SF 300 Serires switch not participating in spanning tree?

Similar Messages

• ISE - 802.1X - Loop not detected by spanning-tree

  Hello,
  I have recently implemented the 802.1X on switchs 3750-X running 15.0(2)SE IOS version.
  The spanning-tree bpdufilter and bpduguard are globally enabled on the switchs.
  A user has created a loop on the network by connecting its Cisco IP-Phone twice on the network : one wire connected normally from switch to the RJ-45 phone connector and the second wire that should be connected to the PC had also been connected to the switch !
  The loop created has not been detected by the switch !
  I have made several tests and re-created the problem 3 times on 4 (only one time, the loop has been detected by bpduguard  20 seconds after the port up).
  Notice that without 802.1X configured on the same switch port, the loop is quickly detected and ports are err-disabled shutdown.
  Switch port with 802.1X is following :
  interface GigabitEthernet1/0/9
  switchport access vlan 950
  switchport mode access
  switchport nonegotiate
  switchport voice vlan 955
  no logging event link-status
  authentication control-direction in
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 950
  authentication event server dead action authorize voice
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 10
  storm-control broadcast level 10.00
  storm-control multicast level 10.00
  spanning-tree portfast
  If I change the host-mode to multi-domain, a MAC violation restriction occurs and shutdown the port. But this is not the config I need.
  Is there any reason for spanning-tree not works properly with 802.1X ?
  Thanks,
  Olivier

  Hello Olivier
  When using bpdufilter, bpduguard and portfast all at the same time there are many things going on which are not well documented. Now when you add 802.1x to the mix then you really have no documentation. I had to do many labs on my own to finally have my configuration, and also discovered some bugs. According to my experience you shouldn't use bpdufilter and you should use bpduguard on the switchport not in the global config.
  Please read the following links about the differences between global and port bpdufilter, differences between global and port bpduguard, configuring bpduguard along with portfast , configuring bpdufilter along with portfast, and configuring bpduguard along with bpdufilter.
  http://aitaseller.wordpress.com/2010/01/17/bpdu-filter-vs-bpdu-guard-what-is-the-difference/
  http://costiser.wordpress.com/2011/05/23/subtle-difference-for-portfast-bpdufilter-used-together-globally-or-at-interface-level/
  https://learningnetwork.cisco.com/thread/21103
  http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
  Please rate if this helps

• Spanning tree bpdu

  Hi all, can anyone tell me 2 things, firstly do only the uplinks on a switch send out bpdu's ? secondly if I disabled spanning tree on the uplink ports would the switch not send any bpdu's out thus the switch not participating in spanning tree to the rest of the network ?

  Concept says, by default all switchports are in trunk mode. So if any switch is connectd to a port, it tries to negotiate the trunk & once established, send BPDUs. Thus, all access ports have portfast turned on which denies any BPDUs received on port.
  Coming to your point, Yes uplinks will share BPDUs. If ur topology has redundant connections, then you are prone to loops if stp is turned off. However, if ur only concern is to limit the diameter of stp, prefer using "vlan allowed" comand on trunks for stp to limit to specific vlans & thus not flooding entire network.

• How to implement uplink redundancy and spanning tree in SFP-300 switches

  We have several Small Business 300 Series Managed Switches, the 10/100 ones with PoE, the first generation ones.
  We've been advised to implement uplink redundancy and spanning tree on these switches.
  I'm sure spanning tree is a checkbox somewhere in the web interface.
  How does one implement uplink redundancy besides interconnecting the switches plus turning on spanning tree (RSTP)??
  Thank you, Tom
  P.S. I also tried to file a service request but it does not work, I get: "Error 500: Request processing failed; nested exception is java.lang.NullPointerException"

  Hello Thomas,
  Thanks for using the Cisco Small Business eSupport Community. I've looked through the articles that are available in our Knowledge Base and found a few that I hope will be able to assist you in setting up spanning tree and link redundancy on your SFP300s:
  In regards to link redundancy, the following article on LAG can hopefully provide some guidance:
  Link Aggregate Group (LAG) Configuration on 200/300 Series Managed Switches
  And for your question on setting up STP, here are a few articles with additional information:
  Configure Spanning Tree Protocol (STP) Status and Global Settings on 200/300 Series Managed Switches
  Setup Spanning Tree Protocol (STP) on a Interface on the 300 Series Managed Switches
  I hope that this information helps! Please remember to mark your question as answered and rate if this solves your problem.
  Best,
  Gunner

• Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?

  I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port  2 SW2 and port 2 SW1 to port 1 SW2) ring. 
  At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine). 
  I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree. 
  Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below).  When I was at the site, I sometimes had connectivity, sometimes not.  A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so. 
  Has anyone else run into these issues, and have you found a solution?
  I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack.  It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.   
  What do you think?
  Jim
  _BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.

  Jim,
  We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
  If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
  Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
  Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  We have upgraded to 15.0(2a).EX5 and still have the same issue.
  We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
  HTH

• 2960X 15.0(2)EX5 Stack Bug? Master Switch Ports link in Orange, no spanning Tree

  Is anyone aware of a bug in version 15.0(2)EX5 for 2960X Switches that would cause a switch in the master role to stop linking in new ports in green (and passing traffic).  I have 2 2960X-48FPD-L Switches in a stack and whichever switch I designate master will only link new connections in orange and not pass traffic.  All ports linked in show up/up and can be seen in a show cdp neighbor but won't pass any other traffic. 
  If I unplug the Stacking cables both switches become masters and ports linked in green on the previous member switch stay green, but after it switches to master any new connections plugged in only link in orange. 
  If I switch priorities and reboot the problem switches to the new master switch and the problem goes away on the member switch.
  Also, a switch in the master role does not show any spanning tree instances for ports in the orange link state. 
  Has anyone seen this issue and do you know of a solution? 
  Jim

  A quick update for those with this same problem.
  1.  15.2(3)E turned out to be very unstable causing my switch stack to randomly lockup/reboot one of the switches about once a week.
  2.  I downgraded back to 15.0(2)EX5 but found a workaround.  It turns out the switch stack with the 15.0 versions does not like the switchport voice vlan command on any of the interfaces on the master switch.  I simply removed the voice vlan configuration on the interfaces and all the switch ports linked in just fine.  I would prefer to run the phones on a voice vlan, but it still works without, just the PC's and phones are on the same vlan. 
  Jim

• When is it appropriate to use "spanning-tree bpdufilter enable"

  What exactly does enabling bpdu filter do?  I see some examples where bpdu filtering is enabled on access ports?  Is this correct or are there dangers in this approach? 

  Hi John,
  Simple way of saying would that it would disable the STP on that port.
  BPDU filter filters the BPDU's coming in both directions. which means it effectively disable the STP on the port.
  Detailed explanation:
  ===============
  BPDUfilter on the other hand just filters BPDUs in both directions, which effectively disables STP on the port.Bpdu filter will prevent inbound and outbound bpdu but will remove portfast state on a port if a bpdu is received.Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops.
  Following are the method to configure BPDU Filter in switches
  Interface mode:
  spanning-tree bpdufilter enable                        (Results port to not participate in STP, loops may occur).
  Global mode:                                                
  spanning-tree portfast bpdufilter default             (It enables bpdufiltering on ports that have port-fast configuration, so it sends a few bpdu while enabling port then it filters bdpu unless receives a bpdu, after that itchanges from port-fast mode and disables filtering for port to operate like a normal port cause it has received bpdu).
  You always should allow STP to run on a switch to prevent loops. However, in special cases when you need to prevent BPDUs from being sent or processed on one or more switch ports, you can use BPDU filtering to effectively disable STP on those ports.you would use bpdufilter when you want a switch plugged into your network but you don't want it participating in spanning tree.
  An example:  In an office environment where someone needs  another network drop under their desk but you don't have time/budget to  run a new line for now.  you are been given a small switch but don't want it to break spanning tree.The switch  you have lying around for this task is a simple unmanaged switch and  will only have one uplink into your network. so you put bpdufilter on your  switch port.
  Ref:https://supportforums.cisco.com/docs/DOC-11825
  HTH
  Regards
  Inayath
  *Plz rate if this info is helpfull and mark as answered if this resolved your query.

• Change of spanning-tree root

  Hi,
  Would appreciate some advise on the following:
  The network has already been configured with spanning-tree root primary as well as secondary.
  Reassigning another switch to be the spanning-tree root primary/secondary, will it cause a downtime in the network? If yes, how long?
  Thanks,
  Christina

  I'm assuming PVST (not rapid-PVST nor MST, that should behave better)
  It is very hard to give an exact estimate of a downtime. First, it's not going to be a global downtime. You can basically compare the topology with your current root bridge and the one with your new root bridge. The ports that need to block in the new topology will block quickly, in a matter of few seconds. However, the ports that were blocked in the old topology and that need to be forwarding in the new topology will take a little bit more than 30 seconds to become forwarding (15 second listening + 15 second learning phases). The topology change mechanism will age out stale CAM entries in 15 seconds. If you add a little margin for BPDU propagation, I would estimate that you are looking at a connectivity loss of about a minute, in part of your network.
  The more blocked ports need to move from the old to the new topology, the most connectivity loss you will experience. Some feature like uplinfast are able to switchover quickly between their uplinks in case of root ID changing and will reduce the downtime dramatically. It's mainly the core bridges that will take time to unblock their port.
  Note that you can expect better convergence time when a better root is introduced in the network (you are lowering the numerical value of the secondary root priority so that it takes over the primary) than when the primary root is downgraded into secondary (you increase the numerical value of the primary root so that it becomes worse than the secondary).
  Regards,
  Francois

• Spanning-Tree MST

  Hi,
  we have the following configuration on our switches
  spanning-tree mode mst
  spanning-tree extend system-id
  spanning-tree mst configuration
   name test
  spanning-tree mst forward-time 4
  when we have a failover convergence time was about 8-10 seconds outage is there anything on the above config that suggest's this could be causing the delay? i thought MST was fast convergence times?
  Thanks

  i will try and you this later on. Not sure it was already in place what are the difference's between them both i thought MST can have multiple vlans per region so better design. Is RSTP not the same as PVST? not done much spanning tree as of yet. so not had chance to look at the differences?
  Thanks

• Rapid spanning tree combnation

  Dear All,
  I am new to Spanning tree technology...and it sounds pretty good to run 802.w on LAN,
  Is it posible to run 802.w on switches that support Rapid spanning tree and some old ones that do not ?
  Is there any way to prevent BPDU to be send to switch that do not support 802.w ?
  Looking forward to hearing from you??
  Best regards,
  Sholeh

  The roles were in fact introduced by RSTP. Because it was also very convenient with regular STP, we added them to our implementation of STP. However, older software are just showing the information defined in STP at that time.
  A forwarding port is indeed designated or root. In order to make a difference between the two, you need to check what is the designated bridge ID. If this is the local bridge, the port is designated. If it's a different bridge, it's a root port.
  Another simple way: you also get the root port for the vlan in the show spantree. There is only a maximum of one root port on a bridge, so if your forwarding port is not the root port, it is then designated.
  Note that STP does not make any difference between backup and alternate port either. For this, you need again to look for the designated bridge ID on this port. If it is the bridge itself, this is a backup port, else, an alternate port (this is useful for uplinkfast, only alternate port can do fast transition).
  Regards,
  Francois

• Dlsw spanning-tree

  Hi, my name is fabio and i´ve a problem with dlsw.
  When i´ve configured de dlsw in a router 3600 the router 7206 that has the conection with mainframe, the same lost the comunication e appears the messagem in 3600 router, look at below:
  Note: A random Spanning Tree Bridge Identifier address of 0000.0cfe.6628
        has been chosen for Bridge Group 50 since there is no mac address
        associated with the selected interface.
  I´am putting the scheme in .ppt.
  Can i sending  configurations of 3600 and 7200 to help you.
  thanks

  Fabio
  I'm not sure what the issue is here. The mac-address of the end-stations will not be visible in the 4948 as the SNA traffic is encaps'd in ip. Can you supply sh vers, sh runn, sh dlsw pe, sh dls reach, sh dls circuit, sh bri from the 3640 and the 7206. What is the mac-address of the end-station to which mac-address is it trying to connect ?
  Matthew

• Rapid spanning tree / portfast

  hello together,
  i have a question about rapid spanning tree.
  If I enable per vlan rapid spanning tree do i have to configure portfast on the access ports or is this nativly done in rstp?
  best regards
  lars

  Hi Lars,
  In RSTP, the access ports are known as "edge" ports. To configure a port as an "edge port" you use the same command to enable portfast to do this.
  "Edge ports—If you configure a port as an edge port on an RSTP switch by using the spanning-tree portfast interface configuration command, the edge port immediately transitions to the forwarding state. An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station."
  http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swmstp.htm
  HTH,
  Bobby
  *Please rate helpful posts.

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Identifying spanning-tree root switch

  Looking at a network with a 6509 at the core running in pvst mode. I think the 6509 is the root switch but need to confirm this.
  Show spanning-tree gives a bridge id and a root id. My understanding is that the root id should be the MAC address of the root switch.
  However I can't find the MAC address given as the root id in the 6509s mac address table, nor in the access switches mac address tables.
  I'm sure I'm missing something here - any ideas?

  Hi,
  in the output of "show spanning-tree" you should look for a line "This bridge is the root". The output will give you the root id and the bridge id of the switch, where you execute the command.
  The output looks like this:
  Router# show spanning-tree vlan 200
  VLAN0200
  Spanning tree enabled protocol ieee
  Root ID Priority 32768
  Address 00d0.00b8.14c8
  This bridge is the root
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Bridge ID Priority 32768
  Address 00d0.00b8.14c8
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Aging Time 300
  ------------- snip -----------
  The MAC used for creating the bridge id is not used for forwarding BPDUs and thus does not show up in the CAM table afaik.
  To find the root in a switch network, follow the root ports for a given spanning tree instance.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Sg-300 - 3750 stack with SPANNING-TREE root problem.

  Morning. I think ive configured a few hundred switches, maybe a thousand in my time, but never have a faced such horribleness that is the SG-300. After this week, I think ill refuse to touch them.
  Got 2 voice vlans and running a few vrf's on a 3750 stack. but this discussion is about layer 2.
  2 x 3750 stacked
  1 x voice switch sg-300 company A voice vlan 18 - Po1 up to 3750 distributed etherchannel Po1 (LACP active both sides) 2 ports in channel
  1 x voice switch sg-300 company B voice vlan 19 - Po1 up to 3750 distributed etherchannel Po2 (LACP active both sides) 2 ports in channel
  Allowed vlans on both sides (command on Port-channel) are data A, Voice A, Mgt A to switch A
  Allowed vlans on both sides (command on Port-channel) are data B, Voice B, Mgt B to switch B
  It seems that these switches are limited to one voice vlan....
  and that spanning tree BPDU's are ignored (or not recevied- havnt released the shark yet).  let me explain.
  originally when using "smart port" the switch with the lowest mac address, whatever Voice vlan was configured would take over the other switche's voice vlan, argh what a nightmare.
  I gave up on the GUI as its far to complcated and have Almost got this working.
  I am now using auto voice vlan, but have disabled smart macro. I hope that disabling smart macro stop other switches from learning the switch with the lowest mac address's voice vlan.  So far so good - in the LAB. No where was it documented in the cli guide how do disable this stupid feature.
  DHCP is working from scope on core, can mange the switches etc etc, access vlan voice vlan all good (after a monster battle).
  Now I have an issue with spanning tree.
  spanning tree priority for vlans 1-4094 on the 3750 is 4096.
  spanning tree priority for vlans 1-4094 on the SG-300's is 6xxxx.
  ALL switches think that they are the root. (well the "logical" 3 of them) The 3750's for all vlans, and the SG-300 for the one instance as it doesnt support per vlan.  (I am not interested in trying MST here..this is not a datacentre)
  On the 3750's Ive tried ieee, pvst, rpvst, while matching the non per-vlan equivalent on the SG series.
  What is the difference between a General port and Trunk Port on a SG-300 specific to spanning tree, native vlans (when you can just configure an untagged vlan anyway!!) and what is the relevance to the way the bpdu's are carried?
  And why the need for a PVID, when you can tell a port what is tagged and what isnt.
  Does the trunk need Vlan1 to be explicitly allowed, and untagged? Does the Po trunk need to be a general port with PVID configured? in vlan 1?
  I need to sort this, as cannot put an access switch into production that thinks it is the root of the tree.  I wish I had a 2960.... a 3500XL..anything
  Does anyone have CLI commands that can help here?

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk