Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Spanning Tree Issue

Spanning Tree Issue 11 years 2 months ago #9267

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
I work on a mixed vendor network, mainly Cisco and Enterasys. I had a strange spanning tree issue earlier that has stumped me, and I was seeing if maybe anyone here might be able to explain it. A little background on the network, many VLANs are above 1005 from when it was originally designed. Anyways, a new Cat 4506 was installed on the network that uplinks via an 802.1q trunk to a Cat 6509. The 4506 and 6509 are using PVST+. The 6509 is doing layer 3 switching, while all the rest of the switches are purely layer 2. As soon as we brought this switch online, it somehow caused a Cat 2900 elsewhere to begin blocking it's uplink port. Since the 2900 doesn't support extend system id, we leave them at the factory default configuration, and plug them into Enterasys switches.

So, this 2900 uplinks to an Enterasys E-7 access port, which in turn uplinks via 802.1q trunk to the 6509. The E-7 doesn't support PVST+ (Cisco proprietary), so it's left with 802.1w. BTW, the Enterasys switch had no problems while this was happening. The workaround we did was just to create a new VLAN for the new 4506, but this doesn't explain why. I really would like to understand for in the future because now that everything is up and running, we can't really take it down...If anyone needs a drawing to get a better idea I can do that.
-Jeremy-
The administrator has disabled public write access.

Re: Spanning Tree Issue 11 years 2 months ago #9309

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
Do I need to give any additional info that might clarify the problem? I know the VLAN design is bad, especially since we only have about 200 or so VLANs, but I have to work with what is here.
-Jeremy-
The administrator has disabled public write access.

Re: Spanning Tree Issue 11 years 2 months ago #9317

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
jwj,

Sounds like a messy problem :)

Would it be possible to provide us with the configuration of the 2900, 4500 and 6500 series switches so we can examine them for possible mis-configurations ?

In addition, if a brief network diagram is possible, only showing the devices mention in your question - that would surely be helpful!
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Spanning Tree Issue 11 years 2 months ago #9319

  • LooseCannon
  • LooseCannon's Avatar
  • Offline
  • Frequent Member
  • Posts: 64
  • Karma: 0
Yah I was trying to sketch this out on a piece of paper but more info, as Chris says, would be helpful. Such as, does the 2900 you are speaking of have any other redundant connections into it from other switches? I just went through this stuff in CCNP3 so it is still fresh in my mind and I would be happy to have a go at it.
The administrator has disabled public write access.

Re: Spanning Tree Issue 11 years 2 months ago #9344

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
No redundant connections as can be seen from this quick diagram:



Cat 4506 current config. The only thing that has been changed on this switch is removing the VLAN it had in common w/ the 2900. Very basic here:
!
spanning-tree mode pvst
spanning-tree extend system-id
power dc input 2500
!
!
!
!
vlan 55
name mgt
!
vlan 100
name vlan100
!
vlan 101
name vlan101
!
vlan 102
name vlan102
!
vlan 103
name vlan103
!
vlan 104
name vlan104
!
vlan 105
name vlan105
!
vlan 252
name vlan252
!
vlan 1600
name vlan1600
!
interface GigabitEthernet1/1
description uplink to 6509
switchport trunk encapsulation dot1q
switchport mode trunk


Cat 6509 current config. This switch is doing the routing between the VLANs. The spanning tree config is the confusing part. From what I understand, the no spanning tree line is there for compatibility between PVST and 802.1w. I'm not sure why all VLAN's except the native are not included, maybe this is wrong? Slowly we are moving towards all Cisco and all PVST.
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
no spanning-tree vlan 10,1010,1300,1400,1500,1600,1650
spanning-tree vlan 1,10,40,50,55,100-105,200,250,252,350,400,450,900 priority 0
spanning-tree vlan 1010,1300,1400,1500,1600,1650 priority 0
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
!
interface GigabitEthernet7/3
description access for E7
no ip address
speed nonegotiate
wrr-queue cos-map 2 1 2 3 4
mls qos vlan-based
mls qos trust dscp
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!


Cat 2924XL. Just plugs into the Enterasys E-7 access port, in this case being VLAN 1300.
factory default configurations
-Jeremy-
The administrator has disabled public write access.

Re: Spanning Tree Issue 11 years 2 months ago #9351

  • LooseCannon
  • LooseCannon's Avatar
  • Offline
  • Frequent Member
  • Posts: 64
  • Karma: 0
Hi jwj, I'm not really sure what the problem is but I was doing some reading on it and was wondering if you might want to try 802.1s on the E-7 if it supports it. I think the problem is with the BPDUs somehow. When you plug the 4506 into the network it starts sending out BPDUs to the 6509 that in turn sends those BPDUs to the E-7 and something must be getting screwed up there that is causing the 2900 to block its port.

What might be happening is the E-7 is receiving BPDUs from the 6509 claiming to be the designated port to VLAN 1300 (the 4506) so the E-7 sets its uplink to the 6509 as its root port and then it receives an inferior BPDU from the 2900 and it tells the 2900 to block its port as it thinks it forms a loop to VLAN 1300.

Have you tried using any debug commands on the switches? It might be useful to see the BPDU traffic going between the 6509-E7-2900.

One last thing you might want to try for troubleshooting purposes it to set the bridge priority to a lower number on the 2900 than on the 4506 for the STP instance on VLAN 1300 and see what happens.

That's really all I can think of right now as all this STP stuff has fried my brain. Man this stuff is confusing :?
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup