Mutiple spanning-tree root bridges

Similar Messages

• Moving spanning tree root bridge

  Hello everybody,
  I have a lot of vlans trunkated to one link(trunk). If I move root bridge for 1 vlan, do i have impact(recalculating) to all vlans in this trunk or only for this one.
  Thanks!

  do i have impact(recalculating) to all vlans in this trunk or only for this one??????

• Spanning tree root ports in back to back VPC

  Ok so I have a question about back to back VPC configuration.
  I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
  However I am seeing an issue on the agg layer.  Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
  Po1 is my uplink from the agg
  Po4 is my vpc peerlink on the Agg
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  Eth2/6           Altn BLK 2000      128.262  P2p

  a little more info.
  Po1 is my uplink to the core
  Po4 is my agg vpc peer.
  I see 2 paths to root on one swith.  it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4099 (port-channel4)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.d2c1
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4096 (port-channel1)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.ce41
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po3              Desg FWD 200       128.4098 (vPC) P2p
  Po4              Desg FWD 330       128.4099 (vPC peer-link) Network P2p

• Change of spanning-tree root

  Hi,
  Would appreciate some advise on the following:
  The network has already been configured with spanning-tree root primary as well as secondary.
  Reassigning another switch to be the spanning-tree root primary/secondary, will it cause a downtime in the network? If yes, how long?
  Thanks,
  Christina

  I'm assuming PVST (not rapid-PVST nor MST, that should behave better)
  It is very hard to give an exact estimate of a downtime. First, it's not going to be a global downtime. You can basically compare the topology with your current root bridge and the one with your new root bridge. The ports that need to block in the new topology will block quickly, in a matter of few seconds. However, the ports that were blocked in the old topology and that need to be forwarding in the new topology will take a little bit more than 30 seconds to become forwarding (15 second listening + 15 second learning phases). The topology change mechanism will age out stale CAM entries in 15 seconds. If you add a little margin for BPDU propagation, I would estimate that you are looking at a connectivity loss of about a minute, in part of your network.
  The more blocked ports need to move from the old to the new topology, the most connectivity loss you will experience. Some feature like uplinfast are able to switchover quickly between their uplinks in case of root ID changing and will reduce the downtime dramatically. It's mainly the core bridges that will take time to unblock their port.
  Note that you can expect better convergence time when a better root is introduced in the network (you are lowering the numerical value of the secondary root priority so that it takes over the primary) than when the primary root is downgraded into secondary (you increase the numerical value of the primary root so that it becomes worse than the secondary).
  Regards,
  Francois

• VLAN spanning-tree root and VLAN L3 SVI

  I have a traditional core/access switches connected, Catalyst 4506 with 802.1Q uplink trunks to two core 6504-E switches. Spanning-tree roots for VLAN's were on core switch with the active HSRP/SVI. Shutdown HSRP/SVI on the cores and moved the SVI to the L3 access switches, but we left the spanning-tree root on the cores... Is this causing the clients/ports in the VLAN on the access switches to do a double/triple hop over the uplink for ingress/egress?  Gig1/1 is the trunkport/uplink to the core, wanted to move L3 functions to the access switch to reduce spanning VLANs across the core network.              
  Current configuration : 253 bytes
  interface Vlan196
  description Tower I - 8th Floor VLAN
  ip address 10.200.196.1 255.255.255.0
  ip access-group 115 in
  ip helper-address 164.103.160.150
  ip helper-address 172.20.135.201
  no ip redirects
  no ip unreachables
  ip pim sparse-mode
  end
  I0504506A8#sh spann          
  I0504506A8#sh spanning-tree vlan 196
  VLAN0196
    Spanning tree enabled protocol ieee
    Root ID    Priority    196
               Address     6400.f1ee.c140
               Cost        4
               Port        1 (GigabitEthernet1/1)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    49348  (priority 49152 sys-id-ext 196)
               Address     0015.f960.9ac0
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time 300
  Interface        Role Sts Cost      Prio.Nbr Type
  Gi1/1            Root FWD 4         128.1    P2p
  Gi1/2            Altn BLK 4         128.2    P2p

  Hi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
  Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
  In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
  -Tom
  Please mark answered for helpful posts

• Spanning-tree Root changes

  Hi All,
  I presently have a switched VLAN network (one 6500, several 4912G and 2948Gs) with a 2948G access-layer switch as spanning-tree root.I am planning to change the Spanning tree root to the core 6500 switch running PVST+.All switches are running trunking between them.I have read through the basic STP documents and would like to know any precautions to be aware of before doing it.Any first hand experience will be of great help.
  Thanx,
  Praful

  Praful,
  Wise decision to change your root switch, I'd just suggest doing it during your slower periods of time, just-in-case.
  It really is a quick change, just expect network connectivity to "pause" for up to 50 seconds while spanning tree stablizes.
  Provided you have a good handle on how your network is wired, and you're currently running PVST+ across your network, the actual outage should only be 2-3 seconds. I know I've had to tweak our vlans from time to time and I've never seen it take any longer than 2-3 seconds.
  HTH
  Steve

• Identifying spanning-tree root switch

  Looking at a network with a 6509 at the core running in pvst mode. I think the 6509 is the root switch but need to confirm this.
  Show spanning-tree gives a bridge id and a root id. My understanding is that the root id should be the MAC address of the root switch.
  However I can't find the MAC address given as the root id in the 6509s mac address table, nor in the access switches mac address tables.
  I'm sure I'm missing something here - any ideas?

  Hi,
  in the output of "show spanning-tree" you should look for a line "This bridge is the root". The output will give you the root id and the bridge id of the switch, where you execute the command.
  The output looks like this:
  Router# show spanning-tree vlan 200
  VLAN0200
  Spanning tree enabled protocol ieee
  Root ID Priority 32768
  Address 00d0.00b8.14c8
  This bridge is the root
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Bridge ID Priority 32768
  Address 00d0.00b8.14c8
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Aging Time 300
  ------------- snip -----------
  The MAC used for creating the bridge id is not used for forwarding BPDUs and thus does not show up in the CAM table afaik.
  To find the root in a switch network, follow the root ports for a given spanning tree instance.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Sg-300 - 3750 stack with SPANNING-TREE root problem.

  Morning. I think ive configured a few hundred switches, maybe a thousand in my time, but never have a faced such horribleness that is the SG-300. After this week, I think ill refuse to touch them.
  Got 2 voice vlans and running a few vrf's on a 3750 stack. but this discussion is about layer 2.
  2 x 3750 stacked
  1 x voice switch sg-300 company A voice vlan 18 - Po1 up to 3750 distributed etherchannel Po1 (LACP active both sides) 2 ports in channel
  1 x voice switch sg-300 company B voice vlan 19 - Po1 up to 3750 distributed etherchannel Po2 (LACP active both sides) 2 ports in channel
  Allowed vlans on both sides (command on Port-channel) are data A, Voice A, Mgt A to switch A
  Allowed vlans on both sides (command on Port-channel) are data B, Voice B, Mgt B to switch B
  It seems that these switches are limited to one voice vlan....
  and that spanning tree BPDU's are ignored (or not recevied- havnt released the shark yet).  let me explain.
  originally when using "smart port" the switch with the lowest mac address, whatever Voice vlan was configured would take over the other switche's voice vlan, argh what a nightmare.
  I gave up on the GUI as its far to complcated and have Almost got this working.
  I am now using auto voice vlan, but have disabled smart macro. I hope that disabling smart macro stop other switches from learning the switch with the lowest mac address's voice vlan.  So far so good - in the LAB. No where was it documented in the cli guide how do disable this stupid feature.
  DHCP is working from scope on core, can mange the switches etc etc, access vlan voice vlan all good (after a monster battle).
  Now I have an issue with spanning tree.
  spanning tree priority for vlans 1-4094 on the 3750 is 4096.
  spanning tree priority for vlans 1-4094 on the SG-300's is 6xxxx.
  ALL switches think that they are the root. (well the "logical" 3 of them) The 3750's for all vlans, and the SG-300 for the one instance as it doesnt support per vlan.  (I am not interested in trying MST here..this is not a datacentre)
  On the 3750's Ive tried ieee, pvst, rpvst, while matching the non per-vlan equivalent on the SG series.
  What is the difference between a General port and Trunk Port on a SG-300 specific to spanning tree, native vlans (when you can just configure an untagged vlan anyway!!) and what is the relevance to the way the bpdu's are carried?
  And why the need for a PVID, when you can tell a port what is tagged and what isnt.
  Does the trunk need Vlan1 to be explicitly allowed, and untagged? Does the Po trunk need to be a general port with PVID configured? in vlan 1?
  I need to sort this, as cannot put an access switch into production that thinks it is the root of the tree.  I wish I had a 2960.... a 3500XL..anything
  Does anyone have CLI commands that can help here?

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Spanning tree guard root

                    Hi,
  We have 45xx switch & we enabled spanning tree root guard on ports connected with access switch via fiber uplink
  & we enable spanning tree loop guard on access switch side
  One of my core switch port connected to Juniper Netscreen Firewall
  Whether I need to enable spanning tree guard root on the same port on core switch side ? or not
  In case of yes, any config changes required on JUniper Netscreen box
  Br/Subhojit

  Hi, Pls find the output
  Port 130 (GigabitEthernet3/2) of VLAN0054 is designated forwarding
     Port path cost 4, Port priority 128, Port Identifier 128.130.
     Designated root has priority 8246, address 001b.d474.8a40
     Designated bridge has priority 16438, address 001b.0cee.0440
     Designated port id is 128.130, designated path cost 3
     Timers: message age 0, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type is point-to-point by default
    Bpdu filter is enabled
     Root guard is enabled on the port
     BPDU: sent 5847158, received 0
  Present the bold config enabled on the port
  Br/Subhojit

• Two root bridge in same network

  Dear Team,
  As I checked, there are two root bridge in the same LAN.
  We have 6500 which is manually configured as root bridge and this is showing root for all the vlans in the network. Once switch connected to 6500 through 4500 is showing root for the vlans that not assigned to any of the port. Please help to clear it.
  Setup
  Cisco 6500 -- Cisco 4500 -- Cisco3560 -- Cisco 3560
  Cisco 6500
  CORE_SW#show spanning-tree root detail
  VLAN0001
    Root ID    Priority    24577
               Address     0025.84d9.ac80
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  VLAN0002
    Root ID    Priority    24578
               Address     0025.84d9.ac80
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Cisco 3560 Second
  Access#show spanning-tree root de
  VLAN0001
    Root ID    Priority    24577
               Address     0025.84d9.ac80
               Cost        16
               Port        28 (GigabitEthernet0/4)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  VLAN0002
    Root ID    Priority    32770
               Address     000a.b8ff.be00
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Here, I have not assigned any port in vlan 2 and this is showing root bridge for vlan 2. In which cases such thing can happen?
  Thank You,
  Abhisar.

  By default, Cisco switches run one spanning tree instance per VLAN and negotiate the topology with other connected switches. If your 3560 believes it is the root for VLAN 2 and there are no ports using VLAN 2, it will consider itself the to be the root because it hasn't been able to negotiate a topology for this VLAN with any other devices. This is normal. Once ports are connected to VLAN 2 and the 3560 can talk to the other switches, the spanning tree will be renegotiated and should behave as you expect.
  If you want to have a single spanning tree topology for all VLANs and avoid this behaviour, consider moving to a single-instance MSTP configuration.

• SF 300 Serires switch not participating in spanning tree?

  I just purchased an SF300-24 managed switch and I am running it in layer3 mode. I am testing it out right now and have it connected to two 2950 switches. The SF300 is connected to each 2950 with a four port etherchannel running LACP. When looking at spanning tree all three switches are configured the same when it comes to hello, forward, max age and all three are in RSTP mode. I adjusted the priorities so that the SF300 would be the root but that is not happening.
  I only have one VLAN as of right now set up and connectivity between the three switches is fine. The only problem seems to be that the two 2950 switches are the only two switches involved in the determination of the root bridge. Additionally it was the same way before I configured the etherchannel and had the switches connected over single trunk lines.
  I would appreciate if someone can expain to me why this is?
  Thanks in advance.

