NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Configuration of RSTP to stop my network frequently Dying.
We have severe problems, I believe with someone in the office crossing network ports, and causing a loop somewhere. This has happened a few times now, and on most occasions, after a few hours Ive man...
Wow. This is a wealth of information, and Ive spent days searching the internet. Ive not managed to find nearly half as much as youve offered here, and IM grateful for the assistance.
Our Topology is fairly basic, as the attached diagram shows.
The office is made up of two buildings, physically joined, and networked with 2 x 10GB Fiber connections (shown above in blue). The Green lines represent gigabit uplinks from all of the switches to the two "Core" devices. connected to all of the switches are the users PCs, printers, and Phones (on the FS728TP).
Im not sure what config files you need (from which devices) but Im happy to provide those.. ?
The topology seems simple enough.
For Building Wing A. Change the Bridge priority value on GSM7328Sv2 to 0 under the spanning tree configuration.
For Building Wing B. Change the Bridge priority value on GSM7328Sv2 to 16384 under the spanning tree configuration.
That should take care of root changes immediately. make sure to do this during off production hours. Make sure all other switches are defaulted to 32768 for bridge value (This is default value)
Make sure all switches are switched to MSTP or fallback to RSTP for switches taht do not have it.
1. Make sure the uplink between the 2 core switches is ethernet and not stacking. Stacking in this specific circumstance will be ok if you want to make it unified switch setup but LAG would be preferred to prevent split brain routing since all routing will end up terminating on building A.
2. Log into the switch via telnet or SSH or serial console. At enable prompt type "show tech-support" command to generate the support file. PM this file to me for both core switches
Thanks again for this update. I will be applying the priority changes this evening after everyone has gone home.
Id like to mention what would be my ideal scenario. If a user were to connect both ends of a cat5 cable to floor ports, thus causing a loop, I would like the switch to disable that port, and let the user come and find me, or indeed let me spot this in our monitoring station when that switch sends a trap.
Previous incidents of this nature have been down to this very act, but Ive only actually traced it on a handful of occasions. we patch the FS728TP ports to odd numbered ports, and the GS724T ports to Even numbered. That way I can tell users to use odd for their phones, and even for network connections. Hasnt really helped though :-)
if you have an idea how I can make the switches disable the ports, then I think Ill have all the tools I need to find the [expletive removed] that is costing us so much downtime.
Thanks again
Well in the statement below, if users connects port x to port y on the wall where port x is connected to FS728TP and port y is connected to GS724T which are also connected to rest of network via uplink, that problem can be easily solved as port should go into blocking state if you mark the port cost of uplink port to be lower and mark the 2 user ports as edge ports.
If you are trying to protect the network from unidirection issues where example a user connect wall port to a unmanaged switch and loops that switch, that will be different problem all together.
PM me the configuration of your FS728TP and GS724T as text configuration files and I can take a look and make suggestion.
Hello again, Ive added the additional switch configs to the link I sent you privately ...
Hello,
This afternoon we suffered another outage, and I watched the secondary GSM switch reset itself again (from my syslogs, I think the ROOT did the same, but I wasnt in that room). At the time of the problem, I had only configured the 2 GSM switches as per your recommendation, and had yet to get round to setting all the others to MSTP (They were all on RSTP with priority at 32768). The problem did not seem to last as long this time, after about 30 mins, everything settled down, and I couldnt see anything in the syslogs suggesting a cause of the outage. Slightly irritated by this, I have now connected to all of the LAN switches (not the FS728TP just yet), and set them to MSTP, 32768 priority, enabled broadcast storm, and set it to disable any of the ports at 1% threshold, EXCEPT for the uplink ports, which Ive left the storm control disabled. As of right now, nothing has happened, so Ill put the same settings on the 728TP switches. If Ive understood any of your suggestions, this should then disable any port that starts flooding topolgy updates, except for the uplink ports.
Your thoughts are of course very welcome.
Broadcast storm won't really cause an outage as you described especially if you network recovered short while later. I suggest pulling the tech support file from both the managed switches and sending it to me so I can take a look.
Also as per my PM reply, The port won't shutdown unless the switch offers such option. On the switches where you have this option and you have selected to shutdown when threshold is met, then yes it will shutdown. Otherwise it will just rate limit it.
Most switches typically do rate limit (not shutdown) when it comes to smart switches. Managed switches will always allow both option types. For smart switches, it varies based on capability of the switch.
Hello Jedi_Exile. I have now completed the suggestions you made. My network now has the following settings...
All switches (GSM7328S, GS724/48, FS728TP) are set to MSTP, edge switches bridge priority set to 32768, except for ...
Core Switch (building A) which has its BP set to 0, and Building B which is 16384.
All Non Core switches have Storm control set. the GS724/48 switches are set to disable the port if the 3500 threshold is reached, and the FS728TP are set to Rate Limit at 1% since they dont have a port disable option. These options have been set on ALL BUT the last port, which is used to Uplink to the Building Core switch. These have the storm control disabled.
on the FS728TPs, I have the POE ports (1-24) set to FastLink. Ive not YET set this option on all of the LAN switches since I need to check how this might affect users with VMWare/VirtualBox etc on their machines?
I noticed on the CST Port Configs, that there is a "STP Status" option that can be enabled / disabled. How should I have this set?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
