Mono spanning-tree and PVST

Similar Messages

• Spanning Tree and Admin mac address issues srw2048

  Ok, I have a somewhat complex problem and hopefully someone may shed some light or have an idea as to whats wrong.
  First the scenario:
  I have two Cisco Cat 6509's etherchanneled to each other via two fiber cables.  One of these is the STP/RSTP root.  I have two SRW2048's.. one trunked to each of these 6509 switches.  There is also a trunk between the SRW2048's.  All this is to create a redundant topology so that if one of the switches fail's the others can still forward packets to each other.  Of course the scenario described is in fact a loop that should be handled by STP/RSTP.  I have RSTP enabled on all the switches in the scenario (PV RSTP on the cisco switches as they only do Cisco's brand of per vlan spanning tree).  There are 3 vlan's configured on each of the srw2048's (2,55,96).  There are corresponding vlan's also on the 6509's.  I have put the srw2048's management interface into vlan 2.
  The problem:
  I need to forward packets between the srw2048's primarily and only use the 6509 that is not the root when a failure happens.  I have configured the non-root 6509's spanning tree cost on the etherchannel to be higher then the alternate path through the srw's to the root.  I can hook everything up and view the spanning tree and see that the srw2048's interface that goes to the non-root 6509 is blocked, and all other interfaces on the other switches are forwarding.  I can in fact ping and get to the admin interface on all the switches.  Then for some strange reason the admin interface of the srw2048 plugged into the non-root 6509 stops responding.  If I disable either the interface its plugged into on the 6509 or the other srw2048 everything starts working again.  Sometimes it responds after many failures for no apparent reason.  I looked into the mac-address table on the 6509's and they are conflicting, pointing to each other for the mac-address of the broken srw2048.  When I clear the mac-table the admin port comes back for about 5 seconds then again goes dark.  When reviewing mac-table on the 6509's they are back to pointing to each other.  The odd thing (although I haven't confirmed this completely) is that hosts placed into vlan 2 on that same srw2048 seem to work fine.  If there was an STP loop or something misconfigured, I would expect it to effect any host in vlan 2 or the other vlan's for that matter on the srw2048 that stops responding.  Alas, I am stuck because I need to manage this switch remotely.  My only thought is that for some reason even when the STP status is blocked the broken srw2048 is still sending out arp's of its admin interface and bypassing the STP protocol.  I have no way to confirm this, but maybe someone has an idea as to what I'm doing wrong, or otherwise offer a solution.  For now, I simply removed vlan 2 from the 6509 that the broken srw2048 is plugged into and everything seems fine.
  My apologies for such a long post, but this is somewhat complicated.  Thanks in advance for any info.
  -Geoff
  Message Edited by gmyers on 08-19-2008 10:35 PM

  To follow up, I had a ticket open with Linksys about this for about 3 months with no resolution.  I submitted packet captures, stp outputs, etc and no luck.  I gave up and basically had to revert to a manual failover for redundancy.  It's no perfect or fast, but it works every time.
  Unless linksys issues a firmware upgrade with this as a fix, I doubt we will be able to ever resolve this on our own.

• E100 & E1000 Spanning tree and VLAN reuse

  I have a situations where I have two e series cards configured as single card ether-switches in the same chassis. One is an E100 and the other is an E1000. I have spanning tree enabled on all the transport circuit built to these cards. There is no STS connectivity between these cards.
  I am reusing a few VLANs between the cards and the cards appear to be sharing spanning tree topology information. Has anyone had similar experiences reusing VLANs and discovered a work around for this? The 15454 documentation is not very descriptive of this situation and lacks detailed STP info as on would expect to be accessible from a Cisco switch.
  Thanks,
  Ken

  I'm not so sure that singlecard/multicard mode has anything to do with STP on E-Series cards. From the book Optical Network Design and Implementation:
  "It is important to remember that in the case of the E-Series cards, the Timing and Control 2 (TCC2) common card actually runs the spanning-tree engine with a single instance of STP per node. Each E-Series card plugged into the chassis maintains only a copy of its Layer 2 forwarding table. In the case of ML-Series cards, however, the individual cards maintain copies of the Layer 2 forwarding table and they run an instance of STP." ... "From an STP perspective, however, the entire ONS node is perceived as a single bridge, even though it might contain multiple E-Series cards. For ML-Series cards, however, each card is accounted for as a discrete bridge, and STP uses each and every ML-Series card for its STP computation."

• Spanning-tree modes: PVST vs RAPID-PVST

  I am upgrading an old network and as I add switches, I would like them to run rapid-pvst, instead of just pvst which is what the older switches are running.
  Last I checked (with a Cisco techie at Networkers 2006), it was OK to have trunked switches with different modes (pvst and rapid-pvst)... but now I'm hearing differently from a few other sources.
  Can someone please verify if this is a concern and if so, how should one proceed?
  Cheers...

  rapid-pvst+ can be migrated into your pvst+ environment.
  rapid-pvst+ configured switches revert to pvst+ to provide interoperability.
  cisco recommends configuring the rapid-pvst+ and pvst+ for different STP instances. the rapid-pvst+ root switch must be running rapid-pvst+ and the pvst+ root switch must be running pvst+; as well, the pvst+ switches should be at the edge of the network.
  (this being said, upgrade your core first and move outward. keep your pvst+ root switch out of the core where rapid-pvst+ will be running)
  please see the following link for more info:
  http://www.cisco.com/en/US/products/hw/switches/ps5206/products_configuration_guide_chapter09186a00801ce264.html#wp1150840

• Spanning tree and blocked ports

  Hello
  I have a network built with 5 3560 switches. They are linked together over 6 fiber gigabit links. Two of them are for redundancy. I set up STP and all works fine. STP root is on the same switch for all VLANs.
  But I'm wondering why blocked links are only show state blocked on one of the two connected switches. I've read the docu but didn't found a hint.
  Thanks for any comment.
  Thomas

  I guess your question in fact translates to: why is there only one side of my redundant link that is blocking instead of both ends. There are several possible answers to that:
  First, because blocking one side is enough;-)
  But the an explanation I prefer is to remind that STP cannot know that this link is a fiber going to a single neighbor bridge. This link could be connected to a hub, where on the top of the neighboring bridge there would be some hosts (PCs, routers etc...). To put it short, STP must provide connectivity to this link. That's why *every* link has a designated port that connects it to the root bridge.
  Hope this helps;-)
  Francois

• How to implement uplink redundancy and spanning tree in SFP-300 switches

  We have several Small Business 300 Series Managed Switches, the 10/100 ones with PoE, the first generation ones.
  We've been advised to implement uplink redundancy and spanning tree on these switches.
  I'm sure spanning tree is a checkbox somewhere in the web interface.
  How does one implement uplink redundancy besides interconnecting the switches plus turning on spanning tree (RSTP)??
  Thank you, Tom
  P.S. I also tried to file a service request but it does not work, I get: "Error 500: Request processing failed; nested exception is java.lang.NullPointerException"

  Hello Thomas,
  Thanks for using the Cisco Small Business eSupport Community. I've looked through the articles that are available in our Knowledge Base and found a few that I hope will be able to assist you in setting up spanning tree and link redundancy on your SFP300s:
  In regards to link redundancy, the following article on LAG can hopefully provide some guidance:
  Link Aggregate Group (LAG) Configuration on 200/300 Series Managed Switches
  And for your question on setting up STP, here are a few articles with additional information:
  Configure Spanning Tree Protocol (STP) Status and Global Settings on 200/300 Series Managed Switches
  Setup Spanning Tree Protocol (STP) on a Interface on the 300 Series Managed Switches
  I hope that this information helps! Please remember to mark your question as answered and rate if this solves your problem.
  Best,
  Gunner

• Switching Best Practice - Spanning Tree andEtherchannel

  Dear All,
  Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
  1. Manually configure STP Root Bridge.
  2. On end ports, enable portfast and bpduguard.
  3. On ports connecting to other switches enable root guard.
  In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
  Thank You,
  Abhisar.

  Hi Abhisar,
  Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
  On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
  Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
  Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
  If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
  My $0.02...
  Best regards,
  Peter

• Rapid Spanning Tree Question

  All,
  I have a question about Rapid Spanning Tree reconfiguration. I have to following situation:
  As you can see 3 switches with RSTP, and 2 switches without RSTP (or any other spanning tree, just unmanaged).
  The 2 switch will form a loop in my network. Switch 1 will block one of the ports and the other port will forward the traffic.
  If I break the link "Just Forwarding", my second switch won't be able to cumminucate for around 40 seconds. It will take some time before the backup link will be up again.
  Cisco has the Fastforwarding  mechanism. Will this help in this situation? I would like to shorten the 40 seconds time.
  Thans in advance.

  I'd guess the unmanaged devices run legacy spanning tree, and rapid
  pvst switches will run rapid according the "heard" protocol. So if it hears
  the legacy bpdu, it will run regular spanning tree, hence the 40 second delay.
  chris

• Spanning-tree not working: SG500 to Cat3650

  Hi All,
  Trying to turn up a new site. I have 2 switches: Cat 3650 & SG500-52P.  I want to connect up two ethernet cables between these switches in the event one fails, STP will put the blocked one in forwarding.  However, when I connect up the 2nd ethernet cable, I get the following:
  IPADTBL-N-IPDUPLICATE: Duplicate IP address 192.168.5.232 from MAC a0:ec:f9:ef:6a:18 was detected on VLAN 1, port gi1/1/24
  This log message is then followed by the network locking up & crashing until I remove the 2nd cable (i.e. STP Loop).  Removing the redundant cable solves the problem. This is because STP is allowing both links to transitioning to forwarding state (confirmed in show spanning-tree & show cdp neighbor).
  Why is spanning-tree not correctly blocking one of the lines? Is that type of architecture not supported when there is an SG300/500 in the equation?
  Configs below:
  Core 3650: (box configs basically)
  Switch#show run
  Building configuration...
  Current configuration : 2686 bytes
  ! Last configuration change at 10:01:53 UTC Thu Jan 22 2015
  ! NVRAM config last updated at 09:24:03 UTC Thu Jan 22 2015
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  service compress-config
  hostname Switch
  boot-start-marker
  boot-end-marker
  vrf definition Mgmt-vrf
   address-family ipv4
   exit-address-family
   address-family ipv6
   exit-address-family
  logging console emergencies
  enable secret 5 $1$Qi5N$u/5q1HESY/TyQsPFNKVah1
  no aaa new-model
  clock timezone UTC -6 0
  clock summer-time UTC recurring
  switch 1 provision ws-c3650-24ts
  ip device tracking
  diagnostic bootup level minimal
  spanning-tree mode pvst
  spanning-tree extend system-id
  spanning-tree vlan 1 priority 24576
  redundancy
   mode sso
  class-map match-any non-client-nrt-class
    match non-client-nrt
  policy-map port_child_policy
   class non-client-nrt-class
      bandwidth remaining ratio 10
  interface GigabitEthernet0/0
   vrf forwarding Mgmt-vrf
   no ip address
   negotiation auto
  interface GigabitEthernet1/0/1
  interface GigabitEthernet1/0/2
  interface GigabitEthernet1/0/3
  interface GigabitEthernet1/0/4
  interface GigabitEthernet1/0/5
  interface GigabitEthernet1/0/6
  interface GigabitEthernet1/0/7
  interface GigabitEthernet1/0/8
  interface GigabitEthernet1/0/9
  interface GigabitEthernet1/0/10
  interface GigabitEthernet1/0/11
  interface GigabitEthernet1/0/12
  interface GigabitEthernet1/0/13
  interface GigabitEthernet1/0/14
  interface GigabitEthernet1/0/15
  interface GigabitEthernet1/0/16
  interface GigabitEthernet1/0/17
  interface GigabitEthernet1/0/18
  interface GigabitEthernet1/0/19
  interface GigabitEthernet1/0/20
  interface GigabitEthernet1/0/21
  interface GigabitEthernet1/0/22
  interface GigabitEthernet1/0/23
  interface GigabitEthernet1/0/24
  interface GigabitEthernet1/1/1
  interface GigabitEthernet1/1/2
  interface GigabitEthernet1/1/3
  interface GigabitEthernet1/1/4
  interface Vlan1
   ip address 192.168.5.230 255.255.255.0
  ip default-gateway 192.168.5.1
  ip http server
  ip http secure-server
  line con 0
   exec-timeout 0 0
   stopbits 1
  line aux 0
  line vty 0 4
   password scrubbed
   login
  line vty 5 15
   password scrubbed
   login
  wsma agent exec
   profile httplistener
   profile httpslistener
  wsma agent config
   profile httplistener
   profile httpslistener
  wsma agent filesys
   profile httplistener
   profile httpslistener
  wsma agent notify
   profile httplistener
   profile httpslistener
  wsma profile listener httplistener
   transport http
  wsma profile listener httpslistener
   transport https
  ap group default-group
  end
  SG500 Switch:
  switchff1182#show run
  config-file-header
  switchff1182
  v1.3.0.62 / R750_NIK_1_3_647_260
  CLI v1.0
  set system mode switch queues-mode 4
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  hostname switchff1182
  no passwords complexity enable
  username cisco password encrypted scrubbed privilege 15
  ip ssh server
  snmp-server server
  no ip http server
  ip telnet server
  interface vlan 1
   ip address 192.168.5.231 255.255.255.0
   no ip address dhcp
  exit
  ip default-gateway 192.168.5.1

