Core (4500x vss) with Access HP switch spanning tree
Hello Friends,
i need your support to guide me for this type of topology network in-order to avoid loops...
like
2 4500X series switch configure as a VSS working as core switch
in access layer i have HP switches which are connected with 1G fiber uplinks to each other (cascaded) and back to these Core switch for Vlan forwarding.
i need help to configure spanning tree for such topology and avoid loops.
Topology is in attached..
Hi,
you mean to say, connect each HP switch back to core (VSS) with 2 uplinks and configure as a ether-channel?
Yes, exactly.
actually that is not possible because the lack of fiber cable between the cabinets (core to access) are not much cores.
How could it not be possible? According to your drawing in your current design ASW-HP1 and ASW-HP3 both connect to the core VSS, core anyway. So it is just a matter of connecting ASW-HP2 to the core.
Of course you want 2 uplinks from each HP.
HTH
Similar Messages
-
Studio 10 dbx dumps core with access checking on
I have an application that causes Studio 10 dbx to dump core on start with access checking turned on. It will run OK under Studio 9 dbx, but tends to kill dbx if I attempt to follow the stack when a violation is found.
For some odd reason, 'suppress rui' does not work with it as well.
What information can I provide to help identify this bug? I expect the application and its build environment are too big to send in.
Cheers,
Ianx86/AMD64 doesn't do access checking, or does it now?
Anyway, here is the pstack:
Cheers, Ian.
core '/tmp/core' of 12721: /opt/studio10/SUNWspro/bin/../prod/bin/sparcv9/dbx sm70/icp/test/sparc
ffffffff7e6a39c0 _kill (ffffffff7e7b0f88, 31b1, 2002, 100532d9d, 100532000, 100532) + 8
00000001000bbaa4 ???????? (10062e, 100400, b, 100400, 100633000, 10053f5e0)
ffffffff7e6a2dfc sigacthandler (b, ffffffff7fff8850, ffffffff7fff8570, b, 3d, 3d000000) + 2c
--- called from signal handler with signal 11 (SIGSEGV) ---
000000010025881c __1cHTypetabHGetType6Mii_pnEType__ (ffffffff7fffe738, 100999670, 100999680, 0, 0, ffffffff7
fffb892) + c
000000010029a01c __1cFStabsQmake_tactarglist6MpcrnHSymlist_pnHObjfile_ibb_2_ (ffffffff7fffe738, 7c, 1, 10099
9670, 0, 0) + 104
000000010029ae90 __1cFStabsZcafe_parse_templ_fun_inst6MpnHObjfile_pnDFun_pc5b_4_ (ffffffff7fffe738, 10099967
0, 1009ba7d0, 1, ffffffff7d340fc2, ffffffff7fffb884) + 24c
0000000100286c60 __1cFStabsIFuncDecl6MpnHObjfile_pnDFun_pcb_4_ (ffffffff7fffe738, 100999670, 1009ba990, 5f,
4c, 1009ba990) + ec
0000000100282828 __1cFStabsSNPatchProcessDebug6MpnHObjfile_pnEstab_pcIIbb_I_ (ffffffff7fffe738, 100999670, f
fffffff7d349e14, ffffffff7d31df38, ffffffff7d34f364, ffffffff7fffe66c) + 1d8
000000010024b478 ???????? (10076b050, 49e14, 0, de6, 0, 1)
000000010024b8d8 ???????? (100999670, ffffffffffffffff, 103955440, 102eb6730, 1, 1)
