Why does stp block a port on one switch and not on another?

M

MrDZ2021-03-01 18:51:05

Computer networks

MrDZ, 2021-03-01 18:51:05

There is such scheme:
Two fortigate work in the ha ap mode. They work just like switches. For lan, I allocated two ports (hard switch). (there is a couple of vlan with dhcp server). Two hpe switches are connected to them. Ports on hpe are not aggregated, separate trunks. Stp is enabled everywhere. On one hpe switch, I observe that the port connected to fgt, which is slave - blocking; on the second, both ports are forwading. At the same time, on the second, when I connected the devices, I noticed that it did not receive an ip address until I disabled the port going to the slave. The essence of the question: how to properly configure them among themselves, what am I doing wrong? ))

I'm not trying to get a specific recipe, how to set it up, please give me a direction. It is not entirely clear how the switch will think which port to send data to when it is connected to a device operating in cluster mode. Do I need to include stp on fgt at all? If you need to show the settings for clarification - write which ones.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Valentin, 2021-03-02
@vvpoloskin

Collect first without a cluster for one fortingate, achieve correct work, and then with the second one, and investigate this issue (sniffer, STP status, presence of BPDU). As a rule, active-passive clusters operate in a mode where the passive box only forwards traffic, processing is carried out only on the active one. That is, passive is just additional ports. But FG may have something different.