Comware

Background:

We are migrating away from our Cisco Ecosystem to HPE Aruba.  Our Cisco Switches have an Access VLAN and Voice VLAN, which to emulate on Aruba requires making the port a trunk port with the Native VLAN being the Access VLAN, and the Allowed VLANs being the Access and Voice VLAN.  We are trying to put Spanning-Tree on these Trunk "Access" Ports to make it as close as possible to how Cisco would process.

Device:

6200F 48G CL4 4SFP+740W with ML.10.13.1010 Firmware

The issue:

It appears that when the port is in Trunk mode it disregards Spanning-Tree safeguards that would otherwise work.  Cisco does not have this behavior on its Trunk Ports.

The Configurations:

Cisco
-------

udld aggressive
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
errdisable recovery cause link-flap
errdisable recovery interval 60

interface GigabitEthernet1/0/1
 description *** TEST ***
 switchport access vlan 50
 switchport voice vlan 70
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable

ARUBA
---------

spanning-tree
spanning-tree mode rpvst
spanning-tree extend-system-id

interface 1/1/1
 description *** TEST ***
 vlan trunk native 50
 vlan trunk allowed 50,70
 udld
 udld mode rfc5171 aggressive
 udld interval 15000
 spanning-tree bpdu-guard
 spanning-tree loop-guard
 spanning-tree port-type admin-edge
 port-access port-security enable
 port-access port-security client-limit 2
 port-access security violation action shutdown recovery-timer 60
 apply fault-monitor profile ERRDISABLE 

Current Conclusions:

-I have verified that UDLD works between the Cisco and HPE Aruba switch.

-I have verified that if the HPE Aruba switch has the port in "Access" mode that Spanning-Tree works.  Just doesn't work in Trunk mode, which we need for the Voice/Access VLAN combo.

-I have verified that two Cisco Switches in Trunk mode still go errdisable as long as BPDU-Guard is enabled.

-Even in Access Mode, the Aruba Spanning-Tree is spotty at best, and UDLD usually kicks in before BPDU protections do.

Questions:

Is there a better way to do the Access/Voice VLAN on Aruba without losing Spanning-Tree?

Is this ignoring of Spanning-Tree lines intentional on Aruba switches if the port is in Trunk Mode?

Are there missing lines to allow STP to work properly?

I found the solution to anyone else that may come across this.

RPVST in Cisco automatically takes assigned VLANs and puts it into the protocol.  Aruba requires you to define the VLANs.

I added the line:

Spanning-tree vlan 50,70

I was now able to verify that spanning-tree is fully working.  

I was also mistaken that spanning-tree was working at all before I defined it.  Only UDLD and Port-Security were.

Aruba rocks! :D

Original Message:
Sent: May 06, 2024 12:46 PM
From: KadenS
Subject: Spanning-Tree not appearing to work

Background:

We are migrating away from our Cisco Ecosystem to HPE Aruba.  Our Cisco Switches have an Access VLAN and Voice VLAN, which to emulate on Aruba requires making the port a trunk port with the Native VLAN being the Access VLAN, and the Allowed VLANs being the Access and Voice VLAN.  We are trying to put Spanning-Tree on these Trunk "Access" Ports to make it as close as possible to how Cisco would process.

Device:

6200F 48G CL4 4SFP+740W with ML.10.13.1010 Firmware

The issue:

It appears that when the port is in Trunk mode it disregards Spanning-Tree safeguards that would otherwise work.  Cisco does not have this behavior on its Trunk Ports.

The Configurations:

Cisco
-------

udld aggressive
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
errdisable recovery cause link-flap
errdisable recovery interval 60

interface GigabitEthernet1/0/1
 description *** TEST ***
 switchport access vlan 50
 switchport voice vlan 70
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable

ARUBA
---------

spanning-tree
spanning-tree mode rpvst
spanning-tree extend-system-id

interface 1/1/1
 description *** TEST ***
 vlan trunk native 50
 vlan trunk allowed 50,70
 udld
 udld mode rfc5171 aggressive
 udld interval 15000
 spanning-tree bpdu-guard
 spanning-tree loop-guard
 spanning-tree port-type admin-edge
 port-access port-security enable
 port-access port-security client-limit 2
 port-access security violation action shutdown recovery-timer 60
 apply fault-monitor profile ERRDISABLE 

Current Conclusions:

-I have verified that UDLD works between the Cisco and HPE Aruba switch.

-I have verified that if the HPE Aruba switch has the port in "Access" mode that Spanning-Tree works.  Just doesn't work in Trunk mode, which we need for the Voice/Access VLAN combo.

-I have verified that two Cisco Switches in Trunk mode still go errdisable as long as BPDU-Guard is enabled.

-Even in Access Mode, the Aruba Spanning-Tree is spotty at best, and UDLD usually kicks in before BPDU protections do.

Questions:

Is there a better way to do the Access/Voice VLAN on Aruba without losing Spanning-Tree?

Is this ignoring of Spanning-Tree lines intentional on Aruba switches if the port is in Trunk Mode?

Are there missing lines to allow STP to work properly?