000000010024b6a8 __1cNReadLazyStabs6FpnHObjfile_bb_v_ (100999670, 10053f000, 1, 1, 10053f5e0, 100400) + e4
00000001001dbae8 __1cGRtcFunTlocate_npatch_sites6M_v_ (103933330, 7, e, 80, 84, 103933330) + 80
00000001001db888 __1cGRtcFunSlocate_patch_sites6ML_i_ (103933330, 51eb8400, ed11ad88, 100999a60, 81c7e008, 1
) + 784
00000001001d6544 __1cKRtcLoadObjRrtc_process_check6Mb_v_ (103933330, 100400, 100983860, 1009c4e70, 100983870
, ffffffffffffffff) + 6fc
00000001001c714c __1cGRtcMgrPrtc_new_process6M_v_ (102c1ae30, 10065a400, 0, 0, 1, 10056fe74) + 80c
00000001001c590c __1cGRtcMgrTtry_rtc_new_process6M_b_ (10065a400, 1005d4d05, 0, 10056f000, 10056f, 10076ac30
) + c
00000001001c5544 ???????? (1, 1029df5a9, 10053f5e0, 10065a400, 5, 1002452c8)
00000001000c7984 __1cSActionList_execute6FpnEList4nGAction___pnEProc_pnHHandler_pnJEventInst_nHLevel_e__v_ (
102d13780, 102cb0340, 102d1e1c0, 102ab71d0, 1, 10053b) + 64
0000000100166a4c __1cHHandlerSdecision_procedure6MpnEProc__v_ (102d1e1c0, 102cb0340, 100558, 100400, 1005585
bc, 102ab71d0) + 158
00000001001bfccc __1cKRecognizerHtrigger6MpnEProc__v_ (102d1e1c0, 102cb0340, 100400, 100581000, 100581ea8, 1
0056c18d) + e8
00000001001c0240 __1cKRecognizerIdispatch6FpnGTarget_pnEProc__v_ (10053f5e0, 102cb0340, 100400, 1, 0, 10064e
370) + 58
00000001001b0c44 __1cEProcNvcpu_dispatch6MpnEVCpu__b_ (102cb0340, 100766070, 1005468d0, 1002182a0, 100769888
, 100645d30) + 384
00000001001b0de8 __1cEProcQpervcpu_dispatch6MpnEVCpu__v_ (102cb0340, 10057c3d0, 102d3bc60, 10057c450, 10057c
3d0, 100569599) + 14c
00000001001b15d4 __1cEProcQgeneric_dispatch6MpnEVCpu__b_ (102cb0340, 10057c458, 100569, 100581000, 10056972b
, 100581) + 1a8
00000001001b1d4c __1cEProcCgo6MpnEVCpu_nGProcGo_b_v_ (102cb0340, 100569, 102be9050, cc4, 100581fe8, 1) + 52c
000000010017ca14 __1cGdo_run6FpnGInterp_bnHLevel_e__i_ (100400, 100568000, 100400, 10053f5e0, 100400, 100400
) + 328
00000001002bbba0 ???????? (1005983f7, 102ab8230, 10065b8d8, 0, 10066f510, 102b487e0)
00000001002ba890 __1cNpdksh_execute6FpnGInterp_pnCop_i_i_ (10065b890, 102c81dc0, 0, 10065b890, 102bcf5a0, 10
3539140) + 1c0
00000001002a710c __1cLpdksh_shell6FpnGInterp_pnGSource__i_ (10065b890, 102cf6280, 100400, 100596d79, 100596d
80, 1000bb4b0) + 4c0
00000001000bfa5c __1cNmain_cmd_loop6FpnGInterp__v_ (10065b890, 100400, 100533d18, 100614178, 100581f10, 1005
33) + a8
00000001000c0a8c main (100400, 100532, 100533d18, 10065b890, 10053f5e0, 1) + b8c
00000001000b409c _start (0, 0, 0, 0, 0, 0) + 17c -
How to implement uplink redundancy and spanning tree in SFP-300 switches
We have several Small Business 300 Series Managed Switches, the 10/100 ones with PoE, the first generation ones.
We've been advised to implement uplink redundancy and spanning tree on these switches.
I'm sure spanning tree is a checkbox somewhere in the web interface.
How does one implement uplink redundancy besides interconnecting the switches plus turning on spanning tree (RSTP)??
Thank you, Tom
P.S. I also tried to file a service request but it does not work, I get: "Error 500: Request processing failed; nested exception is java.lang.NullPointerException"Hello Thomas,
Thanks for using the Cisco Small Business eSupport Community. I've looked through the articles that are available in our Knowledge Base and found a few that I hope will be able to assist you in setting up spanning tree and link redundancy on your SFP300s:
In regards to link redundancy, the following article on LAG can hopefully provide some guidance:
Link Aggregate Group (LAG) Configuration on 200/300 Series Managed Switches
And for your question on setting up STP, here are a few articles with additional information:
Configure Spanning Tree Protocol (STP) Status and Global Settings on 200/300 Series Managed Switches
Setup Spanning Tree Protocol (STP) on a Interface on the 300 Series Managed Switches
I hope that this information helps! Please remember to mark your question as answered and rate if this solves your problem.
Best,
Gunner -
Enable BPDUGuard on Spanning-tree Portfast Trunk Port: Yes or No?
Hello to all the Cisco Experts,
I have been searching around to get a confirmed answer as per my subject, but yet unable to come into any conclusion that could help me.
This is all started when I configured the switchport configuration for my ESXi Server which is a dot1q trunk port. The reference will be as below URL:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006628
The configuration of the switchport will be as below:
interface GigabitEthernet1/0/1
description ESXi
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 11,15
switchport mode trunk
spanning-tree portfast trunk
end
The catch is, I had the bpduguard enabled on the global level in my switch = spanning-tree portfast bpduguard default.
This will enable the bpduguard on the trunk port above due to the switchport is in portfast (the command: spanning-tree portfast trunk).
Some of the guys in this forum mentioned that it is not recommended to have bpduguard on trunk port and some mentioned it is okay to have this.
So, what do you all think on this? Any real life experience dealing with this kind of situtation that can be shared to us over here?
Thank you in advance.Hi Leo,
First of all, I would never, ever, consider any comment of yours as being offensive so don't worry, none taken. :)
Enabling portfast on a trunk is so "yesterday", in my opinion. If a trunk port(s) or an etherchannel is configured correctly, there's a significant chance portfast is irrelevant. The speed to get the ports to go from down to passing traffic is really boils down to one or two seconds.
Perhaps this is at the core of our different views. To my best knowledge, without the PortFast, a trunk - be it a single port or an EtherChannel - will become forwarding 30 seconds after entering the up/up state, not less. This is valid for STP, RSTP, and MSTP. In addition, if a new VLAN is created or added to the list of enabled VLANs on the trunk, it may take additional 30 seconds for that VLAN to become operational (forwarding) on that trunk. There is nothing besides PortFast and Proposal/Agreement that can cut down this time: the STP must go over the Listening-Learning-Forwarding sequence, and RSTP/MSTP must go through the Discarding-Learning-Forwarding sequence. The "one or two seconds" you have mentioned is perhaps the combined delay incurred by autonegotiation, LACP/PAgP, and DTP, but STP will take its own time and will not be deterred by any of these mechanisms.
I see no benefit but mischief when you enable BPDU Guard on an inter-switch link.
Absolutely agree. That is why it doesn't make any sense to put a BPDU Guard on an inter-switch link, and I have never suggested doing that. The original post, however, deals with enabling PortFast on a trunk link that does not go to another switch but rather connects to an ESXi server on which, obviously, different virtual machines are bridged onto different VLANs.
So what is the reaction of the port if you do happen to enable portfast and BPDU guard on an inter-switch link? Wouldn't the two be a "Jekyll & Hyde", wouldn't it?
It would be just the same as enabling PortFast and BPDU Guard on an access port that happens to be connected to another switch. Upon link-up, the port would become forwarding immediately, and after receiving a BPDU, it would be shot down to err-disabled. The fact the port is an access port or a trunk port makes no difference here. Just as before, I stress that this kind of configuration simply isn't meant to be used on inter-switch links. However, on trunks connected directly to routers, servers, autonomous APs supporting several SSIDs mapped to different VLANs, even to IP phones (remember the mini-trunk config used on old switches on which the switchport voice vlan command only instructed CDP to advertise the voice VLAN but did not cause the port to accept tagged frames in the voice VLAN so it had to be configured as a trunk?) - in all these situations, the PortFast can be beneficial. The BPDU Guard is a natural protective companion to the PortFast - wherever PortFast is eligible to be configured, the BPDU Guard is a natural additional protection to be activated as well.
But given the complexity of interconnection of different switches to various stuff going around, we're happy with leaving portfast on a trunk port disabled.
No argument here - but again, this is about trunks between switches on which I would never suggest using the PortFast or the BPDU Guard. The original post is talking about trunks to end hosts (i.e. edge trunk ports if we extend the terminology a little).
Best regards,
Peter -
Hello,
If I have port configure as spanning tree portfast and I plugged another switch instead of computer what will happened can it create loop or shutdown the port?Hello horacio27,
You can use PortFast on access switch ports or trunk ports that are connected to a single workstation, server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
You can use PortFast to connect a single end station or a switch port to a switch port. If you enable PortFast on a port that is connected to another Layer 2 device, such as a switch, you might create network loops.
To Prevent loops, in network the most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.
PortFast with BPDU guard prevents loops by moving non trunking port to err-disable state. -
Do I configure spanning-tree port type ed trunk on LACP port-channels
Hello,
Can't seem to see a clear answer and wondering if something could offer some advice please?
We are using LACP aggregation across all our 10 gig attached servers and also trunking them. We're running a VPC pair of 5596 Nexus.
For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
However I think I should be adding this to the overiding port-channel config. At present a colleague has configured the VPC below omitting the spanning-tree port type config.
interface port-channel100
description a-server
switchport mode trunk
switchport trunk allowed vlan 100
vpc 100
The port member configs are these which do contain the spanning tree port type:
interface Ethernet1/1
description a-server(1)
switchport mode trunk
switchport trunk allowed vlan 100
spanning-tree port type edge trunk
channel-group 100 mode active
I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
However I have this issue with STP:
Switch1# show spanning-tree interface po100
Vlan Role Sts Cost Prio.Nbr Type
VLAN0100 Desg BKN*200 128.4996 (vPC) Network P2p *BA_Inc
Is this due to the inconsistency with my port channel to member configs?
Any advice would be gratefully accepted.
Thanks!Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
Evren -
Spanning tree - balanced without use vlan ?
Hi, i´m sorry if this is a classic question.
i have implemented rapid pvst like show in the image. The dotted lines are the alternative links. (image 1)
SwitchA# spanning-tree vlan 1 root primary
SwitchB# spanning-tree vlan 1 root secondary
I want to make a kind of balancing like image 2. But the problem is that i have vlan 100 (and other vlans) in side A and Side B.
So, if i make
SwitchB: spanning-tree vlan 100 root primary
SwitchA: spanning-tree vlan 100 root secondary
The SwB it change to primary for vlan 100.
But i want to the switchB be the primary for side A and secondary for side A. No matter the vlan. Is possible?
Thanks a lot!
IMAGE 1
IMAGE 2
PS: Later i will implement HSRP.Hi, i know that is possible, but doing this the result is unbalanced for mi network. For example vlan 20 reside in all switches and vlan 21 reside in only one switch.
i want to the switchA be the primary for side A and secondary for side B. No matter the vlan. Like image 2.
I hope to be clear.
Thanks. -
Hi,
we have the following configuration on our switches
spanning-tree mode mst
spanning-tree extend system-id
spanning-tree mst configuration
name test
spanning-tree mst forward-time 4
when we have a failover convergence time was about 8-10 seconds outage is there anything on the above config that suggest's this could be causing the delay? i thought MST was fast convergence times?
Thanksi will try and you this later on. Not sure it was already in place what are the difference's between them both i thought MST can have multiple vlans per region so better design. Is RSTP not the same as PVST? not done much spanning tree as of yet. so not had chance to look at the differences?
Thanks -
Cisco 4500X + VSS + Trust Sec Switch to Switch Encryption
Hi,
actually im testing and evaluationg the Cisco 4500X switch as new distribution switch for our Company.... Now i have some issues with one of our requirements.
For security reasons i need to encrypt the links between the 4500X and the access switches in other buildings (no issue with Trust Sec)
But ... now i also need to encrypt the link between the two 4500X if i run VSS ... my question is .. is it possible to encrypt the VSL link with TrustSec Switch to Switch encryption?
BR,
FlorianHi Frloian,
If you have 2 switches in different data centers than you do not need VSS. In fact this is very bad design as the whole concept of VSS is grasped on dual home design. In the essence the proper design of VSS system is to have every downsteram switch connected with one link to one VSS switch and other link to second VSS switch, so that when one VSS switch would fail other can take over. Please look at the VSS best practises:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html#vss_best
Update:
There is possibility to encrypt VSL link, but only in 6500 sup2t environment:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/virtual_switching_systems.html#wp1341144 -
Hello,
I have an Spanning tree problem when i conect 2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy, with one IP of management)
In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
I dont know but do you like this solutions i want to try on sunday?:
Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
¿could you help me to control the root? ¿Do you think its better another solution? thanks!
CONFIG WITH PROBLEM
======================
3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
interface GigabitEthernet2/0/28
description VIRTUAL SNMP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
logging event trunk-status
shutdown
interface GigabitEthernet1/0/43
description VIRTUAL SNMP1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
shutdown
DELL M6220: (its only one swith)
interface Gi3/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit
interface Gi4/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exitF.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk -
Cisco Switches and HP Interoperability with Spanning-Tree (RSTP)
Hello All.
I read a lot of information from this forum about Spaning-Tree interoperability between HP Switches and Cisco Switches.
Rather than having questions I would like to post that I manage to configure successfully HP and Cisco using RSTP (802.1w).
SWPADRAO]display stp root
MSTID Root Bridge ID ExtPathCost IntPathCost Root Port
0 32768.cc3e-5f3a-2939 0 0
[SWPADRAO]display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/47 DESI FORWARDING NONE
0 GigabitEthernet1/0/48 DESI FORWARDING NONE
[SWPADRAO]display stp instance 0
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.cc3e-5f3a-2939
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.cc3e-5f3a-2939 / 0
CIST RegRoot/IRPC :32768.cc3e-5f3a-2939 / 0
CIST RootPortId :0.0
BPDU-Protection :enabled
Bridge Config-
Digest-Snooping :disabled
TC or TCN received :17
Time since last TC :0 days 0h:1m:52s
SWNHAM17#show spanning-tree VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32768
Address cc3e.5f3a.2939
Cost 4
Port 26 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 61441 (priority 61440 sys-id-ext 1)
Address 001b.54db.7200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 Interface Role Sts Cost Prio.Nbr Type
Gi0/1 Altn BLK 4 128.25 P2p
Gi0/2 Root FWD 4 128.26 P2p
SWNHAM18#show spanning-tree VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32768
Address cc3e.5f3a.2939
Cost 4
Port 26 (GigabitEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 61441 (priority 61440 sys-id-ext 1)
Address 001b.0cbc.4300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 Interface Role Sts Cost Prio.Nbr Type
Gi0/1 Desg FWD 4 128.25 P2p
Gi0/2 Root FWD 4 128.26 P2pHello, David.
Your command doesn't work because it's made only for tha ports that has command "spanning-tree portfast" in them. Try change spanning tree mode at the HP switch to MSTP if this is possible. -
i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
i want to make two switch into active state,some one could help in this.
the configuration which i used is below
itch virtual domain 100
switch 1
exit
switch virtual domain 100
switch 2
exit
interface port-channel 10
switchport
switch virtual link 1
no shut
exit
interface port-channel 20
switchport
switch virtual link 2
no shut
exit
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on
switch convert mode virtual
switch convert mode virtuali can share two core switch configuration which is there
please suggest if something which i misconfigured and need to be corrected.
TAKAFUL-CORE-01#show run
Building configuration...
Current configuration : 7510 bytes
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-01
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
ip dhcp pool management
network 10.2.20.0 255.255.255.0
default-router 10.2.20.2
option 43 ascii "10.2.20.1"
ip dhcp pool Data
network 10.3.30.0 255.255.255.0
default-router 10.3.30.2
dns-server 4.2.2.2 8.8.8.8
ip dhcp pool Voice
network 10.1.10.0 255.255.255.0
default-router 10.1.10.2
ip dhcp pool wireless
network 10.4.40.0 255.255.255.0
default-router 10.4.40.2
dns-server 4.2.2.2 8.8.8.8
no ip bootp server
ip device tracking
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel10
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface TenGigabitEthernet1/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet1/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
shutdown
interface Vlan10
description IP Telephony VLAN
ip address 10.1.10.2 255.255.255.0
no ip redirects
interface Vlan20
description Automation & Management VLAN
ip address 10.2.20.2 255.255.255.0
no ip redirects
interface Vlan30
description Data VLAN
ip address 10.3.30.2 255.255.255.0
no ip redirects
interface Vlan40
description Wireless Users VLAN
ip address 10.4.40.2 255.255.255.0
no ip redirects
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
snmp-server community ro RO
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
banner login ^CC
#### Login for authorized Takaful IT Personnel ONLY ####
TAKAFUL
#### Login for authorized Takaful IT Personnel ONLY ####
^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
line con 0
privilege level 15
login local
stopbits 1
line vty 0 4
privilege level 15
login local
line vty 5 15
privilege level 15
login local
module provision switch 1
chassis-type 70 base-mac F40F.1B56.31D8
slot 1 slot-type 401 base-mac F40F.1B56.31D8
module provision switch 2
end
TAKAFUL-CORE-01#
TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...
Current configuration : 5641 bytes
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-02
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
no ip bootp server
ip device tracking
vtp mode transparent
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel20
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
interface FastEthernet1
vrf forwarding mgmtVrf
speed auto
duplex auto
interface TenGigabitEthernet2/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
line con 0
stopbits 1
line vty 0 4
login
length 0
module provision switch 1
module provision switch 2
chassis-type 70 base-mac 88F0.3104.0058
slot 1 slot-type 401 base-mac 88F0.3104.0058
end -
Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?
I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port 2 SW2 and port 2 SW1 to port 1 SW2) ring.
At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine).
I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree.
Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below). When I was at the site, I sometimes had connectivity, sometimes not. A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so.
Has anyone else run into these issues, and have you found a solution?
I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack. It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.
What do you think?
Jim
_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.Jim,
We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
We have upgraded to 15.0(2a).EX5 and still have the same issue.
We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
HTH -
4500x losing connectivity to SG300 switches issue
I have a new Catalyst 4500X-16 SFP+ Switch with ten GLC-SX-MMD SFP modules connected to ten Cisco SG300-10 switches with MGBSX1 SFP modules. The 4500X is all default config except all I did was setup SSH so I can manage remotely. I have GB connectivity between small SG300-10 switches and 4500X switch without any problems at all, until the SG300 reboots. If power goes out or SG300 is restarted for any reason, it does not communicate with the 4500X switch any longer. If I restart the 4500X, then connectivity is restored. I don't see any port security setup or no ports are down...everything appears up, but I can't communicate until I restart the 4500X switch.
I'm not sure where to begin troubleshooting this one. I am putting battery units on each SG300-10 switch, but that is just a temporary fix and I'd like to get to the core of the problem.
4500X is running IOS-XE Version 3.05.00.E
Thanks in advance for any help you can provide.
Below is info on the 4500 switch...
Joist4500>show int status
Port Name Status Vlan Duplex Speed Type
Te1/1 connected 1 full a-1000 1000BaseSX
Te1/2 connected 1 full a-1000 1000BaseSX
Te1/3 connected 1 full a-1000 1000BaseSX
Te1/4 connected 1 full a-1000 1000BaseSX
Te1/5 notconnect 1 full auto 1000BaseSX
Te1/6 notconnect 1 full auto No XCVR
Te1/7 connected 1 full a-1000 1000BaseSX
Te1/8 notconnect 1 full auto No XCVR
Te1/9 notconnect 1 full auto No XCVR
Te1/10 connected 1 full a-1000 1000BaseSX
Te1/11 connected 1 full a-1000 1000BaseSX
Te1/12 connected 1 full a-1000 1000BaseSX
Te1/13 notconnect 1 full auto No XCVR
Te1/14 connected 1 full a-1000 1000BaseSX
Te1/15 notconnect 1 full auto 1000BaseSX
Te1/16 notconnect 1 full auto No XCVR
Joist4500>
Joist4500>show span
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0025.641d.cfe4
Cost 10
Port 1 (TenGigabitEthernet1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 58f3.9c8d.b988
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
Te1/1 Root FWD 4 128.1 P2p
Te1/2 Desg FWD 4 128.2 P2p
Te1/3 Desg FWD 4 128.3 P2p
Te1/4 Desg FWD 4 128.4 P2p
Te1/7 Desg FWD 4 128.7 P2p
Te1/10 Desg FWD 4 128.10 P2p
Te1/11 Desg FWD 4 128.11 P2p
Interface Role Sts Cost Prio.Nbr Type
Te1/12 Desg FWD 4 128.12 P2p
Te1/14 Desg FWD 4 128.14 P2p
Joist4500>
Joist4500#show spanning detail
VLAN0001 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 1, address 58f3.9c8d.b988
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0025.641d.cfe4
Root port is 1 (TenGigabitEthernet1/1), cost of root path is 10
Topology change flag not set, detected flag not set
Number of topology changes 10 last change occurred 4d05h ago
from TenGigabitEthernet1/4
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 1 (TenGigabitEthernet1/1) of VLAN0001 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.1.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 20bb.c0f2.6800
Designated port id is 128.50, designated path cost 6
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 10, received 185137
Port 2 (TenGigabitEthernet1/2) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.2, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185136, received 1
Port 3 (TenGigabitEthernet1/3) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.3.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.3, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185134, received 1
Port 4 (TenGigabitEthernet1/4) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.4.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.4, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185125, received 0
Port 7 (TenGigabitEthernet1/7) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.7.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.7, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185133, received 0
Port 10 (TenGigabitEthernet1/10) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.10.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.10, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185130, received 0
Port 11 (TenGigabitEthernet1/11) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.11.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.11, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185129, received 0
Port 12 (TenGigabitEthernet1/12) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.12.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.12, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185129, received 0
Port 14 (TenGigabitEthernet1/14) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.14.