  Hi Peter,
  Thanks for replying. Unfortunately (or fortunately if it worked), STP is running and BPDU's are flooding below:
  SW500A#show spanning-tree
  Spanning tree enabled mode RSTP
  Default port cost method:  long
    Root ID    Priority    24577
               Address     a0:ec:f9:ef:6a:00
               Cost        20000
               Port        gi1/1/43
               Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    32768
               Address     2c:3e:cf:ff:11:82
               Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
  SW500A#show spanning-tree bpdu
  Global: Flooding
  I guess I'm doing etherchannels instead of redundant links :-/
  This is one of many reasons why I regret these small business models being made; A lot of things that are polished and functional in the enterprise grade (i.e. real switches) just don't seem to work on these units. But unfortunately, as the price is significantly cheaper, companies will continue purchasing these over the better quality units, and engineers like myself will be stuck working with the cut-corners version of a Cisco switch.

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?

  I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port  2 SW2 and port 2 SW1 to port 1 SW2) ring. 
  At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine). 
  I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree. 
  Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below).  When I was at the site, I sometimes had connectivity, sometimes not.  A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so. 
  Has anyone else run into these issues, and have you found a solution?
  I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack.  It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.   
  What do you think?
  Jim
  _BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.

  Jim,
  We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
  If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
  Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
  Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  We have upgraded to 15.0(2a).EX5 and still have the same issue.
  We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
  HTH

• Rapid spanning tree combnation

  Dear All,
  I am new to Spanning tree technology...and it sounds pretty good to run 802.w on LAN,
  Is it posible to run 802.w on switches that support Rapid spanning tree and some old ones that do not ?
  Is there any way to prevent BPDU to be send to switch that do not support 802.w ?
  Looking forward to hearing from you??
  Best regards,
  Sholeh

  The roles were in fact introduced by RSTP. Because it was also very convenient with regular STP, we added them to our implementation of STP. However, older software are just showing the information defined in STP at that time.
  A forwarding port is indeed designated or root. In order to make a difference between the two, you need to check what is the designated bridge ID. If this is the local bridge, the port is designated. If it's a different bridge, it's a root port.
  Another simple way: you also get the root port for the vlan in the show spantree. There is only a maximum of one root port on a bridge, so if your forwarding port is not the root port, it is then designated.
  Note that STP does not make any difference between backup and alternate port either. For this, you need again to look for the designated bridge ID on this port. If it is the bridge itself, this is a backup port, else, an alternate port (this is useful for uplinkfast, only alternate port can do fast transition).
  Regards,
  Francois

• Which spanning tree protocol is preferred PVST or rapid-PVST and why?

  I have WS-C2960G-24TC-L and Cisco 3750G switches, I have option to configure PVST spanning tree or rapid-pvst. Please let me know which is better and why? also send me some document explaining both protocols in detail.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As Alex has noted, normally rapid-PVST should be preferred.
  Depending on needs (and device support), MST might be better yet.

• Why does the command "spanning-tree mst simulate pvst disable" exist

  That's all really. Why would you turn it off? What is the advantage. If you're not receiving PVST BPDUs, you don't need it, but why turn it off?

  When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
  OK, that's what it does, but why? the only effect it has is blocking your ports. 

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?