2950 spanning tree issue

Similar Messages

• Spanning tree loops

  Hi we are having regular spanning tree issues in our network.
  On our config we do not have bpduguard configured from what I can see? Could this be an issue?
  What can be done centrally on the core switches to remove this threat? Are their default configs that a wise network administrator would apply as standard?
  HELP!

  HI Mike [Pls Rate if HELPS]
  Refer link below for examples and identify redundant links, root and backup root bridge etc..
  http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml#intro
  Refer link for usage guidelines in implementing loopguard, bpdu guard etc..
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html#wp1019943
  A Cisco router will give you a warning when you configure PortFast:
  SW1(config)#int fast 0/5
  SW1(config-if)#spanning-tree portfast
  %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
  %Portfast has been configured on FastEthernet0/5 but will only
  have effect when the interface is in a non-trunking mode.
  SW1(config-if)#
  Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.
  But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn't even in your network!
  BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.
  BPDU Guard is off on all ports by default, and is enabled as shown here:
  SW1(config)#int fast 0/5
  SW1(config-if)#spanning-tree bpduguard enable
  It's a good idea to enable BPDU Guard on any port you're running PortFast on. There's no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!
  Refer link below for Understanding Spanning Tree Protocol:
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cwsiug2/vlan2/stpapp.htm
  Hope i am Informative and this HELPS.
  PLS RATE if HELPS
  Best Regards,
  Guru Prasad R

• Spanning tree Stability

  Folks,
  I have recently placed 2 6500 at the core. I am running PVST. I have made one switch as the root primary and the other one is root secondary. My question is what steps can i take to make sure no spanning tree issues arise if some by mistake introduces a switch to the network??? i know i can use the root guard command per interface, but, i was looking for other best practices.
  Also, can someone exlain to me how can i switch modify the spanning tree topology if i have already configured a root bridge with a priority of 1?
  I will surely rate this post.
  Thanks

  Well, you can set the priority to 0;-)
  Except rootguard you mentioned, there is no real way of preventing someone else to become root because even if you set your root priority to 0, a bridge with a lower mac address could beat you.
  STP still assume some kind of cooperation between the switches. If you are in an environment where you absolutely cannot trust the neighbors, you should try avoiding running STP with them. Rootguard is a good safeguard but it will disrupt connectivity when a violation is detected. Plus rootguard will fail to detect problems if the neighbor is hostile and not sending BPDUs at all (bpdufilter).
  If you are operating in a kind of service provider model, you could use l2pt instead (waiting for 802.1ad). In that case, you would just run STP with the bridges you control and trust, and let others tunnel their STPs through you (note that in this case, the untrusted devices can create bridging loops through you, but you can rate limit the bandwidth they are wasting to what they pay for).
  Regards,
  Francois

• Mutiple spanning-tree root bridges

  We've started installing some new 3650 switches (replacing 3560's at the access layer) running XE 03.03.05SE. We've run into some problems as a result of "ip device tracking" being on by default, but in the process of debugging I've found that three separate switches all believe they are the spanning-tree root bridge for the same VLANs. The new switches are by default in rapid-pvst mode; the distribution switches are set to rapid-pvst as well. All 3650's are dual-homed.
  SW1#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     78da.6e6f.6d00
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     78da.6e6f.6d00
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/4             Desg FWD 4         128.52   P2p
  Gi2/1/4             Desg FWD 4         128.116  P2p
  SW2#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     f40f.1b84.9680
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     f40f.1b84.9680
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/3             Desg FWD 4         128.51   P2p
  Gi1/1/4             Desg FWD 4         128.52   P2p
  SW3#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     78da.6e6f.7180
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     78da.6e6f.7180
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/3             Desg FWD 4         128.51   P2p
  Gi2/1/4             Desg FWD 4         128.116  P2p
  Switch 1 seems to behave as if it is the real root, but this still does not make much sense to me. Does anyone have an explanation? It's been a long time since my switching class, and I very seldom have to deal with spanning-tree issues.

  Hi,
  Having more than one root switch for a VLAN is definitely a sign of some foul play. A contiguous VLAN can never have more than one root switch. Multiple root switches would occur if, for example, the trunks interconnecting the switches had this VLAN excluded from the list of allowed VLANs, or if they were interconnected by access ports (in a different VLAN) rather than trunks. Another possibility could be an inappropriately constructed MAC ACL or VLAN ACL inadvertently block BPDUs. In any case, this may be a source of serious trouble.
  Without further information about your network, it is difficult to suggest anything more specific. Would it be possible to post a diagram explaining your network topology? Also, would it be possible to post the show span root and show span bridge outputs from every switch in your network?
  Thank you!
  Best regards,
  Peter

• Spanning Tree and Admin mac address issues srw2048

  Ok, I have a somewhat complex problem and hopefully someone may shed some light or have an idea as to whats wrong.
  First the scenario:
  I have two Cisco Cat 6509's etherchanneled to each other via two fiber cables.  One of these is the STP/RSTP root.  I have two SRW2048's.. one trunked to each of these 6509 switches.  There is also a trunk between the SRW2048's.  All this is to create a redundant topology so that if one of the switches fail's the others can still forward packets to each other.  Of course the scenario described is in fact a loop that should be handled by STP/RSTP.  I have RSTP enabled on all the switches in the scenario (PV RSTP on the cisco switches as they only do Cisco's brand of per vlan spanning tree).  There are 3 vlan's configured on each of the srw2048's (2,55,96).  There are corresponding vlan's also on the 6509's.  I have put the srw2048's management interface into vlan 2.
  The problem:
  I need to forward packets between the srw2048's primarily and only use the 6509 that is not the root when a failure happens.  I have configured the non-root 6509's spanning tree cost on the etherchannel to be higher then the alternate path through the srw's to the root.  I can hook everything up and view the spanning tree and see that the srw2048's interface that goes to the non-root 6509 is blocked, and all other interfaces on the other switches are forwarding.  I can in fact ping and get to the admin interface on all the switches.  Then for some strange reason the admin interface of the srw2048 plugged into the non-root 6509 stops responding.  If I disable either the interface its plugged into on the 6509 or the other srw2048 everything starts working again.  Sometimes it responds after many failures for no apparent reason.  I looked into the mac-address table on the 6509's and they are conflicting, pointing to each other for the mac-address of the broken srw2048.  When I clear the mac-table the admin port comes back for about 5 seconds then again goes dark.  When reviewing mac-table on the 6509's they are back to pointing to each other.  The odd thing (although I haven't confirmed this completely) is that hosts placed into vlan 2 on that same srw2048 seem to work fine.  If there was an STP loop or something misconfigured, I would expect it to effect any host in vlan 2 or the other vlan's for that matter on the srw2048 that stops responding.  Alas, I am stuck because I need to manage this switch remotely.  My only thought is that for some reason even when the STP status is blocked the broken srw2048 is still sending out arp's of its admin interface and bypassing the STP protocol.  I have no way to confirm this, but maybe someone has an idea as to what I'm doing wrong, or otherwise offer a solution.  For now, I simply removed vlan 2 from the 6509 that the broken srw2048 is plugged into and everything seems fine.
  My apologies for such a long post, but this is somewhat complicated.  Thanks in advance for any info.
  -Geoff
  Message Edited by gmyers on 08-19-2008 10:35 PM

  To follow up, I had a ticket open with Linksys about this for about 3 months with no resolution.  I submitted packet captures, stp outputs, etc and no luck.  I gave up and basically had to revert to a manual failover for redundancy.  It's no perfect or fast, but it works every time.
  Unless linksys issues a firmware upgrade with this as a fix, I doubt we will be able to ever resolve this on our own.

• Spanning Tree on 2950 (High CPU)

  Just swapped out a 2924 with a 2950 (Copying config as closely as the 2950 would allow), and now icmp to Management IP is extremely latent (200m/sec+ from server connected directly to it)....icmp through the 2950 is unaffected.
  Spanning tree appears to be the culprit:
  36 12275368 3206214 3828 4.99% 4.07% 4.05% 0 Spanning Tree
  2950 connects to Cat4k on multiple ports (Both trunks/Non Trunks)
  spanning-tree mode is pvst on 2950.
  Hoping someone has come across this before :)
  Regards,
  MB

  Further investigation revealed that all the cat4k's vlans where in the 2950's dynamic table (show mac-address-table dynamic) - These vlans where definitely not supposed to be there, so I checked out the interconnecting ports(On Cat4k) to discover that about 5 had turned into trunk ports!(Does CatOS automagically enable trunking on ports in certain circumstances?)
  Systematically disabling trunking on these ports stopped all the cat4k's vlans being advertised to the 2950, and also reduced the cpu of spanning tree:
  36 15213172 3875075 3925 1.14% 1.37% 1.61% 0 Spanning Tree
  icmp had now also dramatically reduced.
  Regards,
  MB

• VLAN Spanning-tree (VSTP) issue with Metro-E links

  Hi Everyone,
  We have Juniper EX 4200 as core switch at two sites connected Cisco  2960s and Cisco 3560s (access layer switches). For even-numbered VLANs,  one Juniper switch is root bridge and for odd-numbered VLANs, other  Juniper switch is the root bridge.
  We have Cox and Verizon Metro-E links connecting core switches (Juniper EX 4200 at both sites).
  I want to do VLAN load sharing using VSTP but somehow it is not  working as expected. I want to pass some VLANs through COX and some  through Verizon. When there is any issue with Cox, all VLAN traffic pass  through Verizon and vice-versa. RSTP is also enabled on both Juniper  switches.
  I see MAC flapping in log messages on all Cisco access layer switches  when I bring up both Metro-E links together. When only Cox is  connected, everything works fine. When only Verizon is connected,  everything works fine. But when BOTH COX and Verizon are connected,  network gets disrupt and I see MAC flapping on all Cisco switches. All  cisco switches are running PVST.
  Anybody knows what is happening  and why VSTP is not working when both COX and VERIZON Metro-E links are active ?

  Hi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
  Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
  In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
  -Tom
  Please mark answered for helpful posts

• Spanning Tree VLAN Priority Issue

  We have two 6500E switches and running spanning tree with rapid-pvst.We have also configured per vlan spanning tree priority with 100,200 so odd vlan have one switch hight priority and even vlans have  another switch high priority.
  I have created new vlan 10 and tring to add spanning tree priority to the switches i am getting the following error
  Core-switch(config)#spanning-tree vlan 10  priority 100
  % Bridge Priority must be in increments of 4096.
  % Allowed values are:
    0     4096  8192  12288 16384 20480 24576 28672
    32768 36864 40960 45056 49152 53248 57344 61440
  Can some experts help me why i am getting the above message and how can i add the priority to the same as existing vlans

  Hi ,
   Spanning tree priority can be set in increment of 4096 , any other values will be rejected . if you want to know about priority value of existing vlan execute command show spanning-tree vlan X / show spanning-tree command which will show you switch priority value 
  Step 2 
  spanning-tree vlan vlan-idpriority priority
  Configure the switch priority of a VLAN.
  •For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.
  •For priority, the range is 0 to 61440 in increments of 4096; the default is 32768. The lower the number, the more likely the switch will be chosen as the root switch.
  Valid priority values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
  HTH
  Sandy

• Switching Best Practice - Spanning Tree andEtherchannel

  Dear All,
  Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
  1. Manually configure STP Root Bridge.
  2. On end ports, enable portfast and bpduguard.
  3. On ports connecting to other switches enable root guard.
  In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
  Thank You,
  Abhisar.

  Hi Abhisar,
  Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
  On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
  Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
  Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
  If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
  My $0.02...
  Best regards,
  Peter

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

• Dlsw spanning-tree

  Hi, my name is fabio and i´ve a problem with dlsw.
  When i´ve configured de dlsw in a router 3600 the router 7206 that has the conection with mainframe, the same lost the comunication e appears the messagem in 3600 router, look at below:
  Note: A random Spanning Tree Bridge Identifier address of 0000.0cfe.6628
        has been chosen for Bridge Group 50 since there is no mac address
        associated with the selected interface.
  I´am putting the scheme in .ppt.
  Can i sending  configurations of 3600 and 7200 to help you.
  thanks

  Fabio
  I'm not sure what the issue is here. The mac-address of the end-stations will not be visible in the 4948 as the SNA traffic is encaps'd in ip. Can you supply sh vers, sh runn, sh dlsw pe, sh dls reach, sh dls circuit, sh bri from the 3640 and the 7206. What is the mac-address of the end-station to which mac-address is it trying to connect ?
  Matthew

• 2960X 15.0(2)EX5 Stack Bug? Master Switch Ports link in Orange, no spanning Tree

  Is anyone aware of a bug in version 15.0(2)EX5 for 2960X Switches that would cause a switch in the master role to stop linking in new ports in green (and passing traffic).  I have 2 2960X-48FPD-L Switches in a stack and whichever switch I designate master will only link new connections in orange and not pass traffic.  All ports linked in show up/up and can be seen in a show cdp neighbor but won't pass any other traffic. 
  If I unplug the Stacking cables both switches become masters and ports linked in green on the previous member switch stay green, but after it switches to master any new connections plugged in only link in orange. 
  If I switch priorities and reboot the problem switches to the new master switch and the problem goes away on the member switch.
  Also, a switch in the master role does not show any spanning tree instances for ports in the orange link state. 
  Has anyone seen this issue and do you know of a solution? 
  Jim

  A quick update for those with this same problem.
  1.  15.2(3)E turned out to be very unstable causing my switch stack to randomly lockup/reboot one of the switches about once a week.
  2.  I downgraded back to 15.0(2)EX5 but found a workaround.  It turns out the switch stack with the 15.0 versions does not like the switchport voice vlan command on any of the interfaces on the master switch.  I simply removed the voice vlan configuration on the interfaces and all the switch ports linked in just fine.  I would prefer to run the phones on a voice vlan, but it still works without, just the PC's and phones are on the same vlan. 
  Jim

• Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?

  I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port  2 SW2 and port 2 SW1 to port 1 SW2) ring. 
  At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine). 
  I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree. 
  Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below).  When I was at the site, I sometimes had connectivity, sometimes not.  A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so. 
  Has anyone else run into these issues, and have you found a solution?
  I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack.  It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.   
  What do you think?
  Jim
  _BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.

  Jim,
  We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
  If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
  Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
  Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  We have upgraded to 15.0(2a).EX5 and still have the same issue.
  We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
  HTH

• Nexus spanning tree pseudo configuration

  Hi
  I am trying to understand the pseudo configuration commands in a Nexus hybrid topology.
  I have vlans a, b and c only in the vPC side of the topology.  I have peer switch configured and the same stp priority on both switches.
  In the standard Spaning-tree topology I have completely seperate vlans x, y and z.
  What should I be configuring in the pseudo config section ?  Do I define a pseudo root priority for all vlans a, b, c and x, y, z or just for the standard spanning tree vlans x, y and z.  I need to avoid and, even short, spanning tree outages if I take one Nexus out of service for a short time.
  My thinking is that if one Nexus is out of service the physical mac will be used and potentially reduce the root priority of the vPC vlans causing a TCN and STP recalculation in vlans a, b and c.  This can be avoided by configuring a pseudo root priority for all Vlans lower than the current spanning tree priority shared by the vPC peers.  Is this correct ?  However, since I have a shared priority of 8192 on current vPC vlans will configuring, for example, a pseudo root priority of 4096 on those vPC vlans won't this also cause the TCN and recalculation I am trying to avoid ?  Is the benefit of the pseudo root config only obtained if it is configured at the start when the vPC is formed and prior to the peer switch command being issued ?
  Thanks, Stuart.

  Hi Ajay,
  It is recommended that switch-to-switch links are configured with the spanning-tree port type normalcommand. The one exception is the vPC peer-link which is recommended to configure with the spanning-tree port type network command.
  Take a read of the Best Practices for Spanning Tree Protocol Interoperability from page 56 of the vPC Best Practice Design Guide for further information on this.
  Regards

• SF 300 Serires switch not participating in spanning tree?

  I just purchased an SF300-24 managed switch and I am running it in layer3 mode. I am testing it out right now and have it connected to two 2950 switches. The SF300 is connected to each 2950 with a four port etherchannel running LACP. When looking at spanning tree all three switches are configured the same when it comes to hello, forward, max age and all three are in RSTP mode. I adjusted the priorities so that the SF300 would be the root but that is not happening.
  I only have one VLAN as of right now set up and connectivity between the three switches is fine. The only problem seems to be that the two 2950 switches are the only two switches involved in the determination of the root bridge. Additionally it was the same way before I configured the etherchannel and had the switches connected over single trunk lines.
  I would appreciate if someone can expain to me why this is?
  Thanks in advance.

