I have 2 switches which have redundancy between them, meaning fa0/1 on SW1 is connected to fa0/1 on SW2, and fa0/2 on SW1 is connected to fa0/2 on SW2.

Both of the switches have the same BID, however the MAC address of SW1 is numerically lower, hence making it the root bridge.

Now my question is, on SW2, what determines which of fa0/1 and fa0/2 becomes the RP (Root Port) and the other on blocking state?

Assuming no other configuration, it’s a deadlock and so SW2 will choose the (local) port with the lowest ID – i.e. fa0/1.

Check more discussion of this question.

We have three 24 port (Gigabit) Netgear GS724T switches which are connected in the following way:

SW-003 > SW-001
       > SW-002

The port on SW-002 that connects to Sw-003 is constantly flashing once per second, the rest are flickering as the data is transferring as expected.

I am concerned that this may mean that we are at risk of exceeding the Gigabit bandwidth between the two switches. If this is the case then I would presume the fix would be to enable a spanning tree – which I have tried but I can’t understand if I need to enable a spanning tree with matching ports on all of the switches. So ports 1 and 2 on SW-002 has a spanning tree and ports 1 and 2 on SW-003 has a spanning tree enabled.

Is that correct?

At the moment I have connected an extra patch cable between the two and it seems to create some form of routing loop that causes all ports to flash once per second and the network stops working.

The monitoring results for the port is as follows:

Port Role Disabled
STP State Manual Forwarding
Admin Mode Enable
LACP Mode Enable
Physical Mode Auto
Physical Status 1000 Mbps Full Duplex
Packets RX and TX 64 Octets 323001614 
Packets RX and TX 65-127 Octets 19692371 
Packets RX and TX 128-255 Octets 8970100 
Packets RX and TX 256-511 Octets 8629484 
Packets RX and TX 512-1023 Octets 130326 
Packets RX and TX 1024-1518 Octets 2792337 
Packets RX and TX > 1522 Octets 0 
Octets Received 14989599039 
Packets Received 64 Octets 153708043 
Packets Received 65-127 Octets 11096781 
Packets Received 128-255 Octets 5619084 
Packets Received 256-511 Octets 4740987 
Packets Received 512-1023 Octets 85517 
Packets Received 1024-1518 Octets 1114750 
Packets Received > 1522 Octets 0 
Total Packets Received Without Errors 176365237 
Unicast Packets Received 55672181 
Multicast Packets Received 2910638 
Broadcast Packets Received 117782418 
Total Packets Received with MAC Errors 0 
Jabbers Received 0 
Fragments Received 0 
Undersize Received 0 
Alignment Errors 0 
Rx FCS Errors 0 
Overruns 0 
802.3x Pause Frames Received 0 
Broadcast Storm Recovery 0 
Total Packets Transmitted (Octets) 15915167667 
Packets Transmitted 64 Octets 169293572 
Packets Transmitted 65-127 Octets 8595590 
Packets Transmitted 128-255 Octets 3351016 
Packets Transmitted 256-511 Octets 3888570 
Packets Transmitted 512-1023 Octets 44809 
Packets Transmitted 1024-1518 Octets 1677587 
Packets Transmitted > 1522 Octets 0 
Maximum Frame Size 1518 
Total Packets Transmitted Successfully 186851144 
Unicast Packets Transmitted 58640169 
Multicast Packets Transmitted 5186416 
Broadcast Packets Transmitted 123024559 
Total Transmit Errors 0 
Tx FCS Errors 0 
Underrun Errors 0 
Total Transmit Packets Discarded 0 
Single Collision Frames 0 
Multiple Collision Frames 0 
Excessive Collision Frames 0 
Port Membership Discards 0 
STP BPDUs Received 0 
STP BPDUs Transmitted 0 
RSTP BPDUs Received 0 
RSTP BPDUs Transmitted 0 
MSTP BPDUs Received 0 
MSTP BPDUs Transmitted 56 
802.3x Pause Frames Transmitted 0 
EAPOL Frames Received 0 
EAPOL Frames Transmitted 0 
Time Since Counters Last Cleared   

Any advice would be appreciated.

Don’t know what the flashing means, check your manual or call Netgear for that but it won’t be to show you you’re overusing the link – they’re designed to sit there all day at 100% so don’t worry about that. That said if you want more than 1Gbps of bandwidth it’s not spanning tree you want but 802.3ad/LACP, which those switches support – two or more links bound together to act as one basically.

Check more discussion of this question.

I’ve got a connection in a datacenter where the network provider gives me two Ethernet connections. They’re supposedly hooked up to the same VLAN, such that I can wire them up to my switch and only one of them will be active at a time, but either side could then do hardware maintenance (rewiring, switch upgrades, etc.) without causing a service outage.

I’ve partitioned my switch off to have a separate VLAN for this external edge – let’s say that ports 1-3 are on the VLAN, with ports 1 & 2 being my colo-provided internet connections, and port 3 being the outside interface of my firewall. This works fine with either port 1 or port 2 connected, but about 2 minutes after both are connected simultaneously, my switch becomes unresponsive, I get about 80% packet loss, and doing some diagnostics show millions of broadcast packets per minute.

I have a basic understanding of STP to know that it should be enabled for this to work; while STP is turned on, both interfaces still get marked as Forwarding.

Anyone have any ideas on what would cause the packet storm? Is there a better way to set up a redundant connection?

Quick answer: You need to talk to your provider.

In order for STP to prevent the network loop you’re getting, all potential nodes in a loop must be running the same STP protocol configured the same way.

You need to get in touch with your provider and ask him “How is STP configured?” and ensure that your end is the same. (Possible spanning tree protocols include STP, MST, RST, PVST, PVST+, …)

On the other hand, it’s quite possible that he’s not running STP on your links since you’re probably not sharing VLAN configurations.

If he’s willing to do so, configure link aggregation on those uplinks (on both ends!). Then you won’t need to worry about STP.

Check more discussion of this question.

I understand the basics of spanning tree, but that’s about it. I’m hoping that someone can tell me if this will work as I want it to.

I’ve got two Cisco ACE load ballancers setup for redundancy. Each ACE is connected to its own layer 2 switch. Currently each layer 2 switch is connected to its own 1 Gig fibre link to the CoLo. Each fibre link is setup for a different IP Subnet and our CoLo doesn’t offer handling the BGP for us. We have to purchase our own routers to handle that, which is a project which is coming up.

(I’ve got the layer 2 switches in there because the CoLo provides fibre and the ACEs only have copper so all the switches are doing is changing the fibre to copper for me.)

So currently I can only use a single load ballancer because the ACEs don’t support spanning tree. Now the layer 2 switches to support spanning tree, it is just disabled by default. Now if I were to enable spanning tree, and cross connect the layer 2 switches would everything work as expected, or would this cause the network to come crashing down?

I’m hoping to get some expert advise before I try this as it is a production network and I don’t have a couple of extra Cisco ACE load ballancers to try it with in a lab.

UPDATE:
based on the comments I need to include a diagram. Here’s what we currently have.

The problem is that the second ISP link isn’t usable to us at the moment because of the lack of BGP. So I want to cross connect the two network switches together. I’ve been told that if I connect the two ACEs together that’ll complete the circle and cause network problems. So if I can connect the switches at the top which support spanning tree that should take care of the problem. Eventually there will be two routers between the top switches and the load ballancers to handle the BGP over the two network links.

Am I making sense? Sorry this is such a mess, I’m much more at home in SQL Server then Networking.

Update after you provided a diagram:

You already have a circle there at the bottom half of the diagram. It looks like the ACEs don’t bridge, so if you don’t have a problem there you shouldn’t have a problem connecting the two top ones.

It’s a bit hard to talk about the diagram if you don’t name the devices, but let’s say I name them left to right, top to bottom. You have a circle ACE1-SW3-ACE2-SW4-ACE1…, obviously there’s no problem there (right?). I’m guessing you configured the ACEs so they don’t bridge any traffic at all, and therefore no loop.

Why not connect ACE1 to SW2 and ACE2 to SW1? Then you have the same setup as the bottom part.

If you have a different VLAN in the top and bottom parts (not the same layer2 segment) then you can’t have a spanning tree loop between them.

It would be clearer if you provided (obfuscated if you like, but make sure we can tell network A from B. Such as 10.123.0.0/24 and 10.123.1.0/24) IP networks on the map, and perhaps VLANs (if you use them).

Update after naming the switches:

If the ACE do routing, and therefore are the next-hop for the servers on 10.0.0.0/24 etc.., and don’t do bridging (in the ACEs), then connecting the way I said above is safe.

Check more discussion of this question.

We recently purchased some 3Com IntelliJack NJ225 switches:

The specification states that they support IEEE 802.1D, and a mandatory part of this standard is support for the rapid spanning tree protocol. However, we quickly realised that we could not safely create loops when connecting these devices together (using the four “front” ports). After several support calls, 3Com confirmed that they did not implement the RSTP.

I think it’s fair to say that we’re not using these switches for their intended purpose. But, did 3Com incorrectly claim support for IEEE 802.1D? Or is there a technical reason why these switches are exempt from implementing the RSTP?

3com are correct in the information you’ve provided. They specify support for STP (802.1D), but not RSTP (802.1W). RSTP is an extension of the STP spec which provides faster convergence.

They should still perform bridge loop prevention though. Just not as promptly as RSTP would. If they aren’t functioning at all, then re-open the case.

Check more discussion of this question.

I’ve got a pair of C2960G-48 switches (running IOS 12.2(46)SE, if it makes a difference) with redundant trunks in place. On these switches there are a bunch of VLANs that carry quite heavy traffic at times (enough to completely saturate the trunks each). I’d like to put in a per-VLAN cross-connected cable to help carry the load and avoid saturating the common trunk. The one thing I’m not sure of is how to prioritise this link in the spanning tree so that it will always be used for the VLAN if it’s available, and the switches will only fall back to using the common trunk if the VLAN-specific link falls over (cable failure, etc).

