Multiple Root Bridges for VLAN1

Greetings,
I have an interesting problem with my switch environment. I have (2) 3550s acting as my distribution layer (labeled d1 and d2) and (3) 3548s acting at my access layer (labeled a1, a2 and a3). Each access switch has a single dot1q trunk link to 1 of the distribution switches (a1 and a3 link via gig-E to d1; a2 links via gig-E to d2). d1 and d2 have a single dot1q trunk link and a single routed link between them.
Currently, I am having an issue with VLAN1 on a few different levels.
Interface VLAN 1 is configured for HSRP on d1 and d2, with d2 being primary for HSRP and also it should be the root bridge for VLAN 1 (spanning-tree vlan 1 pri 4096).
First and most obvious to me when I first started looking at this problem (I recently started working at this company) is the the layer3 interface for VLAN 1 on d1 is showing down/down, even though there are trunk ports carrying VLAN 1 ok. I cannot see a reason the VLAN interface should be down/down. I have tried shutting and no shutting the interface with no luck.
The second problem is there are 4 switches (d1, d2, a1 and a3, recall both a1 and a3 have single dot1q trunks to d1) that all think they are the root bridge for VLAN1 even though I have the spanning-tree priority on d1 set lower to be root bridge. According to d1 spanning-tree, all the ports are in "DWN" status:
Interface Role Sts Cost Prio.Nbr Type
Gi0/7 Desg DWN 4 128.7 P2p
Gi0/9 Desg DWN 4 128.9 P2p
Gi0/10 Desg DWN 4 128.10 P2p
Gi0/12 Desg DWN 4 128.12 P2p
The weird part to me is that I have ~25 VLANs configured over these trunks and the rest of them don't have a problem with finding the correct root bridge.
Has anyone seen such oddness when it comes to root bridge election or the problem with VLAN 1 being down? Perhaps some advice on what else to look for in the configs?
Thanks for any information.
-jflaherty

Thanks for the reply. I see VLAN 1 being trunked and allowed from both sides on multiple links, d1 to d2 and d1 to a3, so I would think the autostate would see this and have VLAN 1 on d1 UP/UP.
d1 - g0/12 (link to d2)
Port Vlans in spanning tree forwarding state and not pruned
Gi0/12 1,10-11,13-15,19-23,26,40-41,43-50,52-57,100-101
d2 - g0/12 (link to d1)
Port Vlans in spanning tree forwarding state and not pruned
Gi0/12 1,10-11,13-15,19-23,26,40-41,43-50,52-57,100-101
And finally, a3 - g0/1 (link to d1):
Trunking VLANs Active: 1,2,5-8,20,26,44-46,48,53

Similar Messages

Root bridge for VLAN 1

If I have 2 core Layer 3 switches that are in an HSRP config, each of the active router vlans are setup already as the root bridge for those particular vlans, who should I designate as the root bridge for VLAN 1 ?

Root bridge and the active router in hsrp are not really related.
Root bridge selection is only used to control which paths are blocked if any. The actual path of the traffic does not have to pass via the root bridge. It will always take the most direct path between the machines.
It is much more important to see where the blocked link is if you have any.
As a example you have a distribution switch connected to your 2 core switches and the 2 core switches connected to each other. You design you spanning tree to block the link between the 2 core switches by setting the cost very high. In this case any machine on the distribution switch can directly access either core switch. Since only the core switch that is the active HSRP router for a vlan will advertise the common mac address the distribution switch will only see the mac address on one of the two links. Either core switch can be set as the root but the traffic will alway directly flow to the active HSRP device.
Of course you don't want to block the line between the switches because the HSRP keepalive message will be layer 2 routed via the distribution switch. In a very simple design it is common to have the root bridge be the HSRP active device just because its easier to configure but the concepts are not really related. Root bridge placement is more related to traffic volumes than anything else it just tends to be true that the switch has the gateway is also the highest volume of traffic

Anyway to have Hot-Standby Root Bridge for Autonomous AP1242

Is there anyway to have or configure a Hot-Standby Root Bridge for Autonomous AP1242?
My purpose of hahving this is to have a more resilience in case the Active Root Bridge is faulty on the backhaul side.
In order to have more resilience backhaul for the backhaul bridging part, my thinking is to configure the Non Root bridges as WGB infrastructure mode and Root Bridges as AP.
Any suggestions are welcome :)

When you set up the standby access point, you must enter the MAC address of the access point that the standby unit will monitor. Record the MAC address of the monitored access point before you configure the standby access point.
The standby access point also must duplicate several key settings on the monitored access point. These settings are:
â¢ Primary SSID (as well as additional SSIDs configured on the monitored access point)
â¢ Default IP Subnet Mask
â¢ Default Gateway
â¢ Data rates
â¢ WEP settings
â¢ Authentication types and authentication servers
Check the monitored access point and record these settings before you set up the standby access point.
I hope it may help you.

Set Up of Backup Root Bridge (for resilience purpose)

Hi,
I've a wireless link with 2 Aironet 1240, one as Root Bridge connected to backbone network, the other one as Non Root Bridge.
I would like to setup another Aironet 1240 as Root Bridge with backbone network connection for resilience purpose, any special parameters need to be taken care of?
Will I need to configure the 'Root Parent Timeout Value' & 'Root Parent MAC'?
Thanks.

Yes you can configure parent in this and you are right.. Configure parent with the MAC address.. your Parent Number will decide which one is promary and which one is backup..
Example..
parent 1 1111.1111.1111
parent 2 3333.3333.3333
In this case.. the Non Root will try to associate to Parent 1 , if this fails then this goes to parent 2..
Lemme know if htis answered your question
Regards
Surendra

Pvst with multiple root bridges

Hi i just want to verify if i am going right now i have two 3550,s that are routing traffick to some asa5505 firewals but at the same time i want vlan 100 and 200 to use one of the 3350 as the root bridge and the other two vlans to use the other 3550 as their root but since the 3550' are routing where would i configure the interface vl for each vlan so the hosts can use as their gateway or i should say which switch should i configure the interface vlan should i do it on one switch or i would have to do 2 on one switch on 2 on the other.

So the clients and servers definitely have the right default gateways set ie. the HSRP VIP for their vlan ?
Can post from one of the 3550 switches -
1) "sh standby brief"
2) "sh int trunk"
Also from the same switch can you -
1) choose a client in vlan that cannot ping a server in another vlan
2) from the same switch as above can you do an extended ping to the client using the source IP of the L3 vlan interface for the server vlan and see if it works.
Jon

Need to reboot root bridge for RF connectivity

We have installed RF connectivity with Cisco Aironet 1300 between two sites.The distance is 1 km.
The connectivity is intermittent and shows radio errors in logs.
After rebooting the root bridge at one site the connectivity is restored.
We have not been able to locate the problem . Plz Help
the configs are as below :
Site 1 :
ROOT BRIDGE
ip subnet-zero
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa cache profile admin_cache
all
aaa session-id common
dot11 activity-timeout client default 99999
dot11 activity-timeout repeater default 99999
dot11 activity-timeout workgroup-bridge default 99999
dot11 activity-timeout bridge default 99999
dot11 ssid yyyy
authentication open
dot11 network-map
bridge irb
interface Dot11Radio0
bandwidth inherit
no ip address
no ip route-cache
ssid yyyy
speed basic-1.0 basic-2.0 5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
no preamble-short
station-role root bridge
cca 75
concatenation
distance 2
antenna gain 14
infrastructure-client
bridge-group 1
bridge-group 1 port-protected
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
full-duplex
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.254.252 255.255.255.248
no ip route-cache
ip default-gateway 10.1.254.249
ip http server
no ip http secure-server
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 route ip
Site 2 :
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 activity-timeout client default 99999
dot11 activity-timeout repeater default 99999
dot11 activity-timeout workgroup-bridge default 99999
dot11 activity-timeout bridge default 99999
dot11 ssid yyyy
authentication open
infrastructure-ssid
bridge irb
interface Dot11Radio0
bandwidth inherit
no ip address
no ip route-cache
ssid yyyy
short-slot-time
cca 75
concatenation
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role workgroup-bridge
antenna gain 14
keepalive 9999
infrastructure-client
bridge-group 1
bridge-group 1 port-protected
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.1.254.253 255.255.255.248
no ip route-cache
ip default-gateway 10.1.254.249
ip http server
no ip http secure-server
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
control-plane
bridge 1 route ip

