Page 1 of 1

Spanning Tree - Dispute state on Cisco Gear

Posted: Wed Mar 19, 2014 7:36 pm
by smash102
I have been trying to figure his our for over a month now. SO I figure its time to ask you knowledgeable peeps.

Here is my current design:
Cisco 3560 >> MikroTik RB2011UiAS >> Cisco 6509 (sup720)

My problem is with Spanning tree. I have 3 vlans configured on the 3560 and the MikroTik.
Vlan 1,6,102
RSTP is enabled on the bridge.
Vlan 6 and Vlan 102 work perfectly. My issue is with management access on Vlan 1.
SO the problem is why does the Cisco 6509 think there is a loop?

I see the following on the 6509 when running show cdp neigh:
Sarasota-6509-1#show cdp neigh | inc 2/1/20
                 Gig 2/1/20        107               R    MikroTik  VLAN1
                 Gig 2/1/20        107               R    MikroTik  VLAN6
                 Gig 2/1/20        107               R    MikroTik  br-trunk
                 Gig 2/1/20        107               R    MikroTik  VLAN102
                 Gig 2/1/20        133              S I   WS-C3560- Gig 0/1
I thought the only thing i should see of this is the br-trunk. Not sure why i am seeing the rest of it. I thought that could be related, but I am no really seeing much documentation on this in many places.

Spanning Tree for Vlan 1:
Sarasota-6509-1#show spanning-tree vlan 1 interface gi 2/1/20

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Desg BLK 4         128.4116 P2p Dispute

Sarasota-6509-1#show spanning-tree vlan 1 interface gi 2/1/20 detail
 Port 4116 (GigabitEthernet2/1/20) of VLAN0001 is designated blocking (dispute)
   Port path cost 4, Port priority 128, Port Identifier 128.4116.
   Designated root has priority 8192, address 0022.564b.c801
   Designated bridge has priority 32769, address e840.409a.3280
   Designated port id is 128.4116, designated path cost 5
   Timers: message age 0, forward delay 13, hold 0
   Number of transitions to forwarding state: 0
   Link type is point-to-point by default
   BPDU: sent 2626, received 7915
Sarasota-6509-1#

Current Config:
[MTUSA2011] > export
# mar/18/2014 16:43:57 by RouterOS 6.7
# software id = YX2B-P6TV
#
/interface bridge
add l2mtu=1594 name=VLAN6
add l2mtu=1594 name=VLAN102
add l2mtu=1598 name=br-trunk
/interface ethernet
set [ find default-name=ether1 ] bandwidth=5M/5M comment="Trunk for Barfield Wireless connection" speed=1Gbps
set [ find default-name=ether2 ] bandwidth=4M/4M comment=\
    "Contracting - Vlan 102 - Internet - BW= 3 Mbps"
set [ find default-name=ether3 ] bandwidth=4M/4M comment="Lawn Service - Vlan 102 - Internet - BW= 3 Mbps"
set [ find default-name=ether4 ] bandwidth=3200/3200
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290 ssid=MikroTik
/ip neighbor discovery
set ether1 comment="Trunk for Barfield Wireless connection - BW= 5 Mbps"
set ether2 comment="Contracting - Vlan 102 - Internet - BW= 3 Mbps"
set ether3 comment="Lawn Service - Vlan 102 - Internet - BW= 3 Mbps"
/interface vlan
add interface=br-trunk l2mtu=1594 name="VLAN 1" vlan-id=1
add interface=br-trunk l2mtu=1594 name="VLAN 6" vlan-id=6
add interface=br-trunk l2mtu=1594 name="VLAN 102" vlan-id=102
/interface ethernet switch port
set 6 vlan-mode=fallback
set 7 vlan-mode=fallback
set 8 vlan-mode=fallback
set 9 vlan-mode=fallback
set 10 vlan-mode=fallback
set 12 vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] authentication-password=**** encryption-password=**** security=authorized
add addresses=0.0.0.0/0 name=**** write-access=yes
/interface bridge port
add bridge=VLAN102 interface="VLAN 102"
add bridge=VLAN102 edge=yes interface=ether2
add bridge=VLAN102 interface=ether3
add bridge=VLAN6 interface=ether4
add bridge=br-trunk edge=no interface=sfp1
add bridge=br-trunk edge=no interface=ether1
add bridge=VLAN6 interface="VLAN 6"
/ip address
add address=10.19.0.53/32 interface="VLAN 6" network=10.19.0.1
/ip route
add check-gateway=ping distance=1 gateway=10.19.0.1
/ip upnp
set allow-disable-external-interface=no
/lcd
set default-screen=informative-slideshow
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/snmp
set contact="ME" enabled=yes location=Contracting trap-community=**** \
    trap-version=2
/system clock
set time-zone-name=America/New_York
/system identity
set name=Contracting-MTUSA2011
/system ntp client
set enabled=yes mode=unicast primary-ntp=10.19.0.1 secondary-ntp=172.30.3.250
[MTUSA2011] > 