Cisco isn’t my native language, and I’d prefer not to experiment too much on these switches, as a visit from the fuckup fairy would have… consequences (but a staging environment with two more of these switches for me to play around with isn’t cost-effective). So, I’m hoping that someone with IOS in their fingers can point me in the right direction.

Moah infos, for concreteness:

Trunk ports are Gi0/4[78] on both switches; one of the VLANs, 104, is on Gi0/3[78] on both switches. I’m going to put Gi0/36 into VLAN 104 and then run a cable between this port on both switches.

If I understand your OP correctly, you’re talking about running multiple links between switches and then specifying different VLANs per each link. This would be less than optimal. A more ideal configuration would be to configure multiple connections in an etherchannel and then run all of your VLANs across that one etherchanneled link.

Edit:
Thank you for the nice comment =)

Let me go one step further to state that the configuration as posed in the OP is not only less efficient, but likely places you at severe risk of creating a loop in your network that will bury it quite nicely. It could be done, but if you don’t setup bpduguard and filtering properly, you will almost assuredly suffer from severe problems related to looped layer 2 traffic.

Check more discussion of this question.

This could be an RTFM kind of question. If so, I’ll gladly award the answer to whoever gives a link to TFM

In my racks, I’ve got redundancy all over the place. Two sets of switches, two upstream routers, two power paths, dual power supplies in the servers… you know the drill. However, now I’m wondering about dual paths from the servers. Each has two (or more) NICs. What we’ve done in the past was use LAGs (Cisco-speak: Etherchannel) to provide two links to the same switch. Actually, it’s to two switches in a stack (so, one management interface, but two physical boxes). That means that we can survive failure of a cable, or of an interface (on the switch or on the box), or maybe even failure of a switch (if the stacking doesn’t drag the other one with it).

Why not keep doing that? We’re getting to the point where we need more than one switch stack. This means that, in a failure of a switch stack, we’ll cut our reachable machines in half.

Assume that the switch stacks have cross connections with sufficient bandwidth to each other, to the routers, etc. What I’d like is something like Spanning Tree Protocol: run a line from each server to each switch, it picks one to use. If that link goes down, swap to the other one. I’m hoping that this will let us have a whole switch stack fail without problems (after everyone notices to switch over).

If it matters I’m running CentOS. Something that isn’t switch specific is ideal, but I’d like to hear about solutions from vendors as well.

Basically, you want to bond the NICs in the machine with mode=1, active-backup.
This will help you set it up http://www.howtoforge.com/network_card_bonding_centos

Check more discussion of this question.

Our networking components consist of (3) x D-Link DGS 1248T Switches, and a router.

We have 4-5 servers running as VMWare Host, HTTPD, and Storage.

The clients on the network are connected to the switches via a patch panel.

For the most part, our department requires the most bandwidth to and from the servers. The servers also require significant bandwidth between one another. The clients in the rest of the office however, do not require nearly as much bandwidth.

We do have a Storage server that works as a network backup, and client machines are set to backup at daily intervals (0-10GB each), with the times staggered about an hour apart.

I am not really sure if these backups are what is causing latency issues, or not.

Our switches are currently connected to each other and to the router via a Fiber link.

What I need to know is what the best configuration would be to get maximum network throughput for our production servers and our dept.

Should we all sit on the top tier switch, and connect clients/printers on the 2nd tier?
They are connected via fiber, but we do have plenty of open ports, and the switches support STP and Trunking. Should we be using more ports between the switches for additional bandwidth?

Any insight would be appreciated.

It looks like your D-Link switches support link aggregation, so I would use that to increase the amount of uplink bandwidth, using a star configuration.

Something like this:

Check more discussion of this question.

Can someone tell me what the Juniper JUNOS equivalent is for Cisco’s spanning tree portfast command? My google-fu keeps leading me to long whitepapers on Spanning tree and not so much configuration examples.

You need to use the Edge command, either by range or per port.

edit – here‘s a guide

Check more discussion of this question.

I’m looking for a firewall appliance that supports high availability and spanning tree.

I have two ha-cluster nodes and I’d like to protect them with a firewall. To avoid a single point of failure, I’d like to have two ha-capable firewalls. And since I need redundant switches too the firewall must support the spanning tree protocol.

My preferred setup:

        +------------+  +----------+  +--------------+
lan 1 --| firewall 1 |--| switch 1 |--| ha cluster 1 |
        +------------+  +----------+  +--------------+
                      /     |
                      /     |
        +------------+  +----------+  +--------------+
lan 2 --| firewall 2 |--| switch 2 |--| ha cluster 2 |
        +------------+  +----------+  +--------------+

Cisco ASAs and 65xx-series FWSM’s can do this.

Check more discussion of this question.