it, and portchannelling
has loadbalancing mechanisms via IP or MAC address.

...though it'd probably help better to get a diagram of your layout and this "congested" link, just so we can be sure.

My 00000010bits

Regards

ua_hockey
join:2003-08-07
Columbus, OH

ua_hockey

Member

Also switch models would be good, so that you know the limitations (if any) or capabilities. At this point, we're not sure if we're talking 2960s or Nexus.
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

You aren't following me. Consider:

Edge Router -> Fiber -> Tower A -> Tower B -> Tower C (backup link)
Edge Router -> Fiber -> Tower D -> Tower C (primary link)

Tower C feeds towers E, F, G, H respectively.

Instead of the primary link feeding E, F, G, H I want the primary link to feed F, G and H and the secondary link to feed E exclusively. Each tower has a separate wireless link and switch port. However, I want to keep it in the same switch so that if one link fails I could still access the switch via the other link and change vlan's except that doesn't work.

Its a simple concept I can easily do with Mikrotik by creating different bridges within the same box.
wirelessdog

wirelessdog

Member

I'm not load balancing, I am alleviating congestion by sending different interfaces on a different path back to the edge.
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

Be nice to see a complete diagram of what you have now compared to what you want to achieve. But based on me reading that last post a few times I think you may be able to achieve what you want by using spanning-tree interface costs or path costs to manipulate the traffic.
As for the loop in the opening post, remember that when a frame egresses an access interface, the DOT1Q tag is stripped. Unless you have another device that adds the tag back in, it will from that point be considered part of the native vlan (whatever that VLAN happens to be) as the frame is now un-tagged.

KA0OUV
Premium Member
join:2010-02-17
Jefferson City, MO

KA0OUV to wirelessdog

Premium Member

to wirelessdog
I am thinking PVST or PVST+ bit you.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to wirelessdog

MVM

to wirelessdog
Click for full size
I'm confused now. First you say
said by wirelessdog:

with the backup link for load balancing.

...now you say
said by wirelessdog:

I'm not load balancing, I am alleviating congestion by sending different interfaces on a different path back to the edge.

The sense I get from your diagram is that it's a ring topology with the edge router and towers A, B, C, and D,
am I right? I posted up a quick doodle of what I THINK you've got, but I think a full diagram with interfaces
and makes / models of gear you're using would be VERY helpful before we go willie-nilly.

My 00000010bits

Regards
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

Click for full size
Scrap everything I've said thus far. Let me talk off my doodle diagram.

Flat network.

Edge router connects to Tower A via fiber to Tower B via Wireless and finally to Tower C via Wireless into fa0/6

Edge router connects to Tower D via fiber to Tower C via wireless into fa0/8

I want to VLAN off so fa0/6 and fa0/9 are in the same VLAN so Tower E connects back to the edge via the top link through Towers B and A and Towers F,G,H connect back to the edge through Tower D on fa0/8

This accomplishes my manual load balancing by removing Tower E from traversing the path of the other tree towers.

Seems simple enough by placing FA0/6 and FA0/9 in their own VLAN. Problem is, once I no shut fa0/6 STP kills it.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to wirelessdog

MVM

to wirelessdog
said by wirelessdog:

by placing FA0/6 and FA0/9 in their own VLAN. Problem is, once I no shut fa0/6 STP kills it.

...as ua_hockey See Profile said before, the problem is BPDU guard... it's easy enough to see why once you look at
your diagram -- thanks for that, BTW -- as Tower C / fa0/6 can loop back to itself. To avoid this, you'd
have to put a 2nd switch at Tower C to go to Tower E.

It's been awhile since I've done STP, but looks like a) you need to make sure the switch at Tower C is nailed
up as STP root, and b) as suggested before you may want to split the VLANs and go PVST.

...the trick now is the actual commands... and I'm VERY very rusty on my STP...

My 00000010bits

Regards
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

said by HELLFIRE:

as Tower C / fa0/6 can loop back to itself.

