Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
6

Aruba Switch STP is blocking Ubiquity AP

I have a Ubiquiti NBE-5AC-19 access access point that I am trying to connect to an Aruba J9727A switch. The port keeps getting blocked by STP. I don't want to disable STP for the entire switch. Is there a way to address this on a single port?

Part two of this question is, does Ubiquity just suck? This was put in by another company. I wouldn't normally use Ubiquiti, but I'm finding it difficult to work with. Since it uses 24v passive PoE, I have to use the stupid injector, and their devices seem unnecessarily complex to configure and clone.

18 comments
75% Upvoted
What are your thoughts? Log in or Sign uplog insign up
Vintage JNCIP-SP (and loads of other expired ones)
4 points · 3 days ago

Is this a secondary path you're trying to bring up as a backup path to an existing wired connection between the buildings?

Typically that device is used to provide a simple L2 wireless bridge. Are you making a loop? That sure would explain the STP block.

Those devices are actually pretty good wireless bridge devices.

Original Poster1 point · 3 days ago

It's to connect some devices on the opposite end of the property. It should not be a loop since it's point to point with another antenna.

Vintage JNCIP-SP (and loads of other expired ones)
2 points · 3 days ago

Well, what you're describing sure sounds like you've got some other means of connectivity to the remote building, hence the loop, hence the STP block.

Original Poster2 points · 3 days ago

I agree that’s how it sounds, but it’s not possible. It’s not a remote building. It’s a rugged switch in an outdoor box connected to a gate and a camera. When we put it in we couldn’t find a good conduit path to run fiber so there is no way there’s a second path.

A magician trying to become a wizard
3 points · 3 days ago · edited 3 days ago

We have a few Ubiquiti bridges and P2MP devices running on Aruba gear, never had it trigger STP.

What does 'show span <int#here>' show?

Is it forwarding or blocked? Maybe in a BPDU error state? They shouldn't be sending BPDUs.

Sometimes if the link to the device is weak, STP will never get past the blocking phase. This will more often happen on fiber links with bad Tx/Rx, but it could be something worth checking out.

The link isn't flapping is it?

Original Poster1 point · 3 days ago

What does 'show span <int#here>' show?

If I recall correctly it is in the forwarding state. I can't double check at the moment because I have the switch temporarily up with a crappy 4 port unmanaged switch in the path. We can't take the link back down without scheduling the downtime. When you check the interface, it is enabled but down. The web interface log, which I only checked out of desperation, is telling me "port 5 is Blocked by STP". That's the only evidence I have that it's actually stp blocking.

Sometimes if the link to the device is weak STP will never get passed the blocking phase. This will more often happen on fiber links with bad Tx/Rx, but it could be something worth checking out.

The link should be solid. We have cabling vendor certify all the cables and it's a short run, so I don't see an issue there.

The link isn't flapping is it?

Nope

A magician trying to become a wizard
1 point · 3 days ago

If I recall correctly it is in the forwarding state.

The web interface log, which I only checked out of desperation, is telling me "port 5 is Blocked by STP"

Well it can't be both. Does the CLI log show the link ever transitioning to a forwarding state? If the CLI shows the current state as forwarding, I would trust that.

When you check the interface, it is enabled but down.

Then it wouldn't be forwarding, it would show 'disabled' in spanning tree.

Perhaps I'm not following you entirely, but this seems like a lot of conflicting information.

Original Poster1 point · 3 days ago

I may be giving incorrect info. I am going off my memory at this point, which is probably wrong. I'll have to double check this when I get another chance to look at it.

3 points · 3 days ago

I believe everything you plug in will show as blocked by stp until it figures out that it's not a loop, but if the CLI is showing as forwarding, that will be accurate.

2 points · 3 days ago

I have been using Ubiquiti products for years and they are excellent products, mostly (I had issues with the EP=R6 router), I make use of numerous products like the ER-Pro, ER-X, EP-R6, PBE-5AC-500, NS-M5, NS-LOCO-M5, Aircube AC and they have all been excellent rock solid products for myself and numerous customers

As for the crappy passive POE you can use a 802.3af POE adapter (I use them for all the AP in our factory as the entire network is 802.3af) and eliminate the 24 injectors that tend to be limited in POE length

https://www.ubnt.com/accessories/instant-8023af-adapters/

As for the STP issues, can not help too much with that, never seen that issue myself and I use the Ubiquiti devices with numerous router/switch brands

Are you sure it’s STP and not Stormcontrol?

Original Poster2 points · 3 days ago

In the log it says "port 5 is Blocked by STP"

Advice you don't want that is none the less correct: redesign your network into a routed (better) or loop free topology and get rid of STP.

Original Poster1 point · 1 day ago

Stp is only in to stop people from doing something stupid. I could easily disable it for this switch, but I’d still like to solve the problem instead of just work around it.

1 point · 1 day ago

Are you able to enable spanning tree in the nanobeam? I did setup a wireless link from another manufacturer and they did have a checkbox for spanning tree. I didn't get the link to work without enabling spanning tree.

Maybe the link adds latency to the STP communication and breaks? I didn't investigate my issue that much unfortunately

Original Poster1 point · 1 day ago

I’ll look into that. Thanks!

You cant turn STP off for a port but you can tell the switch to ignore STP on that port and keep forwarding even if bdpu packets are received. spanning-tree PORT_LIST bpdu-filter.

Example: spanning-tree 24 bpdu-filter

You will probably see a message like this:

Warning: The BPDU filter allows the port to go into a continuous forwarding mode and spanning-tree will not interfere, even if the port would cause a loop to form in the network topology. If you suddenly experience high traffic load, disable the port and reconfigure the BPDU filter with the CLI command: "no spanning-tree PORT_LIST bpdu-filter"

Original Poster1 point · 18 hours ago

This is what I was looking for. Thanks!

Community Details

123k

Subscribers

1.3k

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.