Spanning tree guard root
Hi,
We have 45xx switch & we enabled spanning tree root guard on ports connected with access switch via fiber uplink
& we enable spanning tree loop guard on access switch side
One of my core switch port connected to Juniper Netscreen Firewall
Whether I need to enable spanning tree guard root on the same port on core switch side ? or not
In case of yes, any config changes required on JUniper Netscreen box
Br/Subhojit
Hi, Pls find the output
Port 130 (GigabitEthernet3/2) of VLAN0054 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.130.
Designated root has priority 8246, address 001b.d474.8a40
Designated bridge has priority 16438, address 001b.0cee.0440
Designated port id is 128.130, designated path cost 3
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Bpdu filter is enabled
Root guard is enabled on the port
BPDU: sent 5847158, received 0
Present the bold config enabled on the port
Br/Subhojit
Similar Messages
-
Hello,
I have an Spanning tree problem when i conect 2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy, with one IP of management)
In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
I dont know but do you like this solutions i want to try on sunday?:
Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
¿could you help me to control the root? ¿Do you think its better another solution? thanks!
CONFIG WITH PROBLEM
======================
3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
interface GigabitEthernet2/0/28
description VIRTUAL SNMP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
logging event trunk-status
shutdown
interface GigabitEthernet1/0/43
description VIRTUAL SNMP1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
shutdown
DELL M6220: (its only one swith)
interface Gi3/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit
interface Gi4/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exitF.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk -
Hi All,
I have a topology like two vpc peer connected to down catalyst switch 3750 with VPC 51. My left switch is primary in VPC and other is secondary.
So acc. to Theory only primary switch would generate BPDU not secondary switch. But if down catalyst or Secondary switch will be root switch in Spanning tree.
Will primary switch still generate the BPDU's?Hi Garg,
In VPC environment , In simple term regardless of the Spanning-tree root, VPC primay always generate BPDU and seconday device only rely that bpdu and never generate itself.
For vPC ports only the vPC primary switch runs the STP topology for those vPC ports. In other words, Spanning Tree Protocol for vPCs is controlled by the vPC primary peer device, and only this device generates then sends out Bridge Protocol Data Units (BPDUs) on Spanning Tree Protocol designated ports. This happens irrespectively of where the designated Spanning Tree Protocol root is located. STP on the secondary vPC switch must be enabled but it doesn’t dictate vPC member port state. vPC secondary peer device proxies any received Spanning Tree Protocol BPDU messages from access switches toward the primary vPC peer device . Both vPC member ports on both peer devices always share the same STP port state (FWD state in a steady network).
HTH
Regards,
VS.Suresh.
*Plz rate the usefull posts * -
Spanning Tree Reconfiguration - If Root Port is down.
Hello All,
I have some doubt on STP reconfiguration if Root port is down ...Can any one help...?
As per my understanding, if any port is down due to any reason, the corresponding bridge shall sends a TCN to the root bridge through the root port.
Lets say if a root port is down on a bridge, and so, the topology has to be re-established. As the root port itself is down, how does the Bridge convey the TCN to the root bridge ?
Thanks,
RajaSekharHi Raja, if the root port is down, the TCN notification can't make it to the root bridge since the link is down. The affected device will rely on the last known good bpdu. When the affected device has it's designated port down, it will remove the alternate port from discard once it hits the max age table then progress through the listening, learning, forwarding, at this time the new tcn is sent through the spanning tree topology. Once the TCN reached the root bridge, the root bridge will send a configuration bpdu then the whole spanning tree topology will update.
It can take up to 52 seconds to have the topology update in the entirety depending on spanning tree mode and size of topology.
-Tom
Please rate helpful posts -
Hi All,
I presently have a switched VLAN network (one 6500, several 4912G and 2948Gs) with a 2948G access-layer switch as spanning-tree root.I am planning to change the Spanning tree root to the core 6500 switch running PVST+.All switches are running trunking between them.I have read through the basic STP documents and would like to know any precautions to be aware of before doing it.Any first hand experience will be of great help.
Thanx,
PrafulPraful,
Wise decision to change your root switch, I'd just suggest doing it during your slower periods of time, just-in-case.
It really is a quick change, just expect network connectivity to "pause" for up to 50 seconds while spanning tree stablizes.
Provided you have a good handle on how your network is wired, and you're currently running PVST+ across your network, the actual outage should only be 2-3 seconds. I know I've had to tweak our vlans from time to time and I've never seen it take any longer than 2-3 seconds.
HTH
Steve -
Spanning tree root ports in back to back VPC
Ok so I have a question about back to back VPC configuration.
I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
However I am seeing an issue on the agg layer. Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
Po1 is my uplink from the agg
Po4 is my vpc peerlink on the Agg
Po1 Root FWD 200 128.4096 (vPC) P2p
Po2 Desg FWD 200 128.4097 (vPC) P2p
Po4 Root FWD 330 128.4099 (vPC peer-link) Network P2p
Eth2/6 Altn BLK 2000 128.262 P2pa little more info.
Po1 is my uplink to the core
Po4 is my agg vpc peer.
I see 2 paths to root on one swith. it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
MST0000
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0023.04ee.be01
Cost 0
Port 4099 (port-channel4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)
Address 547f.eea6.d2c1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po1 Root FWD 200 128.4096 (vPC) P2p
Po2 Desg FWD 200 128.4097 (vPC) P2p
Po4 Root FWD 330 128.4099 (vPC peer-link) Network P2p
MST0000
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0023.04ee.be01
Cost 0
Port 4096 (port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)
Address 547f.eea6.ce41
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po1 Root FWD 200 128.4096 (vPC) P2p
Po2 Desg FWD 200 128.4097 (vPC) P2p
Po3 Desg FWD 200 128.4098 (vPC) P2p
Po4 Desg FWD 330 128.4099 (vPC peer-link) Network P2p -
Hi,
Would appreciate some advise on the following:
The network has already been configured with spanning-tree root primary as well as secondary.
Reassigning another switch to be the spanning-tree root primary/secondary, will it cause a downtime in the network? If yes, how long?
Thanks,
ChristinaI'm assuming PVST (not rapid-PVST nor MST, that should behave better)
It is very hard to give an exact estimate of a downtime. First, it's not going to be a global downtime. You can basically compare the topology with your current root bridge and the one with your new root bridge. The ports that need to block in the new topology will block quickly, in a matter of few seconds. However, the ports that were blocked in the old topology and that need to be forwarding in the new topology will take a little bit more than 30 seconds to become forwarding (15 second listening + 15 second learning phases). The topology change mechanism will age out stale CAM entries in 15 seconds. If you add a little margin for BPDU propagation, I would estimate that you are looking at a connectivity loss of about a minute, in part of your network.
The more blocked ports need to move from the old to the new topology, the most connectivity loss you will experience. Some feature like uplinfast are able to switchover quickly between their uplinks in case of root ID changing and will reduce the downtime dramatically. It's mainly the core bridges that will take time to unblock their port.
Note that you can expect better convergence time when a better root is introduced in the network (you are lowering the numerical value of the secondary root priority so that it takes over the primary) than when the primary root is downgraded into secondary (you increase the numerical value of the primary root so that it becomes worse than the secondary).
Regards,
Francois -
Identifying spanning-tree root switch
Looking at a network with a 6509 at the core running in pvst mode. I think the 6509 is the root switch but need to confirm this.
Show spanning-tree gives a bridge id and a root id. My understanding is that the root id should be the MAC address of the root switch.
However I can't find the MAC address given as the root id in the 6509s mac address table, nor in the access switches mac address tables.
I'm sure I'm missing something here - any ideas?Hi,
in the output of "show spanning-tree" you should look for a line "This bridge is the root". The output will give you the root id and the bridge id of the switch, where you execute the command.
The output looks like this:
Router# show spanning-tree vlan 200
VLAN0200
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 00d0.00b8.14c8
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 00d0.00b8.14c8
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
------------- snip -----------
The MAC used for creating the bridge id is not used for forwarding BPDUs and thus does not show up in the CAM table afaik.
To find the root in a switch network, follow the root ports for a given spanning tree instance.
Hope this helps! Please rate all posts.
Regards, Martin -
VLAN spanning-tree root and VLAN L3 SVI
I have a traditional core/access switches connected, Catalyst 4506 with 802.1Q uplink trunks to two core 6504-E switches. Spanning-tree roots for VLAN's were on core switch with the active HSRP/SVI. Shutdown HSRP/SVI on the cores and moved the SVI to the L3 access switches, but we left the spanning-tree root on the cores... Is this causing the clients/ports in the VLAN on the access switches to do a double/triple hop over the uplink for ingress/egress? Gig1/1 is the trunkport/uplink to the core, wanted to move L3 functions to the access switch to reduce spanning VLANs across the core network.