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Wed Mar 19, 2014 11:07 pm
by rextended
Enable RSTP:
/interface bridge
add l2mtu=1594 name=VLAN6 protocol-mode=rstp
add l2mtu=1594 name=VLAN102 protocol-mode=rstp
add l2mtu=1598 name=br-trunk protocol-mode=rstp

But... the VLAN are over ethernet then bridged,
not bridge the ethernet and add vlan on bridge?
I never use this way:
/interface vlan
add interface=br-trunk l2mtu=1594 name="VLAN 1" vlan-id=1
add interface=br-trunk l2mtu=1594 name="VLAN 6" vlan-id=6
add interface=br-trunk l2mtu=1594 name="VLAN 102" vlan-id=102
/interface bridge port
add bridge=VLAN102 interface="VLAN 102"
add bridge=VLAN102 edge=yes interface=ether2
add bridge=VLAN102 interface=ether3
add bridge=VLAN6 interface=ether4
add bridge=br-trunk edge=no interface=sfp1
add bridge=br-trunk edge=no interface=ether1
add bridge=VLAN6 interface="VLAN 6"




I usually do like:
/interface vlan
add interface=sfp1 name="sfp1-vlan-id-1" vlan-id=1
add interface=ether1 name="eher1-vlan-id-1" vlan-id=1
add interface=ether2 name="eher2-vlan-id-102" vlan-id=102
add interface=ether3 name="eher3-vlan-id-102" vlan-id=102
add interface=ether4 name="eher4-vlan-id-6" vlan-id=6

/interface bridge
add name="bri-vlan-id-1" protocol-mode=rstp
add name="bri-vlan-id-6" protocol-mode=rstp
add name="bri-vlan-id-102" protocol-mode=rstp

/interface bridge port
add bridge=bri-vlan-id-1 interface=sfp1-vlan-id-1
add bridge=bri-vlan-id-1 interface=eher1-vlan-id-1
add bridge=bri-vlan-id-6 interface=eher4-vlan-id-6
add bridge=bri-vlan-id-102 interface=eher2-vlan-id-102
add bridge=bri-vlan-id-102 interface=eher3-vlan-id-102

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Fri Mar 21, 2014 2:21 am
by smash102
I usually do like:
/interface vlan
add interface=sfp1 name="sfp1-vlan-id-1" vlan-id=1
add interface=ether1 name="eher1-vlan-id-1" vlan-id=1
add interface=ether2 name="eher2-vlan-id-102" vlan-id=102
add interface=ether3 name="eher3-vlan-id-102" vlan-id=102
add interface=ether4 name="eher4-vlan-id-6" vlan-id=6

/interface bridge
add name="bri-vlan-id-1" protocol-mode=rstp
add name="bri-vlan-id-6" protocol-mode=rstp
add name="bri-vlan-id-102" protocol-mode=rstp

/interface bridge port
add bridge=bri-vlan-id-1 interface=sfp1-vlan-id-1
add bridge=bri-vlan-id-1 interface=eher1-vlan-id-1
add bridge=bri-vlan-id-6 interface=eher4-vlan-id-6
add bridge=bri-vlan-id-102 interface=eher2-vlan-id-102
add bridge=bri-vlan-id-102 interface=eher3-vlan-id-102

I think you misunderstood the design.

SFP1 is a trunk for all vlans (1,6,102)
Ether1 is a trunk for all vlans (1,6,102)
Ether 2-5 will be used as access ports for vlan 102


I see how you did the RSTP. I checked RSTP on the winbox but I guess its not applying it correctly.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Fri Mar 21, 2014 3:03 am
by smash102
I noticed that the newer version of the RB OS doesn't state that RSTP is working even though it is applied.

so I think i still am at square 1.
Also take note that new RB OS settings are acting just like Cisco and Juniper now NEW defaults do not show.
[MTUSA2011] > /interface bridge print
Flags: X - disabled, R - running 
 0  R name="VLAN1" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:1C:7A:1B protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 

 1  R name="VLAN6" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:1C:7A:1B protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 

 2  R name="VLAN102" mtu=1500 l2mtu=1594 arp=enabled mac-address=D4:CA:6D:1C:7A:1B protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 

 3  R name="br-trunk" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:1C:7A:1B protocol-mode=rstp priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 
[r00tuser@GlobalContracting-MTUSA2011] > /interface bridge export
# mar/20/2014 21:00:07 by RouterOS 6.9
# software id = YX2B-P6TV
#
/interface bridge
add l2mtu=1594 name=VLAN1
add l2mtu=1594 name=VLAN6
add l2mtu=1594 name=VLAN102
add l2mtu=1598 name=br-trunk

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Fri Mar 21, 2014 4:26 pm
by smash102
WOOT I FOUND THE PROBLEM

Ok now that I know what the issue is, how do I fix it?

Problem
[MTUSA2011] /interface bridge> monitor VLAN1
                  state: enabled
    current-mac-address: D4:CA:6D:1C:7A:1B
            root-bridge: yes
         root-bridge-id: 0x9000.D4:CA:6D:1C:7A:1B
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
The MikroTik wants to be the root-bridge.
As you can see from the above monitor, I increased the root-bridge-ID hex value to 9000 - No help
I attempted to add a high value Admin ID - No help
Wireshark capture shows that the MikroTik is in deed advertising root port cost of = 0
Capture.PNG
What is odd, the other vlans are working just fine even though they are also trying to advertise a root cost of 0.
[MTUSA2011] /interface bridge> monitor VLAN6
                  state: enabled
    current-mac-address: D4:CA:6D:1C:7A:1B
            root-bridge: yes
         root-bridge-id: 0x9000.D4:CA:6D:1C:7A:1B
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1

[MTUSA2011] /interface bridge> monitor VLAN102
                  state: enabled
    current-mac-address: D4:CA:6D:1C:7A:1B
            root-bridge: yes
         root-bridge-id: 0x9000.D4:CA:6D:1C:7A:1B
         root-path-cost: 0
              root-port: none
             port-count: 4
  designated-port-count: 3

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Sat Mar 22, 2014 4:37 am
by collisiondomain
Tagging to follow.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Tue Mar 25, 2014 4:42 pm
by smash102
Received an email from MikroTik support.
Not helpful at all.
Hello,

Looks like there is some misconfiguration between Cisco and MikroTik routers which causes multiple paths. If you want to make this MikroTik configuration to work with a Cisco, either disable RSTP or ensure that VLAN1, VLAN6 and VLAN102 are not separated but also are on one interface like in MikroTik router and RSTP is enabled only on that one interface.

Regards,
Janis Becs
So my question is still the same.... How do you do that?


Side note, when RSTP is disabled in the current configuration, conflicts still occur as RSTP from the remote or the local cisco switch still see's multiple paths.

My confusion is with his last sentence:
but also are on one interface like in MikroTik router
In the Cisco switches they are 802.1q trunks and a single interface is configured as a trunk. Making a trunk in the MikroTik just seams complicated and convoluted. From what I see, many of the MikroTik experts out there can't seam to agree on a rule of thumb when configuring a trunk on a MikroTik device. It looks like there are more than 1 way to generate a 802.1q trunk, which logic dictates is asking for trouble.

At least with Cisco its:
switchport trunk encap dot
switchport mode trunk
switchport trunk allowed vlan 1,6,102
switchport trunk native vlan 666
so can anyone easily show how to do the same on a MikroTik?
I need SFP1 and Ethernet 1 to act the same way. I need it to be an industry standard 802.1Q trunk with only those 3 VLANs on it. I need to be able to use those 3 VLANs any way I want on the remaining Ethernet ports on ASIC1 or ASIC 2 attached mediums.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Wed Mar 26, 2014 3:04 pm
by smash102
Ok,

I lab'ed this up last night and did some extended testing.

