Don't miss the obvious

I've recently replaced my old home router (well, actually a combination of two low-end models, one could handle ISDN and the other one 3DES) with a 1812. After I've struggled past the “interesting” interface names (it has 8 switched ports, named FastEthernet2 to FastEthernet9) and brushed up my BVI/VLAN skills, configuring it was a breeze … only the DHCP server was causing me problems; every time my laptop would wake from the standby mode, it would take almost half a minute before it got the LAN IP address. The obvious suspect (as I've installed the 12.4(15)T on it) was the software, the next one DHCP ping timers.

After replacing the software (didn't help) and tweaking DHCP timers (no change), it finally dawned on me: the ethernet ports are switched, so the spanning tree was playing tricks with me. Disabling spanning tree with the spanning-tree portfast interface configuration command solved the problem.

13 comments:

  1. Always a good idea to start troubleshooting from the lowest layer. Check spanning tree, duplex, speed, interface counters, run TDR before moving onto a higher layer.

    ReplyDelete
  2. Don't forget to enable Spanning-Tree BPDU Guard on these ports as well. It *will* save you from some future headaches.

    Linky

    ReplyDelete
  3. Better yet would be the global config command "spanning-tree portfast default", which will turn on portfast on all switched ports and keep the interface configurations a little bit cleaner. You can verify portfast default command is in there by using the "show spanning-tree summary" command.

    - Bill

    ReplyDelete
  4. The spanning-tree portfast default command is unfortunately not available on all platforms (my 1812 router with 12.4(15)T doesn't have it).

    ReplyDelete
  5. I don't know what IOS versions use it, but the "switchport host" command has saved me us a lot of negotiation time. Any port that's not a trunk gets this command, which actually sets the "spanning-tree portfast" command, turns off etherchanneling, and sets the mode to "access".

    ReplyDelete
  6. @Aaron: your command must be in one of the Catalyst IOS images. It doesn't work for me on a 1800 router running 12.4(15)T.

    ReplyDelete
  7. I get the dhcp failures on wakeup on an 1801w (wlan and switch ports).

    I have

    interface Dot11Radio0
    description Wireless
    no ip address
    no ip redirects
    ip accounting access-violations
    !
    encryption mode ciphers aes-ccm
    !
    ssid Wireless
    !
    speed basic-1.0 basic-2.0 basic-5.5
    54.0
    station-role root
    world-mode dot11d country GB indoor
    bridge-group 1
    bridge-group 1 subscriber-loop-contr
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding

    and

    spanning-tree portfast bpduguard

    and the fa ports are set up by SDM as part of the BVI

    but my hosts often fail to get a connection on waking.

    What next?!

    ReplyDelete
  8. The bridge-group spanning-disabled disables spanning tree only on the WLAN. The spanning-tree portfast bpduguard disables a port if someone is sending BPDUs on that port, but there's nothing in your config (as far as you've included it) that would disable spanning tree (and associated startup delay) on FastEthernet ports. You need spanning-tree portfast on each FastEthernet interface.

    ReplyDelete
  9. Thanks. The spanning tree command is not available on the fa1+ ports of this 1801w. Perhaps the answer is to attach it to the Vlan interface?

    What I find perplexing is that the DHCP seems ropey both on the Wireless interfaces (although that could be to do with security settings, etc, I suppose) and the LAN interface with a Mac OS X Tiger. Wired Windows machines seem less prone to DHCP failures.

    A more complete listing of my setup, before I had added the bpduguard command, is at http://www.dslreports.com/forum/remark,18550344

    Suggestions for a debugging strategy would be most welcome.

    PS: DHCP is provided not by the router, but by a server attached to fa1.

    ReplyDelete
  10. Sorry. My bad. The spannig-tree portfast is indeed available.

    I'll see what difference it makes; I occasionally forget to switch off the wireless on a pc when I plug it into the net.

    ReplyDelete
  11. Do I also need to do a switchport mode access to get portfast to take?

    ReplyDelete
  12. Do I also need to do a switchport mode access to get portfast to take?

    That helps :) And since you won't use trunking on any of those ports, it also prevents configuration errors.

    ReplyDelete
  13. All this may be a good subject for a further article.

    I note that switchport mode access does not show up in the config, which presumably means that it is the default.

    There are, however, potential elephant traps, especially for someone like me who is hazy on this stuff. For example:

    i) if I access my router via both ethernet and wireless, what should happen if I use only access mode?

    ii) if I use different VLANs to distingish different SSIDs / classes of user, do i need to use trunking, or not?

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.