Wired

last person joined: 15 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Help disabling Spanning Tree on S2500

  • 1.  Help disabling Spanning Tree on S2500

    Posted Jun 05, 2020 10:02 PM

    Hi everyone.  I am a complete newb when it comes to switching, but I am learning.  I have an Aruba S2500 in my lab, and I have two hosts which are using the 10gb interfaces as part of a RHV (oVirt) lab.  Every now and then the 10gb nics will completely shut off, which I think might be due to loop protection / spanning tree?

    Is it possible to disable spanning tree on this S2500 switch?  I had seen in the logs on the switch that a loop was detected, but I could not seem to find where the loop was, its possible the bridge interfaces on my RHV hosts was causing it to false alarm?



  • 2.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 06, 2020 03:07 AM


  • 3.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 06, 2020 06:58 AM

    A well desgined modern network is in a "star-topology" and we no longer design on a "ring-topology" where spanning-tree configuration is required.

     

    But leave spanning-tree always enabled to protect against broadcast-loops when this accidentally happens. You can combine spannning-tree with loop-protection what are two different protocols.

     

    spanning-tree

    spanning-tree 1/2 admin-edge-port
    spanning-tree 1/2 bpdu-protection

    loop-protect 1/2
    loop-protect trap loop-detected
    loop-protect disable-timer 300

     

    On the coreswitch set the spanning-tree bridge priotiry to the lowest value, default value on a switch from the box has highest value, the lowest priority becomes the root.

     

    Some more info: 

    https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c02596540#:~:text=Unmanaged%20devices%20will%20typically%20drop,on%20which%20it%20is%20enabled.&text=Loop%20Protection%20should%20not%20impact,between%20Spanning%20Tree%2Daware%20switches.

     

     



  • 4.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 06, 2020 11:25 PM

    I must be doing this wrong somewhere.  I ssh into my switch, then do `enable` then `configure terminal` 

    Then I tried the following:

     

    (ArubaS2500-Shadowman) #configure terminal
    Enter Configuration commands, one per line. End with CNTL/Z
    
    (ArubaS2500-Shadowman) (config) #no spanning-tree
                                        ^
    % Invalid input detected at '^' marker.
    
    (ArubaS2500-Shadowman) (config) #

     

     



  • 5.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 07, 2020 02:21 AM
    Please share the running configuration if it is possible or #show spanning-tree

    Sent from Yahoo Mail on Android


  • 6.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 07, 2020 03:05 AM

    Running Config:

    #
    # Configuration file for ArubaOS
    # ArubaOS Version 7.4.1.12 72393
    version 7.4
    enable secret "******"
    hostname "ArubaS2500-Shadowman"
    clock timezone EDT -4
    controller config 3
    ip access-list eth validuserethacl
      permit any 
    !
    netservice svc-dhcp udp 67 68
    netservice svc-dns udp 53
    netservice svc-ftp tcp 21
    netservice svc-h323-tcp tcp 1720
    netservice svc-h323-udp udp 1718 1719
    netservice svc-http tcp 80
    netservice svc-https tcp 443
    netservice svc-icmp 1
    netservice svc-kerberos udp 88
    netservice svc-natt udp 4500
    netservice svc-ntp udp 123
    netservice svc-sip-tcp tcp 5060
    netservice svc-sip-udp udp 5060
    netservice svc-sips tcp 5061
    netservice svc-smtp tcp 25
    netservice svc-ssh tcp 22
    netservice svc-telnet tcp 23
    netservice svc-tftp udp 69
    netservice svc-vocera udp 5002
    ip access-list stateless allowall-stateless
      any any any  permit 
    !
    ip access-list stateless cplogout-stateless
      user   alias controller sys-svc-https  dst-nat 8081 
    !
    ip access-list stateless dhcp-acl-stateless
      any any svc-dhcp  permit 
    !
    ip access-list stateless dns-acl-stateless
      any any svc-dns  permit 
    !
    ip access-list stateless http-acl-stateless
      any any svc-http  permit 
    !
    ip access-list stateless https-acl-stateless
      any any svc-https  permit 
    !
    ip access-list stateless icmp-acl-stateless
      any any svc-icmp  permit 
    !
    ip access-list stateless logon-control-stateless
      any any svc-icmp  permit 
      any any svc-dns  permit 
      any any svc-dhcp  permit 
      any any svc-natt  permit 
    !
    ip access-list session validuser
      network 169.254.0.0 255.255.0.0 any any  deny 
      any any any  permit 
    !
    user-role authenticated
     access-list stateless allowall-stateless
    !
    user-role denyall
    !
    user-role denydhcp
    
    user-role guest                                   
     access-list stateless http-acl-stateless         
     access-list stateless https-acl-stateless        
     access-list stateless dhcp-acl-stateless         
     access-list stateless icmp-acl-stateless         
     access-list stateless dns-acl-stateless          
    !                                                 
    user-role logon                                   
     access-list stateless logon-control-stateless    
    !                                                 
    user-role preauth                                 
    !                                                 
    !                                                 
                                                      
    crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac
    crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
                                                      
                                                      
    mgmt-user admin root 4ce9165701d5f8f015fce4f66a244ab8636b40a37b8fb0773f
                                                      
                                                      
                                                      
    firewall disable-stateful-h323-processing         
    !                                                 
    ip domain lookup                                  
    !                                                 
    aaa authentication mac "default"                  
    !                                                 
    aaa authentication dot1x "default"                
    !                                                 
    aaa server-group "default"                        
     auth-server Internal                             
     set role condition role value-of                 
    !                                                 
    aaa profile "default"                             
    !                                                 
    aaa authentication captive-portal "default"       
    !                                                 
    aaa authentication vpn "default"                  
    !                                                 
    aaa authentication mgmt                           
    !                                                 
    aaa authentication wired                          
    !                                                 
    web-server                                        
    !                                                 
    papi-security                                     
    !                                                 
    aaa password-policy mgmt                          
    !                                                 
    traceoptions                                      
    !                                                 
    probe-profile "default"                           
       protocol icmp                                  
    !                                                 
    qos-profile "default"                             
    !                                                 
    policer-profile "default"                         
    !                                                 
    ip-profile                                        
       default-gateway 172.17.0.1                     
    !                                                 
    lcd-menu                                          
    !                                                 
    interface-profile ospf-profile "default"          
       area 0.0.0.0    
    !                                                 
    interface-profile pim-profile "default"           
    !                                                 
    interface-profile igmp-profile "default"          
    !                                                 
    stack-profile                                     
    !                                                 
    ipv6-profile                                      
    !                                                 
    activate-service-firmware                         
    !                                                 
    aruba-central                                     
    !                                                 
    rogue-ap-containment                              
    !                                                 
    interface-profile switching-profile "default"     
       switchport-mode trunk                          
    !                                                 
    interface-profile switching-profile "Upstream-profile"
       switchport-mode trunk                          
    !                                                 
    interface-profile tunneled-node-profile "default" 
    !                                                 
    interface-profile poe-profile "default"           
    !                                                 
    interface-profile poe-profile "poe-factory-initial"
       enable                                         
    !                                                 
    interface-profile enet-link-profile "default"     
    !                                                 
    interface-profile lldp-profile "default"          
    !                                                 
    interface-profile lldp-profile "lldp-factory-initial"
       lldp transmit                                  
       lldp receive                                   
    !                                                 
    interface-profile mstp-profile "default"          
    !                                                 
    interface-profile pvst-port-profile "default"     
    !                                                 
    vlan-profile dhcp-snooping-profile "default"      
    !                                                 
    vlan-profile mld-snooping-profile "default"       
    !                                                 
    vlan-profile igmp-snooping-profile "default"      
    !                                                 
    vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
    !                                                 
    spanning-tree                                     
       mode pvst                                      
    !                                                 
    gvrp                                              
    !                                                 
    mstp                                              
    !                                                 
    lacp                                              
    !                                                 
    vlan "1"                                          
       igmp-snooping-profile "igmp-snooping-factory-initial"
    !                                                 
    vlan "10"                                         
       description "vlan_10"                          
    !                                                 
    vlan "20"                                         
       description "vlan_20"                          
    !                                                 
    vlan "30"                                         
       description "vlan_30"   
    vlan "40"                                         
       description "vlan_40"                          
    !                                                 
    vlan "50"                                         
       description "vlan_50"                          
    !                                                 
    interface gigabitethernet "0/1/0"                 
       description "dell_em1"                         
       mtu 9216                                       
    !                                                 
    interface gigabitethernet "0/1/1"                 
       description "dell_em2"                         
       mtu 9216                                       
    !                                                 
    interface gigabitethernet "0/1/2"                 
       description "hp_ens7f1"                        
       mtu 9216                                       
    !                                                 
    interface gigabitethernet "0/1/3"                 
       description "hp_ens7f0"                        
       mtu 9216                                       
    !                                                 
    interface vlan "1"                                
       ip address 172.17.0.10 255.255.255.0           
    !                                                 
    interface mgmt                                    
    !                                                 
    device-group ap                                   
    !                                                 
    interface-group gigabitethernet "default"         
       apply-to ALL                                   
       lldp-profile "lldp-factory-initial"            
       poe-profile "poe-factory-initial"              
    !                                                 
                                                      
    snmp-server community Zer0t0uchpr0visi0ning view ALL
    snmp-server view ALL oid-tree iso included        
    snmp-server group ALLPRIV v1 read ALL notify ALL  
    snmp-server group ALLPRIV v2c read ALL notify ALL 
    snmp-server group ALLPRIV v3 noauth read ALL notify ALL 
    snmp-server group AUTHPRIV v3 priv read ALL notify ALL 
    snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL 
    snmp-server group Zer0t0uchpr0visi0ning v1 read ALL 
    snmp-server group Zer0t0uchpr0visi0ning v2c read ALL 
                                                      
    snmp-server enable trap                           
                                                      
    process monitor log                               
    end                                               
    

     

    And here is the show spanning-tree:

    (ArubaS2500-Shadowman) #show spanning-tree
    
    
    VLAN 1 
    Root ID            Address: 000b.86ac.8540,  Priority: 32768 
    Bridge ID          Address: 000b.86ac.8540,  Priority: 32768 
    Hello Time: 2 sec, Max Age: 20 sec, Forward Delay: 15 sec
    We are the root of the spanning tree
    root path cost 0 
    
    
    Interface  Role  State  Port Id  Cost    Type
    ---------  ----  -----  -------  ----    ----
    GE0/0/1    Desg  FWD    128.2    20000   P2p  
    GE0/0/2    Desg  FWD    128.3    20000   P2p  
    GE0/0/3    Desg  FWD    128.4    20000   P2p  
    GE0/0/4    Desg  FWD    128.5    20000   P2p  
    GE0/0/5    Desg  FWD    128.6    20000   P2p  
    GE0/0/6    Desg  FWD    128.7    20000   P2p  
    GE0/0/7    Desg  FWD    128.8    20000   P2p  
    GE0/0/12   Desg  FWD    128.13   20000   P2p  
    GE0/0/13   Desg  FWD    128.14   20000   P2p  
    GE0/0/14   Desg  FWD    128.15   20000   P2p  
    GE0/0/15   Desg  FWD    128.16   20000   P2p  
    GE0/0/22   Desg  FWD    128.23   200000  P2p  
    GE0/0/23   Desg  FWD    128.24   20000   P2p  
    GE0/1/0    Desg  FWD    128.129  2000    P2p  
    GE0/1/1    Desg  FWD    128.130  2000    P2p  
    GE0/1/2    Desg  FWD    128.131  2000    P2p  
    GE0/1/3    Desg  FWD    128.132  2000    P2p  
    
    
    
    VLAN 10 
    Root ID            Address: 000b.86ac.8540,  Priority: 32768 
    Bridge ID          Address: 000b.86ac.8540,  Priority: 32768 
    Hello Time: 2 sec, Max Age: 20 sec, Forward Delay: 15 sec
    We are the root of the spanning tree
    root path cost 0 
    
    
    Interface  Role  State  Port Id  Cost    Type
    ---------  ----  -----  -------  ----    ----
    GE0/0/1    Desg  FWD    128.2    20000   P2p  
    GE0/0/2    Desg  FWD    128.3    20000   P2p  
    GE0/0/3    Desg  FWD    128.4    20000   P2p  
    GE0/0/4    Desg  FWD    128.5    20000   P2p  
    GE0/0/5    Desg  FWD    128.6    20000   P2p  
    GE0/0/6    Desg  FWD    128.7    20000   P2p  
    GE0/0/7    Desg  FWD    128.8    20000   P2p  
    GE0/0/12   Desg  FWD    128.13   20000   P2p  
    GE0/0/13   Desg  FWD    128.14   20000   P2p  
    GE0/0/14   Desg  FWD    128.15   20000   P2p  
    GE0/0/15   Desg  FWD    128.16   20000   P2p  
    GE0/0/22   Desg  FWD    128.23   200000  P2p  
    GE0/0/23   Desg  FWD    128.24   20000   P2p  
    GE0/1/0    Desg  FWD    128.129  2000    P2p  
    GE0/1/1    Desg  FWD    128.130  2000    P2p  
    GE0/1/2    Desg  FWD    128.131  2000    P2p  
    GE0/1/3    Desg  FWD    128.132  2000    P2p  
    
    
    
    VLAN 20 
    Root ID            Address: 000b.86ac.8540,  Priority: 32768 
    Bridge ID          Address: 000b.86ac.8540,  Priority: 32768 
    Hello Time: 2 sec, Max Age: 20 sec, Forward Delay: 15 sec
    We are the root of the spanning tree
    root path cost 0 
    
    
    Interface  Role  State  Port Id  Cost    Type
    ---------  ----  -----  -------  ----    ----
    GE0/0/1    Desg  FWD    128.2    20000   P2p  
    GE0/0/2    Desg  FWD    128.3    20000   P2p  
    GE0/0/3    Desg  FWD    128.4    20000   P2p  
    GE0/0/4    Desg  FWD    128.5    20000   P2p  
    GE0/0/5    Desg  FWD    128.6    20000   P2p  
    GE0/0/6    Desg  FWD    128.7    20000   P2p  
    GE0/0/7    Desg  FWD    128.8    20000   P2p  
    GE0/0/12   Desg  FWD    128.13   20000   P2p  
    GE0/0/13   Desg  FWD    128.14   20000   P2p  
    GE0/0/14   Desg  FWD    128.15   20000   P2p  
    GE0/0/15   Desg  FWD    128.16   20000   P2p  
    GE0/0/22   Desg  FWD    128.23   200000  P2p  
    GE0/0/23   Desg  FWD    128.24   20000   P2p  
    GE0/1/0    Desg  FWD    128.129  2000    P2p  
    GE0/1/1    Desg  FWD    128.130  2000    P2p  
    GE0/1/2    Desg  FWD    128.131  2000    P2p  
    GE0/1/3    Desg  FWD    128.132  2000    P2p  
    
    
    
    VLAN 50 
    Root ID            Address: 000b.86ac.8540,  Priority: 32768 
    Bridge ID          Address: 000b.86ac.8540,  Priority: 32768 
    Hello Time: 2 sec, Max Age: 20 sec, Forward Delay: 15 sec
    We are the root of the spanning tree
    root path cost 0 
    
    
    Interface  Role  State  Port Id  Cost    Type
    ---------  ----  -----  -------  ----    ----
    GE0/0/1    Desg  FWD    128.2    20000   P2p  
    GE0/0/2    Desg  FWD    128.3    20000   P2p  
    GE0/0/3    Desg  FWD    128.4    20000   P2p  
    GE0/0/4    Desg  FWD    128.5    20000   P2p  
    GE0/0/5    Desg  FWD    128.6    20000   P2p  
    GE0/0/6    Desg  FWD    128.7    20000   P2p  
    GE0/0/7    Desg  FWD    128.8    20000   P2p  
    GE0/0/12   Desg  FWD    128.13   20000   P2p  
    GE0/0/13   Desg  FWD    128.14   20000   P2p  
    GE0/0/14   Desg  FWD    128.15   20000   P2p  
    GE0/0/15   Desg  FWD    128.16   20000   P2p  
    GE0/0/22   Desg  FWD    128.23   200000  P2p  
    GE0/0/23   Desg  FWD    128.24   20000   P2p  
    GE0/1/0    Desg  FWD    128.129  2000    P2p  
    GE0/1/1    Desg  FWD    128.130  2000    P2p  
    GE0/1/2    Desg  FWD    128.131  2000    P2p  
    GE0/1/3    Desg  FWD    128.132  2000    P2p  
    


  • 7.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 07, 2020 03:53 AM
    You are having stp mode PVST
    You have to disable stp on vlan 1
    #no spanning-tree vlan 1 If not check available commands by entering ? mark #no spanning-tree ?

    Sent from Yahoo Mail on Android


  • 8.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 07, 2020 04:11 AM

    This is what I have:

    (ArubaS2500-Shadowman) (config) #no spanning-tree vlan 1
                                                           ^
    % Invalid input detected at '^' marker.
    
    (ArubaS2500-Shadowman) (config) #? 
    aaa                     AAA configuration
    activate-service-firm.. Configure Activate Firmware Service
    arp                     Configure static ARP entry
    aruba-central           Configure Aruba Central Service
    audit-trail             Enable Audit Trail
    banner                  Define a banner
    clock                   Configure time-of-day clock
    crypto                  Configure IPSec, IKE and Aruba VPN tunnel
    crypto-local            Configure IPSec, IKE and CA for site-to-site VPN
    destination             Configure network destination (deprecated; use 
                            netdestination)
    device-group            Select a device group to configure
    enable                  Modify the enable mode (prompt/password)
    firewall                Configure global firewall policies
    gvrp                    Global GVRP configuration
    hostname                Change the Hostname
    interface               Select an interface to configure 
    interface-group         Select an interface group to configure
    interface-profile       Configure Interface profiles
    ip                      Interface Internet Protocol config commands
    ip-profile              Configure the ip-profile
    ipv6-profile            Configure the ipv6-profile
    lacp                    LACP system profile configuration
    lcd-menu                Enable or disable LCD menus
    local-userdb            Configure the Local User Database
    logging                 Modify Message logging level
    loginsession            Login Session
    mgmt-server             Configure a Management Server
    mgmt-user               Configure a management user.
    mstp                    Global MSTP
    netdestination          Configure IPv4 network destination
    netservice              Configure a network service
    no                      Delete Command
    ntp                     Configure NTP
    papi-security           PAPI security profile
    poe-management-profile  configure poe-management profile
    policer-profile         Configure a Policer Profile
    probe-profile           Configure a probe profile
    process                 Process level operations
    prompt                  Enter the new prompt
    qos-profile             Configure a QoS Profile
    rmon                    Configure RMON parameters
    rogue-ap-containment    Configure the rogue-ap-containment
    router                  Router Configuration
    service                 Configure services
    snmp-server             Enable SNMP; Modify SNMP parameters
    spanning-tree           Spanning Tree Operating Mode
    ssh                     Configure SSH parameters
    stack-profile           Configure parameters for stacking
    syscontact              Change the system contact
    syslocation             Change the system location (upto 127 characters)
    telnet                  Enable telnet port
    time-range              Configure an ACL time-range
    time-range-profile      Configure a PoE time-range
    traceoptions            Control Traceoptions
    traceroute              Trace route to the specified ip address.
    user-role               Configure user role
    vlan                    Configure a VLAN
    vlan-profile            Configure vlan profiles
    vrrp                    Interface VRRP profile
    web-server              Web server configuration

     

    How can I simply disable spanning tree on the entire swtich?



  • 9.  RE: Help disabling Spanning Tree on S2500

    Posted Jun 07, 2020 09:39 AM

    you need to use ? mark end of the below command, then you are able to see all the possibilities that you want to continue with

     

    no spanning-tree ?



  • 10.  RE: Help disabling Spanning Tree on S2500

    Posted Aug 07, 2020 12:54 PM

    I am still fighting this.  I am using this switch for VM's, and I've noticed that when I migrate a VM from one host to another, sometimes the Aruba switch will disable the port because it thinks there is a network loop as the VM is migrating.

    How can I tell the swtich to STOP disabling the ports?



  • 11.  RE: Help disabling Spanning Tree on S2500

    Posted Aug 07, 2020 01:19 PM

    Hi Cubedroot,

     

    Try to set this command to the switch interface.

    • spanning-tree "interface number" admin-edge-port