-2


I'm having a problem getting a change to my network architecture to work: See network sketch1 The link with the dotted line is what I'm trying to add and have it only carry VLAN 246-248. Whenever I connect that link I lose access to everything past Switch B2. I have the interfaces on either side of that link set to only allow VLAN 246-248 and only allow tagged packets.

In case the image doesn't work, here it is in ascii:

┏━━━━━━━━━━━━━━━┓
┃    Router     ┃
┗━━━━━━━┳━━━━━━━┛    
        ┃
        ┃
┏━━━━━━━┻━━━━━━━┓   1G Fiber    ┏━━━━━━━━━━━━━━━┓
┃  Core Switch  ┣━━━━━━━━━━━━━━━┫   Switch B1   ┃
┗━━━━━━━┳━━━━━━━┛               ┗━━━━━━━┳━━━━━━━┛
        ┃                               ┃
        ┃10G Fiber                      ┃1G Ethernet
        ┃                               ┃
┏━━━━━━━┻━━━━━━━┓   1G Fiber    ┏━━━━━━━┻━━━━━━━┓
┃   Switch A    ┣┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┫   Switch B2   ┃
┗━━━━━━━━━━━━━━━┛  VLAN 246-248 ┗━━━━━━━━━━━━━━━┛
seanjoyce
  • 1
  • 1
  • Welcome to Stackoverflow! Please review the submission guidelines in stackoverflow.com/help. You may want to ask this question on Hardware Recommendations, as well. – Mark McWhirter Jan 23 '20 at 20:56
  • That is an extremely poor design. switches should not be configured in rings or lines, but in trees. Search for `spanning tree` to see why rings do not work. – Ron Maupin Jan 23 '20 at 21:01
  • I think that's bit unfair since you don't know my full topology or what I'm trying to achieve. (I have servers and other infrastructure below Switch A). It is a physical loop but not logical as I only have those 3 VLANs on the new link. – seanjoyce Jan 24 '20 at 13:41
  • No, it is not unfair. The modern best practice is to set up two distribution switches (root and alternate root), and each access switch connects to both distribution switches, but an access switch never connects to another access switch. This is a proven design, and if you brought your design to the correct SE site, the network engineers would explain that to you. Also, disabling STP is an insane thing to do because you can create a broadcast storm that will kill your network, and the only way to recover is to shut down switches until it stops. STP is a failsafe to prevent that. – Ron Maupin Jan 24 '20 at 14:20
  • I'm not following what you would suggest doing in this scenario. Would you remove the link between Switch A-B2? Use MSTP? Or remove the link between B1-Core and have all traffic go through A? – seanjoyce Jan 24 '20 at 22:26

1 Answers1

0

The problem was the interfaces on either side of the new link were being marked as root for STP so I disabled STP on both sides and it was better.

seanjoyce
  • 1
  • 1