MSTP configuration: My MSTP on two Zyxel Switches seems splitted
I have a XMG1930-30HP and a XS1930 switch (both with L3 license; patch level from July 2023) and try to get multiple Sonos S1 speakers working/connecting on them only connected with Ethernet cable. I run multiple VLANs on the two switches, which works well. In two of the VLANs there are Sonos devices present, that do STP. Besides the recommendation from Sonos to just let all BPDU packets flood through (see my other questions), I also tried to configure MSTP on the VLANs to ensure, I have proper spanning trees running and let the XMG1930-30HP be the root bridge for all VLANs. Sonos with its old STP implementation should integrate then there. Priorities and timings are all set according to the recommendations from Sonos in their support doc:
(Each sonos system will only be accessed within the same VLAN, so no isolated Sonos VLAN or so and inter-vlan routing needed.)
When I configure MSTP on the Zyxel switches and add all VLANs, configure same configuration name, revision and timing/aging parameters on both switches, even after a few hours it looks like each switch is becoming its own root bridge and not knowing about the other. Also doing the same on a connected MikroTik Cloud Core router shows the same picture. Seems not to be integrated in the topology.
I also had some crashes of the XMG1930-30HP with the current 4.80 firmware when I changed something there.
Do I need a special "BPDU Ctrl" mode for running MSTP? e.g. does it only work properly with "Peer" set for all ports? Or doesn't that matter at all?
BPDU Root Guard is not active. BPDU Transparency is enabled.
In the "Spanning Tree Protocol Status" view under the MSTI view I also never see any ports listed. Nothing.
What am I doing wrong?
Accepted Solution
-
Hi @StefanNetworker,
Based on your configuration, the MSTP port status is empty because MSTP was inactive on any ports of instance 0. This causes the switch not to send any BPDU.
I use your configuration and the MSTP works after I active MSTP on instance 0 port 1.
Here's the result:
Zyxel Melen0
All Replies
-
Hi @StefanNetworker,
In the "Spanning Tree Protocol Status" view under the MSTI view I also never see any ports listed. Nothing.
What am I doing wrong?
After you enable MSTP, you have to set up instances for the VLANs and the ports to run MSTP. Or you won't find any ports running MSTP in MSTI view.
Click the "Add/Edit" button to set up an instance.
Here's a simple result:
To better help you solve this problem, could you provide a simple topology about which port connects a Sonos device and the configuration of your switches for me to check if there is any misconfiguration?
And how many Sonos S1 in your network
Zyxel Melen0 -
Hi Melen,
it is set up with all the elements that you mention. But for me on current firmware the list on the status page showing the role of the ports is empty. This makes debugging super hard. Also on CLI (I have a L3 license) there is nothing shown for MSTP status. Command does return with empty response.
Topology is not complicated:
2 Switches (XMG1930-30HP, XS1930-10HP) connected over fiber on the SFP+ ports (port 29). Additionally there is a MikroTik Cloud Core Router 2004-1G-12S+2XS connected over DAC on the 2nd SFP+ port (port 30) on the XMG1930.
On 3 ports (Port 2,4,6 of the XMG1930) there are 3 Zyxel NWA210AX wifi access points connected which are powered by the switch over PoE and use VLANs as well for the different WIFI SSIDs. All that works fine.
Essentially there are multiple isolated VLANs which realize different isolated networks. No connection between these VLANs. You can see them as completely isolated. They are only accessible over the router for some special cases. Broadcast and multicast domains are only inside the VLANs.
I want MSTP active on all of them. Every VLAN should have its own instance.
The VLANs span over both switches and also the access points and the MikroTik router as well. That all works well.
On the XMG1930 config below you can also see, that some ports are attached to VLAN 1 (which is my mgmt VLAN where also some equipment for controlling the whole house is in) and VLAN 10 exclusively. That is intentionally.
The rate limits and errdisable detect are only there because of some Sonos devices to avoid broadcast/multicast storms, where I had serious problems in the beginning. Multicast storm is gone since IGMP Snooping is active. Broadcast storm was not present anymore after disabling WIFI on all Sonos devices, so that the loops are gone.
I only want to activate MSTP because I have on VLAN 10 and VLAN 30 (for two isolated networks for 2 isolated entities) Sonos S1 players (multiple Sonos Play:5 and Play:1) active, which always do STP. As on Sonos you cannot disable it, I assume it is better to have it run / controlled by the more powerful switch in the heart of the network.
As I have multiple VLANs, I think I need to use MSTP, which should be compatible with the old STP implementation of Sonos, to ensure, the VLANs are treated accordingly.
See here my configuration (export also attached):
—; Product Name = XMG1930-30HP
; Firmware Version = V4.80(ACAS.2) | 06/21/2023
; Service Status = Access L3
; SysConf Engine Version = 1.2
; Config last updated = 09:03:55 (UTC+00:00) 2023-09-08
no service-control telnet
no service-control ftp
no service-control snmp
no remote-management 1 service telnet ftp snmpno cloud center discovery
vlan 1
name mgmt
normal ""
fixed 1-12,29-30
forbidden 13-28
untagged 1-28
ip address 192.168.88.2 255.255.255.0
exit
vlan 10
name hw-1
normal ""
fixed 2,4,6,13-26,28-30
forbidden 1,3,5,7-12,27
untagged 1,3,5,7-28
ip address 192.168.20.2 255.255.255.0
ip address default-gateway 192.168.20.1
exit
vlan 11
name hw-2
normal ""
fixed 2,4,6,29-30
forbidden 1,3,5,7-28
untagged 1,3,5,7-28
ip address 192.168.21.2 255.255.255.0
exit
vlan 30
name hw-guest
normal ""
fixed 2,4,6,29-30
forbidden 1,3,5,7-28
untagged 1,3,5,7-28
exit
vlan 70
name ew
normal ""
fixed 2,4,6,27,29-30
forbidden 1,3,5,7-26,28
untagged 1,3,5,7-28
exit
vlan 80
name ew-guest
normal ""
fixed 2,4,6,29-30
forbidden 1,3,5,7-28
untagged 1,3,5,7-28
exit
igmp-snooping
igmp-snooping unknown-multicast-frame drop
igmp-snooping vlan 1igmp-snooping vlan 10igmp-snooping vlan 11igmp-snooping vlan 30igmp-snooping vlan 70igmp-snooping vlan 80igmp-snooping querier
interface route-domain 192.168.20.2/24
exit
interface route-domain 192.168.21.2/24
exit
interface route-domain 192.168.88.2/24
exit
interface port-channel 1
name "B6 - DG (VID 1 Mgmt Port)"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 2
name "A11 - EG WZ - Access Point"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 3
name "CCR Mgmt"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
dhcp snooping trust
dhcp server trust
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 4
name "A17 - OG Flur - Access Point"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 5
name "KNX IP Interface"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 6
name "B5 - DG - Access Point"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 7
name "zimaboard 1 HW vid 1"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 8
name "VID 1 Mgmt Port"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 9
name "zimaboard 2 EW vid 1"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 10
name "Keba Wallbox"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 11
name "Vallox ValloPlus 510 MV-E"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 12
name "Fenecon FEMS"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 13
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 14
name "B7 - DG Bad - Sonos"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
broadcast-limit
broadcast-limit 100
multicast-limit
multicast-limit 50
mirror
mirror dir both
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 15
name "A12 - EG WZ - Sonos"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
broadcast-limit
broadcast-limit 100
multicast-limit
multicast-limit 50
mirror
mirror dir both
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 16
name "B9 - DG SZ - Sonos"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
broadcast-limit
broadcast-limit 100
multicast-limit
multicast-limit 50
mirror
mirror dir both
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 17
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 18
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 19
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 20
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 21
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 22
name "B1 - DG"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 23
name "B3 - DG - Sonos Port"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
broadcast-limit
broadcast-limit 100
multicast-limit
multicast-limit 50
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 24
name "B2 - DG"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 25
name Diskstation
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 26
name Diskstation
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 27
name "zimaboard 1 HW vid 70"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 70
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 28
name "zimaboard 2 EW vid 10"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
pvid 10
frame-type untagged
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 29
name "CCR Router Trunk"
speed-duplex 10G-full
media-type 10g DAC10G
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type tagged
dhcp snooping trust
dhcp server trust
cpu-protection cause BPDU rate-limit 100
exit
interface port-channel 30
name "EW Switch"