Current configuration : 253 bytes
interface Vlan196
description Tower I - 8th Floor VLAN
ip address 10.200.196.1 255.255.255.0
ip access-group 115 in
ip helper-address 164.103.160.150
ip helper-address 172.20.135.201
no ip redirects
no ip unreachables
ip pim sparse-mode
end
I0504506A8#sh spann
I0504506A8#sh spanning-tree vlan 196
VLAN0196
Spanning tree enabled protocol ieee
Root ID Priority 196
Address 6400.f1ee.c140
Cost 4
Port 1 (GigabitEthernet1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49348 (priority 49152 sys-id-ext 196)
Address 0015.f960.9ac0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Root FWD 4 128.1 P2p
Gi1/2 Altn BLK 4 128.2 P2pHi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
-Tom
Please mark answered for helpful posts -
Sg-300 - 3750 stack with SPANNING-TREE root problem.
Morning. I think ive configured a few hundred switches, maybe a thousand in my time, but never have a faced such horribleness that is the SG-300. After this week, I think ill refuse to touch them.
Got 2 voice vlans and running a few vrf's on a 3750 stack. but this discussion is about layer 2.
2 x 3750 stacked
1 x voice switch sg-300 company A voice vlan 18 - Po1 up to 3750 distributed etherchannel Po1 (LACP active both sides) 2 ports in channel
1 x voice switch sg-300 company B voice vlan 19 - Po1 up to 3750 distributed etherchannel Po2 (LACP active both sides) 2 ports in channel
Allowed vlans on both sides (command on Port-channel) are data A, Voice A, Mgt A to switch A
Allowed vlans on both sides (command on Port-channel) are data B, Voice B, Mgt B to switch B
It seems that these switches are limited to one voice vlan....
and that spanning tree BPDU's are ignored (or not recevied- havnt released the shark yet). let me explain.
originally when using "smart port" the switch with the lowest mac address, whatever Voice vlan was configured would take over the other switche's voice vlan, argh what a nightmare.
I gave up on the GUI as its far to complcated and have Almost got this working.
I am now using auto voice vlan, but have disabled smart macro. I hope that disabling smart macro stop other switches from learning the switch with the lowest mac address's voice vlan. So far so good - in the LAB. No where was it documented in the cli guide how do disable this stupid feature.
DHCP is working from scope on core, can mange the switches etc etc, access vlan voice vlan all good (after a monster battle).
Now I have an issue with spanning tree.
spanning tree priority for vlans 1-4094 on the 3750 is 4096.
spanning tree priority for vlans 1-4094 on the SG-300's is 6xxxx.
ALL switches think that they are the root. (well the "logical" 3 of them) The 3750's for all vlans, and the SG-300 for the one instance as it doesnt support per vlan. (I am not interested in trying MST here..this is not a datacentre)
On the 3750's Ive tried ieee, pvst, rpvst, while matching the non per-vlan equivalent on the SG series.
What is the difference between a General port and Trunk Port on a SG-300 specific to spanning tree, native vlans (when you can just configure an untagged vlan anyway!!) and what is the relevance to the way the bpdu's are carried?
And why the need for a PVID, when you can tell a port what is tagged and what isnt.
Does the trunk need Vlan1 to be explicitly allowed, and untagged? Does the Po trunk need to be a general port with PVID configured? in vlan 1?
I need to sort this, as cannot put an access switch into production that thinks it is the root of the tree. I wish I had a 2960.... a 3500XL..anything
Does anyone have CLI commands that can help here?F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk -
Mutiple spanning-tree root bridges
We've started installing some new 3650 switches (replacing 3560's at the access layer) running XE 03.03.05SE. We've run into some problems as a result of "ip device tracking" being on by default, but in the process of debugging I've found that three separate switches all believe they are the spanning-tree root bridge for the same VLANs. The new switches are by default in rapid-pvst mode; the distribution switches are set to rapid-pvst as well. All 3650's are dual-homed.
SW1#sh span vlan 999
VLAN0999
Spanning tree enabled protocol rstp
Root ID Priority 33767
Address 78da.6e6f.6d00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33767 (priority 32768 sys-id-ext 999)
Address 78da.6e6f.6d00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/1/4 Desg FWD 4 128.52 P2p
Gi2/1/4 Desg FWD 4 128.116 P2p
SW2#sh span vlan 999
VLAN0999
Spanning tree enabled protocol rstp
Root ID Priority 33767
Address f40f.1b84.9680
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33767 (priority 32768 sys-id-ext 999)
Address f40f.1b84.9680
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/1/3 Desg FWD 4 128.51 P2p
Gi1/1/4 Desg FWD 4 128.52 P2p
SW3#sh span vlan 999
VLAN0999
Spanning tree enabled protocol rstp
Root ID Priority 33767
Address 78da.6e6f.7180
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33767 (priority 32768 sys-id-ext 999)
Address 78da.6e6f.7180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/1/3 Desg FWD 4 128.51 P2p
Gi2/1/4 Desg FWD 4 128.116 P2p
Switch 1 seems to behave as if it is the real root, but this still does not make much sense to me. Does anyone have an explanation? It's been a long time since my switching class, and I very seldom have to deal with spanning-tree issues.Hi,
Having more than one root switch for a VLAN is definitely a sign of some foul play. A contiguous VLAN can never have more than one root switch. Multiple root switches would occur if, for example, the trunks interconnecting the switches had this VLAN excluded from the list of allowed VLANs, or if they were interconnected by access ports (in a different VLAN) rather than trunks. Another possibility could be an inappropriately constructed MAC ACL or VLAN ACL inadvertently block BPDUs. In any case, this may be a source of serious trouble.
Without further information about your network, it is difficult to suggest anything more specific. Would it be possible to post a diagram explaining your network topology? Also, would it be possible to post the show span root and show span bridge outputs from every switch in your network?
Thank you!
Best regards,
Peter -
Switching Best Practice - Spanning Tree andEtherchannel
Dear All,
Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
1. Manually configure STP Root Bridge.
2. On end ports, enable portfast and bpduguard.
3. On ports connecting to other switches enable root guard.
In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
Thank You,
Abhisar.Hi Abhisar,
Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
My $0.02...
Best regards,
Peter -
The spanning-tree add strange value when I create new Vlans
Hi,
On all switchs access, the spanning-tree add strange value when I create new Vlans from Distrib Layer,
and no association is created with any interface with spanning-tree vlan 700, see below in this exemple,
until I reboot the switch.
somebody already saw this values ?
DSFDS112#sh span sum
Switch is in rapid-pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is enabled
UplinkFast is disabled
Stack port is StackPort1
BackboneFast is disabled
Configured Pathcost method used is long
Name Blocking Listening Learning Forwarding STP Active
VLAN0001 0 0 0 3 3
VLAN0002 0 0 0 22 22
VLAN0006 0 0 0 3 3
VLAN0007 0 0 0 8 8
VLAN0009 0 0 0 4 4
VLAN0010 0 0 0 3 3
VLAN0011 0 0 0 3 3
VLAN0012 0 0 0 3 3
VLAN0013 0 0 0 3 3
VLAN0090 0 0 0 15 15
VLAN0109 0 0 0 3 3
VLAN0200 0 0 0 4 4
VLAN0300 0 0 0 26 26
VLAN0302 0 0 0 4 4
VLAN0700 - 253 -1872756560 2087191206 -1872756549 2080375982
VLAN0702 - 253 -1872756560 2087191206 -1872756549 2080375982
VLAN0704 0 0 0 4 4
VLAN0710 - 253 -1872756560 2087191206 -1872756549 2080375982
VLAN0816 0 0 0 3 3
VLAN0820 0 0 0 3 3
20 vlans - 759 -1323302384 1966606322 -1323302237 1946160764
DSFDS112#sh span vlan 700
VLAN0700
Spanning tree enabled protocol rstp
Root ID Priority 4796
Address 0008.e3ff.fcbc
Cost 10000
Port 608 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 62140 (priority 61440 sys-id-ext 700)
Address 885a.9213.6880
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Po1 Root FWD 10000 128.608 P2p
DSFDS112#sh run int Gi1/0/25
Building configuration...
Current configuration : 194 bytes
interface GigabitEthernet1/0/25
description Station12
switchport access vlan 700
switchport mode access
end
DSFDS112#sh span interface Gi1/0/25
no spanning tree info available for GigabitEthernet1/0/25
DSFDS112#sh int status interface Gi1/0/25
Port Name Status Vlan Duplex Speed Type
Gi1/0/25 Station12 connected 700 full 100 10/100/1000BaseTX
Thanks for your help,
Regards.Venki,
The ORA-00942 is okay because there is no existing object. But what stuck me is the ORA-01921 error which may indicate that this might not be a new database.
CREATE ROLE exp_full_database
ERROR at line 1:
ORA-01921: role name 'EXP_FULL_DATABASE' conflicts with another user or role name
CREATE ROLE imp_full_database
ERROR at line 1:
ORA-01921: role name 'IMP_FULL_DATABASE' conflicts with another user or role name
Are there any existing databases on this server? Have you tried to create it on other machine?I searched on Metalink too and found Doc ID: 237486.1 ORA-29807 Signalled While Creating Database using DBCA which say that eroror could be ignored. You may want to review that as well.
Ittichai -
Hi we are having regular spanning tree issues in our network.
On our config we do not have bpduguard configured from what I can see? Could this be an issue?
What can be done centrally on the core switches to remove this threat? Are their default configs that a wise network administrator would apply as standard?
HELP!HI Mike [Pls Rate if HELPS]
Refer link below for examples and identify redundant links, root and backup root bridge etc..
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml#intro
Refer link for usage guidelines in implementing loopguard, bpdu guard etc..
http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html#wp1019943
A Cisco router will give you a warning when you configure PortFast:
SW1(config)#int fast 0/5
SW1(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
%Portfast has been configured on FastEthernet0/5 but will only
have effect when the interface is in a non-trunking mode.
SW1(config-if)#
Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.
But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn't even in your network!
BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.
BPDU Guard is off on all ports by default, and is enabled as shown here:
SW1(config)#int fast 0/5
SW1(config-if)#spanning-tree bpduguard enable
It's a good idea to enable BPDU Guard on any port you're running PortFast on. There's no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!
Refer link below for Understanding Spanning Tree Protocol:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cwsiug2/vlan2/stpapp.htm
Hope i am Informative and this HELPS.
PLS RATE if HELPS
Best Regards,
Guru Prasad R -
Folks,
I have recently placed 2 6500 at the core. I am running PVST. I have made one switch as the root primary and the other one is root secondary. My question is what steps can i take to make sure no spanning tree issues arise if some by mistake introduces a switch to the network??? i know i can use the root guard command per interface, but, i was looking for other best practices.
Also, can someone exlain to me how can i switch modify the spanning tree topology if i have already configured a root bridge with a priority of 1?
I will surely rate this post.
ThanksWell, you can set the priority to 0;-)
Except rootguard you mentioned, there is no real way of preventing someone else to become root because even if you set your root priority to 0, a bridge with a lower mac address could beat you.
STP still assume some kind of cooperation between the switches. If you are in an environment where you absolutely cannot trust the neighbors, you should try avoiding running STP with them. Rootguard is a good safeguard but it will disrupt connectivity when a violation is detected. Plus rootguard will fail to detect problems if the neighbor is hostile and not sending BPDUs at all (bpdufilter).
If you are operating in a kind of service provider model, you could use l2pt instead (waiting for 802.1ad). In that case, you would just run STP with the bridges you control and trust, and let others tunnel their STPs through you (note that in this case, the untrusted devices can create bridging loops through you, but you can rate limit the bandwidth they are wasting to what they pay for).
Regards,
Francois
Maybe you are looking for
-
Message with Multiple IDoc's to be sent to Two FTP locations
HI All, I need your valuable suggestions for the best approach.... Scenario is IDOC > PI>FILE All the Orders's(Orders05) created in SAP for every hour, IDOC's are collected and then a scheduled program sends all these idoc's every hour ... In PI i am
-
Video playback in embedded swf
Hi, I'm building a website in flash catalyst that uses an embedded swf also created in catalyst. The site is for a musician, and one of the pages (states) loads a swf file that contains a list of videos the user can select and play. That swf was al
-
Hi, I want featch the data in jast table by using for all entries of aufk table. But just table object number have 22 characters and aufk table order number is 12 characters. in just table object number value is stroed like this '00000000or23456789
-
I have adobe acrobat 9 pro installed. i have a program that needs adobe reader 9 to auto view some files. Can I install both acrobat and reader on my PC? I seem to remember a few years ago having some issue with acrobat and reader. HHJG
-
I recently downloaded the new version of iTunes and soon after, my "disco lights" wouldn't go into fullscreen. I would usually type *command+T* and it would work, but it isn't working anymore. I don't know if this is a new release with the new softwa