Hello all,
I run a network where three different lan:s are used. Between the buildings at every site the traffic flows through tagged ports in layer-2 switches. (ASCII-art and switchmodels below) When traffic need to go somewhere outside that site a layer-3 switch routes it onto a carrier network kept separated from the three other vlan:s.
Enabled spanning-tree on all switches to kill off nasty loops.
So far so good.
Then some student connected a simple desktop-switch and made a loop within that little switch. Somehow the spanning tree did not work correctly in that situation. The entire student-vlan stopped dead. While searching for what was going on, the administration people started complaining too; They could reach the local servers, but remote servers and internet was unreachable.
Set up lab to study things a little closer.
Found out that when one of the vlan:s was looping, the other vlan:s worked within that site, but routing soon stopped in the layer-3 switch. The very second i disconnected the offending desktop-switch everything went back to normal again.
Any ideas how to stop this from happening and keep the routing going? The admin-network Must Always Be Reachable, so I dont like the idea that some lousy desktop-switch can wreak such havoc...
TIA
------------
layer-2 switches are D-Link DES-3526 layer-3 switches are D-Link DES-3326S, DGS-3324SR, DGS-3312SR
vlan-10: link-net that connect all sites togehter. vlan-110: students vlan-120: administration vlan-130: public hotspots etc.
(carrier network) | | vlan-10 | __|_________________ | | | switch-1 (layer 3) | |____________________| | | | tagged link with vlans-110,120,130 | ________________|___ | | | switch-2 (layer 2) | |____________________| | | | | | | | | 110 120 130 | | tagged link with vlans-110,120,130