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Thanks for your help but know I still cannot get the three devices to talk MST either,it is getting frustrating. If i add a redundant link and directly connect the two 2950's they immediately talk and configure MST. But when I remove that link no info is passed and both 2950's think they are the root even though the SF 300 priority is 0 on all three MST instances. On the SF300 I have the following settings:
  Spanning tree: enabled
  STP Operation Mode: Multiple STP
  BPDU Handling: Flooding
  Path Cost: Long
  Region name: test
  Revision: 1
  Max Hops: 20
  Max-age: 20
  Hello Time: 2
  Forward Delay: 15
  MST instance 1 Vlan 100
  Bridge Priority 0
  Designated Root Bridge: Self
  Root port: 0
  Root path cost: 0
  MST instance 2 Vlan 2-5
  Bridge Priority 0
  Designated Root Bridge: Self
  Root port: 0
  Root path cost: 0
  MST instance 0 all vlans not in instance 1 and 2
  Bridge Priority 0
  Designated Root Bridge: Self
  Root port: 0
  Root path cost: 0
  For MST interface Settings (both LAGs/instances are thesame)
  Int Priority: 128
  Path Cost: 20000
  Port State: Boundary
  Mode: RSTP
  Type: Boundary
  Designated port ID: 128
  Designated Cost: 0
  Remain Hops: 20
  Forward Transitions: 1
  The 2950 switches: (The only difference on the other switch is that the priority is 8192, and the MACs of course)
  MST00 is executing the mstp compatible Spanning Treeprotocol
    Bridge Identifierhas priority 4096, sysid 0, address 000b.460e.e040
    Configured hello time 2, max age 20, forward delay 15
    Current root haspriority 0, address 6c50.4dcb.334b
    Root port is 65 (Port-channel1), cost of root path is 50000
    Topology change flag not set, detected flag not set
    Number of topology changes 7 last change occurred 00:18:54 ago
            from Port-channel1
    Times:  hold 1, topology change 35, notification 2
            hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0
  Port 65 (Port-channel1) of MST00 is root forwarding
     Port path cost 50000, Port priority 128, Port Identifier 128.65.
     Designated roothas priority 0, address 6c50.4dcb.334b
     Designatedbridge has priority 0, address 6c50.4dcb.334b
     Designated port id is 128.1000, designated path cost 0
     Timers: message age 4, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type ispoint-to-point by default, Boundary RSTP
     BPDU: sent 571,received 568
  MST01 is executingthe mstp compatible Spanning Tree protocol
    Bridge Identifierhas priority 4096, sysid 1, address 000b.460e.e040
    Configured hello time 2, max age 20, forward delay 15
    We are the root of the spanning tree
    Topology change flag not set, detected flag not set
    Number of topology changes 9 last change occurred 00:18:55 ago
            from Port-channel1
    Times:  hold 1, topology change 35, notification 2
            hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0
  Port 65 (Port-channel1) of MST01 is boundary forwarding
     Port path cost 50000, Port priority 128, Port Identifier 128.65.
     Designated root has priority 4097, address 000b.460e.e040
     Designated bridge has priority 4097, address 000b.460e.e040
     Designated port id is 128.65, designated path cost 0
     Timers: message age 0, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type ispoint-to-point by default, Boundary RSTP
     BPDU: sent 598,received 0
  MST02 is executingthe mstp compatible Spanning Tree protocol
    Bridge Identifierhas priority 4096, sysid 2, address 000b.460e.e040
    Configured hello time 2, max age 20, forward delay 15
    We are the root of the spanning tree
    Topology change flag not set, detected flag not set
    Number of topology changes 9 last change occurred 00:19:50 ago
            from Port-channel1
    Times:  hold 1, topology change 35, notification 2
            hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0
  Port 65 (Port-channel1) of MST02 is boundary forwarding
     Port path cost 50000, Port priority 128, Port Identifier 128.65.
     Designated root has priority 4098, address 000b.460e.e040
     Designated bridge has priority 4098, address 000b.460e.e040
     Designated port id is 128.65, designated path cost 0
     Timers: message age 0, forward delay 0, hold 0
     Number of transitions to forwarding state: 1
     Link type ispoint-to-point by default, Boundary RSTP
     BPDU: sent 611,received 0
  I notice that on MST01 and 02 they are not receiving BPDU’s,but I am not sure why or if that is the problem. It appears that the SF 300 is not sending BPDU packets for MST01 and 02, but is sending them for MST00. I also attached a capture. I captured the VLAN info for VLAN 100 which is in MST1. on the SF300, it appears that the SF 300 is recieving STP traffic but not generating any.

• Spanning tree in VPC

  Hi All,
  I have a topology like two vpc peer connected to down catalyst switch 3750 with VPC 51. My left switch is primary in VPC and other is secondary.
  So acc. to Theory only primary switch would generate BPDU not secondary switch. But if down catalyst or Secondary switch will be root switch in Spanning tree.
  Will primary switch still generate the BPDU's? 

  Hi Garg,
  In VPC environment , In simple term regardless of the Spanning-tree root, VPC primay always generate BPDU and seconday device only rely that bpdu and never generate itself.
  For vPC ports only the vPC primary switch runs the STP topology for those vPC ports. In other words, Spanning Tree Protocol for vPCs is controlled by the vPC primary peer device, and only this device generates then sends out Bridge Protocol Data Units (BPDUs) on Spanning Tree Protocol designated ports. This happens irrespectively of where the designated Spanning Tree Protocol root is located. STP on the secondary vPC switch must be enabled but it doesn’t dictate vPC member port state. vPC secondary peer device proxies any received Spanning Tree Protocol BPDU messages from access switches toward the primary vPC peer device . Both vPC member ports on both peer devices always share the same STP port state (FWD state in a steady network).
  HTH
  Regards,
  VS.Suresh.
  *Plz rate the usefull posts *

• What is the command to check the changes in the spanning-tree topology?

  What is the command to check the changes in the spanning-tree topology?

  Hi,
  Few commands which would help are:
  1- Show spanning-tree detail
  2-show spanning-tree detail | in ieee|from|occur|is exec  >> This will give from were the changes occuring- Ex:
  C6K1#show spanning-tree detail | in ieee|from|occur|is exec  
   VLAN0001 is executing the rstp compatible Spanning Tree protocol
    Number of topology changes 9536 last change occurred 00:00:29 ago
            from GigabitEthernet4/6
  3- show spanning-tree active  *& show spanning-tree root >> Will give you the root information.
  4-  show spanning-tree inconsistentports >> If there are any port which are inconsistent state due to STP features.
  STP running MST:
  ===============
  show spanning-tree mst configuration  >> Need to check and match the same outputs with the other switches running in the same MST domain/region.
  show spanning-tree mst detail
  show spanning-tree mst <name of the region>
  Debug on STP:
  ============
  debug spanning-tree events/bpdu >> would be good but to be run with more cautious.
  HTH
  Inayath
  *Plz rate if this info is usefull.

• Debug spanning-tree bpdu brought the network down

  I'm troubleshooting a pair of Dell Power-Connect switches in a Dell blade chassis connected to a pair of Cisco 4900M switches. I have my 4900M switches set as spanning-tree root and backup root. The Dell switches are connected via LACP trunks to the 4900M's. Dell switch 1 to 4900 #1 and Dell switch 2 to 4900M #2. Both of the Dell switches are reporting as root switches.
  I was trying to troubleshoot this yesterday and ran 'debug spanning-tree bpdu' on the primary 4900M. There was a masive amount of BPDU events scrolling by. This debug command actually took the network down. The primary 4900M was non-responsive and the secondary unit had it's CPU go to 100%. The fix was to power cycle the primary 4900M.
  Why did this command take my network down?
  --Patrick

  Typically, the device prioritizes console output ahead of other functions. The debug spanning-tree bpdu generates a lot of output. That is what jumped the CPU to 100% and ultimately caused the device to crash.
  You should be very careful with debug commands and log to the internal buffer, instead of the console.
  See: http://www.cisco.com/c/en/us/support/docs/dial-access/integrated-services-digital-networks-isdn-channel-associated-signaling-cas/10374-debug.html.

• Spanning tree question

  I want to change the spanning tree root on several vlans on my network. My question is, will this cause STP to recalculate for the entire network, which can cause the network to slow down or will it only affect the vlans that I am changing? I want to make sure I am not going to impact anything on the network.

  When executed properly, this will only affect the vlans that you wish to change. Use the folllowing command to change spanning tree prio on a vlan:
  spanning-tree vlan xx priority 4096 (or a multiple of 4096 for less priority)
  Be aware that there is always a risk of unexpected disruptions when you do this. The vlans that you change may still carry user traffic altough there are no users on it. If your topology and traffic flow are not exactly as you assume they are, more vlans may be affected. It is therefore not advisable to alter this setting during peak-hours.
  Regards,
  Leo