Ring of switches and Vlans

lleysan · March 29, 2019, 8:18am

Hello!
Please tell me what am I doing wrong

I have 7 switches CRS328 which are interconnected ( sw1 to sw2 and sw2 to sw3, 3-4, 4-5, 5-6, 6-7 and sw7 to sw1 - ring bonded for redundancy)
And I have main router CCR1016 connected to ring by one link (router on a stick).
Switches have same settings with VLAN-BRIDGE and several VLANS (created at bridge level)
But I could not do the same setup on the router (VLAN-BRIDGE+VLANS created at bridge level) at that time, this configuration did not work on the router and did the same but at interface level (classic vlan configuration).
The scheme has been working for more than half a year.
But a few days ago I noticed that on the switch (which considers itself to be the last in the ring) every minute an error occurs in the log “bridge port received packet with own address as source address, probably loop”.
As soon as I open the loop, the error disappears or I turn off the router, the error disappears.

Does anyone know what could be the reason?

pcunite · March 29, 2019, 12:15pm

Make a list of every MAC address you have, on the interfaces. Then, you should probably set admin-mac to hard code something that will be unique.

LIV2 · March 29, 2019, 6:53pm

The error message is pointing out that you have a switching loop… you’ve connected all your switches in a loop for “redundancy”

You need to learn about Spanning-Tree and configure it

lleysan · April 2, 2019, 8:00am

Ok, I’ll try. Thanks!

lleysan · April 2, 2019, 8:03am

No I think that’s another problem. At the bridge level, the connection is based on the root distance.

lleysan · April 4, 2019, 1:43pm

I found a problem!
It is Discovery Neighbors packets.
Do you have any ideas? Why mikrotik can get his packet?
Error: “interface,warning sfp-sfpplus2: bridge port received packet with own address as source address (cc:2d:e0:a1:14:09), probably loop”
Packet: VLAN-BRIDGE out:(unknown 0), src-mac cc:2d:e0:a1:14:09, proto UDP, 0.0.0.0:5678->255.255.255.255:5678, len 155
cc:2d:e0:a1:14:09 - Admin MAC VLAN-BRIDGE

lleysan · April 4, 2019, 2:13pm

Mikrotik can ignore the RSTP? If I turn on discovery on sfp-sfpplus1 I get the loop error, if sfp-sfpplus2 - all ok…
Why?

/interface bridge port monitor 0
interface: sfp-sfpplus1
status: in-bridge
port-number: 25
role: alternate-port
edge-port: no
edge-port-discovery: yes
point-to-point-port: yes
external-fdb: no
sending-rstp: yes
learning: no
forwarding: no
root-path-cost: 50
designated-bridge: 0x8000.CC:2D:E0:8E:E2:C7
designated-cost: 40
designated-port-number: 26
hw-offload-group: switch1

/interface bridge port monitor 1
interface: sfp-sfpplus2
status: in-bridge
port-number: 26
role: root-port
edge-port: no
edge-port-discovery: yes
point-to-point-port: yes
external-fdb: no
sending-rstp: yes
learning: yes
forwarding: yes
root-path-cost: 40
designated-bridge: 0x8000.CC:2D:E0:A0:57:47
designated-cost: 30
designated-port-number: 25
hw-offload-group: switch1

pacman88 · April 24, 2019, 12:24am

I think I am having the same issue.

I have 2 CRS317 and 2 CRS328 connected in a ring. one of the 328 sees 1 interface as root port and one as alternate port - so everything works as expected but it throws those loop warnings in the log exactly once a minute.

also I have connected 2 ccr1009 to those switches via an active/backup bond. sfp+1 is its active slave and ether5 is its passive slave. I am getting exactly the same loop messages on this bond as well. as soon as i disable the passive(=inactive) interface ether5 the messages stop.

this is even stranger to me since as of my knowledge disabling/enabling the secondary interface should not be having any effect at all…

@ lleysan:
can you elaborate what exactly was your issue with neighbor discovery?

BR
Alex

datajerk · April 28, 2019, 3:15pm

I am also having this issue. Exactly once per min my 328 gets this warning only if I have loops. In my case I have a 326 and 328 both connected to the same 10G switch. I have other networking gear with two interfaces for redundancy (they are bridges, single MAC) connected to the 326 and 328. Everything works as expected, the lower bridge priority ports (328) are all alternate-ports and switch to designated-port when the 326 is unavailable. I have not noticed any other problems. Just this once a min warning.

I tried using sfpplus2 vs sfpplus1 and the warning just follows the port.

The warning only comes from the bridge/switch with the numerically largest bridge priority. If I swap the 326 and 328 priorities, the warning comes from the 326.