MSTP not work
I have a network diagram as below
My configuration
XGS4600-32 (SW1):
spanning-tree mode MSTP
mstp
mstp configuration-name GVL
mstp revision 2
mstp instance 0 vlan ""
mstp instance 2 vlan 1-4094
mstp instance 2 priority 4096
mstp instance 2 interface port-channel 25
mstp interface port-channel 25 rootguard
GS1920-48 (SW2):
spanning-tree mode MSTP
mstp
mstp configuration-name GVL
mstp revision 2
mstp instance 0 vlan ""
mstp instance 2 vlan 1-4094
mstp instance 2 interface port-channel 47
mstp instance 2 interface port-channel 48
GS1920-48 (SW3):
mstp
mstp configuration-name GVL
mstp revision 2
mstp instance 0 vlan ""
mstp instance 2 vlan 1-4094
mstp instance 2 interface port-channel 48
After configuring connected 1 port of SW1 with one cable to 1 port of SW3 and saw continuous LED fast activity. Please show me what I make wrong.
My configuration
XGS4600-32 (SW1):
spanning-tree mode MSTP
mstp
mstp configuration-name GVL
mstp revision 2
mstp instance 0 vlan ""
mstp instance 2 vlan 1-4094
mstp instance 2 priority 4096
mstp instance 2 interface port-channel 25
mstp interface port-channel 25 rootguard
GS1920-48 (SW2):
spanning-tree mode MSTP
mstp
mstp configuration-name GVL
mstp revision 2
mstp instance 0 vlan ""
mstp instance 2 vlan 1-4094
mstp instance 2 interface port-channel 47
mstp instance 2 interface port-channel 48
GS1920-48 (SW3):
mstp
mstp configuration-name GVL
mstp revision 2
mstp instance 0 vlan ""
mstp instance 2 vlan 1-4094
mstp instance 2 interface port-channel 48
After configuring connected 1 port of SW1 with one cable to 1 port of SW3 and saw continuous LED fast activity. Please show me what I make wrong.
0
Accepted Solution
-
@cuong
I'm confusing, your networking has ring topolgoy or not?If it is not and you just want to avoid looping issue. The MSTP is unnecessary. Just enable loop-guard on all ports excluding uplink port.
When looping issue appear, you can go to ErrDisable or system log to find the detail information.
BTW, by default err-disable recovery is disable, you can enable it if needed.
5
All Replies
-
Your SW1 and SW3 only enable MSTP on one port and those ports are connecting to SW2.
If SW1 has connected to SW3 then those ports have to join MSTP as well.
BTW, not sure you forgot to capture the full configuration for SW3, it should change to MSTP mode too.
0 -
Hi @cuong,
Based on the description, kindly ensure that the "spanning-tree mode MSTP" on GS1920-48(SW3) is configured.
Web GUI: [Advanced Application > Spanning Tree Protocol > Configuration]
And configure the interface that you would like to connect the ring with.
Eg. SW1 & SW3 interface 1 must be configured with MSTP also.
Hope it helps.
PS: Thanks @Ace for the answer
Zyxel_Jonas
https://us.v-cdn.net/6029482/uploads/78HOOSV0BUBI/240828-nebula-27s-intentcommunity-homepage-1920-x-400.jpgDon't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
1 -
Dear Jonas, Ace,
Thank for your support.
For mstp configuration, SW1,SW2,SW3 all interfaces must be configured with MSTP, right?
Besides, please help me ,how to configuration dhcp snooping and arp inspection on network diagram above, the dhcp server connected on interface 20 sw1.
My configuration:
XGS4600-32(SW1)
interface port-channel 25
pvid 250
dhcp snooping trust
exit
interface port-channel 20
pvid 100
dhcp snooping trust
exit
dhcp relay 10 helper-address 172.17.100.10
dhcp relay 50 helper-address 172.17.100.10
dhcp relay 100 helper-address 172.17.100.10
dhcp relay 210 helper-address 172.17.100.10
dhcp snooping
dhcp snooping vlan 10,50,100,210
GS1920-48(SW2):
interface port-channel 47
pvid 250
dhcp snooping trust
exit
interface port-channel 48
pvid 250
dhcp snooping trust
exit
dhcp snooping
dhcp snooping vlan 10,50,100,210
GS1920-48(SW3):
interface port-channel 48
pvid 250
dhcp snooping trust
exit
dhcp snooping
dhcp snooping vlan 10,50,100,210
Sorry my english is not good.
Thanks and best regards.0 -
@cuong
No need enable MSTP on all ports.
Your SW2 configuration is correct, because MSTP enable on (port 47)SW1 and (Port 48) SW3.
Follow the same concept on the SW1 and SW3. It should work.
For DHCP snooping, enable "dhcp snooping trust" on port if that port will receive DHCP server packets.
SW1 needs enabled "dhcp snooping trust" on port 20 only, because only port 20 will receive DHCP server packet.
SW2 port 47 and 48.
SW3 port 48 and port connected to SW1.
About ARP inspection, my experience is enabling ARP inspection on uplink and downlink port and it can work correctly.
SW1 enables "ARP inspection trust" on port which connect to ZyWALL 1100 and port 25.
SW2 port 47 and 48.
SW3 port 48 and port connected to SW1.
BTW, you should enable DHCP snooping first to make the snooping table created. After that you can enable ARP inspection.
If you enable ARP inspection first, you may loss connection....
0 -
Dear Ace said:@cuong
No need enable MSTP on all ports.
Your SW2 configuration is correct, because MSTP enable on (port 47)SW1 and (Port 48) SW3.
Follow the same concept on the SW1 and SW3. It should work.
===>The end user accidentally connects a network wire from SW1 to SW3, so create a loop network.
How to resolve this problem,i need to enable loop guad, right?
For DHCP snooping, enable "dhcp snooping trust" on port if that port will receive DHCP server packets.
SW1 needs enabled "dhcp snooping trust" on port 20 only, because only port 20 will receive DHCP server packet.
SW2 port 47 and 48.
SW3 port 48 and port connected to SW1.
==> I configure dhcp snooping switch layer 3 only, no need enable dhcp snooping on switch layer 2, right?
About ARP inspection, my experience is enabling ARP inspection on uplink and downlink port and it can work correctly.
SW1 enables "ARP inspection trust" on port which connect to ZyWALL 1100 and port 25.
SW2 port 47 and 48.
SW3 port 48 and port connected to SW1.
BTW, you should enable DHCP snooping first to make the snooping table created. After that you can enable ARP inspection.
If you enable ARP inspection first, you may loss connection....0 -
@cuong
I'm confusing, your networking has ring topolgoy or not?If it is not and you just want to avoid looping issue. The MSTP is unnecessary. Just enable loop-guard on all ports excluding uplink port.
When looping issue appear, you can go to ErrDisable or system log to find the detail information.
BTW, by default err-disable recovery is disable, you can enable it if needed.
5 -
Dear Ace,
Thank you so much.
My network hasn't ring topology.
Thank and Best Regard.0 -
Hi @cuong,
Good day.
If there is no ring topology, you just need to enable loop guard to all port to avoid loop in your network environment.
About the question below:SW1 needs enabled "dhcp snooping trust" on port 20 only, because only port 20 will receive DHCP server packet.
SW2 port 47 and 48.
SW3 port 48 and port connected to SW1.
==> I configure dhcp snooping switch layer 3 only, no need enable dhcp snooping on switch layer 2, right?We suggest configuring DHCP snooping and ARP inspection on layer 2 switch also to prevent some attackers connecting DHCP server which may cause the other users to get the wrong IP address and to avoid ARP spoofing.
And for the other inquiry thanks for @Ace sharing the answers and experience.Thanks for supporting Zyxel!
Zyxel_Jonas
https://us.v-cdn.net/6029482/uploads/78HOOSV0BUBI/240828-nebula-27s-intentcommunity-homepage-1920-x-400.jpgDon't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight