Spanning Tree (URGENT HELP NEEDED)

[raptoid]

We currently have 3 sites connected via frame relay which has been working for a number of years. In the last couple of weeks I've started to upgrade all the local LAN's to fully switched environment (All Cisco 3500 series)

All sites now have all switches installed at the heart of each LAN are a pair of Catalyst 3550's.

On one site the LAN has been segmented using VLAN's - 3 in total. Also spanning tree has been enabled for path redundancy and to prevent undesirable loops in the network.

The problem I'm experiencing is I'm unable to connect my two Win2k domain's together. This only happens to the site that has been segmented (VLAN's etc) the other site is ok.

I've trawled the net for info on this and found a Microsoft TechNet article saying that the possible cause is the use of spanning tree. There resolution is to turn off spanning tree which in my mind defeats the object.

Has anybody else experienced this and if so what did you do to resolve it?

Many thanks

 

[wybnormal]

Lets take this one item at a time..

Spanning tree is layer 2.. ie.. works at the phyiscal layer.. NT domain stuff normally works at layer 3.. ie.. logical addressing..

Spanning tree on the Cisco has a separate instance for EACH VLAN.. so you have three VLANs,, there are three instances of Spanning Tree running.. one for each VLAN. You did set the root bridge for EACH VLAN, yes? I am assuming here you are not using CST since the default is PVST..

How are you routing between the VLANs.. you did not mention this at all.. and since VLANs break up the broadcast domains, you need some type of routing to get between them..

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[raptoid]

Cheers for getting back to me.

I have 2 Catalyst 3550 Routing Switches which performs all routing between VLAN's. I also have a Cisco 2600 router which connects to our Frame Relay cloud.

Spanning tree is configured for each vlan and has a priority 8195.

The reason why i started to ask questions about spanning-tree is because there is a Microsoft article Q202840 which suggests it as a reason. But i dont want to turn off spanning-tree as it defeats the object of path redundancy.

There must be a logical anwser to this? HELP!!!

 

[wybnormal]

ok-- so we have routing.. do you have IP helper or UDP forwarding enabled? something like this

Windows NT

Client Port(s)
Server Port
Service


137/UDP
137/UDP
NetBIOS Name

138/UDP
138/UDP
NetBIOS Netlogon and Browsing

139/TCP
NetBIOS Session

42/TCP
WINS Replication

Windows 2000

For a mixed-mode domain with either Windows NT domain controllers or legacy clients, all of the preceding ports for Windows NT may need to be opened in addition to the following ports:

Client Port(s)
Server Port
Service


135/TCP
RPC *

389/TCP/UDP
LDAP

636/TCP
LDAP SSL

3268/TCP
LDAP GC

3269/TCP
LDAP GC SSL

53/TCP/UDP
53/TCP/UDP
DNS

88/TCP/UDP
Kerberos


445/TCP
SMB


Here is the doc link from MS

They talk about firewalls, but any UDP still applies to your routing between the VLANs.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q179442

MikeS
Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[raptoid]

I have IP helper enabled. Thanks for the doc link, i'm now checking my firewall to make sure all the recommended ports are indeed open.

I'll come back if still no joy

cheers

 

[wybnormal]

remember that Win2K is HEAVILY dependent on DNS and AD to function properly..even in a mix network.. :-(

MikeS Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[Degg]

Another problem may be WINS. we had to install 2 WINS servers to be able to browse computers across subnets. our NOC and Managed services could not browse to each other without a WINS Server in each. I beleive thats how it worked...

Doyle