Triangle Link - Spanning Tree

Similar Messages

• 2960X 15.0(2)EX5 Stack Bug? Master Switch Ports link in Orange, no spanning Tree

  Is anyone aware of a bug in version 15.0(2)EX5 for 2960X Switches that would cause a switch in the master role to stop linking in new ports in green (and passing traffic).  I have 2 2960X-48FPD-L Switches in a stack and whichever switch I designate master will only link new connections in orange and not pass traffic.  All ports linked in show up/up and can be seen in a show cdp neighbor but won't pass any other traffic. 
  If I unplug the Stacking cables both switches become masters and ports linked in green on the previous member switch stay green, but after it switches to master any new connections plugged in only link in orange. 
  If I switch priorities and reboot the problem switches to the new master switch and the problem goes away on the member switch.
  Also, a switch in the master role does not show any spanning tree instances for ports in the orange link state. 
  Has anyone seen this issue and do you know of a solution? 
  Jim

  A quick update for those with this same problem.
  1.  15.2(3)E turned out to be very unstable causing my switch stack to randomly lockup/reboot one of the switches about once a week.
  2.  I downgraded back to 15.0(2)EX5 but found a workaround.  It turns out the switch stack with the 15.0 versions does not like the switchport voice vlan command on any of the interfaces on the master switch.  I simply removed the voice vlan configuration on the interfaces and all the switch ports linked in just fine.  I would prefer to run the phones on a voice vlan, but it still works without, just the PC's and phones are on the same vlan. 
  Jim

• Spanning-tree link-type shared

  Hi,
  i 've this problem.
  My PC must boot OS (windows) from network (Server sends Operating System by PC's mac-address)
  PC needs a ip-address within 5-10 seconds.
  I try it using hub and PC loads correctly OS and works properly.
  I try on my network (without hub) using Catalyst Switch in 2 ways:
  IOS and CatOS
  For the IOS i find this solution:
  i use the follows CLI:
  spanning-tree portfast
  spanning-tree link-type shared
  in this case i resolved my problem.
  FOR catOS , this command not work properly
  i use the follows CLI:
  set spantree portfast mod/port enable
  set spantree link-type mod/port shared
  After, if i see the configuration , i find the CLI
  "set spantree mst link-type mod/port shared"
  Can you help me?
  Thanks
  FCostalunga

  Configuring a ports STP link type to shared is sort of invalid if the port is also configured as an STP portfast port. 'Shared' effectively means this is a half-duplex connection to a hub that may also be connected to another switch (hence it can't be a point-to-point link). Normal STP operation should operate over 'shared' links and you won't get the rapid start a P2P link has.
  If the port is connected directly to a host then simply configuring the port as a portfast port will be enough (it will also make it a P2P link by default).
  HTH
  Andy

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• VLAN Spanning-tree (VSTP) issue with Metro-E links

  Hi Everyone,
  We have Juniper EX 4200 as core switch at two sites connected Cisco  2960s and Cisco 3560s (access layer switches). For even-numbered VLANs,  one Juniper switch is root bridge and for odd-numbered VLANs, other  Juniper switch is the root bridge.
  We have Cox and Verizon Metro-E links connecting core switches (Juniper EX 4200 at both sites).
  I want to do VLAN load sharing using VSTP but somehow it is not  working as expected. I want to pass some VLANs through COX and some  through Verizon. When there is any issue with Cox, all VLAN traffic pass  through Verizon and vice-versa. RSTP is also enabled on both Juniper  switches.
  I see MAC flapping in log messages on all Cisco access layer switches  when I bring up both Metro-E links together. When only Cox is  connected, everything works fine. When only Verizon is connected,  everything works fine. But when BOTH COX and Verizon are connected,  network gets disrupt and I see MAC flapping on all Cisco switches. All  cisco switches are running PVST.
  Anybody knows what is happening  and why VSTP is not working when both COX and VERIZON Metro-E links are active ?

  Hi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
  Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
  In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
  -Tom
  Please mark answered for helpful posts

• Are VTP Advertisements Sent over Spanning Tree Blocked Links?

  In a Virtual Terminal Protocol (VTP) domain there are 6506 switches, 4912G units and many 35xx units. There are more than 64 VLANs in use, so there are no redundant links due to the 35xx restriction of 64 spanning trees.
  Should this be split into three VTP domains to make sure there are no more than 64 VLANs on any 35xx? In this scenario, some of the switches would be connected to one neighbour in the same domain but to other neighbours in other domains. How can we ensure that the first link is not spanning tree blocked for VTP to work?

  First, VTP is passed on VLAN 1 and
  can be sent and received through blocked
  ports.
  Second, spantree topology and VTP are totally independent. So, spantree would still block
  or forward normally on a link regardless of whether
  the switches on each side are in different VTP
  domains.

• Spanning-tree portfast trunk

  Hi all,
  i read that portfast should only be enabled on access ports  not on trunk ports.
  when this command is used
  spanning-tree portfast trunk?
  under what cases we will use portfast command on trunk port ?
  thanks
  mahesh

  .... and there is one more case:
  you have access switch full of users and you want to provide them redundancy for internet connection, sou you use HSRP for example and now you have switch connected to 2 or more routers with internet links
  now, those links between switch and routers are also trunks and the topology is like a triangle with the switch on the tip , omitting PCs for now , at this point the only device taken into consideration is the switch - others don't use STP because routers have configured IP addresses on subinterfaces (each for one VLAN) so they break BRdomain and computers don't care about STP. In this case, you are sure that no routing loop can occur because other devices (all of them are L3) are boundary for that L2 segment and arp requests broadcasted in your LAN stay inside.
  What you've just managed to make is faster trunk transition to UP state so after reload of that switch, your users can quickly use network again.

• Can I disable spanning-tree in a vpc domain ?

  i have two N7718s in a vpc domain and each have a vpc connection to  300+ TORs(non cisco switch).
  each 7718 have 300+ trunk port and a trunk port carring 80 vlans . so the logical port number is 300*80 = 24000
  the problem is n7k r-pvst logical ports limit is 16000,it causes the vpc primary 7718 ping latancy time exceed 1000ms
  2 ways to solve this problem : use mst instead of rpvst or disable spanning-tree
  if i use mst , the logical ports limit is 90000, the problem will appear one day
  so i want to disable spanning-tree . 7718s' vpc link to TOR use lacp ,it will prevent some  layer2 loops. can i do it?

  I have the same problem. :)

• ISE - 802.1X - Loop not detected by spanning-tree

  Hello,
  I have recently implemented the 802.1X on switchs 3750-X running 15.0(2)SE IOS version.
  The spanning-tree bpdufilter and bpduguard are globally enabled on the switchs.
  A user has created a loop on the network by connecting its Cisco IP-Phone twice on the network : one wire connected normally from switch to the RJ-45 phone connector and the second wire that should be connected to the PC had also been connected to the switch !
  The loop created has not been detected by the switch !
  I have made several tests and re-created the problem 3 times on 4 (only one time, the loop has been detected by bpduguard  20 seconds after the port up).
  Notice that without 802.1X configured on the same switch port, the loop is quickly detected and ports are err-disabled shutdown.
  Switch port with 802.1X is following :
  interface GigabitEthernet1/0/9
  switchport access vlan 950
  switchport mode access
  switchport nonegotiate
  switchport voice vlan 955
  no logging event link-status
  authentication control-direction in
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 950
  authentication event server dead action authorize voice
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 10
  storm-control broadcast level 10.00
  storm-control multicast level 10.00
  spanning-tree portfast
  If I change the host-mode to multi-domain, a MAC violation restriction occurs and shutdown the port. But this is not the config I need.
  Is there any reason for spanning-tree not works properly with 802.1X ?
  Thanks,
  Olivier

  Hello Olivier
  When using bpdufilter, bpduguard and portfast all at the same time there are many things going on which are not well documented. Now when you add 802.1x to the mix then you really have no documentation. I had to do many labs on my own to finally have my configuration, and also discovered some bugs. According to my experience you shouldn't use bpdufilter and you should use bpduguard on the switchport not in the global config.
  Please read the following links about the differences between global and port bpdufilter, differences between global and port bpduguard, configuring bpduguard along with portfast , configuring bpdufilter along with portfast, and configuring bpduguard along with bpdufilter.
  http://aitaseller.wordpress.com/2010/01/17/bpdu-filter-vs-bpdu-guard-what-is-the-difference/
  http://costiser.wordpress.com/2011/05/23/subtle-difference-for-portfast-bpdufilter-used-together-globally-or-at-interface-level/
  https://learningnetwork.cisco.com/thread/21103
  http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
  Please rate if this helps

• Switching Best Practice - Spanning Tree andEtherchannel

  Dear All,
  Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
  1. Manually configure STP Root Bridge.
  2. On end ports, enable portfast and bpduguard.
  3. On ports connecting to other switches enable root guard.
  In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
  Thank You,
  Abhisar.