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Thanks for your help but know I still cannot get the three devices to talk MST either,it is getting frustrating. If i add a redundant link and directly connect the two 2950's they immediately talk and configure MST. But when I remove that link no info is passed and both 2950's think they are the root even though the SF 300 priority is 0 on all three MST instances. On the SF300 I have the following settings:
  Spanning tree: enabled
  STP Operation Mode: Multiple STP
  BPDU Handling: Flooding
  Path Cost: Long
  Region name: test
  Revision: 1
  Max Hops: 20
  Max-age: 20
  Hello Time: 2
  Forward Delay: 15
  MST instance 1 Vlan 100
  Bridge Priority 0
  Designated Root Bridge: Self
  Root port: 0
  Root path cost: 0
  MST instance 2 Vlan 2-5
  Bridge Priority 0
  Designated Root Bridge: Self
  Root port: 0
  Root path cost: 0
  MST instance 0 all vlans not in instance 1 and 2
  Bridge Priority 0
  Designated Root Bridge: Self
  Root port: 0
  Root path cost: 0
  For MST interface Settings (both LAGs/instances are thesame)
  Int Priority: 128
  Path Cost: 20000
  Port State: Boundary
  Mode: RSTP
  Type: Boundary
  Designated port ID: 128
  Designated Cost: 0
  Remain Hops: 20
  Forward Transitions: 1
  The 2950 switches: (The only difference on the other switch is that the priority is 8192, and the MACs of course)
  MST00 is executing the mstp compatible Spanning Treeprotocol
    Bridge Identifierhas priority 4096, sysid 0, address 000b.460e.e040
    Configured hello time 2, max age 20, forward delay 15
    Current root haspriority 0, address 6c50.4dcb.334b
    Root port is 65 (Port-channel1), cost of root path is 50000
    Topology change flag not set, detected flag not set
    Number of topology changes 7 last change occurred 00:18:54 ago
            from Port-channel1
    Times:  hold 1, topology change 35, notification 2
            hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0
  Port 65 (Port-channel1) of MST00 is root forwarding
     Port path cost 50000, Port priority 128, Port Identifier 128.65.
     Designated roothas priority 0, address 6c50.4dcb.334b
     Designatedbridge has priority 0, address 6c50.4dcb.334b
     Designated port id is 128.1000, designated path cost 0
     Timers: message age 4, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type ispoint-to-point by default, Boundary RSTP
     BPDU: sent 571,received 568
  MST01 is executingthe mstp compatible Spanning Tree protocol
    Bridge Identifierhas priority 4096, sysid 1, address 000b.460e.e040
    Configured hello time 2, max age 20, forward delay 15
    We are the root of the spanning tree
    Topology change flag not set, detected flag not set
    Number of topology changes 9 last change occurred 00:18:55 ago
            from Port-channel1
    Times:  hold 1, topology change 35, notification 2
            hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0
  Port 65 (Port-channel1) of MST01 is boundary forwarding
     Port path cost 50000, Port priority 128, Port Identifier 128.65.
     Designated root has priority 4097, address 000b.460e.e040
     Designated bridge has priority 4097, address 000b.460e.e040
     Designated port id is 128.65, designated path cost 0
     Timers: message age 0, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type ispoint-to-point by default, Boundary RSTP
     BPDU: sent 598,received 0
  MST02 is executingthe mstp compatible Spanning Tree protocol
    Bridge Identifierhas priority 4096, sysid 2, address 000b.460e.e040
    Configured hello time 2, max age 20, forward delay 15
    We are the root of the spanning tree
    Topology change flag not set, detected flag not set
    Number of topology changes 9 last change occurred 00:19:50 ago
            from Port-channel1
    Times:  hold 1, topology change 35, notification 2
            hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0
  Port 65 (Port-channel1) of MST02 is boundary forwarding
     Port path cost 50000, Port priority 128, Port Identifier 128.65.
     Designated root has priority 4098, address 000b.460e.e040
     Designated bridge has priority 4098, address 000b.460e.e040
     Designated port id is 128.65, designated path cost 0
     Timers: message age 0, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type ispoint-to-point by default, Boundary RSTP
     BPDU: sent 611,received 0
  I notice that on MST01 and 02 they are not receiving BPDU’s,but I am not sure why or if that is the problem. It appears that the SF 300 is not sending BPDU packets for MST01 and 02, but is sending them for MST00. I also attached a capture. I captured the VLAN info for VLAN 100 which is in MST1. on the SF300, it appears that the SF 300 is recieving STP traffic but not generating any.