Two Active Switches With Redundant Uplink

Question

Hi,I am looking to connect both switches to my Firewalla each on port one. I am also looking to create a LAG between the two switches on the sfp ports. I am using the default vlan to assign ip addresses to the management port of the switches using dhcp. I also have a single vlan 20 for the remaining ports (also assigned via dhcp on different subnet from vlan 1) on the switches. My sfp lag between the two switches is a trunk for vlan 20. What I cannot figure out the correct STP (RSTP or MSTP) settings to prevent the switches from freaking out (rapid light blinking). The switches should know that all vlan 20 are routable without going through the firewalla and are acceptable via the connected LAG. Only the default vlan 1 should get routed via port 1 and any ip not on vlan 20. Also note that all of vlan 20 is on the same subnet. The firewalla also supports tree spanning which is turned on.

Josh_Manton · Answer

It turns out you were 100% correct, it was a hack.&nbsp;Upon reading this post I made a few changes:https://help.firewalla.com/hc/en-us/community/posts/360053051193-New-device-setup-Question-for-GOLD-&nbsp;I decided I did not want to get into the complexity of a loop system, so I elected for a tree (more like a branch).&nbsp;Firewalla (fw) =&gt;&nbsp;MS510TXM (s1) =&gt;&nbsp;MS510TXM (s2)&nbsp;LAG from fw =&gt; s1LAG from s1 =&gt; s2&nbsp;I have MSTP enabled on s1 and s2&nbsp;I let the switches auto populate Port Path Cost, and everything just worked.&nbsp;Things i've learned (which I believe are correct):1. If STP is not enabled, the up-stream switches wont learn the path to ports on the down-stream switches. I originally assumed that STP was only to block/configure loops.&nbsp;2. Creating a loop network is more complicated. It is probably&nbsp;easier if my Firewall was Netgear. My first and only attempt to create a loop failed for two reasons: 1) I did not know what I was doing. 2) My connections from my Firewall to each of the 2 Switches was 2.5Gib while the connection between the two Switches was 10Gib. This is non-standard in the enterprise world and I've learned that STP takes into account the connection speed when calculating the Cost, so it was miscalculating the Root.&nbsp;Thank you for calling my first solution a hack. It just motivated me to dig deeper.&nbsp;&nbsp;&nbsp;

schumaku · Answer

These MS510TXM are not L3 routers. Of course, you can configure two or more VLANs. Don't know anything what should be special about your firewall and it's port 1.&nbsp;
&nbsp;
Typical cause for loops could be failed attempts to configure LAGs for example.&nbsp;
&nbsp;
Appears somehow you managed to create a loop on your network. Impossible to tell based on what you posted.

Josh_Manton · Answer

No, the switches are not L3, but port 2 on the FW is connected to one switch and port 3 to the other switch. The switches are connected via SFP. The traffic from the FW is Trunk VLAN 2 &amp;amp; 3. The SFP link is also Trunk 2 &amp; 3. I would think that MSTP could prevent loops?

Josh_Manton · Answer

To answer my own question:&nbsp;I did not need to enable MSTP since each switch is 1 hop from the router. What I needed to do is under, Switching =&gt; STP, enable the option for "Forward BPDU while STP Disabled" and disable "Spanning Tree State". This allows the router to receive the packets that it is sending out and properly map out the network.

schumaku · Answer

Josh_Manton&nbsp;wrote:
I did not need to enable MSTP since each switch is 1 hop from the router.

Wild guess: These two router ports which are supposed to seamless connect both switches, providing a single STP environment, or for the allows to run two MSTP entities are mainly L3 router ports, without much L2 support - or the L2 STP/MSTP config on your router requires a review.
&nbsp;
Josh_Manton&nbsp;wrote:
What I needed to do is under, Switching =&gt; STP, enable the option for "Forward BPDU while STP Disabled" and disable "Spanning Tree State". This allows the router to receive the packets that it is sending out and properly map out the network.

With al due respect, this reads like a hack, not a solution.

Forum Discussion

Two Active Switches With Redundant Uplink

9 Replies

Related Content

WAX630e redundancy

Link redundancy

Activate Insight Premium Subscription

duda conexion entre switch para anillo redundante

No LAN port aggregation activation between CM3000 and RS700S

NETGEAR Academy

ProSupport for Business