Desktop switch kills routing

From: nntp chip (me_at_privacy.net)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 10:19:45 +0100

Hello all,

I run a network where three different lan:s are used. Between the
buildings at every site the traffic flows through tagged ports in layer-2
switches. (ASCII-art and switchmodels below) When traffic need to go
somewhere outside that site a layer-3 switch routes it onto a carrier
network kept separated from the three other vlan:s.

Enabled spanning-tree on all switches to kill off nasty loops.

So far so good.

Then some student connected a simple desktop-switch and made a loop within
that little switch. Somehow the spanning tree did not work correctly in
that situation. The entire student-vlan stopped dead. While searching for
what was going on, the administration people started complaining too; They
could reach the local servers, but remote servers and internet was
unreachable.

Set up lab to study things a little closer.

Found out that when one of the vlan:s was looping, the other vlan:s worked
within that site, but routing soon stopped in the layer-3 switch. The very
second i disconnected the offending desktop-switch everything went back to
normal again.

Any ideas how to stop this from happening and keep the routing going? The
admin-network Must Always Be Reachable, so I dont like the idea that some
lousy desktop-switch can wreak such havoc...

TIA

------------

layer-2 switches are D-Link DES-3526
layer-3 switches are D-Link DES-3326S, DGS-3324SR, DGS-3312SR

vlan-10: link-net that connect all sites togehter.
vlan-110: students
vlan-120: administration
vlan-130: public hotspots etc.

(carrier network)
   |
   | vlan-10
   |
 __|_________________
| |
| switch-1 (layer 3) |
|____________________|
                 |
                 |
                 | tagged link with vlans-110,120,130
                 |
 ________________|___
| |
| switch-2 (layer 2) |
|____________________|
  | | | |
  | | | |
 110 120 130 |
                   | tagged link with vlans-110,120,130
                   .
                   .
                   .

                   |
 __________________|_
| |
| switch-n (layer 2) |
|____________________|
  | | |
  | | |