hi
i think i need some help in understanding the possible effects of the following scenario and how to do this properly.
given i have 2 independent vlan domains each consisting of multiple switches running (r)stp:
domain A with switches A1 to An is using VLAN 100-200
domain B wich switches B1 to Bn is using VLAN 150-250.
lets assume all switches in each domain are connected via a redundant ring
both domains will have a loop free topology established (and theirfore their own rootbridge elected)by stp and everything is working just fine.
now i want to connect both topologies via at least two links (for redundancy) but only transfer VLAN 150-160 between the 2 domains. In my understanding this will cause the 2 - until now - separate domains to merge and elect one common root bridge.
Having one common root bridge would not cause much of a headache to me but lets assume following scenario:
.)switch A1 gets elected as root bridge
.)switch B1 and B2 connect directly to the root bridge
.)a packet in VLAN 200 enters switch B1 with a destination on B2
.)this packet will now be sent to A1 but the vlan filter will not allow this packet to be transferred via A1
Is this assumption correct?
what is the proper way of having a subset of the used vlans transfer between switches in an redundant stp-enabled topology?
any help is well appreciated
BR
Alex
Re: connecting multiple VLAN domains - possible STP issue
In my understanding, the proper way would be to move the VLANs present in both groups into a third group so that their topology changes would be controlled independently from the rest. I am not sure whether this is possible using RSTP, I only know how to do that using MSTP where you have an own spanning tree instance per each group of VLANs, and a single BPDU carries the individual information for as many instances as configured.
So in your example, you would have VLANs 150-200 in one group (say, MSTP instance 0 or basic, which is implicitly active), VLANs 100-149 in another group controlled by MSTP instance 1, and VLANs 201 to 250 in yet another group controlled my MSTP instance 2.
To make this work on Mikrotik, you need to use the new bridge mode (6.41 and above), switch vlan-filtering on the bridge to yes and configure MSTP as bridge protocol and configure its instances accordingly.
So in your example, you would have VLANs 150-200 in one group (say, MSTP instance 0 or basic, which is implicitly active), VLANs 100-149 in another group controlled by MSTP instance 1, and VLANs 201 to 250 in yet another group controlled my MSTP instance 2.
To make this work on Mikrotik, you need to use the new bridge mode (6.41 and above), switch vlan-filtering on the bridge to yes and configure MSTP as bridge protocol and configure its instances accordingly.
Re: connecting multiple VLAN domains - possible STP issue
thanks very much for your expaination!
i did some reading myself already and figured that i will need to use mstp. my problem however is that although my mikrotik supports it i have a legacy switch infrastructure which does not support mstp. however i can design everything in a way that the excahngepoint will be my mikrotik router so is it possible to configuere mstp on a bridge on my mt and have only one mstp region exported to each switch domain?
BR
Alex
i did some reading myself already and figured that i will need to use mstp. my problem however is that although my mikrotik supports it i have a legacy switch infrastructure which does not support mstp. however i can design everything in a way that the excahngepoint will be my mikrotik router so is it possible to configuere mstp on a bridge on my mt and have only one mstp region exported to each switch domain?
BR
Alex
Re: connecting multiple VLAN domains - possible STP issue
I'm not deep enough into it that I could provide an authoritative answer.
For me, the spanning trees for the two VLAN groups on switches A, i.e. the one which reaches behind the pair of Mikrotiks and the other one which does not, must be different if you want switches B excluded from becoming part of the second group's spanning tree as well.
If I get things right, you can use an MSTP-controlled core to interconnect two RSTP-controlled islands if both those islands contain the same VLANs, but I suspect that only MST instance 0 can be used for this purpose as RSTP-capable machine only reads the part of the BPDU which describes instance 0.
After all, if your scenario was compatible with RSTP, why would anoyone bother to develop PVST, PVST+ etc., up to MSTP
For me, the spanning trees for the two VLAN groups on switches A, i.e. the one which reaches behind the pair of Mikrotiks and the other one which does not, must be different if you want switches B excluded from becoming part of the second group's spanning tree as well.
If I get things right, you can use an MSTP-controlled core to interconnect two RSTP-controlled islands if both those islands contain the same VLANs, but I suspect that only MST instance 0 can be used for this purpose as RSTP-capable machine only reads the part of the BPDU which describes instance 0.
After all, if your scenario was compatible with RSTP, why would anoyone bother to develop PVST, PVST+ etc., up to MSTP
Re: connecting multiple VLAN domains - possible STP issue
I think you could solve the situation by
- forcing the two Mikrotiks forming up the core as the best root bridge candidates by manipulating their priority,
- having no other connection between A switches and B switches except via the Mikrotiks,
- creating a dual direct interconnection between the Mikrotiks.
- either to still have a path between A switches , in such case, you have to permit the A-only VLANs on "backbone" ports of B switches,
- or to prevent A-only VLANs from becoming available at B swicthes by any means, but the price to pay here is that when three links fail, some A switches stop seeing other A switches.