|
Posted by nntp chip on November 30, 2004, 10:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello all,
I run a network where three different lan:s are used. Between the
buildings at every site the traffic flows through tagged ports in layer-2
switches. (ASCII-art and switchmodels below) When traffic need to go
somewhere outside that site a layer-3 switch routes it onto a carrier
network kept separated from the three other vlan:s.
Enabled spanning-tree on all switches to kill off nasty loops.
So far so good.
Then some student connected a simple desktop-switch and made a loop within
that little switch. Somehow the spanning tree did not work correctly in
that situation. The entire student-vlan stopped dead. While searching for
what was going on, the administration people started complaining too; They
could reach the local servers, but remote servers and internet was
unreachable.
Set up lab to study things a little closer.
Found out that when one of the vlan:s was looping, the other vlan:s worked
within that site, but routing soon stopped in the layer-3 switch. The very
second i disconnected the offending desktop-switch everything went back to
normal again.
Any ideas how to stop this from happening and keep the routing going? The
admin-network Must Always Be Reachable, so I dont like the idea that some
lousy desktop-switch can wreak such havoc...
TIA
------------
layer-2 switches are D-Link DES-3526
layer-3 switches are D-Link DES-3326S, DGS-3324SR, DGS-3312SR
vlan-10: link-net that connect all sites togehter.
vlan-110: students
vlan-120: administration
vlan-130: public hotspots etc.
(carrier network)
|
| vlan-10
|
__|_________________
| |
| switch-1 (layer 3) |
|____________________|
|
|
| tagged link with vlans-110,120,130
|
________________|___
| |
| switch-2 (layer 2) |
|____________________|
| | | |
| | | |
110 120 130 |
| tagged link with vlans-110,120,130
| 
XML site map