[ previous ] [ next ] [ threads ]
 
 From:  Jim Gifford <baadpuppy at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Pay for a new function?
 Date:  Thu, 30 Sep 2004 15:58:14 -0400
Ahh, well.  STP.  Yeah, that's a protocol that I've seen cause as many
problems as it attempts to solve.

Personally, every network I've done VLAN stuff on I've had STP
disabled.  STP isn't the best protocol, especially in a modern
network.

The likelihood of someone making an ethernet loop is not high.  If
they do, slap them hard with a clue stick.  End users shouldn't be
playing with the network, and network admins should know better than
to create an ethernet loop.

Cisco does some funky things as well.  For example, every Cisco person
I've talked to is very insistent that link speed and duplex *must* be
hardcoded everywhere.  Cisco also tends to use terms in odd ways.

I've never used HP switches, so I can't comment on them.

Inter-vender interoperability has always been something of an issue in
general, and with newer standards in particular.  It sounds like you
got burned by a situation like that where insufficient testing was
done by the vendors.

I'll make a note not to mix cisco and hp gear with STP enabled.

jim

On Thu, 30 Sep 2004 12:33:16 -0700, Anthony Brock <anthony underscore brock at ous dot edu> wrote:
> This is a significant issue with the older HP switches (2424M, 4000M, 8000M, etc) when shipping
multiple VLANs down a single link. I don't know about their more modern equipment. However, you're
not likely to notice unless you're mixing vendors.
> 
> In my case, mixing the HP equipment with Cisco caused the Cisco STP protocol to go nuts (the STP
protocol would see the same packet on two separate VLAN (on the same interface) and then assume the
existence of a network loop. Also, the problem becomes more noticeable during high traffic loads
across multiple VLANs.
> 
> The worst part is that BOTH companies knew about the issue, but wouldn't discuss it as an option
until we presented them with proof. At that point, they admitted that there "might" have been
previously reported problems. *sigh*
> 
> Tony
> 
> >>> Jim Gifford <baadpuppy at gmail dot com> 09/29/04 04:45PM >>>
> 
> 
> I've personally never experienced this problem.  What brands of
> switches exhibit this broken behavior?
> 
> I've tested VLANs on some models of Cisco and on the summit and alpine
> models of Extreme switches and never saw traffic I shouldn't have.
> 
> I would love to know which switches do this wrong so I don't make the
> mistake of buying one.
> 
> Thanks,
> jim
> 
> PS, if a VLAN "leaks", isn't that in violation of 802.1Q?
> 
> On Wed, 29 Sep 2004 22:19:29 +0200, Axel Eble <axel dot eble at gmail dot com> wrote:
> > On Wed, 29 Sep 2004 15:08:49 -0400, Jim Gifford <baadpuppy at gmail dot com> wrote:
> > > I think the general consensus is that separate ip subnets (broadcast
> > > domains) should get separate ethernet collision domains.  Whether this
> > > is done with multiple physical interfaces or by using VLANs is
> > > immaterial.  Having this separation is more secure than not having it.
> >
> > As long as you know the risks - maybe. I've seen too many switches
> > pass packets across VLAN borders.
> >
> > > That's just my opinion.
> > >
> > > I've been communicating with Dennis off-list about the problem he is
> > > trying to solve and trying to come up with a different way of solving
> > > it instead of using the "multinetting" solution.
> >
> > Thanks - that's the spirit!
> >
> > > jim
> >
> >
> >
> > Axel
> >
> > --

> > VoIP: 8002887 at sipgate dot de * cell: +49.178.285-3265
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>