I have a problem with a couple of Dell PowerConnect 6248 switches (latest firmware) connected to a pair of external (3rd party) switches providing Internet connectivity via HSRP.
I'll post more detailed configuration when I get time, but briefly this is what the setup looks like:
ISP SW1 ISP SW2
| |
| * (disconnected)
| |
6248 SW1 6248 SW2
(VLAN 10) (VLAN 10)
| |
Firewall 1 Firewall 2
| |
6248 SW1 6248 SW2
(VLANs 20, 30, 40) (VLANs 20, 30 ,40)
| |
| |
----- Port Channel -------
(Trunking VLANs 20,30,40)
Now, the only things connected to the switchports for VLAN 10 are the ISP switch uplinks and the public interface of the firewall HA pair. Currently VLAN 10 on each switch are not connected together, I'll come to that in a second.
Only one firewall node is active at any one time, therefore all WAN traffic goes through a single firewall.
The remaining backend VLANs are connected to their own interfaces on the firewalls, so the firewalls handles all traffic routing between VLANs. For the backend VLANs, there is a Port Channel that trunks all of them between the switches (so, everything except VLAN 10).
Now, as you can see one of the WAN feeds is currently disconnected. The problem I'm seeing is that if I connect that WAN feed, STP puts the whole Port Channel on SW2 into discarding mode. So it appears to be seeing a loop somewhere, but I can't figure out where. There are no other ports that are members of VLAN 10, and the port channel isn't trunking VLAN 10 traffic, so why is STP choosing to block the channel?
Thanks for the feedback regarding MSTP - We will need to look at this. However, there is one thing that still doesn't make sense. These two 6248 switches are replacements for a pair of old 5324 switches. The old switches did not have this issue, but I've double-checked their configuration and they do not have MSTP explicitly enabled. Could MSTP have been enabled by default on the old switches and not the new?
UPDATE:
I have confirmed that MSTP was not enabled on the old switches. They were configured for RSTP, same as the replacements. No other specific configuration was in place. I'd like to understand why things used to work before I go about enabling MSTP
One thing I have noticed, and I guess it's due to the difference in firmwares, is that the Port Channel on the older switch appears to be trunking VLAN1 and allowing untagged frames by default. The new switch does not. Here's the config from one of the old switches:
# sh interfaces switchport port-channel 1
Port : ch1
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan Name Egress rule Port Membership Type
---- -------------------------------- ----------- --------------------
1 1 Untagged System
20 20 Tagged Static
30 30 Tagged Static
40 40 Tagged Static
And the config from one of the new switches:
#show interfaces switchport port-channel 1
Port: ch1
VLAN Membership mode:Trunk Mode
Operating parameters:
PVID: 1
Ingress Filtering: Enabled
Acceptable Frame Type: VLAN Only
Default Priority: 0
GVRP status:Disabled
Port ch1 is member in:
VLAN Name Egress rule Type
---- --------------------------------- ----------- --------
20 20 Tagged Static
30 30 Tagged Static
40 40 Tagged Static
0 Answers