Hi Sanjay,
Nothing is jumping out from the config all seems fairly standard. Points more to an RF problem.
Can you post the error logs/messages from the radios.
How much clearence above obstacles do you have between the link? At that distance on 2.4GHz there should be around 6m free space.
What antennas are you using? Have you performed a spectrum analysis at either end of the link to determine potential interference on the channel used?
From each end could run the following command and post the output:
show dot11 stat cli
show dot11 carrier busy
Thanks
Mat

Mutiple spanning-tree root bridges

We've started installing some new 3650 switches (replacing 3560's at the access layer) running XE 03.03.05SE. We've run into some problems as a result of "ip device tracking" being on by default, but in the process of debugging I've found that three separate switches all believe they are the spanning-tree root bridge for the same VLANs. The new switches are by default in rapid-pvst mode; the distribution switches are set to rapid-pvst as well. All 3650's are dual-homed.
SW1#sh span vlan 999
VLAN0999
Spanning tree enabled protocol rstp
Root ID    Priority    33767
             Address     78da.6e6f.6d00
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    33767 (priority 32768 sys-id-ext 999)
             Address     78da.6e6f.6d00
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/1/4             Desg FWD 4         128.52   P2p
Gi2/1/4             Desg FWD 4         128.116 P2p
SW2#sh span vlan 999
VLAN0999
Spanning tree enabled protocol rstp
Root ID    Priority    33767
             Address     f40f.1b84.9680
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    33767 (priority 32768 sys-id-ext 999)
             Address     f40f.1b84.9680
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/1/3             Desg FWD 4         128.51   P2p
Gi1/1/4             Desg FWD 4         128.52   P2p
SW3#sh span vlan 999
VLAN0999
Spanning tree enabled protocol rstp
Root ID    Priority    33767
             Address     78da.6e6f.7180
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    33767 (priority 32768 sys-id-ext 999)
             Address     78da.6e6f.7180
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/1/3             Desg FWD 4         128.51   P2p
Gi2/1/4             Desg FWD 4         128.116 P2p
Switch 1 seems to behave as if it is the real root, but this still does not make much sense to me. Does anyone have an explanation? It's been a long time since my switching class, and I very seldom have to deal with spanning-tree issues.

Hi,
Having more than one root switch for a VLAN is definitely a sign of some foul play. A contiguous VLAN can never have more than one root switch. Multiple root switches would occur if, for example, the trunks interconnecting the switches had this VLAN excluded from the list of allowed VLANs, or if they were interconnected by access ports (in a different VLAN) rather than trunks. Another possibility could be an inappropriately constructed MAC ACL or VLAN ACL inadvertently block BPDUs. In any case, this may be a source of serious trouble.
Without further information about your network, it is difficult to suggest anything more specific. Would it be possible to post a diagram explaining your network topology? Also, would it be possible to post the show span root and show span bridge outputs from every switch in your network?
Thank you!
Best regards,
Peter

How to find out Secondary STP Root bridge in cisco switche network

Hi, i need to find out Root Primary and Root Secondary bridge in all my offices.
sh spanning-tree summary command can tell me which switch is root bridge primary, but how can i find secondary root easily with some simple command?
sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0001-VLAN0002, VLAN0005, VLAN0008, VLAN0031

I'm not sure if there is a simple way of finding the bridge with the SECOND best priority.

Two root bridge in same network

Dear Team,
As I checked, there are two root bridge in the same LAN.
We have 6500 which is manually configured as root bridge and this is showing root for all the vlans in the network. Once switch connected to 6500 through 4500 is showing root for the vlans that not assigned to any of the port. Please help to clear it.
Setup
Cisco 6500 -- Cisco 4500 -- Cisco3560 -- Cisco 3560
Cisco 6500
CORE_SW#show spanning-tree root detail
VLAN0001
Root ID Priority 24577
Address 0025.84d9.ac80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0002
Root ID Priority 24578
Address 0025.84d9.ac80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Cisco 3560 Second
Access#show spanning-tree root de
VLAN0001
Root ID Priority 24577
Address 0025.84d9.ac80
Cost 16
Port 28 (GigabitEthernet0/4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0002
Root ID Priority 32770
Address 000a.b8ff.be00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Here, I have not assigned any port in vlan 2 and this is showing root bridge for vlan 2. In which cases such thing can happen?
Thank You,
Abhisar.

By default, Cisco switches run one spanning tree instance per VLAN and negotiate the topology with other connected switches. If your 3560 believes it is the root for VLAN 2 and there are no ports using VLAN 2, it will consider itself the to be the root because it hasn't been able to negotiate a topology for this VLAN with any other devices. This is normal. Once ports are connected to VLAN 2 and the 3560 can talk to the other switches, the spanning tree will be renegotiated and should behave as you expect.
If you want to have a single spanning tree topology for all VLANs and avoid this behaviour, consider moving to a single-instance MSTP configuration.

Moving spanning tree root bridge

Hello everybody,
I have a lot of vlans trunkated to one link(trunk). If I move root bridge for 1 vlan, do i have impact(recalculating) to all vlans in this trunk or only for this one.
Thanks!

do i have impact(recalculating) to all vlans in this trunk or only for this one??????

AIR 1242AG Root Bridge Radio

Hi,
Can the radio of the AIronet 1242-AG in root bridge mode shut down itself when the Ethernet link is down like in AP mode (
station role root access point fallback track d0 shutdown )?
I've 2 AIR 1242-AG as root bridge for connecting a few 1242-AG as non-root bridge, in case the ethernet of the root bridge is down, the non root bridge connected to it will lost its connection to the backbone network. If the root bridge radio can shutdown automatically, the non root bridge can associate to the other root bridge, then the backbone network.
Thanks.

Hi,
According to the CLI on-line help (listed below), the station-role root fallback configure the 'Root AP action if Ethernet port fails'. Would like to know if it also support Root Bridge mode such that the radio will be shut down when the Ethernet fails?
As I don't have a pair of 1242 on hand, I cannot test it out.
Please help. Thank you.
AP-1242(config-if)#station ?
non-root          Non-root (bridge)
repeater          Repeater access point
root              Root access point or bridge
scanner           Scanner access point
workgroup-bridge Workgroup Bridge
AP1242(config-if)#station root ?
access-point Access point
ap-only       Bridge root in access point only mode
bridge        Bridge root (without wireless client)
fallback      Root AP action if Ethernet port fails    <<<<<<<<< Is Root Bridge mode supported?
AP1242(config-if)#station root fallback ?
repeater Become a repeater
shutdown Shutdown the radio

Can one Root Bridge support multiple non-root bridges?

Hey gang,
I have a pretty simple question here I think
I have a wireless bridge currently setup to support a separate office building on our property about 200 yards away from the main building. The wireless bridge has been working great and was a much cheaper solution when compared to the cost of making a fiber drop to this building. The needs of our business have changed (go figure), to include a warehouse building also on the backside of the property. It's not feasible to run a cable between these two building either. So I need to create another wireless bridge to this back warehouse as well. My question is can I just use another non-root bridge to link to the root bridge already in place, or does each wireless bridge require one root bridge and one non-root bridge?
I have good LoS to both buildings from where the current root bridge is, so if two non-root bridges can talk to one root bridge I should be able to just an additional non-root bridge and be good to go. But if wireless bridges are meant to be a one to one setup, then I'll need to setup an additional root bridge to link to the new non-root bridge?
It seems like you should be able to have one root bridge link to multiple non-root bridges but I haven't been able to find any clear examples of this being done.
Thanks in advance for the help!

