Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Spantree absent in small switches

Spantree absent in small switches 10 years 5 months ago #15457

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
Been away for awhile.

Glad to see the site is still going gangbusters.

Anyway,

Ran into a problem that I think I have solved, but was interested in other opinions and to pass it along.

We have 2 dsl firewall/4port switches (netgear) - commodity firewalls. We were using these to create our DMZs.

We had one of the one of the ports in firewall1 connected to firewall2. We had 2 servers in firewall2 and a server (sql server) in firewall1 as well as another switch which had all our internal users on it. I also had switch 1 connected directly to Switch2.

This was working most of the time. But everyonce in awhile, something 4 or 5 times a day, I would lose connect to my Sql Server. Others would also lose connection.

I noticed that the Nic card in the Sql Server would lose its connection light. When I rebooted Firewall2, I would then be able to connect to my Sql Server. I realized that sometimes if I waited 4 or 5 minutes it would come back by itself.

I couldn't figure out why rebooting firewall2 would allow me to connect to my sql server (I was on firewall1 as was the Sql Server), until I realized that firewall1 was connected directly to firewall2.

Firewall 2 was causing firewall1 to go down (losing power) to the ports which caused the Sql Servers' Nic card to quit working.

I think what was happening was a spantree problem. It was getting into a loop and I believe the small switches do not have the spantree algorithm in them to break the loops.

I solved the problem by adding another switch and connecting firewall1 and firewall2 to this switch. I wasn't sure if this would introduce another spantree problem, but it apparently didn't as we have had no problem in about 3 weeks.

Just thought I would pass this along if others are connecting (daising chaining) these small switches together. They really are made for small companies or home use.

This will drive you crazy if you don't realize what is happening. This of course, is just a conjecture on my part but seems to have solved the problem.
Thanks,

Tom
The administrator has disabled public write access.

Switches 10 years 5 months ago #15459

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Hi there tfs, nice to see you around again!
You might be right; I've played with small switches, routers and firewalls too that, on paper, claim to support all sorts of useful things. And when you put them in they do - sort of. But they have issues and sometimes do odd things when you really try to use the facilities in a serious way. If the extra switch you added was a decent one then it might have taken over as the root bridge and is doing things properly
The administrator has disabled public write access.

Re: Spantree absent in small switches 10 years 5 months ago #15463

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
Actually, it is the same type of switch. It is just that now their is no perpetual loop by only putting the 2 firewalls in the switch. At least, it seems that way.
Thanks,

Tom
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup