Comware

 View Only
  • 1.  Spanning-Tree not appearing to work

    Posted May 07, 2024 11:23 AM

    Background:

    We are migrating away from our Cisco Ecosystem to HPE Aruba.  Our Cisco Switches have an Access VLAN and Voice VLAN, which to emulate on Aruba requires making the port a trunk port with the Native VLAN being the Access VLAN, and the Allowed VLANs being the Access and Voice VLAN.  We are trying to put Spanning-Tree on these Trunk "Access" Ports to make it as close as possible to how Cisco would process.

    Device:

    6200F 48G CL4 4SFP+740W with ML.10.13.1010 Firmware

    The issue:

    It appears that when the port is in Trunk mode it disregards Spanning-Tree safeguards that would otherwise work.  Cisco does not have this behavior on its Trunk Ports.

    The Configurations:

    Cisco
    -------

    udld aggressive
    spanning-tree mode rapid-pvst
    spanning-tree loopguard default
    spanning-tree extend system-id
    errdisable recovery cause link-flap
    errdisable recovery interval 60

    interface GigabitEthernet1/0/1
     description *** TEST ***
     switchport access vlan 50
     switchport voice vlan 70
     switchport mode access
     switchport port-security maximum 2
     switchport port-security violation restrict
     switchport port-security aging time 2
     switchport port-security aging type inactivity
     macro description cisco-desktop
     spanning-tree portfast
     spanning-tree bpduguard enable

    ARUBA
    ---------

    spanning-tree
    spanning-tree mode rpvst
    spanning-tree extend-system-id

    fault-monitor profile ERRDISABLE
     excessive-link-flaps action notify-and-disable auto-enable 60

    interface 1/1/1
     description *** TEST ***
     vlan trunk native 50
     vlan trunk allowed 50,70
     udld
     udld mode rfc5171 aggressive
     udld interval 15000
     spanning-tree bpdu-guard
     spanning-tree loop-guard
     spanning-tree port-type admin-edge
     port-access port-security enable
     port-access port-security client-limit 2
     port-access security violation action shutdown recovery-timer 60
     apply fault-monitor profile ERRDISABLE 

    Current Conclusions:

    -I have verified that UDLD works between the Cisco and HPE Aruba switch.

    -I have verified that if the HPE Aruba switch has the port in "Access" mode that Spanning-Tree works.  Just doesn't work in Trunk mode, which we need for the Voice/Access VLAN combo.

    -I have verified that two Cisco Switches in Trunk mode still go errdisable as long as BPDU-Guard is enabled.

    -Even in Access Mode, the Aruba Spanning-Tree is spotty at best, and UDLD usually kicks in before BPDU protections do.

    Questions:

    Is there a better way to do the Access/Voice VLAN on Aruba without losing Spanning-Tree?

    Is this ignoring of Spanning-Tree lines intentional on Aruba switches if the port is in Trunk Mode?

    Are there missing lines to allow STP to work properly?



  • 2.  RE: Spanning-Tree not appearing to work
    Best Answer

    Posted May 17, 2024 11:19 AM
    Edited by KadenS May 17, 2024 11:21 AM

    I found the solution to anyone else that may come across this.

    RPVST in Cisco automatically takes assigned VLANs and puts it into the protocol.  Aruba requires you to define the VLANs.

    I added the line:

    Spanning-tree vlan 50,70

    I was now able to verify that spanning-tree is fully working.  

    I was also mistaken that spanning-tree was working at all before I defined it.  Only UDLD and Port-Security were.

    Aruba rocks! :D