lldp org-specific-tlv dot3 link-aggregation
lldp org-specific-tlv dot3 max-frame-size
frame-type tagged
cpu-protection cause BPDU rate-limit 100
exit
ip name-server 192.168.20.1
mirror-port 22
lacp
trunk T1 lacp
trunk T1 interface 25
trunk T1 interface 26
spanning-tree mode MSTP
spanning-tree auto-path-cost mode short
spanning-tree 1
spanning-tree 2
spanning-tree 3
spanning-tree 4
spanning-tree 5
spanning-tree 6
spanning-tree 7
spanning-tree 8
spanning-tree 9
spanning-tree 10
spanning-tree 11
spanning-tree 12
spanning-tree 13
spanning-tree 14
spanning-tree 15
spanning-tree 16
spanning-tree 17
spanning-tree 18
spanning-tree 19
spanning-tree 20
spanning-tree 21
spanning-tree 22
spanning-tree 23
spanning-tree 24
spanning-tree 25
spanning-tree 26
spanning-tree 27
spanning-tree 28
spanning-tree 29
spanning-tree 30
spanning-tree 1 edge-port
spanning-tree 3 edge-port
spanning-tree 5 edge-port
spanning-tree 7 edge-port
spanning-tree 9 edge-port
spanning-tree 10 edge-port
spanning-tree 11 edge-port
spanning-tree 12 edge-port
spanning-tree 13 edge-port
spanning-tree 14 edge-port
spanning-tree 15 edge-port
spanning-tree 16 edge-port
spanning-tree 17 edge-port
spanning-tree 18 edge-port
spanning-tree 19 edge-port
spanning-tree 20 edge-port
spanning-tree 21 edge-port
spanning-tree 22 edge-port
spanning-tree 23 edge-port
spanning-tree 24 edge-port
spanning-tree 25 edge-port
spanning-tree 26 edge-port
spanning-tree 27 edge-port
spanning-tree 28 edge-port
mstp
mstp configuration-name LT1
mstp instance 0 vlan 2-9,12-29,31-69,71-79,81-4094
mstp instance 1 vlan 1
mstp instance 2 vlan 10
mstp instance 3 vlan 11
mstp instance 4 vlan 30
mstp instance 5 vlan 70
mstp instance 6 vlan 80
mstp instance 0 priority 4096
mstp instance 1 priority 4096
mstp instance 2 priority 4096
mstp instance 3 priority 4096
mstp instance 4 priority 4096
mstp instance 5 priority 4096
mstp instance 6 priority 4096
mstp instance 1 interface port-channel 1
mstp instance 1 interface port-channel 2
mstp instance 1 interface port-channel 3
mstp instance 1 interface port-channel 4
mstp instance 1 interface port-channel 5
mstp instance 1 interface port-channel 6
mstp instance 1 interface port-channel 7
mstp instance 1 interface port-channel 8
mstp instance 1 interface port-channel 9
mstp instance 1 interface port-channel 10
mstp instance 1 interface port-channel 11
mstp instance 1 interface port-channel 12
mstp instance 1 interface port-channel 29
mstp instance 1 interface port-channel 30
mstp instance 2 interface port-channel 2
mstp instance 2 interface port-channel 4
mstp instance 2 interface port-channel 6
mstp instance 2 interface port-channel 13
mstp instance 2 interface port-channel 14
mstp instance 2 interface port-channel 15
mstp instance 2 interface port-channel 16
mstp instance 2 interface port-channel 17
mstp instance 2 interface port-channel 18
mstp instance 2 interface port-channel 19
mstp instance 2 interface port-channel 20
mstp instance 2 interface port-channel 21
mstp instance 2 interface port-channel 22
mstp instance 2 interface port-channel 23
mstp instance 2 interface port-channel 24
mstp instance 2 interface port-channel 25
mstp instance 2 interface port-channel 26
mstp instance 2 interface port-channel 28
mstp instance 2 interface port-channel 29
mstp instance 2 interface port-channel 30
mstp instance 3 interface port-channel 2
mstp instance 3 interface port-channel 4
mstp instance 3 interface port-channel 6
mstp instance 3 interface port-channel 29
mstp instance 3 interface port-channel 30
mstp instance 4 interface port-channel 2
mstp instance 4 interface port-channel 4
mstp instance 4 interface port-channel 6
mstp instance 4 interface port-channel 29
mstp instance 4 interface port-channel 30
mstp instance 5 interface port-channel 2
mstp instance 5 interface port-channel 4
mstp instance 5 interface port-channel 6
mstp instance 5 interface port-channel 27
mstp instance 5 interface port-channel 29
mstp instance 5 interface port-channel 30
mstp instance 6 interface port-channel 2
mstp instance 6 interface port-channel 4
mstp instance 6 interface port-channel 6
mstp instance 6 interface port-channel 29
mstp instance 6 interface port-channel 30
mstp instance 1 interface port-channel 2 path-cost 6
mstp instance 1 interface port-channel 4 path-cost 6
mstp instance 1 interface port-channel 6 path-cost 6
mstp instance 2 interface port-channel 2 path-cost 15
mstp instance 2 interface port-channel 4 path-cost 15
mstp instance 2 interface port-channel 6 path-cost 15
mstp instance 2 interface port-channel 14 path-cost 10
mstp instance 2 interface port-channel 15 path-cost 10
mstp instance 2 interface port-channel 16 path-cost 10
mstp instance 2 interface port-channel 23 path-cost 10
mstp instance 3 interface port-channel 2 path-cost 6
mstp instance 3 interface port-channel 4 path-cost 6
mstp instance 3 interface port-channel 6 path-cost 6
mstp instance 3 interface port-channel 14 path-cost 10
mstp instance 3 interface port-channel 15 path-cost 10
mstp instance 3 interface port-channel 16 path-cost 10
mstp instance 3 interface port-channel 23 path-cost 10
mstp instance 4 interface port-channel 2 path-cost 6
mstp instance 4 interface port-channel 4 path-cost 6
mstp instance 4 interface port-channel 6 path-cost 6
mstp instance 5 interface port-channel 2 path-cost 6
mstp instance 5 interface port-channel 4 path-cost 6
mstp instance 5 interface port-channel 6 path-cost 6
mstp instance 6 interface port-channel 2 path-cost 6
mstp instance 6 interface port-channel 4 path-cost 6
mstp instance 6 interface port-channel 6 path-cost 6
mstp instance 4 interface port-channel 2 priority 64
mstp instance 4 interface port-channel 4 priority 64
mstp instance 4 interface port-channel 6 priority 64
mstp interface port-channel 1 edge-port
mstp interface port-channel 3 edge-port
mstp interface port-channel 5 edge-port
mstp interface port-channel 7 edge-port
mstp interface port-channel 8 edge-port
mstp interface port-channel 9 edge-port
mstp interface port-channel 10 edge-port
mstp interface port-channel 11 edge-port
mstp interface port-channel 12 edge-port
mstp interface port-channel 13 edge-port
mstp interface port-channel 17 edge-port
mstp interface port-channel 18 edge-port
mstp interface port-channel 19 edge-port
mstp interface port-channel 20 edge-port
mstp interface port-channel 21 edge-port
mstp interface port-channel 22 edge-port
mstp interface port-channel 24 edge-port
mstp interface port-channel 25 edge-port
mstp interface port-channel 26 edge-port
mstp interface port-channel 27 edge-port
mstp interface port-channel 28 edge-port
mstp interface port-channel 29 edge-port
timesync server 1.pool.ntp.org
timesync ntp
bcp-transparency
storm-control
snmp-server version v3
snmp-server get-community sk24
snmp-server set-community sk24
snmp-server trap-community sk24
service-control http 80 30
service-control telnet 23 15
dhcp option profile everything circuit-id slot-port vlan hostname remote-id mac
dhcp snooping vlan 1,10-11,30,70,80dhcp snooping vlan 1,10-11,30,70,80 option profile everything
rmon statistics etherstats 1 port-channel 1rmon statistics etherstats 2 port-channel 2rmon statistics etherstats 3 port-channel 3rmon statistics etherstats 4 port-channel 4rmon statistics etherstats 5 port-channel 5rmon statistics etherstats 6 port-channel 6rmon statistics etherstats 7 port-channel 7rmon statistics etherstats 8 port-channel 8rmon statistics etherstats 9 port-channel 9rmon statistics etherstats 10 port-channel 10rmon statistics etherstats 11 port-channel 11rmon statistics etherstats 12 port-channel 12rmon statistics etherstats 13 port-channel 13rmon statistics etherstats 14 port-channel 14rmon statistics etherstats 15 port-channel 15rmon statistics etherstats 16 port-channel 16rmon statistics etherstats 17 port-channel 17rmon statistics etherstats 18 port-channel 18rmon statistics etherstats 19 port-channel 19rmon statistics etherstats 20 port-channel 20rmon statistics etherstats 21 port-channel 21rmon statistics etherstats 22 port-channel 22rmon statistics etherstats 23 port-channel 23rmon statistics etherstats 24 port-channel 24rmon statistics etherstats 25 port-channel 25rmon statistics etherstats 26 port-channel 26rmon statistics etherstats 27 port-channel 27rmon statistics etherstats 28 port-channel 28rmon statistics etherstats 29 port-channel 29rmon statistics etherstats 30 port-channel 30pwr mode consumption
errdisable recovery cause BPDU
errdisable recovery cause IGMP
errdisable detect cause ARP
errdisable detect cause BPDU
errdisable detect cause IGMP
errdisable detect cause ARP mode rate-limitation
errdisable detect cause BPDU mode rate-limitation
errdisable detect cause IGMP mode rate-limitation
wizard ignore—
0 -
Any ideas, what is wrong here?
0 -
Hi @StefanNetworker,
Based on your configuration, the MSTP port status is empty because MSTP was inactive on any ports of instance 0. This causes the switch not to send any BPDU.
I use your configuration and the MSTP works after I active MSTP on instance 0 port 1.
Here's the result:
Zyxel Melen0 -
Thanks! You are right. After setting all ports on instance 0 (which only contains unused VLANs) to active, it works fine. Port list is shown and also on neighbouring switches root is shown correctly.
Many thanks!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight