Spanning Tree Protocol expert needed!

[nutso]

Hi all,

 

We have a lot of Netgear FSM726S switches in our network and whenever someone decides to create a loop, all of those switches conk out. I've tried with STP enabled, and with RSTP enabled but still it happens. I'm now wondering if the STP implementation is broken. Can someone please tell me if there is something that I can change in the default settings that might help:

 

Hello Time: 5 seconds

Max Age: 20 seconds

Forward Delay: 15 seconds

Bridge Priority: 32768

 

All of the ports have Fast Link enabled (although I have tried disabling it too), the priority set to 128, and the cost is 19 for 10/100 ports and 4 for Gb ports. Can someone please tell me if I've got something wrong or if the switches are just crap?

 

Thanks

[SYNACK]

Do all of your switches have the same bridge priority, I have not dealt with Netgear ones but you should have one switch, the core with a low bridge id so that it is elected the master switch. As STP is based on paths back to the core if they are all configured with the same priority this could be causing issues.

[Robot]

Hello,

 

I'm by no means an expert! but ...

 

 

Regards Hello's, Age and other messages, I would suggest leaving them as default, but if you do change them on one, you will have to change them on all the others.

 

I would change the bridge priority on a switch that you want to become the root bridge to a value lower than others in the LAN (other wise the switches will decide among themselves by lowest MAC address and you could get some unnecessarily long routes across you LAN)

 

And ... Fast Link. This should only be enabled on ports that definitely do not link to other switches. This Fast Link places the port into forwarding state, effectively disabling spanning tree on that port, so if you have this enabled on a port linking to another switch you’re going to get some loops.

 

So keep timers as default, change root bridge to desired switch, keep "fast link" off links between all switches.

[nutso]

Thanks, SYNACK. The bridge priority may be part of it. Everything is set to default values so I think it chose a master switch at random. I've set our core switch with a low priority value now.

 

If I understand you correctly Robot, since Fast Link disables spanning tree on a port then should I disable it on every port? There is no way of telling which ports will be used by pupils to create a loop.

[bio]

It truly depends on your infrastructure if you need STP in the first place. Maybe you could place an picture of your switch infra ?

 

bio..

[SYNACK]

In order for the switches to elect a new master they must be powered off and the core powered on first as once elected switches tend to hold on to their master status like dictators.

 

Fast link/Port fast does still include some blocking features but they are not reliable in some cases, you should have fast link on the fixed client boxes if you can as otherwise things like group policy software deployment and lockdowns are not always implemented. It will also get in the way of PXE booting. Any ports in troublesome areas or ports linking between the switches should run through the full STP check to determine if there are any loops by making sure it can't hear its own broadcasts when it first enables a port.

 

Depending on the software implemented in the switch there may also be options like broadcast rate limiting/storm control which are also designed to help with this problem and could be useful. You may also want to look into any logging features of the switch to see what is happening when you plug in a host or make a loop yourself.

[Robot]

Well, the fast link places the port into forwarding mode regardless, so it acts as a normal port. I would have it off on all ports. That does mean however that after a switch is turned on all ports will be placed in listening state, so no PCs will be able to talk across the LAN. This only takes about 30 seconds to sort out using STP on CISCO switches (faster with RSTP) tho so it is not a major issue.

 

but it does mean things like DHCP leases, GP settings, may not be picked up by PCs attached to non fast link ports, if the PC is turned on while the switch is sorting out its ports.

[nutso]

I'm not sure what you mean, bio. The switches don't have any other function to prevent loops so I'm not sure why I wouldn't need STP.

 

The switches seem to have found their new master nicely so no power cycling required. As for Fast Link on fixed clients, that wouldn't really help anything since pupils are causing the problem by pulling the cables out of fixed clients and creating a loop by plugging that end in the wall. I think it is a matter of Fast Link off on all classroom sockets.

 

There is a broadcast limit on the switches that I've never touched, currently it is set to the default of 3000 packets/second per port. I'm not sure what a reasonable value would be. I'd love to be able to take a switch away and make my own loops to find out what is going on but there just never seems to be a good opportunity to do it. Oh well. Thanks for your help with this guys!

[bossman]

@nutso:

 

All the connections to your core switch from your edge switches (ours are a fibre link) should have STP enabled but for all the other ports on the edge switches (unless another switch is connected to it) should have portfast enabled so that if one of the students accidentally links two ports of that switch it will only effect that switch and can easily be rectified.

 

With new protocols on layer 3 switches RSTP can be enabled on all ports as it is faster (As pointed out in a previous post (Robot) STP takes approx 30 secs to propagate which can stop services like DHCP from responding in the timeframe allowed).

 

This is meant only as a pointer as you can get into smartports and all the other protocols if you wanted but here is a taster from Cisco:

Understanding Rapid Spanning Tree Protocol (802.1w)

 

Also Root ports:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#topic1

 

Also from Wikipedia:

http://en.wikipedia.org/wiki/Spanning_tree_protocol#Rapid_Spanning_Tree_Protocol_.28RSTP.29

 

Edited April 23, 2010 by bossman

[nutso]

Thanks Bossman, I'm now confused about the Fast Link/Port Fast thing. You say that it should be turned on for ports where workstations are plugged in, but earlier Robot said that it is best left turned off. At this point, leaving it turned off seems like the best option since the odd DHCP request going unanswered seems better than the majority of the network going down.

[bio]

I'm not sure what you mean, bio. The switches don't have any other function to prevent loops so I'm not sure why I wouldn't need STP.

 

Well if you have an starbased network you will don't need to implement STP globally on the switches. However its wise to enable STP edge port on all ports that have workstations on them.

 

bio..