This is the resulting configuration that shows only 1 CDP neighbor and is running spanning tree for the bridge.
Please review this and let me know if there is something you would do differently.
[MTUSA2011] > export
# jan/01/1970 19:42:00 by RouterOS 6.9
# software id = ZDC0-1N80
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether2 ] bandwidth=4M/4M comment=\
    "Contracting - Vlan 102 - Internet - BW= 3 Mbps"
set [ find default-name=ether3 ] bandwidth=4M/4M comment=\
    "Lawn Service - Vlan 102 - Internet - BW= 3 Mbps"
set [ find default-name=ether4 ] bandwidth=3200/3200
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290 ssid=MikroTik
/ip neighbor discovery
set ether2 comment="Contracting - Vlan 102 - Internet - BW= 3 Mbps"
set ether3 comment="Lawn Service - Vlan 102 - Internet - BW= 3 Mbps"
/interface vlan
add interface=bridge1 l2mtu=65531 name=vlan1 use-service-tag=yes vlan-id=1
add interface=bridge1 l2mtu=65531 name=vlan6 use-service-tag=yes vlan-id=6
add interface=bridge1 l2mtu=65531 name=vlan102 use-service-tag=yes vlan-id=\
    102
/interface ethernet
set [ find default-name=ether1 ] bandwidth=5M/5M comment=\
    "Trunk for Wireless connection" master-port=sfp1 speed=1Gbps
/ip neighbor discovery
set ether1 comment="Trunk for Wireless connection"
/interface ethernet switch port
set 0 default-vlan-id=666
set 2 default-vlan-id=102 vlan-header=add-if-missing
set 3 default-vlan-id=102 vlan-header=add-if-missing
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 12 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] authentication-password=**** encryption-password=\
    **** security=authorized
add addresses=0.0.0.0/0 name=**** write-access=yes
/interface bridge port
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
/interface ethernet switch vlan
add independent-learning=no ports=sfp1 switch=switch1 vlan-id=1
add independent-learning=no ports=sfp1 switch=switch1 vlan-id=6
add independent-learning=no ports=sfp1 switch=switch1 vlan-id=102
/ip address
add address=10.19.0.53/32 interface=vlan6 network=10.19.0.1
/ip route
add check-gateway=ping distance=1 gateway=10.19.0.1
/ip upnp
set allow-disable-external-interface=no
/lcd
set default-screen=informative-slideshow
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/snmp
set contact="ME" enabled=yes location=Here \
    trap-community=**** trap-version=2
/system clock
set time-zone-name=America/New_York
/system identity
set name=MTUSA2011
/system ntp client
set enabled=yes mode=unicast primary-ntp=10.19.0.1 secondary-ntp=172.30.3.250
[MTUSA2011] >


Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Thu Apr 03, 2014 11:05 pm
by smash102
After attempting several possible combinations and not getting any traffic flowing in production, I'm at the point where I don't think that you can generate a true trunk with a MikroTik.

Little or no support from MikroTik support and the forums are almost dead, that leaves me little option left.

Please prove me wrong and provide working confirmation that can be duplicated.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Tue Apr 08, 2014 12:02 am
by smash102
Update:

Well in the heat of my exasperation, I disabled RSTP and got stable connectivity.

NOTE: I know I did not have a loop. There were no adverse affects.

I enabled STP not RSTP just regular old STP and it worked. The Cisco 6509 showed/complained about the use of the older protocol, but it worked. Full connectivity restored.

NOTE: Cisco admits to a new feature on the latest code of 6509 and Nexus gear. This is in conformance with new RSTP standards that Mikrotik may not be following yet. From this experience, you all need to be aware that you will have incompatibility issues. I currently have a TAC ticket open and they are looking into this.

I just hope MikroTik is also looking into this incompatibility issue as I have heard nothing from support since my initial request.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Wed Apr 09, 2014 3:17 pm
by smash102
Just to throw out an update:

Cisco said that here is no way to turn off their RSTP/STP enhancements and it is something they are moving full force with on all new IOS updates.