Not if fa6 and fa9 are in a different vlan...

ua_hockey
join:2003-08-07
Columbus, OH

1 recommendation

ua_hockey to wirelessdog

Member

to wirelessdog
Ok, based on your diagram, one of these ports will be blocking. If you're using any flavor of PVST, one of the ports will block. That is desired behavior. It is what you want. You DO NOT want a bridge loop, "load balancing" or otherwise. BPDU guard will err disable the port. If you disable bpdu guard, and disable portfast, one of the ports should go FWD, and the other BLK. This is what you want. RSTP will bring up the BLK port faster in the event of a link failure. You can tweak the timers to make it even faster. I won't get into the specifics around RSTP tuning, as a simple Google search will give you what you need. If you REALLY want to load balance, you'll need to use MSTP. I wouldn't recommend MSTP unless you already know the protocol. Up to you though. Make sure you know which switch is the root bridge for each vlan, and know the expected behavior for each stp event.
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

I feel like nobody is reading what I am trying to accomplish.

I want to place 0/6 and 0/9 in a separate VLAN from everything else. Keep everything but 0/6 and 0/9 in the native VLAN1 and place 0/6 and 0/9 in say VLAN 22. How does this create a bridge loop? They are in separate VLAN's.

I can physically do this by putting them in two separate switches but why should I have to?

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to HELLFIRE

MVM

to HELLFIRE
said by HELLFIRE:

the problem is BPDU guard

be careful here, hf.
bpduguard and stp block conditions based on bpdu are two entirely different animals.

stp can (and will) block if a switch receives a bpdu with its local bridge-id in it. this is the loop detection mechanism.

bpduguard disables a port if it receives *any* bpdu on that port. this is generally applied to access ports to prevent people from dangling unmanaged switches and hooking them in to two uplink ports or something.

q.
tubbynet

1 recommendation

tubbynet to wirelessdog

MVM

to wirelessdog
said by wirelessdog:

I feel like nobody is reading what I am trying to accomplish.

to be fair -- you've done a pretty poor job of explaining things up to the last post or so. you've used a lot of conflicting and potentially misleading terminology and not posted a diagram of what you've wanted to do. rule #1 in this forum is (generally) "present all of the information you have in such a way that someone responding doesn't have to make assumptions". there will always be information that you forget to add in -- but if you start out with a strong post, using generally accepted terminology -- the odds of having someone answer are much higher. unless hf is asking the questions -- then we just try to see how far we can pull away from the original topic ;-P

all of that being said -- sure -- you can *absolutely* make this work using vlans -- however -- you've not mentioned a few key details to this:
• is the unique vlan for the towers created on *all* of the switches in the path to your edge? does your edge have a subif to route this new set of ip addresses?
• where it the spanning tree root placed in your network?
• more appropriately -- what mode of spanning-tree are you running in your network?
• have you pruned or otherwise ensured that *only* the vlans you want moving across each of the paths to the edge from tower c are allowed on the links?
• does your wireless link carry 802.1q information, or have you set them up in access mode? is there any p2mp wireless going on tower c (i.e. do you have unique radios for each of the links to the towers, or are you doing this on a sector using some sort of p2mp scenario)?
• under a failure scenario -- have you captured 'show' commands of the spanning-tree state (root, port-info, interface stats, etc) and compared this to a "functional" state?
• have you manipulated any of the spanning-tree characteristics of the network anywhere along your wireless paths?

long story short -- there is a lot to look at here -- and you need to make sure that (a) we understand what you're trying to do (b) understand the steps you've taken to verify what you're seeing and (c) make sure that we understand enough about your network that we don't have to make wild-ass guesses about what things look like (you know, that whole story about blind men, an elephant, and a lot of touchy-feely nonsense).

help us, help you.

q.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to wirelessdog

MVM

to wirelessdog
said by tubbynet:

said by HELLFIRE:

the problem is BPDU guard

be careful here, hf.
bpduguard and stp block conditions based on bpdu are two entirely different animals.

...as I said, VERY very rusty in STP... and that's why I appreciate having ppl like you around tubbynet See Profile ,
to doublecheck my work -- and put me in my place once in awhile

Regards

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by HELLFIRE:

to doublecheck my work -- and put me in my place once in awhile

you caught me before i was too many drinks in to be of any help to anyone.
consider yourself lucky this time. next one -- i may just let slip through.

;-P

q.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

....drinking on a Sunday AM? Do I even wanna know? Cheers man!

Regards

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by HELLFIRE:

....drinking on a Sunday AM? Do I even wanna know? Cheers man!

actually, i was referring to last night -- but i am a golfer -- so there have been many a 6a tee-time where i was drinking by the 3rd tee box.

q.
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog to tubbynet

Member

to tubbynet
said by tubbynet:

to be fair -- you've done a pretty poor job of explaining things up to the last post or so. you've used a lot of conflicting and potentially misleading terminology and not posted a diagram of what you've wanted to do.

touche.

but... we are past that and we have a very simple scenario that we are over-complicating.

