Spanning-tree link-type shared

Hi,
i 've this problem.
My PC must boot OS (windows) from network (Server sends Operating System by PC's mac-address)
PC needs a ip-address within 5-10 seconds.
I try it using hub and PC loads correctly OS and works properly.
I try on my network (without hub) using Catalyst Switch in 2 ways:
IOS and CatOS
For the IOS i find this solution:
i use the follows CLI:
spanning-tree portfast
spanning-tree link-type shared
in this case i resolved my problem.
FOR catOS , this command not work properly
i use the follows CLI:
set spantree portfast mod/port enable
set spantree link-type mod/port shared
After, if i see the configuration , i find the CLI
"set spantree mst link-type mod/port shared"
Can you help me?
Thanks
FCostalunga

Configuring a ports STP link type to shared is sort of invalid if the port is also configured as an STP portfast port. 'Shared' effectively means this is a half-duplex connection to a hub that may also be connected to another switch (hence it can't be a point-to-point link). Normal STP operation should operate over 'shared' links and you won't get the rapid start a P2P link has.
If the port is connected directly to a host then simply configuring the port as a portfast port will be enough (it will also make it a P2P link by default).
HTH
Andy

Similar Messages

Do I configure spanning-tree port type ed trunk on LACP port-channels

Hello,
Can't seem to see a clear answer and wondering if something could offer some advice please?
We are using LACP aggregation across all our 10 gig attached servers and also trunking them. We're running a VPC pair of 5596 Nexus.
For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
However I think I should be adding this to the overiding port-channel config. At present a colleague has configured the VPC below omitting the spanning-tree port type config.
interface port-channel100
description a-server
switchport mode trunk
switchport trunk allowed vlan 100
vpc 100
The port member configs are these which do contain the spanning tree port type:
interface Ethernet1/1
description a-server(1)
switchport mode trunk
switchport trunk allowed vlan 100
spanning-tree port type edge trunk
channel-group 100 mode active
I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
However I have this issue with STP:
Switch1# show spanning-tree interface po100
Vlan Role Sts Cost Prio.Nbr Type
VLAN0100 Desg BKN*200 128.4996 (vPC) Network P2p *BA_Inc
Is this due to the inconsistency with my port channel to member configs?
Any advice would be gratefully accepted.
Thanks!

Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
Evren

Spanning-Tree Port Type Edge & Router

I am wondering if a switch trunk port that is facing a router that is connected with subinterface can be classified as an edge port in the eyes of Spanning-Tree.
Thanks.

Ricardo
You should configure the switchport as "spanning-tree portfast trunk"
As Glen says that is assuming you are not connecting to a switch module on the router.
Jon

Nexus spanning tree pseudo configuration

Hi
I am trying to understand the pseudo configuration commands in a Nexus hybrid topology.
I have vlans a, b and c only in the vPC side of the topology. I have peer switch configured and the same stp priority on both switches.
In the standard Spaning-tree topology I have completely seperate vlans x, y and z.
What should I be configuring in the pseudo config section ? Do I define a pseudo root priority for all vlans a, b, c and x, y, z or just for the standard spanning tree vlans x, y and z. I need to avoid and, even short, spanning tree outages if I take one Nexus out of service for a short time.
My thinking is that if one Nexus is out of service the physical mac will be used and potentially reduce the root priority of the vPC vlans causing a TCN and STP recalculation in vlans a, b and c. This can be avoided by configuring a pseudo root priority for all Vlans lower than the current spanning tree priority shared by the vPC peers. Is this correct ? However, since I have a shared priority of 8192 on current vPC vlans will configuring, for example, a pseudo root priority of 4096 on those vPC vlans won't this also cause the TCN and recalculation I am trying to avoid ? Is the benefit of the pseudo root config only obtained if it is configured at the start when the vPC is formed and prior to the peer switch command being issued ?
Thanks, Stuart.

Hi Ajay,
It is recommended that switch-to-switch links are configured with the spanning-tree port type normalcommand. The one exception is the vPC peer-link which is recommended to configure with the spanning-tree port type network command.
Take a read of the Best Practices for Spanning Tree Protocol Interoperability from page 56 of the vPC Best Practice Design Guide for further information on this.
Regards

VLAN Spanning-tree (VSTP) issue with Metro-E links

Hi Everyone,
We have Juniper EX 4200 as core switch at two sites connected Cisco 2960s and Cisco 3560s (access layer switches). For even-numbered VLANs, one Juniper switch is root bridge and for odd-numbered VLANs, other Juniper switch is the root bridge.
We have Cox and Verizon Metro-E links connecting core switches (Juniper EX 4200 at both sites).
I want to do VLAN load sharing using VSTP but somehow it is not working as expected. I want to pass some VLANs through COX and some through Verizon. When there is any issue with Cox, all VLAN traffic pass through Verizon and vice-versa. RSTP is also enabled on both Juniper switches.
I see MAC flapping in log messages on all Cisco access layer switches when I bring up both Metro-E links together. When only Cox is connected, everything works fine. When only Verizon is connected, everything works fine. But when BOTH COX and Verizon are connected, network gets disrupt and I see MAC flapping on all Cisco switches. All cisco switches are running PVST.
Anybody knows what is happening and why VSTP is not working when both COX and VERIZON Metro-E links are active ?

Hi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
-Tom
Please mark answered for helpful posts

2960X 15.0(2)EX5 Stack Bug? Master Switch Ports link in Orange, no spanning Tree

Is anyone aware of a bug in version 15.0(2)EX5 for 2960X Switches that would cause a switch in the master role to stop linking in new ports in green (and passing traffic). I have 2 2960X-48FPD-L Switches in a stack and whichever switch I designate master will only link new connections in orange and not pass traffic. All ports linked in show up/up and can be seen in a show cdp neighbor but won't pass any other traffic.
If I unplug the Stacking cables both switches become masters and ports linked in green on the previous member switch stay green, but after it switches to master any new connections plugged in only link in orange.
If I switch priorities and reboot the problem switches to the new master switch and the problem goes away on the member switch.
Also, a switch in the master role does not show any spanning tree instances for ports in the orange link state.
Has anyone seen this issue and do you know of a solution?
Jim

A quick update for those with this same problem.
1. 15.2(3)E turned out to be very unstable causing my switch stack to randomly lockup/reboot one of the switches about once a week.
2. I downgraded back to 15.0(2)EX5 but found a workaround. It turns out the switch stack with the 15.0 versions does not like the switchport voice vlan command on any of the interfaces on the master switch. I simply removed the voice vlan configuration on the interfaces and all the switch ports linked in just fine. I would prefer to run the phones on a voice vlan, but it still works without, just the PC's and phones are on the same vlan.
Jim

Triangle Link - Spanning Tree

Hi All,
We tried to create a redudancy link between 3 building. When we connect the 3rd link (Red Line) and keep receiving the following error message.
*Nov 3 19:27:44.932: %SW_MATM-4-MACFLAP_NOTIF: Host 6c41.6a13.3580 in vlan 17 is flapping between port Gi4/0/44 and port Gi1/1/1
*Nov 3 19:27:44.957: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0b66.8561 in vlan 19 is flapping between port Gi4/0/44 and port Gi1/1/1
*Nov 3 19:27:44.965: %SW_MATM-4-MACFLAP_NOTIF: Host 88ae.1dad.2fd3 in vlan 19 is flapping between port Gi1/0/4 and port Gi1/1/1
*Nov 3 19:27:45.032: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.2304.49f6 in vlan 25 is flapping between port Gi1/1/1 and port Gi4/0/44
*Nov 3 19:27:45.074: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.2304.4a1b in vlan 25 is flapping between port Gi1/1/1 and port Gi4/0/44
*Nov 3 19:27:45.091: %SW_MATM-4-MACFLAP_NOTIF: Host a01d.48b7.dcdb in vlan 19 is flapping between port Gi4/0/44 and port Gi3/0/28
*Nov 3 19:27:45.166: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.569e.6d67 in vlan 2 is flapping between port Gi4/0/44 and port Gi1/1/1
*Nov 3 19:27:45.234: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.2307.764a in vlan 25 is flapping between port Gi1/1/1 and port Gi4/0/44
*Nov 3 19:27:45.275: %SW_MATM-4-MACFLAP_NOTIF: Host 28d2.4476.172f in vlan 17 is flapping between port Gi4/0/44 and port Gi1/1/1
I cannot figure out what is wrong with the setting. Any advise?

Hey,
I suggest locating the original location of any of these machines from SW85 and then start looking the STP port states in other direction.
Say originally users are reachable over link G3/1/1 so ideally as per STP link G4/0/44 needs to be blocking for these user/vlans. Keep tracing the spanning tree port states over the other link and i am sure you will find something useful.
HTH.
Regards,
RS.

Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

Hello,
I have an Spanning tree problem when i conect 2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy, with one IP of management)
In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
I dont know but do you like this solutions i want to try on sunday?:
Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
¿could you help me to control the root? ¿Do you think its better another solution? thanks!
CONFIG WITH PROBLEM
======================
3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
interface GigabitEthernet2/0/28
description VIRTUAL SNMP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
logging event trunk-status
shutdown
interface GigabitEthernet1/0/43
description VIRTUAL SNMP1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
shutdown
DELL M6220: (its only one swith)
interface Gi3/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit
interface Gi4/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit

F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk

Are VTP Advertisements Sent over Spanning Tree Blocked Links?

In a Virtual Terminal Protocol (VTP) domain there are 6506 switches, 4912G units and many 35xx units. There are more than 64 VLANs in use, so there are no redundant links due to the 35xx restriction of 64 spanning trees.
Should this be split into three VTP domains to make sure there are no more than 64 VLANs on any 35xx? In this scenario, some of the switches would be connected to one neighbour in the same domain but to other neighbours in other domains. How can we ensure that the first link is not spanning tree blocked for VTP to work?

First, VTP is passed on VLAN 1 and
can be sent and received through blocked
ports.
Second, spantree topology and VTP are totally independent. So, spantree would still block
or forward normally on a link regardless of whether
the switches on each side are in different VTP
domains.

"Peer-switch" command on vPC domain and spanning-tree priority interaction

Hi guy,
We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
>>sh spanning-tree vlan 10 detail
Port 65 (Port-channel1) of VLAN10 is root forwarding
Port path cost 3, Port priority 128, Port Identifier 128.65.
Designated root has priority 4106, address 0013.05ee.bac8
Designated bridge has priority 4106, address 0013.05ee.bac8
Designated port id is 144.2999, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 5, received 603
one sec later.
>>sh spanning-tree vlan 10 detail
Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
Configuration:
N7KA
spanning-tree vlan 1-10 priority 4096
vpc domain 200
peer-switch
N7KB
spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
vpc domain 200
peer-switch

We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

SF 300 Serires switch not participating in spanning tree?

I just purchased an SF300-24 managed switch and I am running it in layer3 mode. I am testing it out right now and have it connected to two 2950 switches. The SF300 is connected to each 2950 with a four port etherchannel running LACP. When looking at spanning tree all three switches are configured the same when it comes to hello, forward, max age and all three are in RSTP mode. I adjusted the priorities so that the SF300 would be the root but that is not happening.
I only have one VLAN as of right now set up and connectivity between the three switches is fine. The only problem seems to be that the two 2950 switches are the only two switches involved in the determination of the root bridge. Additionally it was the same way before I configured the etherchannel and had the switches connected over single trunk lines.
I would appreciate if someone can expain to me why this is?
Thanks in advance.

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Thanks for your help but know I still cannot get the three devices to talk MST either,it is getting frustrating. If i add a redundant link and directly connect the two 2950's they immediately talk and configure MST. But when I remove that link no info is passed and both 2950's think they are the root even though the SF 300 priority is 0 on all three MST instances. On the SF300 I have the following settings:
Spanning tree: enabled
STP Operation Mode: Multiple STP
BPDU Handling: Flooding
Path Cost: Long
Region name: test
Revision: 1
Max Hops: 20
Max-age: 20
Hello Time: 2
Forward Delay: 15
MST instance 1 Vlan 100
Bridge Priority 0
Designated Root Bridge: Self
Root port: 0
Root path cost: 0
MST instance 2 Vlan 2-5
Bridge Priority 0
Designated Root Bridge: Self
Root port: 0
Root path cost: 0
MST instance 0 all vlans not in instance 1 and 2
Bridge Priority 0
Designated Root Bridge: Self
Root port: 0
Root path cost: 0
For MST interface Settings (both LAGs/instances are thesame)
Int Priority: 128
Path Cost: 20000
Port State: Boundary
Mode: RSTP
Type: Boundary
Designated port ID: 128
Designated Cost: 0
Remain Hops: 20
Forward Transitions: 1
The 2950 switches: (The only difference on the other switch is that the priority is 8192, and the MACs of course)
MST00 is executing the mstp compatible Spanning Treeprotocol
Bridge Identifierhas priority 4096, sysid 0, address 000b.460e.e040
Configured hello time 2, max age 20, forward delay 15
Current root haspriority 0, address 6c50.4dcb.334b
Root port is 65 (Port-channel1), cost of root path is 50000
Topology change flag not set, detected flag not set
Number of topology changes 7 last change occurred 00:18:54 ago
          from Port-channel1
Times: hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Port 65 (Port-channel1) of MST00 is root forwarding
   Port path cost 50000, Port priority 128, Port Identifier 128.65.
   Designated roothas priority 0, address 6c50.4dcb.334b
   Designatedbridge has priority 0, address 6c50.4dcb.334b
   Designated port id is 128.1000, designated path cost 0
   Timers: message age 4, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type ispoint-to-point by default, Boundary RSTP
   BPDU: sent 571,received 568
MST01 is executingthe mstp compatible Spanning Tree protocol
Bridge Identifierhas priority 4096, sysid 1, address 000b.460e.e040
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 9 last change occurred 00:18:55 ago
          from Port-channel1
Times: hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Port 65 (Port-channel1) of MST01 is boundary forwarding
   Port path cost 50000, Port priority 128, Port Identifier 128.65.
   Designated root has priority 4097, address 000b.460e.e040
   Designated bridge has priority 4097, address 000b.460e.e040
   Designated port id is 128.65, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type ispoint-to-point by default, Boundary RSTP
   BPDU: sent 598,received 0
MST02 is executingthe mstp compatible Spanning Tree protocol
Bridge Identifierhas priority 4096, sysid 2, address 000b.460e.e040
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 9 last change occurred 00:19:50 ago
          from Port-channel1
Times: hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Port 65 (Port-channel1) of MST02 is boundary forwarding
   Port path cost 50000, Port priority 128, Port Identifier 128.65.
   Designated root has priority 4098, address 000b.460e.e040
   Designated bridge has priority 4098, address 000b.460e.e040
   Designated port id is 128.65, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type ispoint-to-point by default, Boundary RSTP
   BPDU: sent 611,received 0
I notice that on MST01 and 02 they are not receiving BPDU’s,but I am not sure why or if that is the problem. It appears that the SF 300 is not sending BPDU packets for MST01 and 02, but is sending them for MST00. I also attached a capture. I captured the VLAN info for VLAN 100 which is in MST1. on the SF300, it appears that the SF 300 is recieving STP traffic but not generating any.

Spanning tree guard root

                  Hi,
We have 45xx switch & we enabled spanning tree root guard on ports connected with access switch via fiber uplink
& we enable spanning tree loop guard on access switch side
One of my core switch port connected to Juniper Netscreen Firewall
Whether I need to enable spanning tree guard root on the same port on core switch side ? or not
In case of yes, any config changes required on JUniper Netscreen box
Br/Subhojit

Hi, Pls find the output
Port 130 (GigabitEthernet3/2) of VLAN0054 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.130.
   Designated root has priority 8246, address 001b.d474.8a40
   Designated bridge has priority 16438, address 001b.0cee.0440
   Designated port id is 128.130, designated path cost 3
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
Bpdu filter is enabled
   Root guard is enabled on the port
   BPDU: sent 5847158, received 0
Present the bold config enabled on the port
Br/Subhojit

Spanning tree root ports in back to back VPC

Ok so I have a question about back to back VPC configuration.
I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
However I am seeing an issue on the agg layer. Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
Po1 is my uplink from the agg
Po4 is my vpc peerlink on the Agg
Po1              Root FWD 200       128.4096 (vPC) P2p
Po2              Desg FWD 200       128.4097 (vPC) P2p
Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
Eth2/6           Altn BLK 2000      128.262 P2p

a little more info.
Po1 is my uplink to the core
Po4 is my agg vpc peer.
I see 2 paths to root on one swith. it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
MST0000
Spanning tree enabled protocol mstp
Root ID    Priority    4096
             Address     0023.04ee.be01
             Cost        0
             Port        4099 (port-channel4)
             Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    8192   (priority 8192 sys-id-ext 0)
             Address     547f.eea6.d2c1
             Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface        Role Sts Cost      Prio.Nbr Type
Po1              Root FWD 200       128.4096 (vPC) P2p
Po2              Desg FWD 200       128.4097 (vPC) P2p
Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
MST0000
Spanning tree enabled protocol mstp
Root ID    Priority    4096
             Address     0023.04ee.be01
             Cost        0
             Port        4096 (port-channel1)
             Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    8192   (priority 8192 sys-id-ext 0)
             Address     547f.eea6.ce41
             Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface        Role Sts Cost      Prio.Nbr Type
Po1              Root FWD 200       128.4096 (vPC) P2p
Po2              Desg FWD 200       128.4097 (vPC) P2p
Po3              Desg FWD 200       128.4098 (vPC) P2p
Po4              Desg FWD 330       128.4099 (vPC peer-link) Network P2p

Spanning-tree not working: SG500 to Cat3650

Hi All,
Trying to turn up a new site. I have 2 switches: Cat 3650 & SG500-52P. I want to connect up two ethernet cables between these switches in the event one fails, STP will put the blocked one in forwarding. However, when I connect up the 2nd ethernet cable, I get the following:
IPADTBL-N-IPDUPLICATE: Duplicate IP address 192.168.5.232 from MAC a0:ec:f9:ef:6a:18 was detected on VLAN 1, port gi1/1/24
This log message is then followed by the network locking up & crashing until I remove the 2nd cable (i.e. STP Loop). Removing the redundant cable solves the problem. This is because STP is allowing both links to transitioning to forwarding state (confirmed in show spanning-tree & show cdp neighbor).
Why is spanning-tree not correctly blocking one of the lines? Is that type of architecture not supported when there is an SG300/500 in the equation?
Configs below:
Core 3650: (box configs basically)
Switch#show run
Building configuration...
Current configuration : 2686 bytes
! Last configuration change at 10:01:53 UTC Thu Jan 22 2015
! NVRAM config last updated at 09:24:03 UTC Thu Jan 22 2015
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Switch
boot-start-marker
boot-end-marker
vrf definition Mgmt-vrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
logging console emergencies
enable secret 5 $1$Qi5N$u/5q1HESY/TyQsPFNKVah1
no aaa new-model
clock timezone UTC -6 0
clock summer-time UTC recurring
switch 1 provision ws-c3650-24ts
ip device tracking
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
redundancy
mode sso
class-map match-any non-client-nrt-class
match non-client-nrt
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/2
interface GigabitEthernet1/0/3
interface GigabitEthernet1/0/4
interface GigabitEthernet1/0/5
interface GigabitEthernet1/0/6
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
interface GigabitEthernet1/0/11
interface GigabitEthernet1/0/12
interface GigabitEthernet1/0/13
interface GigabitEthernet1/0/14
interface GigabitEthernet1/0/15
interface GigabitEthernet1/0/16
interface GigabitEthernet1/0/17
interface GigabitEthernet1/0/18
interface GigabitEthernet1/0/19
interface GigabitEthernet1/0/20
interface GigabitEthernet1/0/21
interface GigabitEthernet1/0/22
interface GigabitEthernet1/0/23
interface GigabitEthernet1/0/24
interface GigabitEthernet1/1/1
interface GigabitEthernet1/1/2
interface GigabitEthernet1/1/3
interface GigabitEthernet1/1/4
interface Vlan1
ip address 192.168.5.230 255.255.255.0
ip default-gateway 192.168.5.1
ip http server
ip http secure-server
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
line vty 0 4
password scrubbed
login
line vty 5 15
password scrubbed
login
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
ap group default-group
end
SG500 Switch:
switchff1182#show run
config-file-header
switchff1182
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switchff1182
no passwords complexity enable
username cisco password encrypted scrubbed privilege 15
ip ssh server
snmp-server server
no ip http server
ip telnet server
interface vlan 1
ip address 192.168.5.231 255.255.255.0
no ip address dhcp
exit
ip default-gateway 192.168.5.1

Hi Peter,
Thanks for replying. Unfortunately (or fortunately if it worked), STP is running and BPDU's are flooding below:
SW500A#show spanning-tree
Spanning tree enabled mode RSTP
Default port cost method: long
Root ID Priority 24577
Address a0:ec:f9:ef:6a:00
Cost 20000
Port gi1/1/43
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 2c:3e:cf:ff:11:82
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
SW500A#show spanning-tree bpdu
Global: Flooding
I guess I'm doing etherchannels instead of redundant links :-/
This is one of many reasons why I regret these small business models being made; A lot of things that are polished and functional in the enterprise grade (i.e. real switches) just don't seem to work on these units. But unfortunately, as the price is significantly cheaper, companies will continue purchasing these over the better quality units, and engineers like myself will be stuck working with the cut-corners version of a Cisco switch.

Cisco Noob - Layer 3 Routing / VLAN / Spanning Tree

Hi All ...
I need some pointers on which commands / settings and where, I know what I want to achieve but the things I am trying seem to be 'mutually exclusive' - either that or i'm missing something - I am not a Cisco IOS expert but I know my way around a network.
Take 3 3560 switches in Layer 3 mode, there is a 'local' fibre spanning tree ring serving mulriple switches on each, each ring is it's own IP segment / VLAN. There is then a trunk between each switch on which I want to establish a load sharing / spanning tree circuit i.e.
SW1 hosts VLAN 2 via copper on fa0/1 -12, ip address 10.10.2.254
SW1 hosts VLAN 3 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.3.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW1 hosts VLAN 10, ip address 10.10.10.1 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW2 hosts VLAN 4 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.4.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW2 hosts VLAN 10, ip address 10.10.10.2 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW3 hosts VLAN 5 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.5.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW3 hosts VLAN 10, ip address 10.10.10.3 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW1 G0/3 is a SMF trunk to SW2 G0/3
SW1 G0/4 is a SMF trunk to SW3 G0/3
SW2 G0/4 is a SMF trunk to SW3 G0/4
The trunks are configured as "trunk encapsulation dot1q", ip routing is enabled.
I can get the trunks working OK - but I can't seem to get routing to work across them - if I define an interface on SW1 with an IP set in SW3 the switch complains so it can clearly see it so which command have I missed.
All VLAN's are part of the same domain, each VLAN has it's own DHCP hosted on it's hosting switch. The VLAN ip address is excluded from DHCP and is the default gateway for each VLAN.
All VLAN's must be able to reach VLAN2 (contains SQL servers and DNS, Time etc etc), the VLAN's are working, DHCP etc is all working - but I can't get anything other than VLAN 10 IP's to talk across the trunks - I've tried adding spanning-tree vlan 2,3,4,5,10 but this hasn't worked, the ip route-map shows nothing, if you show spanning-tree the trunk ports do show up as an interface for all VLAN's - and yet no traffic passes across them - show route displays nothing. I tried adding ip route 10.10.*.0 255.255.255.0 10.10.2.254 (where 10.10.2.254 is the ip address of VLAN 2) but that's done nothing.
I have tried various combinations - unsuccessful so far - I need the trunks to be not only fault tolerant but load sharing which kind of negates fixing IP's on them - or does it ?? - what am I missing ?
(switches are all running IP services IOS)

Hi John ,, here is the sh ip route and sh ip eigrp from all three.
The ip address I'm trying to reach from SW1, SW2 is 10.10.2.253 - the DNS server - the server is available and connected to a copper port designated and assigned to VLAN 2 (which has the root ip of 10.10.2.254) dhcp is not enabled for VLAN 2.
I can ping the DNS box from VLAN 5 (same switch as VLAN 2).
The copper ports on the SW1 and SW2 boxes refuse to 'come up' - they remain shutdown no matter what. I haven't yet configured VLAN 10 ....
(NOTE - these switches are on the bench right now - I intend to ge tthe config sorted / tested and verified before they go into production)
SWITCH 1 - Host for VLAN 3 and 10
SW1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D       10.10.2.0/24 [90/3072] via 10.10.10.6, 01:19:29, GigabitEthernet0/2
C       10.10.10.0/30 is directly connected, GigabitEthernet0/1
C       10.10.10.4/30 is directly connected, GigabitEthernet0/2
SW1#sh ip eigrp interfaces
EIGRP-IPv4:(10) interfaces for process 10
                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers Un/Reliable SRTT   Un/Reliable   Flow Timer   Routes
Gi0/2              1        0/0         1       0/1            0           0
Vl3                0        0/0         0       0/1            0           0
SW1#
SWITCH 2 - Host for VLAN 4 and 10
SW2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/30 is subnetted, 2 subnets
C       10.10.10.8 is directly connected, GigabitEthernet0/1
C       10.10.10.0 is directly connected, GigabitEthernet0/2
SW2#sh ip eigrp interfaces
EIGRP-IPv4:(10) interfaces for process 10
                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers Un/Reliable SRTT   Un/Reliable   Flow Timer   Routes
Gi0/2              0        0/0         0       0/1            0           0
Gi0/1              0        0/0         0       0/1            0           0
Vl4                0        0/0         0       0/1            0           0
SW2#
SWITCH 3 - Host for VLAN 2, 5 and 10
SW3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C       10.10.10.8/30 is directly connected, GigabitEthernet0/1
C       10.10.2.0/24 is directly connected, Vlan2
C       10.10.10.4/30 is directly connected, GigabitEthernet0/2
SW3#sh ip eigrp interfaces
EIGRP-IPv4:(5) interfaces for process 5
                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers Un/Reliable SRTT   Un/Reliable   Flow Timer   Routes
Vl2                0        0/0         0       0/1            0           0
Vl5                0        0/0         0       0/1            0           0
EIGRP-IPv4(0)(0) interfaces for process 0
                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers Un/Reliable SRTT   Un/Reliable   Flow Timer   Routes
EIGRP-IPv4:(10) interfaces for process 10
                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers Un/Reliable SRTT   Un/Reliable   Flow Timer   Routes
Gi0/2              1        0/0         1       0/1           50           0
Vl5                0        0/0         0       0/1            0           0
Vl2                0        0/0         0       0/1            0           0
SW3#
SW3#show vlan
VLAN Name                             Status    Ports
1    default                          active
2    SERVERS                          active    Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
4    DB5-LAN                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Gi0/1, Gi/2
10   MANAGER                          active    Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
VLAN Type SAID       MTU   Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1    enet 100001     1500 -      -      -        -    -        0      0
2    enet 100002     1500 -      -      -        -    -        0      0
3    enet 100003     1500 -      -      -        -    -        0      0
4    enet 100004     1500 -      -      -        -    -        0      0
5    enet 100005     1500 -      -      -        -    -        0      0
10   enet 100010     1500 -      -      -        -    -        0      0
1002 fddi 101002     1500 -      -      -        -    -        0      0
1003 tr    101003     1500 -      -      -        -    srb      0      0
1004 fdnet 101004     1500 -      -      -        ieee -        0      0
1005 trnet 101005     1500 -      -      -        ibm -        0      0
Remote SPAN VLANs
Primary Secondary Type              Ports
PPS : I'm using ports Gi0/1 and Gi0/2 for now - I removed these from DB5-LAN and can now 'ping' from SW1 but not from SW2 - but the local copper is still dead on SW1 and SW2
Copper channels not dead - faulty patch lead ... the simplest things ....

Spanning-tree link-type shared

Similar Messages

Maybe you are looking for