That said, I diverted to a hardware switching process instead of the software process.
Reference:
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
Here is an excerpt of my existing config that appears to be working. Only drawback is the bandwidth regulation is not being applied bi-directionally. It appears that with the "Master Port" option your bandwidth is restricted on all inbound directions to the switch.

So instead of the anticipated synchronous speeds I want to get its a-synchronous.
Does anyone know how to modify this to get synchronous?
# apr/09/2014 07:48:34 by RouterOS 6.11
#
/interface ethernet
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] l2mtu=2290 ssid=MikroTik
/interface vlan
add interface=sfp1 l2mtu=1594 name="VLAN 1" vlan-id=1
add interface=sfp1 l2mtu=1594 name="VLAN 6" vlan-id=6
add interface=sfp1 l2mtu=1594 name="VLAN 102" vlan-id=102
/interface ethernet
set [ find default-name=ether1 ] bandwidth=5M/5M comment=\
    "Trunk for Wireless connection" master-port=sfp1 speed=1Gbps
set [ find default-name=ether2 ] bandwidth=8M/8M comment=\
    "Contracting - Vlan 102 - Internet - BW= 6 Mbps" master-port=sfp1
set [ find default-name=ether3 ] bandwidth=4M/4M comment=\
    "Lawn Service - Vlan 102 - Internet - BW= 3 Mbps" master-port=sfp1
set [ find default-name=ether4 ] bandwidth=4M/4M comment="Spare- 4 Mbps" \
    master-port=sfp1
/ip neighbor discovery
set ether1 comment="Trunk for Wireless connection"
set ether2 comment="Contracting - Vlan 102 - Internet - BW= 6 Mbps"
set ether3 comment="Lawn Service - Vlan 102 - Internet - BW= 3 Mbps"
set ether4 comment="Spare- 4 Mbps"
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=102 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=102 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=102 vlan-header=always-strip vlan-mode=secure
set 11 vlan-mode=secure
set 12 vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] authentication-password=xxxx encryption-password=\
    xxxx security=authorized
add addresses=0.0.0.0/0 name=xxxx write-access=yes
/interface ethernet switch vlan
add independent-learning=no ports=sfp1,ether1 switch=switch1 vlan-id=1
add independent-learning=no ports=sfp1,ether1,ether2,ether3,ether4 switch=\
    switch1 vlan-id=102
add independent-learning=no ports=sfp1,ether1,switch1-cpu switch=switch1 \
    vlan-id=6
/ip address
add address=x.x.x.x/32 interface="VLAN 6" network=x.x.x.x
/ip route
add check-gateway=ping distance=1 gateway=x.x.x.x
/ip upnp
set allow-disable-external-interface=no
/lcd
set default-screen=informative-slideshow
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,e\
    ther9,ether10,wlan1"
/snmp
set contact="me" enabled=yes location=OutThere \
    trap-community=xxxx trap-version=2
/system clock
set time-zone-name=America/New_York
/system identity
set name=MTUSA2011
/system ntp client
set enabled=yes mode=unicast primary-ntp=x.x.x.x secondary-ntp=172.30.3.250

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Fri Apr 11, 2014 3:33 pm
by smash102
I am updating this for anyone following in my footsteps and generating a Cisco Trunk or having issues with STP dispute states in the future.

Since MT support is watching this forum post, but is to busy to update it or post here for your benefit, i want to provide their response for you:

MT has replied to my support request via email. They have also verified that it meets or exceeds their standards and requirements for this situation.

Please NOTE:
MT has also verified that the Bandwidth issue I am seeing is a BUG. They however did not provide a Bug ID.

-----Original Message-----
From: MikroTik support [Janis Becs] [mailto:support@mikrotik.com]
Sent: Friday, April 11, 2014 4:14 AM
To: smash102
Subject: Re: [Ticket#2014031966000908] MikroTik to Cisco RSTP issue

Yes, it is the most common and secure VLAN configuration using RB2011 switch-chip.

I can add that it is nowhere stated or prohibited, but we do not recommend to mix switch-chip VLAN configuration with bridging VLAN configuration on the same ports since they do the same thing regarding VLAN tagging (it is only in different hardware levels).

