I've recently replaced my old home router (well, actually a combination of two low-end models, one could handle ISDN and the other one 3DES) with a 1812. After I've struggled past the “interesting” interface names (it has 8 switched ports, named FastEthernet2 to FastEthernet9) and brushed up my BVI/VLAN skills, configuring it was a breeze … only the DHCP server was causing me problems; every time my laptop would wake from the standby mode, it would take almost half a minute before it got the LAN IP address. The obvious suspect (as I've installed the 12.4(15)T on it) was the software, the next one DHCP ping timers.
After replacing the software (didn't help) and tweaking DHCP timers (no change), it finally dawned on me: the ethernet ports are switched, so the spanning tree was playing tricks with me. Disabling spanning tree with the spanning-tree portfast interface configuration command solved the problem.
Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.
Posts
Always a good idea to start troubleshooting from the lowest layer. Check spanning tree, duplex, speed, interface counters, run TDR before moving onto a higher layer.
ReplyDeleteDon't forget to enable Spanning-Tree BPDU Guard on these ports as well. It *will* save you from some future headaches.
ReplyDeleteLinky
Better yet would be the global config command "spanning-tree portfast default", which will turn on portfast on all switched ports and keep the interface configurations a little bit cleaner. You can verify portfast default command is in there by using the "show spanning-tree summary" command.
ReplyDelete- Bill
The spanning-tree portfast default command is unfortunately not available on all platforms (my 1812 router with 12.4(15)T doesn't have it).
ReplyDeleteI don't know what IOS versions use it, but the "switchport host" command has saved me us a lot of negotiation time. Any port that's not a trunk gets this command, which actually sets the "spanning-tree portfast" command, turns off etherchanneling, and sets the mode to "access".
ReplyDelete@Aaron: your command must be in one of the Catalyst IOS images. It doesn't work for me on a 1800 router running 12.4(15)T.
ReplyDeleteI get the dhcp failures on wakeup on an 1801w (wlan and switch ports).
ReplyDeleteI have
interface Dot11Radio0
description Wireless
no ip address
no ip redirects
ip accounting access-violations
!
encryption mode ciphers aes-ccm
!
ssid Wireless
!
speed basic-1.0 basic-2.0 basic-5.5
54.0
station-role root
world-mode dot11d country GB indoor
bridge-group 1
bridge-group 1 subscriber-loop-contr
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
and
spanning-tree portfast bpduguard
and the fa ports are set up by SDM as part of the BVI
but my hosts often fail to get a connection on waking.
What next?!
The bridge-group spanning-disabled disables spanning tree only on the WLAN. The spanning-tree portfast bpduguard disables a port if someone is sending BPDUs on that port, but there's nothing in your config (as far as you've included it) that would disable spanning tree (and associated startup delay) on FastEthernet ports. You need spanning-tree portfast on each FastEthernet interface.
ReplyDeleteThanks. The spanning tree command is not available on the fa1+ ports of this 1801w. Perhaps the answer is to attach it to the Vlan interface?
ReplyDeleteWhat I find perplexing is that the DHCP seems ropey both on the Wireless interfaces (although that could be to do with security settings, etc, I suppose) and the LAN interface with a Mac OS X Tiger. Wired Windows machines seem less prone to DHCP failures.
A more complete listing of my setup, before I had added the bpduguard command, is at http://www.dslreports.com/forum/remark,18550344
Suggestions for a debugging strategy would be most welcome.
PS: DHCP is provided not by the router, but by a server attached to fa1.
Sorry. My bad. The spannig-tree portfast is indeed available.
ReplyDeleteI'll see what difference it makes; I occasionally forget to switch off the wireless on a pc when I plug it into the net.
Do I also need to do a switchport mode access to get portfast to take?
ReplyDeleteDo I also need to do a switchport mode access to get portfast to take?
ReplyDeleteThat helps :) And since you won't use trunking on any of those ports, it also prevents configuration errors.
All this may be a good subject for a further article.
ReplyDeleteI note that switchport mode access does not show up in the config, which presumably means that it is the default.
There are, however, potential elephant traps, especially for someone like me who is hazy on this stuff. For example:
i) if I access my router via both ethernet and wireless, what should happen if I use only access mode?
ii) if I use different VLANs to distingish different SSIDs / classes of user, do i need to use trunking, or not?