How to properly configure RSTP on mikrotik switches so that there is no loop?

D

Dmitry2019-08-28 14:45:21

Mikrotik

Dmitry, 2019-08-28 14:45:21

Hello.
There is a network diagram below. Priority was given to high availability in the design of the network structure. Two mikrotik CRS125-24G-1S switches were chosen as the basis of the network core. For users chose CSS326-24G-2S+RM. All switches have RSTP enabled.
The connection scheme is as follows:
SW1 p.23 - SWITCH_A P.1
SW1 p.24 - SWITCH_B P.1
SW2 p.23 - SWITCH_A P.2
SW2 p.24 - SWITCH_B P.2
SW3 p.23 - SWITCH_A P.3
SW3 p.24 - SWITCH_B P.3
SWITCH_A p.24 - GW p.1
SWITCH_B p.24 - GW p.2
SWITCH_A Bridge Priority 4000h is set, for all other switches it is 8000h.
In this configuration, on GW, SWITCH_A, SWITCH_B, errors about the formation of a loop are written in the logs and unstable network operation is observed.
If you remove SWITCH_B errors disappear and everything works ok.
Tell me where is wrong?

In SW1-3, everything is left by default.
In the logs on GW or on Switch_A, the following messages
appear: interface, warning ether1:bridge port received packet with own address as source address (cc:2d:e0:2e:fb:aa); probably loop.
Here are some truncated configs:

config

GW
/interface bridge
add fast-forward=no name=LocalNet
/interface ethernet
set [ find default-name=ether1 ] mac-address=E4:8D:8C:17:9E:32 name=SW_A \
speed=100Mbps
set [ find default-name=ether2 ] mac-address=E4:8D:8C:17:9E:33 name=SW_B \
speed=100Mbps
add bridge=LocalNet local-forwarding=yes
/interface bridge port
add bridge=LocalNet interface=SW_A
add bridge=LocalNet interface=SW_B
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
set telnet disabled=yes
set ftp disabled=yes
set www port=8888
set ssh port=2200
set api disabled=yes
set api-ssl disabled=yes
/ip socks
set port=4145
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd
set time-interval=hour
/system identity
set name=gw
/system logging
set 3 topics=info
add action=remote topics=info
add action=remote topics=error
add action=remote topics=warning
add action=syslog topics=firewall
add action=syslog topics=error
add action=syslog topics=info
add action=syslog topics=warning
add action=remote topics=firewall
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server mac-winbox
set allowed-interface-list=DMZ
/tool mac-server ping
set enabled=no
/tool sniffer
set file-limit=5000KiB filter-interface=all
SWITCH_A
/interface ethernet
set [ find default-name=ether1 ] comment=SW1
set [ find default-name=ether2 ] comment=SW2
set [ find default-name=ether3 ] comment=SW3
set [ find default-name=ether24 ] comment=Gateway
/interface bridge
add name=bridge_all_ports priority=0x4000
/interface bridge port
add bridge=bridge_all_ports interface=all
/ip neighbor discovery-settings
set discover-interface-list=none
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/snmp
set enabled=yes trap-generators=interfaces trap-interfaces=all
/system clock
set time-zone-name=Europe/Kiev
/system identity
set name=SW_A
Switch_B
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] disabled=yes loop-protect=on
set [ find default-name=ether3 ] disabled=yes loop-protect=on
set [ find default-name=ether4 ] disabled=yes loop-protect=on
set [ find default-name=ether5 ] disabled=yes loop-protect=on
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes loop-protect=on
set [ find default-name=ether8 ] disabled=yes loop-protect=on
set [ find default-name=ether9 ] disabled=yes loop-protect=on
set [ find default-name=ether10 ] disabled=yes loop-protect=on
set [ find default-name=ether11 ] disabled=yes loop-protect=on
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] disabled=yes
/interface bridge
add name=All_ports priority=0x8000
/interface bridge port
add bridge=All_ports interface=all

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2019-09-19
@mexxy

The correct solution was:
GW- Bridge Priority 6000h, root
Switch_A - Bridge Priority 7000h
Switch_B - Bridge Priority 8000h
SW1-SW3 -Bridge Priority 9000h A
link between Switch_A and Switch_B is optional.
Thanks to Strabbo for the correct comments.

S

Strabbo, 2019-08-30
@Strabbo

Dmitry , at port 6 you can see that role=root-port designated-bridge=0x4000.CC:2D:E0:2E:FB:AF this port is most likely connected to switch A.
at port 7 you can see that role=designated- port this port most likely goes to switch B. In this case, with default settings, switch B uses a link that is connected to GW to get to switch A. In this case, you will have a loop. You need to add a Link between switch A and B, so switch B will block the link that goes to GW and make it a backup. In your scheme, I would give the role of Root GW, the tree starts from there and in this case you don’t have to add a link between A and B. You can play around with the rstp settings without adding a link and get the desired result, but the more complex the config, the more difficult it will be with it in the future understand.
PS These are just assumptions based on the presented config, for an accurate diagnosis, you need to check my assumption on switches A and B.