Tower B has a wireless link to Tower C. Ethernet cable down the tower into Switch A. Ethernet cable out of Switch A back up the tower to a wireless link that connects to Tower E.

Tower D has a wireless link to Tower C. Ethernet cable down the tower into Switch B. Ethernet cables out of Switch B back up the tower to wireless links that feed Towers F, G, H.

In this scenario, two physically separate switches are used and everything is happy. The question is: How do we combine Switch A and Switch B into a single managed switch in such a way the traffic remains segregated as if there were still two separate switchs and no loop is created or at least STP doesn't think there is a loop that doesn't exist.?
markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

Forget a switch. Put two routers in there and route between the two sides of the loop. I realise all the devices are probably in the same layer 3 subnet so NAT on the link between the two routers.
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

I think in this particular case, since I've seemingly run into a limitation of an IOS switch, I will utilize a Mikrotik Routerboard which is kind of a hybrid solution. It will allow me to either use two separate switch groups if I choose or create bridged ports to accomplish what I am looking to do without having STP shut ports down. Unfortunately the Routerboards have their own limitations but in this particular case the fit seems to be better.

Routing at some point in the future will probably be a better practice but that is a fight for a different day. I probably need OSPF but I will probably need to hire somebody to make that change. I don't want to risk the potential downtime with my limited understanding.

Thanks all for the help.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

you need to remember that unique vlans require (generally) unique layer-3 address space.
it is possible to over lap using bridge-domains and evc's -- but on the kit you are running, you wont find support.

that being said -- the idea of a huge l2 network really bends you over the table in times like this. rather than using standards-based ways to influence your metrics, you're forced to run a certain vendor's kit because of some weird mode of operation (generally not standards-based) to make things happen.

believe me -- i'm all for the stupid shit cisco does to make things "work better" -- but in an s/p environment -- let the standards rule.

q.
wirelessdog
join:2008-07-15
Queen Anne, MD

wirelessdog

Member

said by tubbynet:

but in an s/p environment -- let the standards rule.

In a perfect world I'm right there with you. Unfortunately what was an experiment 10 years ago has turned into a full time not that profitable job and I have to make it work with what I have and what I know.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by wirelessdog:

In a perfect world I'm right there with you. Unfortunately what was an experiment 10 years ago has turned into a full time not that profitable job and I have to make it work with what I have and what I know.

understand, completely.
however -- the technology and what becomes 'acceptable' changes over time. i get that a network has kinetic energy and you can't exactly take time away because people are paying for your services.
however -- all of that being said -- you're going to continue to run into these kinds of issues as you go forward. you're going to want to do things in your network that you can't do because of your technology and topology. at some point -- you'll end up taking an extended outage because you can't move things forward -- and the outage will be extended because of the kludge that you've had to built into the network to make it function as it stands.

honestly -- the best thing for you will be building a new network in parallel -- then cutting over bit by bit. the capex will be much larger -- but in this way -- you can shrink the outage if done right (and labbed correctly).

if i am ever in md -- i'll let you know. i'll bring my cowboy hat and we can make some shit work in prod without testing ;-P

q.
markysharkey
Premium Member
join:2012-12-20
united kingd

1 edit

markysharkey to wirelessdog

Premium Member

to wirelessdog
A layer 3 switch can do that, surely? On a 24 port switch put ports 1 to 10 in to VLAN 10. Putt 11 to 20 in VLAN 20. Put port 24 in to VLAN 100 and connect VLAN 100 to the router leaving ports 21, 22 and 23 free for future use.
Create an SVI for each VLAN and to connect the two "tower" VLAN's to the rest of the network. Point the default route on the switch towards the router hanging off the port attached to VLAN 100. Remember to add static routes to the router to point back to the tower networks we just created.
The SVI's become the D/G for the towers so there will be some changes to be made to them, but again I don't see any other way to do that with a switch that won't have NAT available.
I use this "pseudo router-on-a-stick" (TM) config when I have to run multiple VLAN's in networks where the edge router is an ISP supplied locked down POS that doesn't have routing table options and is not DOT1Q aware.