Regards,
JB

04/10/2014 19:39 - smash102 wrote:

> Does it look like I followed MT standards for that configuration?
>
> ~smash102
>
> -----Original Message-----
> From: MikroTik support [Janis Becs] [mailto:support@mikrotik.com]
> Sent: Thursday, April 10, 2014 8:03 AM
> To: smash102
> Subject: Re: [Ticket#2014031966000908] MikroTik to Cisco RSTP issue
>
> Hello,
>
> Looking at forum posts I see you have figured out VLAN configuration
> for your setup, sorry that I could not help more.
>
> I am writing to inform you that TX bandwidth limiting problem is
> confirmed as a bug. We are looking forward to fix it in the upcoming versions.
>
> Regards,
> JB

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Fri Apr 18, 2014 2:54 pm
by cdiedrich
Thanks for your work, smash102.
Very informative to me as I'm going to face a very similar configuration in May.

Cheers
-Chris


Sent from my iPhone using Tapatalk

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Tue Apr 29, 2014 4:04 pm
by smash102
Update:

I have recieved word from MT support. Here is what they are willing to do about the known bug for the bandwidt limiting at a hardware switched level. Software still works, but becomes an issue with RTP as noted above.

----------------------------------------------------------
Hello,

We do not have public bug tracking system. I have locked this ticket and will inform you as soon as this bandwidth limiting problem is fixed.

Regards,
Janis Becs
----------------------------------------------------------

Also please note:
Here is their recommended best configuration for using the second set of ports on the UAS2011.
> > RB2011 has 2 switch-chips (sfp1,ether1-ether5 and ether6-ether10), 
> > they are completely isolated. To connect them together either a 
> > cable must be used or master-ports should be added to the same bridge thus connecting them through CPU.
> > 
> > 1) To add ether6 port to your configuration configure it as 
> > master-port in the second switch-chip.
> > 
> > 2) Add master-ports in a bridge:
> > 
> > /interface bridge
> > add name=bridge1
> > /interface bridge port
> > add bridge=bridge1 interface=sfp1
> > add bridge=bridge1 interface=ether6
> > 
> > 3) In switch-chip VLAN table add switch1-cpu port to VLAN 102 in 
> > switch1 and add
> > ether6 and switch2-cpu port to VLAN 102 in switch2.
> > 
> > /interface ethernet switch vlan
> > add ports=ether1,ether2,...,switch1-cpu switch=switch1 vlan-id=102 
> > add ports=ether6,switch2-cpu switch=switch2 vlan-id=102
> > 
> > Regards,
> > Janis Becs

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Tue Apr 29, 2014 4:06 pm
by smash102
Thanks for your work, smash102.
Very informative to me as I'm going to face a very similar configuration in May.

Cheers
-Chris
Let me know if you run into any issues. I would be more than happy to lab some stuff to help.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Thu May 01, 2014 4:39 pm
by smash102
UPDATE

I recieved word from MT Support:

Hello,

TX limiting problem will be fixed in RouterOS v6.13.
The pre-release with fixes is available from link:
http://www.mikrotik.com/download/share/ ... latest.npk

Regards,
Janis Becs


Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Wed May 07, 2014 9:26 am
by IPANetEngineer
Just out of curiosity, have you tried enabling MSTP on the Cisco side? Cisco's version of RSTP has proprietary features built in whereas their MSTP version is standardized and is interoperable with RSTP.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Tue Jun 17, 2014 10:09 pm
by cma1kep
At least with Cisco its:
switchport trunk encap dot
switchport mode trunk
switchport trunk allowed vlan 1,6,102
switchport trunk native vlan 666
so can anyone easily show how to do the same on a MikroTik?
I need SFP1 and Ethernet 1 to act the same way. I need it to be an industry standard 802.1Q trunk with only those 3 VLANs on it. I need to be able to use those 3 VLANs any way I want on the remaining Ethernet ports on ASIC1 or ASIC 2 attached mediums.
I also could not set up the CCR1036 STP/RSTP with a trunk in a "true" way, all my attempts turned to fail.

For example, I have topology as attachment to this post. two CCR's + two Cisco 3750 in a Stack mode(working as one switch).

Information about VLAN249 on first CCR:
[admin@dcGw1] /interface bridge> monitor BI_VLAN249 
                  state: enabled
    current-mac-address: 00:0C:42:B2:88:B9
            root-bridge: yes
         root-bridge-id: 0x8000.00:0C:42:B2:88:B9
         root-path-cost: 0
              root-port: none
             port-count: 4
  designated-port-count: 2
Information on second CCR
 [admin@dcGw2] /interface bridge> monitor BI_VLAN249 
                     ;;; BI_PublicInternet
                  state: enabled
    current-mac-address: 00:0C:42:B2:8C:15
            root-bridge: no
         root-bridge-id: 0x8000.00:0C:42:B2:88:B9
         root-path-cost: 10
              root-port: eth1_vlan249
             port-count: 4
  designated-port-count: 1
Everything looks fine, one of them is beenig root, second one is beening as not root.
But let's look to Cisco switch output:
SWstack#sh spanning-tree vlan 249

VLAN0249
Spanning tree enabled protocol rstp
Root ID Priority 33017
Address 0022.be9e.b780
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33017 (priority 32768 sys-id-ext 249)
Address 0022.be9e.b780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/46 Desg FWD 19 128.46 P2p
Po1 Desg FWD 3 128.488 P2p Edge
Po2 Desg FWD 3 128.496 P2p Edge
Po4 Desg FWD 3 128.512 P2p Edge
Po5 Desg FWD 3 128.520 P2p
Po6 Desg FWD 3 128.528 P2p
Po7 Desg FWD 3 128.536 P2p
Po8 Desg FWD 3 128.544 P2p
Po9 Desg FWD 3 128.552 P2p Edge
Gi2/0/46 Back BLK 4 128.100 P2p
SWstack#

Why Cisco Switch becomes as root bridge - is confusing me.
More in deep information from Cisco switch:
SWstack#sh spanning-tree vlan 249 interface Gi2/0/46 detail 
 Port 100 (GigabitEthernet2/0/46) of VLAN0249 is backup blocking 
   Port path cost 4, Port priority 128, Port Identifier 128.100.
   Designated root has priority 33017, address 0022.be9e.b780
   Designated bridge has priority 33017, address 0022.be9e.b780
   Designated port id is 128.46, designated path cost 0
   Timers: message age 16, forward delay 0, hold 0
   Number of transitions to forwarding state: 8
   Link type is point-to-point by default
   BPDU: sent 201, received 1397377
SWstack#
SWstack#sh spanning-tree vlan 249 interface Gi1/0/46 detail 
 Port 46 (GigabitEthernet1/0/46) of VLAN0249 is designated forwarding 
   Port path cost 19, Port priority 128, Port Identifier 128.46.
   Designated root has priority 33017, address 0022.be9e.b780
   Designated bridge has priority 33017, address 0022.be9e.b780
   Designated port id is 128.46, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 1291887, received 2
SWstack#
So how two make ONLY one root bridge switch in this topology?

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Fri Jun 20, 2014 10:13 am
by cma1kep
Mikrotik team
any suggestions?

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Sat Dec 13, 2014 3:10 am
by mjclancy83
I'm seem to be having a similar issue with a trunk to a Huawei 5700 switch, reverting to vanilla STP seems to resolve the issue. Huawei switch shows duplicate MACs learned on a tagged VLAN and VLAN 1.

Mikrotik - this is a fairly critical issue if one is interfacing to any of the 3rd party switch vendors equipment. Are you able to provide and forecasts of a fix for this issue? I can provide further details if necessary.

Re: Spanning Tree - Dispute state on Cisco Gear

Posted: Sun Feb 07, 2016 6:54 am
by smash102
FYI - No update even with the latest software from the MT Support team.

We have turned on STP and are placing routed ports toward the MT.

Yes I have tested with MSTP but have the same failure and more issues.

We have moved to the 5 port RB Switches which have none of these issues. but if you need more than 1 sfp and 5 copper gig ports were back in this same boat.

Routed ports instead of extensions of VLAN is the best answer I have for your if you can support it. My MPLS programming is routing correctly and even overlay programming is working.

Side note: Do not expect to have the same RB2011 you use as a D-Mark do any CAPsMAN v1 or v2 for the client. Get another 600mhz or more powerful multi core router/switch to control client equipment. the RB2011 has processing issues when you add ISP lvl programming and expectations to it as a D-Mark and customer premise responsibilities/hot-spot control.