[Help Needed] Spanning Tree Problems

I've recently enabled STP on my WRT1900ACS, WRT1900AC and Netgear GS108T Switch. But it seems that the WRT1900ACS does not disable a port when two of the same connections are plugged in. Instead i get a loop on my network and the WRT1900ACS seems to be busy with all the packets. From my understanding the router does not "listen" to packets when a cable gets plugged into a port. It just enables it and does not act like STP is enabled. I thought when STP is enabled the router does not enable the port and just "listens" and learns, to determine if the connection is causing a loop or not and enables it if no loop is detected.

Perhaps you could give us more details about your setup and how is each device configured...

A quick overview:
WRT1900ACS: Main router, is connected to the WAN and the Netgear switch(2 cables). Also running 2.4 and 5 GHz WiFi. STP is enabled

Netgear GS108T: everything on cable goes into this switch. STP Fast Link on all Ports, which blocks one of the 2 cables going into the WRT1900ACS (as intended).

WRT1900AC: mainly serves as AccessPoint and Switch for devices on another floor. STP is enabled. Is connected to the Switch via cable.

DHCP and DNS are handled by an Raspberry which is also connected to the Switch via cable.

Let me know if you need more Information, like config files or logs.

You have two wires between the LAN ports on the router and the switch, is that correct?

The STP you enabled works on the router's CPU, but there is an internal switch between that CPU and the LAN ports, so the CPU only sees one connection, and cannot do any STP at all.

You need to separate the ports on the internal switch, using VLANs... or perhaps explain why you need to have two wires between the two devices.

Please post /etc/config/network from the WRT1900ACS, after redacting any secrets.
I would like to see if the device is using the DSA switch driver.

Yes I am using two cables from the router to the switch. Mainly for redudancy. I don't really need the two cables. But the switch is already taking care of those two cables to not create a loop. My Problem on the router is that if plug a cable from one LAN port into the other (literally a stupid loop) the ports do not get deactivated. Obviously I know that this creates a loop but there are other people (not really any knowledge of network devices) that work on the network and cause loops on regular bases.

Here you go:

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix '***'

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
list dns '192.168.111.10'
option delegate '0'
option ipaddr '192.168.111.1'
option stp '1'

config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
option hostname '***'

config interface 'wan6'
option ifname 'eth1.2'
option auto '0'
option proto 'none'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'

This is the classic switch configuration based on swconfig, not DSA.
Btw., please use preformatted text </> for config files.

Check if there is any STP support in swconfig for your device:

swconfig dev switch0 help

Otherwise, you could try a snapshot build which might have a DSA switch driver (I don't have an OpenWrt device with Marvell hardware).
The DSA switch driver exposes the individual switch ports as LAN1..LAN4 which might allow STP to be enabled on the lan bridge with the usual OpenWrt UCI configuration.

I don't think there is STP Support

root@Gateway:/etc# swconfig dev switch0 help
switch0: 10.mvsw61xx(MV88E6176), ports: 7 (cpu @ 5), vlans: 64
     --switch
        Attribute 1 (int): enable_vlan (Enable 802.1q VLAN support)
        Attribute 2 (int): enable_mirror_rx (Enable mirroring of RX packets)
        Attribute 3 (int): enable_mirror_tx (Enable mirroring of TX packets)
        Attribute 4 (int): mirror_monitor_port (Mirror monitor port)
        Attribute 5 (int): mirror_source_port (Mirror source port)
        Attribute 6 (none): apply (Activate changes in the hardware)
        Attribute 7 (none): reset (Reset the switch)
     --vlan
        Attribute 1 (int): port_based (Use port-based (non-802.1q) VLAN only)
        Attribute 2 (int): vid (Get/set VLAN ID)
        Attribute 3 (ports): ports (VLAN port mapping)
     --port
        Attribute 1 (string): mask (Port-based VLAN mask)
        Attribute 2 (int): qmode (802.1q mode: 0=off/1=fallback/2=check/3=secure)
        Attribute 3 (int): pvid (Primary VLAN ID)
        Attribute 4 (unknown): link (Get port link information)
root@Gateway:/etc#

Forgive me if I'm overseeing something, I changed to OpenWRT 3 Weeks ago

As @mpa said, you should use snapshot's DSA feature in order to use STP.

Your router has a CPU and an internal switch, you are enabling STP on the CPU, not on the internal switch. The internal switch knows nothing about STP, and the CPU does nothing about STP because it only is aware of one interface.

So it is useless to turn on STP?

According to the other posters here, you can try upgrading to a snapshot version that supports DSA.

Or you can reconfigure the switch using VLANs to isolate the ports, and bridge them on the CPU, then use STP.

In my humble opinion... do you really need to use two wires? is the connection so critical that it is worth all the hassle?

Yeah I think you're right. Since i would have to upgrade to a snapshot version, i will just not use STP.
I will use STP on my Switches to prevent loops.

Thanks for the help tho.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.