NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Loop protection
Hello team,
I need a suggestion how to improve configuration on Netgear Prosafe GS728TP-200 EUS switch in order to protect from loop.
I am working on a project and the company has a Mikrotik as gateway and behind the Mikrotik use an ASA firewall (in which is configured only LAN vlan and i do not have access in the firewall).
The company has a Voip server(only for internal use) for which there is no vlan in firewall, but i have configured a VOIP vlan in the Netgear GS728TP.
Pratically, in the Netgear GS728TP i have configured:
vlan 10 -> LAN
vlan 20 -> VOIP: 192.168.0.1
vlan 90 -> Management 192.168.90.1
Switch static IP: 192.168.1.200
and i have configured "Vlan Routing" for vlan 20(Voip) and vlan 90(Management).
The problem is that the flow in this switch sometimes does not work well, and the switch turns off any specific port (preventing loop).
I have enabled "RSTP" in the NEtgear switch.
I have also enabled "Forward BDPU while STP Disabled", but the switch sometimes continue to turn off 1 or 2 ports.
I know it might be DHCP problem, but i need a suggestion what can i do in order to improve Netgear configuration preventing it from turning off the ports of switch?
Do i need to try activating "L2 Loop Protection" , or do i need to disable RSTP before activating "L2 Loop Protection" ?
If i remove the static IP address from the switch and configure it as DHCP (and also configure a U port as management vlan), can this facilitate the network flow and stopping this kind of issue?
*This kind of loop does not happen because someone may be putting cable in the office and creating these issues
Before configuring this managed Netgear switch, in that company they were using unamanaged Cisco switches and there was no loop.
That`s why i need your suggestions if am i doing anything wrong and what can i do to improve the configuration in the Netgear switch in order to avoid this kind of issue.
Kindly waiting your suggestions.
Thank You in advance!
I need a suggestion how to improve configuration on Netgear Prosafe GS728TP-200 EUS switch in order to protect from loop.
I am working on a project and the company has a Mikrotik as gateway and behind the Mikrotik use an ASA firewall (in which is configured only LAN vlan and i do not have access in the firewall).
The company has a Voip server(only for internal use) for which there is no vlan in firewall, but i have configured a VOIP vlan in the Netgear GS728TP.
Pratically, in the Netgear GS728TP i have configured:
vlan 10 -> LAN
vlan 20 -> VOIP: 192.168.0.1
vlan 90 -> Management 192.168.90.1
Switch static IP: 192.168.1.200
and i have configured "Vlan Routing" for vlan 20(Voip) and vlan 90(Management).
The problem is that the flow in this switch sometimes does not work well, and the switch turns off any specific port (preventing loop).
I have enabled "RSTP" in the NEtgear switch.
I have also enabled "Forward BDPU while STP Disabled", but the switch sometimes continue to turn off 1 or 2 ports.
I know it might be DHCP problem, but i need a suggestion what can i do in order to improve Netgear configuration preventing it from turning off the ports of switch?
Do i need to try activating "L2 Loop Protection" , or do i need to disable RSTP before activating "L2 Loop Protection" ?
If i remove the static IP address from the switch and configure it as DHCP (and also configure a U port as management vlan), can this facilitate the network flow and stopping this kind of issue?
*This kind of loop does not happen because someone may be putting cable in the office and creating these issues
Before configuring this managed Netgear switch, in that company they were using unamanaged Cisco switches and there was no loop.
That`s why i need your suggestions if am i doing anything wrong and what can i do to improve the configuration in the Netgear switch in order to avoid this kind of issue.
Kindly waiting your suggestions.
Thank You in advance!
Netal01 wrote:
I am working on a project and the company has a Mikrotik as gateway and behind the Mikrotik use an ASA firewall (in which is configured only LAN vlan and i do not have access in the firewall).
The company has a Voip server(only for internal use) for which there is no vlan in firewall, but i have configured a VOIP vlan in the Netgear GS728TP.Before enabling RSTP (or the classic STP) on a customer network challenge the local network admins or mangers for some design information related to the obviously existing L2 network.
A good starting point might be to operate the Smart switch without RSTP or STP in absence of any insights.
Start without RSTP, just enable the L2 Loop Protection. However, inform the network admins there will be some L2 frames sent out by the L2 Loop Protection on all ports where enabled. These are the ones the switch will detect if these specially crafted are appearing on other ports nd close the affected ports then.
Different mechanism, but much less sophisticated than RSTP/STP, similar effect however.
Routing is L3, this wont change anything on L2 STP/RSTP.
Netal01 wrote:
Pratically, in the Netgear GS728TP i have configured:
vlan 10 -> LAN
vlan 20 -> VOIP: 192.168.0.1
vlan 90 -> Management 192.168.90.1
Switch static IP: 192.168.1.200
and i have configured "Vlan Routing" for vlan 20(Voip) and vlan 90(Management)..Keep in mind STP and the faster RSTP does operate independent of the switch VLAN config.
More sophisticated L2 designs are making use if VLAN specific MSTP configurations - by VLAN. Specially if there are coming networks together which might be operated by different vendors, like a VoIP provider. The more, careful design is required.
Netal01 wrote:
I have enabled "RSTP" in the NEtgear switch.
I have also enabled "Forward BDPU while STP Disabled", but the switch sometimes continue to turn off 1 or 2 ports.What do you expect from this, considering you have RSTP enabled - rethink again please.
Netal01 wrote:
I know it might be DHCP problem, but i need a suggestion what can i do in order to improve Netgear configuration preventing it from turning off the ports of switch?DHCP is broadcast to the LAN, followed by a unicast - everything happens on the same broadcast domain and then the same VLAN. What problem are you behind here?
Netal01 wrote:
Do i need to try activating "L2 Loop Protection" , or do i need to disable RSTP before activating "L2 Loop Protection" ?See above.
Netal01 wrote:
If i remove the static IP address from the switch and configure it as DHCP (and also configure a U port as management vlan), can this facilitate the network flow and stopping this kind of issue?Admin UI (Web, SNMP, ...) does not interfere with the switching.
2 Replies
Netal01 wrote:
I am working on a project and the company has a Mikrotik as gateway and behind the Mikrotik use an ASA firewall (in which is configured only LAN vlan and i do not have access in the firewall).
The company has a Voip server(only for internal use) for which there is no vlan in firewall, but i have configured a VOIP vlan in the Netgear GS728TP.Before enabling RSTP (or the classic STP) on a customer network challenge the local network admins or mangers for some design information related to the obviously existing L2 network.
A good starting point might be to operate the Smart switch without RSTP or STP in absence of any insights.
Start without RSTP, just enable the L2 Loop Protection. However, inform the network admins there will be some L2 frames sent out by the L2 Loop Protection on all ports where enabled. These are the ones the switch will detect if these specially crafted are appearing on other ports nd close the affected ports then.
Different mechanism, but much less sophisticated than RSTP/STP, similar effect however.
Routing is L3, this wont change anything on L2 STP/RSTP.
Netal01 wrote:
Pratically, in the Netgear GS728TP i have configured:
vlan 10 -> LAN
vlan 20 -> VOIP: 192.168.0.1
vlan 90 -> Management 192.168.90.1
Switch static IP: 192.168.1.200
and i have configured "Vlan Routing" for vlan 20(Voip) and vlan 90(Management)..Keep in mind STP and the faster RSTP does operate independent of the switch VLAN config.
More sophisticated L2 designs are making use if VLAN specific MSTP configurations - by VLAN. Specially if there are coming networks together which might be operated by different vendors, like a VoIP provider. The more, careful design is required.
Netal01 wrote:
I have enabled "RSTP" in the NEtgear switch.
I have also enabled "Forward BDPU while STP Disabled", but the switch sometimes continue to turn off 1 or 2 ports.What do you expect from this, considering you have RSTP enabled - rethink again please.
Netal01 wrote:
I know it might be DHCP problem, but i need a suggestion what can i do in order to improve Netgear configuration preventing it from turning off the ports of switch?DHCP is broadcast to the LAN, followed by a unicast - everything happens on the same broadcast domain and then the same VLAN. What problem are you behind here?
Netal01 wrote:
Do i need to try activating "L2 Loop Protection" , or do i need to disable RSTP before activating "L2 Loop Protection" ?See above.
Netal01 wrote:
If i remove the static IP address from the switch and configure it as DHCP (and also configure a U port as management vlan), can this facilitate the network flow and stopping this kind of issue?Admin UI (Web, SNMP, ...) does not interfere with the switching.
Hello schumaku ,
Thank you for your support.
I activated L2 Loop Protection and the switch does not turn off the ports but other switches (or patches connected to this switch) go down when a loop occurs.
I think they have bigger problems in their network which cause these loops (ex. in firewall they have configured just 1 Vlan while they use 2 Vlans data+voip).
So, we need to analyze the root causing these loops.
Thank you for your support.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