Designated root has priority 32768, address 0025.641d.cfe4
Designated bridge has priority 32769, address 58f3.9c8d.b988
Designated port id is 128.14, designated path cost 10
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 185127, received 0
login as: dquintanilla
Sent username "dquintanilla"
[email protected]'s password:
Joist4500>show int status
Port Name Status Vlan Duplex Speed Type
Te1/1 connected 1 full a-1000 1000BaseSX
Te1/2 connected 1 full a-1000 1000BaseSX
Te1/3 connected 1 full a-1000 1000BaseSX
Te1/4 connected 1 full a-1000 1000BaseSX
Te1/5 notconnect 1 full auto 1000BaseSX
Te1/6 notconnect 1 full auto No XCVR
Te1/7 connected 1 full a-1000 1000BaseSX
Te1/8 notconnect 1 full auto No XCVR
Te1/9 notconnect 1 full auto No XCVR
Te1/10 connected 1 full a-1000 1000BaseSX
Te1/11 connected 1 full a-1000 1000BaseSX
Te1/12 connected 1 full a-1000 1000BaseSX
Te1/13 notconnect 1 full auto No XCVR
Te1/14 connected 1 full a-1000 1000BaseSX
Te1/15 notconnect 1 full auto 1000BaseSX
Te1/16 notconnect 1 full auto No XCVR
Joist4500>show span
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0025.641d.cfe4
Cost 10
Port 1 (TenGigabitEthernet1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 58f3.9c8d.b988
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
Te1/1 Root FWD 4 128.1 P2p
Te1/2 Desg FWD 4 128.2 P2p
Te1/3 Desg FWD 4 128.3 P2p
Te1/4 Desg FWD 4 128.4 P2p
Te1/7 Desg FWD 4 128.7 P2p
Te1/10 Desg FWD 4 128.10 P2p
Te1/11 Desg FWD 4 128.11 P2p
Interface Role Sts Cost Prio.Nbr Type
Te1/12 Desg FWD 4 128.12 P2p
Te1/14 Desg FWD 4 128.14 P2p
Below is info on one of the SG300-10 switches.I updated my question with more information in case that helps. Below is spanning summary on the 4500.
-
Identifying spanning-tree root switch
Looking at a network with a 6509 at the core running in pvst mode. I think the 6509 is the root switch but need to confirm this.
Show spanning-tree gives a bridge id and a root id. My understanding is that the root id should be the MAC address of the root switch.
However I can't find the MAC address given as the root id in the 6509s mac address table, nor in the access switches mac address tables.
I'm sure I'm missing something here - any ideas?Hi,
in the output of "show spanning-tree" you should look for a line "This bridge is the root". The output will give you the root id and the bridge id of the switch, where you execute the command.
The output looks like this:
Router# show spanning-tree vlan 200
VLAN0200
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 00d0.00b8.14c8
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 00d0.00b8.14c8
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
------------- snip -----------
The MAC used for creating the bridge id is not used for forwarding BPDUs and thus does not show up in the CAM table afaik.
To find the root in a switch network, follow the root ports for a given spanning tree instance.
Hope this helps! Please rate all posts.
Regards, Martin
Maybe you are looking for
-
What is the best camera for me?
I don't know much at all about cameras, so I'm really hoping someone will be able to help me! I'm looking for a camera that's better than your standard point and shoot digital camera but one that doesn't cost a fortune. I want to be able to take pict
-
Creating the Equivalent of a Single Axis Stepper Motor Indexer in a cRIO
I am looking for some FPGA code that implements a complete (or near complete) Single Axis Stepper Motor Indexer function on a cRIO using an NI-9474 DO module. For those that aren't familiar with the term "indexer", an indexer is a pulse generation s
-
User error when connecting to Apex on XE with Oracle drive
Hi, When I tried to connect to Apex (webdav) on an XE database to access themes and css with Oracle Drive it sends incorrect user or password message, I tried with sys, system and other users. With windows explorer I could connect using the same user
-
Hi everyone, I am new to Premiere Pro CS4 and am currently working with video filmed in very low light. Due to the lighting all of the footage is completely tinted blue! I'm sure this is a very easy thing to solve but have no idea where to start, and
-
hi i am working on JDeveloper 11.1.2.3 i made a servlet filter and it works well but the problem is in the cookies ... i tried to delete the cookies from the servlet but in vain i uses this code but it does not work cookie.setMaxAge( 0 ); Thanks