About Spanning tree problem

Similar Messages

• Rapid Spanning Tree Problem

  Hi all,
  I am experiencing an RSTP problem. I have two swtitches connected via wireless link, the port is in trunk mode, the native vlan is vlan 1 the problem is that bpdu's are exchanged for other vlan's but not for vlan 1, when i connect a second backup wireless link it causes the loop, it seems that there are no bpdu exchanges between switches for vlan 1, also in trunk ports i see that BPDU's for vlan 1 are sent by both switches but they do not receive any BPDU's from each other. Any explanation about thiss issue ?
  Thanks in advance

  I would need to know some things to troubleshoot this:
  1. Is VLAN 1 the native VLAN of the trunk, on both sides?
  2. I presume VLAN 1 is in the allowed VLANs list on both sides of the link?
  3. If the native VLAN is not 1, is the native VLAN allowed on the trunk, on both sides?
  4. What model of switch is it, and what version of the software?
  5. Can you do a show run int for each end of each trunk link?
  6. Can you do a show int xxx trunk for each end of each trunk link?
  7. Can you do a show spanning-tree vlan 1 on each side of each trunk?
  Kevin Dorrell
  Luxembourg

• Spanning tree problem

  I have a CAT4006 with 2 layer-2 uplinks to 2 CAt3750 switches respectively
  CAT4006 as PLWARBITES008 connected to:
  Connection 1
  ============
  PLWARBITES008 (G1/1)connected to PLWARBITMP001 (G1/0/8)
  Note: Connection down
  Connection 2
  ============
  PLWARBITES008 (G1/2)connected to PLWARBITMP002 (G1/0/8)
  NOte: Connection is up
  The connection 1 is down, however,
  if I show cdp nei G1/1 in PLWARBITES008,
  (Seems connected to itself)
  I got this:
  PLWARBITES008#sh cdp nei GigabitEthernet1/1 det
  Device ID: PLWARBITES008
  Entry address(es):
  IP address: 134.1.1.1
  Platform: cisco WS-C4006, Capabilities: Switch IGMP
  Interface: GigabitEthernet1/1, Port ID (outgoing port): GigabitEthernet1/1
  Holdtime : 145 sec
  Version :
  Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I5S-M), Version 12.2(25)EWA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  However, in PLWARBITMP001 (g1/0/80), the serial and line protocol are down. Can I know why is it like that?

  Hi:
  That is called PVSTP , Per vlan Spanning tree protocol. It is default feature with L2 & L3 switches of Cisco. One connection is in forwarding state & one is in blocking state.
  regards
  Sandipani C

• Metro link and Spanning tree problem

  HI all,
  We have 4 switches connected like the diagram given below.
  What happens when link between mux to mux goes down mean any fiber cut in SP network our ethernet interface from switch 1 doesn't go down and for vlan 2 all data goes black holed.
  bcos switch 1 interface connected to mux is getting keepalive from tejas mux and it remains up even if fiber goes down between both the mux's.
  and if link doesn't go down than all the data from vlan 2 goes black holed
  please help ASAP

  Sorry, still not clear to me.
  If STP does not unblock a port as a result of a failure between the mux and the provider network, it means that it keeps receiving BPDUs through the mux. That means that the mux is switching traffic for the corresponding vlan between the two switches, and that means that no way STP can unblock without creating a loop (which is not the desired effect I guess).
  Now, when this link between the mux and the provider network fails, why do you lose connectivity? You have two links between the mux and the provider network and the vlan exists in the two mux. Does it mean that the link between the mux and the provider network only carry one vlan? If this is the case, can't you prevent the mux from switching traffic between the two switches for the given vlan.
  You see that there are way too many "ifs" in what I've just written. We need to understand what the "muxes" are.
  Regards,
  Francois

• Method-long Spanning-Tree Cost - Nexus and VSS

  Hi,
  I'have a DC topology with 2x6509 VSS, 2 NX7K, 10xNX5548 and NX2K dual-homed.
  My question is about spanning-tree cost in method-long
  Between VSS(L2/L3) and NX7Ks(L2) i have 8x10giga links on a crossed VPC, from NX7K point of view, the pathcost to the root (wich is the VSS), is 200.
  is this correct ?
  what is the cost for 2 and 4x10g links  ?
  thanks for your replies
  Franck

  Yes one of the interfaces will be in blocking.

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Sg-300 - 3750 stack with SPANNING-TREE root problem.

  Morning. I think ive configured a few hundred switches, maybe a thousand in my time, but never have a faced such horribleness that is the SG-300. After this week, I think ill refuse to touch them.
  Got 2 voice vlans and running a few vrf's on a 3750 stack. but this discussion is about layer 2.
  2 x 3750 stacked
  1 x voice switch sg-300 company A voice vlan 18 - Po1 up to 3750 distributed etherchannel Po1 (LACP active both sides) 2 ports in channel
  1 x voice switch sg-300 company B voice vlan 19 - Po1 up to 3750 distributed etherchannel Po2 (LACP active both sides) 2 ports in channel
  Allowed vlans on both sides (command on Port-channel) are data A, Voice A, Mgt A to switch A
  Allowed vlans on both sides (command on Port-channel) are data B, Voice B, Mgt B to switch B
  It seems that these switches are limited to one voice vlan....
  and that spanning tree BPDU's are ignored (or not recevied- havnt released the shark yet).  let me explain.
  originally when using "smart port" the switch with the lowest mac address, whatever Voice vlan was configured would take over the other switche's voice vlan, argh what a nightmare.
  I gave up on the GUI as its far to complcated and have Almost got this working.
  I am now using auto voice vlan, but have disabled smart macro. I hope that disabling smart macro stop other switches from learning the switch with the lowest mac address's voice vlan.  So far so good - in the LAB. No where was it documented in the cli guide how do disable this stupid feature.
  DHCP is working from scope on core, can mange the switches etc etc, access vlan voice vlan all good (after a monster battle).
  Now I have an issue with spanning tree.
  spanning tree priority for vlans 1-4094 on the 3750 is 4096.
  spanning tree priority for vlans 1-4094 on the SG-300's is 6xxxx.
  ALL switches think that they are the root. (well the "logical" 3 of them) The 3750's for all vlans, and the SG-300 for the one instance as it doesnt support per vlan.  (I am not interested in trying MST here..this is not a datacentre)
  On the 3750's Ive tried ieee, pvst, rpvst, while matching the non per-vlan equivalent on the SG series.
  What is the difference between a General port and Trunk Port on a SG-300 specific to spanning tree, native vlans (when you can just configure an untagged vlan anyway!!) and what is the relevance to the way the bpdu's are carried?
  And why the need for a PVID, when you can tell a port what is tagged and what isnt.
  Does the trunk need Vlan1 to be explicitly allowed, and untagged? Does the Po trunk need to be a general port with PVID configured? in vlan 1?
  I need to sort this, as cannot put an access switch into production that thinks it is the root of the tree.  I wish I had a 2960.... a 3500XL..anything
  Does anyone have CLI commands that can help here?

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Spanning Tree and Admin mac address issues srw2048

  Ok, I have a somewhat complex problem and hopefully someone may shed some light or have an idea as to whats wrong.
  First the scenario:
  I have two Cisco Cat 6509's etherchanneled to each other via two fiber cables.  One of these is the STP/RSTP root.  I have two SRW2048's.. one trunked to each of these 6509 switches.  There is also a trunk between the SRW2048's.  All this is to create a redundant topology so that if one of the switches fail's the others can still forward packets to each other.  Of course the scenario described is in fact a loop that should be handled by STP/RSTP.  I have RSTP enabled on all the switches in the scenario (PV RSTP on the cisco switches as they only do Cisco's brand of per vlan spanning tree).  There are 3 vlan's configured on each of the srw2048's (2,55,96).  There are corresponding vlan's also on the 6509's.  I have put the srw2048's management interface into vlan 2.
  The problem:
  I need to forward packets between the srw2048's primarily and only use the 6509 that is not the root when a failure happens.  I have configured the non-root 6509's spanning tree cost on the etherchannel to be higher then the alternate path through the srw's to the root.  I can hook everything up and view the spanning tree and see that the srw2048's interface that goes to the non-root 6509 is blocked, and all other interfaces on the other switches are forwarding.  I can in fact ping and get to the admin interface on all the switches.  Then for some strange reason the admin interface of the srw2048 plugged into the non-root 6509 stops responding.  If I disable either the interface its plugged into on the 6509 or the other srw2048 everything starts working again.  Sometimes it responds after many failures for no apparent reason.  I looked into the mac-address table on the 6509's and they are conflicting, pointing to each other for the mac-address of the broken srw2048.  When I clear the mac-table the admin port comes back for about 5 seconds then again goes dark.  When reviewing mac-table on the 6509's they are back to pointing to each other.  The odd thing (although I haven't confirmed this completely) is that hosts placed into vlan 2 on that same srw2048 seem to work fine.  If there was an STP loop or something misconfigured, I would expect it to effect any host in vlan 2 or the other vlan's for that matter on the srw2048 that stops responding.  Alas, I am stuck because I need to manage this switch remotely.  My only thought is that for some reason even when the STP status is blocked the broken srw2048 is still sending out arp's of its admin interface and bypassing the STP protocol.  I have no way to confirm this, but maybe someone has an idea as to what I'm doing wrong, or otherwise offer a solution.  For now, I simply removed vlan 2 from the 6509 that the broken srw2048 is plugged into and everything seems fine.
  My apologies for such a long post, but this is somewhat complicated.  Thanks in advance for any info.
  -Geoff
  Message Edited by gmyers on 08-19-2008 10:35 PM

  To follow up, I had a ticket open with Linksys about this for about 3 months with no resolution.  I submitted packet captures, stp outputs, etc and no luck.  I gave up and basically had to revert to a manual failover for redundancy.  It's no perfect or fast, but it works every time.
  Unless linksys issues a firmware upgrade with this as a fix, I doubt we will be able to ever resolve this on our own.

• ISE - 802.1X - Loop not detected by spanning-tree

  Hello,
  I have recently implemented the 802.1X on switchs 3750-X running 15.0(2)SE IOS version.
  The spanning-tree bpdufilter and bpduguard are globally enabled on the switchs.
  A user has created a loop on the network by connecting its Cisco IP-Phone twice on the network : one wire connected normally from switch to the RJ-45 phone connector and the second wire that should be connected to the PC had also been connected to the switch !
  The loop created has not been detected by the switch !
  I have made several tests and re-created the problem 3 times on 4 (only one time, the loop has been detected by bpduguard  20 seconds after the port up).
  Notice that without 802.1X configured on the same switch port, the loop is quickly detected and ports are err-disabled shutdown.
  Switch port with 802.1X is following :
  interface GigabitEthernet1/0/9
  switchport access vlan 950
  switchport mode access
  switchport nonegotiate
  switchport voice vlan 955
  no logging event link-status
  authentication control-direction in
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 950
  authentication event server dead action authorize voice
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 10
  storm-control broadcast level 10.00
  storm-control multicast level 10.00
  spanning-tree portfast
  If I change the host-mode to multi-domain, a MAC violation restriction occurs and shutdown the port. But this is not the config I need.
  Is there any reason for spanning-tree not works properly with 802.1X ?
  Thanks,
  Olivier

  Hello Olivier
  When using bpdufilter, bpduguard and portfast all at the same time there are many things going on which are not well documented. Now when you add 802.1x to the mix then you really have no documentation. I had to do many labs on my own to finally have my configuration, and also discovered some bugs. According to my experience you shouldn't use bpdufilter and you should use bpduguard on the switchport not in the global config.
  Please read the following links about the differences between global and port bpdufilter, differences between global and port bpduguard, configuring bpduguard along with portfast , configuring bpdufilter along with portfast, and configuring bpduguard along with bpdufilter.
  http://aitaseller.wordpress.com/2010/01/17/bpdu-filter-vs-bpdu-guard-what-is-the-difference/
  http://costiser.wordpress.com/2011/05/23/subtle-difference-for-portfast-bpdufilter-used-together-globally-or-at-interface-level/
  https://learningnetwork.cisco.com/thread/21103
  http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
  Please rate if this helps

• 2950 spanning tree issue

  Here is the problem we are having , we have a 2950 hooked to a 6509 hybrid dist box with approx 90 vlans on it . We hook up a new 2950 and we get the following message, Dec 21 19:47:45.116: %SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 64 STP instances exceeded. No instance created. Ok , I know about the spanning tree issues with the 2950 only having limited PVST instances . But up at the dist side we have "manually pruned off all but 5 vlans on the trunk feeding this 2950 with the "clear trunk" command . I thought manually pruning off the vlans from the trunk would eliminate this problem , maybe i have a misunderstanding of how this works. Also the message on the 2950 complains about it only having 64 instances of spanning tree yet when you do a "show vtp status it says it supports 250 instances locally so whats up with that , 2950 running 12.1.22EA4 . So I guess I'm asking is there any way around this for the 2950 . Also in client/server mode do you have to manually prune off the vlans on both the server side and the client side ??

  Hello Glen,
  I guess instead of manually pruning the VLANs off the trunk, you could also try and enable VTP pruning globally on the 6509 (set vtp pruning enable). I assume you have the 6509 configured as the VTP server (set vtp mode server) ?
  I am not sure if CatOS and IOS defaults to the same VTP version, can you check this (with 'show vtp domain' for CatOS and 'show vtp status' for the IOS switch) ?
  Also, in a purely IOS environment, manually pruning VLANs off a trunk requires doing that only on the server side, but with a mix of CatOS and IOS, it might have to be done on both sides, you might want to give it a try and use the 'switchport trunk allowed' command on the 2950 as well...
  Regards,
  GP

• 2960X 15.0(2)EX5 Stack Bug? Master Switch Ports link in Orange, no spanning Tree

  Is anyone aware of a bug in version 15.0(2)EX5 for 2960X Switches that would cause a switch in the master role to stop linking in new ports in green (and passing traffic).  I have 2 2960X-48FPD-L Switches in a stack and whichever switch I designate master will only link new connections in orange and not pass traffic.  All ports linked in show up/up and can be seen in a show cdp neighbor but won't pass any other traffic. 
  If I unplug the Stacking cables both switches become masters and ports linked in green on the previous member switch stay green, but after it switches to master any new connections plugged in only link in orange. 
  If I switch priorities and reboot the problem switches to the new master switch and the problem goes away on the member switch.
  Also, a switch in the master role does not show any spanning tree instances for ports in the orange link state. 
  Has anyone seen this issue and do you know of a solution? 
  Jim

  A quick update for those with this same problem.
  1.  15.2(3)E turned out to be very unstable causing my switch stack to randomly lockup/reboot one of the switches about once a week.
  2.  I downgraded back to 15.0(2)EX5 but found a workaround.  It turns out the switch stack with the 15.0 versions does not like the switchport voice vlan command on any of the interfaces on the master switch.  I simply removed the voice vlan configuration on the interfaces and all the switch ports linked in just fine.  I would prefer to run the phones on a voice vlan, but it still works without, just the PC's and phones are on the same vlan. 
  Jim

• Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?

  I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port  2 SW2 and port 2 SW1 to port 1 SW2) ring. 
  At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine). 
  I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree. 
  Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below).  When I was at the site, I sometimes had connectivity, sometimes not.  A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so. 
  Has anyone else run into these issues, and have you found a solution?
  I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack.  It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.   
  What do you think?
  Jim
  _BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.

  Jim,
  We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
  If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
  Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
  Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  We have upgraded to 15.0(2a).EX5 and still have the same issue.
  We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
  HTH

• Spanning tree loops

  Hi we are having regular spanning tree issues in our network.
  On our config we do not have bpduguard configured from what I can see? Could this be an issue?
  What can be done centrally on the core switches to remove this threat? Are their default configs that a wise network administrator would apply as standard?
  HELP!

  HI Mike [Pls Rate if HELPS]
  Refer link below for examples and identify redundant links, root and backup root bridge etc..
  http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml#intro
  Refer link for usage guidelines in implementing loopguard, bpdu guard etc..
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html#wp1019943
  A Cisco router will give you a warning when you configure PortFast:
  SW1(config)#int fast 0/5
  SW1(config-if)#spanning-tree portfast
  %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
  %Portfast has been configured on FastEthernet0/5 but will only
  have effect when the interface is in a non-trunking mode.
  SW1(config-if)#
  Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.
  But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn't even in your network!
  BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.
  BPDU Guard is off on all ports by default, and is enabled as shown here:
  SW1(config)#int fast 0/5
  SW1(config-if)#spanning-tree bpduguard enable
  It's a good idea to enable BPDU Guard on any port you're running PortFast on. There's no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!
  Refer link below for Understanding Spanning Tree Protocol:
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cwsiug2/vlan2/stpapp.htm
  Hope i am Informative and this HELPS.
  PLS RATE if HELPS
  Best Regards,
  Guru Prasad R

• Mutiple spanning-tree root bridges

  We've started installing some new 3650 switches (replacing 3560's at the access layer) running XE 03.03.05SE. We've run into some problems as a result of "ip device tracking" being on by default, but in the process of debugging I've found that three separate switches all believe they are the spanning-tree root bridge for the same VLANs. The new switches are by default in rapid-pvst mode; the distribution switches are set to rapid-pvst as well. All 3650's are dual-homed.
  SW1#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     78da.6e6f.6d00
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     78da.6e6f.6d00
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/4             Desg FWD 4         128.52   P2p
  Gi2/1/4             Desg FWD 4         128.116  P2p
  SW2#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     f40f.1b84.9680
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     f40f.1b84.9680
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/3             Desg FWD 4         128.51   P2p
  Gi1/1/4             Desg FWD 4         128.52   P2p
  SW3#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     78da.6e6f.7180
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     78da.6e6f.7180
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/3             Desg FWD 4         128.51   P2p
  Gi2/1/4             Desg FWD 4         128.116  P2p
  Switch 1 seems to behave as if it is the real root, but this still does not make much sense to me. Does anyone have an explanation? It's been a long time since my switching class, and I very seldom have to deal with spanning-tree issues.

  Hi,
  Having more than one root switch for a VLAN is definitely a sign of some foul play. A contiguous VLAN can never have more than one root switch. Multiple root switches would occur if, for example, the trunks interconnecting the switches had this VLAN excluded from the list of allowed VLANs, or if they were interconnected by access ports (in a different VLAN) rather than trunks. Another possibility could be an inappropriately constructed MAC ACL or VLAN ACL inadvertently block BPDUs. In any case, this may be a source of serious trouble.
  Without further information about your network, it is difficult to suggest anything more specific. Would it be possible to post a diagram explaining your network topology? Also, would it be possible to post the show span root and show span bridge outputs from every switch in your network?
  Thank you!
  Best regards,
  Peter

• Can I disable spanning-tree in a vpc domain ?

  i have two N7718s in a vpc domain and each have a vpc connection to  300+ TORs(non cisco switch).
  each 7718 have 300+ trunk port and a trunk port carring 80 vlans . so the logical port number is 300*80 = 24000
  the problem is n7k r-pvst logical ports limit is 16000,it causes the vpc primary 7718 ping latancy time exceed 1000ms
  2 ways to solve this problem : use mst instead of rpvst or disable spanning-tree
  if i use mst , the logical ports limit is 90000, the problem will appear one day
  so i want to disable spanning-tree . 7718s' vpc link to TOR use lacp ,it will prevent some  layer2 loops. can i do it?

  I have the same problem. :)