Spanguard blocked port is not shown on G3G124-24P with FW 06.61.18.0001

  • 0
  • 1
  • Question
  • Updated 6 months ago
  • Answered
Hi,
we use more than 25 G3G124-24P switches as edge devices and every system is configured with a complex configuration (MAC- and 802.1X authentication, maclock, lldp and much more) and I'm not sure if I do something wrong or if it's a bug:

Therefore I take an empty (default config) G3G124-24P with the last FW 06.61.18.0001 and configure the switch with following commands:

set spantree version rstp
set spantree adminedge ge.1.1-24 true
set spantree spanguard enable
set spantree spanguardtimeout 0

After this I connect a Laptop at some ports (ge.1.1 and ge.1.2) and I can see that the port become up and the LED is on - everythig is fine up to this.

Then I take a short cable and connect one end at ge.1.1 and the other at ge.1.2 to check if spanguard is blocked one of the port.
When I plug-in the cable the port link LED goes on and after 1 second or two it goes off.

When I remove the loop between both ports and add the laptop there only one port works and  showes the "status up" and the LED is on.

But when I check the "show spantree spanguardlock" output the switch told me that no port is blocked.
show spantree spanguardlock
Port ge.1.1 is Unlocked
Port ge.1.2 is Unlocked

So it is not possible for us to find out these ports that are blocked by spanguardlock ("set spantree spanguardtimeout 0" mean, that the port will stay blocked).

I've seen this on three different edge switches (all G3G with FW 06.61.18.0001) and all our switches are configured to send a trap if spanguard become active.

Can someone confirm this and is only FW 06.61.18.0001 affected?

I'm sure that it works in the past with an older FW release but cannot remember.
 
Photo of ar

ar

  • 558 Points 500 badge 2x thumb

Posted 11 months ago

  • 0
  • 1
Photo of Jason Parker

Jason Parker, Employee

  • 3,018 Points 3k badge 2x thumb
Did you check show port status of the port? You can check the logs to see if you received any messages? Could you send a screen shot of show config spantree and show config port would help
I can try this today and see if I experience any issues
Jason
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
The way I am reading this it seems to working as it is intended.   This matter maybe easier to work on if you contact GTAC directly. 
Photo of ar

ar

  • 558 Points 500 badge 2x thumb
Hi,
sorry for the delay.
I can give you some more details, what I have done:

Test 1 (with two G3-Switches)
a.) remove all cables and delete the whole config of both switches (clear config)

b.) configure the following commands on both:

set spantree version rstp
set spantree adminedge ge.1.1 true
set spantree adminedge ge.1.2 true
set spantree adminedge ge.1.3 true
set spantree adminedge ge.1.4 true
set spantree adminedge ge.1.5 true
set spantree adminedge ge.1.6 true
set spantree adminedge ge.1.7 true
set spantree adminedge ge.1.8 true
set spantree adminedge ge.1.9 true
set spantree adminedge ge.1.10 true
set spantree spanguard enable
set spantree spanguardtimeout 0

c.) connect port ge.1.2 of both switches together
Result:
 - Spanguard disable one of both ports (that is what should happen)



Test 2 (only one G3-Switch)
a.) remove all cables and delete the whole config of the switch (clear config)

b.) configure the following commands on it:

set spantree version rstp
set spantree adminedge ge.1.1 true
set spantree adminedge ge.1.2 true
set spantree adminedge ge.1.3 true
set spantree adminedge ge.1.4 true
set spantree adminedge ge.1.5 true
set spantree adminedge ge.1.6 true
set spantree adminedge ge.1.7 true
set spantree adminedge ge.1.8 true
set spantree adminedge ge.1.9 true
set spantree adminedge ge.1.10 true
set spantree spanguard enable
set spantree spanguardtimeout 0

c.) connect port ge.1.3 with ge.1.4 with a short copper patch cable together
Result:
- the LED looks like spanguard had disabled one of both ports
- but "show spantree spangardlook ge.1.1-10" showes:
G3(su)->show spantree spanguardlock ge.1.1-10
Port ge.1.1 is Unlocked
Port ge.1.2 is Unlocked
Port ge.1.3 is Unlocked
Port ge.1.4 is Unlocked
Port ge.1.5 is Unlocked
Port ge.1.6 is Unlocked
Port ge.1.7 is Unlocked
Port ge.1.8 is Unlocked
Port ge.1.9 is Unlocked
Port ge.1.10 is Unlocked

And the interessing thing is now:

If I connect a normal Laptop to port ge.1.3 it will work:
G3(su)->show port status ge.1.3-4
          Alias        Oper    Admin   Speed
Port      (truncated)  Status  Status  (bps)     Duplex  Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3                 Up      Up      1.0G      full    BaseT RJ45/PoE
ge.1.4                 Down    Up      N/A       N/A     BaseT RJ45/PoE
G3(su)->

If I plug the cable from the laptop to port ge.1.4 it will not work.
G3(su)->show port status ge.1.3-4
          Alias        Oper    Admin   Speed
Port      (truncated)  Status  Status  (bps)     Duplex  Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3                 Down    Up      N/A       N/A     BaseT RJ45/PoE
ge.1.4                 Down    Up      N/A       N/A     BaseT RJ45/PoE
G3(su)->

G3(su)->show port negotiation ge.1.4
auto-negotiation is enabled  on port ge.1.4
G3(su)->show port advertise ge.1.4
ge.1.4      capability    advertised     remote
-------------------------------------------------
10BASE-T        yes          yes          yes
10BASE-TFD      yes          yes          yes
100BASE-TX      yes          yes          yes
100BASE-TXFD    yes          yes          yes
1000BASE-T      no           no           no
1000BASE-TFD    yes          yes          yes
pause           yes          yes          no


If I disable port ge.1.4 and enable it, it will work again.

G3(su)->set port disable ge.1.4
G3(su)->set port enable ge.1.4
G3(su)->show port status ge.1.3-4
          Alias        Oper    Admin   Speed
Port      (truncated)  Status  Status  (bps)     Duplex  Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3                 Down    Up      N/A       N/A     BaseT RJ45/PoE
ge.1.4                 Up      Up      1.0G      full    BaseT RJ45/PoE
G3(su)->


BUT: How do I know what ports were connect localy at the same switch so that the port has to be disabeld/enabled again?
Is there any outher command I can use to find out, at port ge.1.4 has to disabled/enabled to get it functional again?

The logging will not show me something:
G3(su)->show logging buffer
G3(su)->


So I have to correct my question from the beginning of this discussion:

Why ist the port ge.1.4 not accessible for the Laptop after someone has connect a loop cable between two ports of the same switch?
Or why is spanguard not disable port ge.1.4?
I thought, that all ports (ge.1.3 and ge.1.4) of the same switch will send out BPDU's and that receiving BPDU's should trigger spanguard, isn't it so?


Best regards,
Axel