That was just too easy.
I copied the configuration from the working non-root bridge to my laptop. I changed out the ip address of the BVI interface. I uploaded the configuration to the new 1300 bridge. I plugged it in and pointed the yagi antenna in the general direction of the original root bridge and started pinging the new 1300. Success!
I'll use my spare 1300 to get service up and running in the warehouse by the end of the week and I'll just need to order one more 1300 to make sure I have spare on hand if needed.
Thanks again!

Setting up Bridge for multiple users on a network

New Bridge user here
Can anyone give me some advice on how to set up Bridge for use by multiple users over a network / server?
We have a large image bank stored on a server and ideally if any one user adds keywords or other metadata to an image I would like the rest of the users to be able to view that data and be able to use it in searches. AS more than one user could add keywords at any time I was wondering is it possible to set up a central keyword file or cache so any updates are available to all users.
Do I set up a shared cache? What happens if it becomes corrupted and has to be rebuilt, do the keywords disappear as well?
Are the keywords associated with that particular cache or are they stored in a separate file?
Thanks,
Hazel

Curt
how do you know if your using the
Central cache all distributed cache ?
and are they both stored in the same place ?

Using root bridge as a fallback radius server for WPA and EAP

From reading the different documentation out there, it seems that one should be able to configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable. Has anyone encountered this situation? And could they share the steps and configuration statements to apply the bridges (1310 or 1410) in order to make this happen?
Many Thanks and Regards,
Giles -

Yes, you have to first configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable

Changing native VLAN on non-root bridges

I have quite a few 1310 Bridges setup in point to multipoint configuration with a root bridge with a sector antenna at the campus network and remote sites connecting in. I have multiple VLANs trunked onto one SSID, this allows for having multiple vlans in use at the remote site. The problem is I want to configure some remote site bridges with a different native vlan than the standard allowing me to plug the client directly into the injector and eliminate the need for a vlan aware switch. I have tried to configure the the "encapsulation dot1q VLAN# native" but this swaps the bridge group on the subinterface to a bridge-group 1 .
! Last configuration change at 01:23:08 UTC Tue Sep 15 2009 by Cisco
! NVRAM config last updated at 01:23:09 UTC Tue Sep 15 2009 by Cisco
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no aaa new-model
dot11 ssid Cisco-24
vlan 1
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid optional
wpa-psk ascii test
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 901 mode ciphers aes-ccm tkip
encryption vlan 902 mode ciphers aes-ccm tkip
encryption vlan 904 mode ciphers aes-ccm tkip
ssid Cisco-24
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0
station-role non-root bridge
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio0.901
encapsulation dot1Q 901
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
interface Dot11Radio0.902
encapsulation dot1Q 902
no ip route-cache
bridge-group 254
bridge-group 254 spanning-disabled
interface Dot11Radio0.904
encapsulation dot1Q 904
no ip route-cache
bridge-group 253
bridge-group 253 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
hold-queue 80 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
interface FastEthernet0.901
encapsulation dot1Q 901
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
interface FastEthernet0.902
encapsulation dot1Q 902
no ip route-cache
bridge-group 254
bridge-group 254 spanning-disabled
interface FastEthernet0.904
encapsulation dot1Q 904
no ip route-cache
bridge-group 253
bridge-group 253 spanning-disabled
interface BVI1
ip address 10.0.0.100 255.255.255.0
no ip route-cache
ip default-gateway 10.0.0.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community misdept RO
bridge 1 route ip
line con 0
line vty 0 4
login local
end

Correct. As soon as you change it to 100, you will lose access to the devices since vlan 1 is used for management. To shorten the down time, you can create vlan 100 and all the SVIs on all switches ahead of time and than change it form 1 to 100 in a maintenance window.
HTH

Multiple Root Bridges for VLAN1

Similar Messages

Maybe you are looking for