Port isolation

[mcnnetops]

ERPS: Awesome - I will give it a try!

I will also check out "Storm Control"

I guess the biggest hang up at this point for me is that when "loop protection" is doing its "thing" - a link goes down / is not usable for ALL traffic - not just the VLAN.

The hope here was to have the Management for each back haul device be tied back to the router - but going through the Netonix - those ports need to be tagged as the radios are directly connected to it.

I could look into Q in Q tagging - but that seemed to be making my situation more complicated then it needed to be.

I will test out these options, and let you all know what I settle on to make this work.

I should ask - what DO people do for OSPF rings out there?

[mcnnetops]

Well, for this scenario we actually have something for that, ERPS, I gave an example on how to set it up here:
viewtopic.php?f=33&t=3924&p=24910&hilit=ERPS#p24910
Although, I'm not certain if it will work within an OSPF ring. It's an option you can consider though.

So, when I try to go there - I get:
Information
You are not authorised to read this forum.

[Stephen]

Ahh yes, that's right I forgot. pretty old post. I will move the thread and post here so you can access it.

[Stephen]

mcnetops, try accessing it now. Let me know if you can see it.

[mcnnetops]

Yes I am reading it now - thanks.

[mike99]

ERPS need at less 3 nodes (switchs) in ring to work.

MSTP is the best solution if you need to use all link at same time. Else, RTP can do the job. It could probably be handled without STP or ERPS if using OSPF but I couldn't tell since something wrong with the provided schema since the image is just too small.

[mcnnetops]

This is kinda ugly as I threw it together - but here is my production set up in a PDF - hopefully?

Also, I have included my Lab / Ring / test bed...
Let me know if you can not see them they are too small / or if not enough info /etc...

I was / am attempting to set up ERPS and as I needed 3 Netonix switches... I am substituting my POE 1 and 2 for a 12 Port Netonix in the LAB - so that is different from production.
However, the more I read about it / and MSTP - MSTP seems to be more of what I want / need / should use?

Basically, Ill say it again - I have a fully routed network with OSPF - but I have a "bridged" management network on a specific VLAN.

At the end of the day - I dont mind a VLAN / Management link being "broken / offline" - but I do want regular OSPF / routing traffic to be un-usable on all links.
That way if a link goes down - OSPF can send the traffic another way, and I can still get to my Management network / devices.
Or, if I have a bandwidth need to go another direction say?....

So, with ERPS - it looks like it is port based?

[mike99]

From you schema, you seem to have a router at each tower. If it's the case, you don't need STP or ERPS. Those are use when you have no router on secondary tower. Make sure your VID are different at each tower, by exemple 1xx for tower 1, 2xx, for tower 2, etc. Vlan ID must be the same on each side of the backhaul, unless untag, but make sure each backhaul have a different vlan.

Once done, you can disable STP but you should leave broadcast storm protection on just in case.

[mcnnetops]

I do have a different VLAN at each tower (For back Haul OSPF links) - but ALL routers have the same management VLAN (As do the Netonix).

I think that is really the crux of the problem that I am having.

All sites are like totally separated VLAN wise for OSPF backhaul's - but all sites have the same management VLAN.

So, I seem to have a "Routed" OSPF network - but a "bridged" management network. (A flaw for sure -but hindsight is 20/20!)

Are there options that I have other than changing the management VLAN across my whole network?

I was hoping to try out ERPS - but it appears it does not support VLAN. MSTP seemed to be my next best bet - the idea being to keep a link (VLAN) down till another link dies… But let all other stuff flow through that link - like OSPF etc...

Baring all of that I suppose I will have to change the management VLAN on the sites in say the “middle” of the ring?

Not totally sure as each backhaul radio has a VLAN specified for management, so I guess I just have to match that up to the VLAN that is at that site, so I dont loose the ability to admin a radio.


If there is a way to make this work without changing it all around - I would prefer that, as I hope / plan to have a few “Rings” as I build out my infrastructure down the road!

I have attached another PDF showing the VLAN’s, what they are assigned to, and what devices they are present on. Kinda a kludge, some may be displayed different - but concept should be there.

Let me know what you think.

[JustJoe]

Our network designs are different, but I am also on the learning path for MSTP.

Nothing as frustrating as dealing with unexpected configuration behavior. So you might want to subscribe to this other thread about a potential MSTP bug I uncovered:

viewtopic.php?f=17&t=6787&p=33868#p33866