  Hi Abhisar,
  Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
  On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
  Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
  Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
  If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
  My $0.02...
  Best regards,
  Peter

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

• SGE2010 switches, VLAN's and a blocked port in spanning-tree

  Folks,
  I have 2 switch groups.
  2 SGE2010's with VLAN's defined as 10,20 and 30
  Vlan 10 is the management VLAN, and it uplinks to our border router.
  Vlan 20 is the workstation VLAN, and all workstations point to the switch as their default GW
  Vlan 30 is the ip phone VLAN, and all phones use this as their gateway.
  I would like to put a LAG between said switches, we have some servers on the ip phone switch that need to be accessed by the workstation clients, and the single 100mb link through the router is probably not going to be enough.
  As I understand it, because the switches have different networks on them, a simple lag will not work. I did create a lag, and assign ip addresses to each side, however in that mode, it doesn't appear I can block vlan 10 from transiting the LAG, and with out that block I will end up with a logical loop, and spanning-tree will block one of the uplinks, or the LAG itself.
  I have attached an image with a diagram of our current set up.
  Any help/advice would be much appreciated.

  Tom,
  I remember our conversation a few weeks ago. I did not get a chance to have a go at MSTP, mainly because I have no expierence with it, and looking at the configuration properities, it looks a little daunting.
  It has also been a very busy few weeks with the deployment of 200+ phones across several sites, and the system is functioning great with out the LAG trunk, I am just trying to plan for the future.
  I made a few postings a few weeks ago, one here and one on the Cisco forums on reddit, and a user there gave me some advice I have been unable to make work (I think it's just wrong), but I would love to go this route if it is in fact possible.
  Here is the thread : http://www.reddit.com/r/Cisco/comments/x91tc/vlan_trunks_spanning_tree_and_a_port_blocked/c5kskch
  This user implies it's possible to block a VLAN across the LAG which would end the logical loop problems.
  It looks like his advice is to make the LAG into a trunk, and then block specific VLAN's from transiting it, but in trunk mode, I can't assign it an IP, so I am sorta wondering how exactly you transport packets across it.
  Can you confirm that his advice is in fact incorrect?
  If MSTP is my only route, then I suppose it's time to dig into the docs and see If I cant get it up and running.

• Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?

  I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port  2 SW2 and port 2 SW1 to port 1 SW2) ring. 
  At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine). 
  I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree. 
  Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below).  When I was at the site, I sometimes had connectivity, sometimes not.  A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so. 
  Has anyone else run into these issues, and have you found a solution?
  I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack.  It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.   
  What do you think?
  Jim
  _BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.

  Jim,
  We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
  If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
  Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
  Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  We have upgraded to 15.0(2a).EX5 and still have the same issue.
  We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
  HTH

• Spanning Tree MST per Vlan, best practice

  Hi Community.
  I did the following MST Spanning Tree Config
  spanning-tree mst configuration
    name xxxxxxx
    revision1
    instance 1 vlan 1, 10-20, 25, 30
  So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
  I see lots of MAC Flaps on ports with two Server links and the outage is for some seconds.
  Is it a better practice to add all possible Vlans to the config. So I do the config like that:
    instance 1 vlan 1-4096
  What you think.
  Best Regards patrick

  Hi,
  So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
  Correct, that is normal behavior with MST.
  I would just add "instance 1 vlan 1-4094" this way there is no outage when you bring up a new vlan.
  HTH

• Nexus spanning tree pseudo configuration

  Hi
  I am trying to understand the pseudo configuration commands in a Nexus hybrid topology.
  I have vlans a, b and c only in the vPC side of the topology.  I have peer switch configured and the same stp priority on both switches.
  In the standard Spaning-tree topology I have completely seperate vlans x, y and z.
  What should I be configuring in the pseudo config section ?  Do I define a pseudo root priority for all vlans a, b, c and x, y, z or just for the standard spanning tree vlans x, y and z.  I need to avoid and, even short, spanning tree outages if I take one Nexus out of service for a short time.
  My thinking is that if one Nexus is out of service the physical mac will be used and potentially reduce the root priority of the vPC vlans causing a TCN and STP recalculation in vlans a, b and c.  This can be avoided by configuring a pseudo root priority for all Vlans lower than the current spanning tree priority shared by the vPC peers.  Is this correct ?  However, since I have a shared priority of 8192 on current vPC vlans will configuring, for example, a pseudo root priority of 4096 on those vPC vlans won't this also cause the TCN and recalculation I am trying to avoid ?  Is the benefit of the pseudo root config only obtained if it is configured at the start when the vPC is formed and prior to the peer switch command being issued ?
  Thanks, Stuart.

  Hi Ajay,
  It is recommended that switch-to-switch links are configured with the spanning-tree port type normalcommand. The one exception is the vPC peer-link which is recommended to configure with the spanning-tree port type network command.
  Take a read of the Best Practices for Spanning Tree Protocol Interoperability from page 56 of the vPC Best Practice Design Guide for further information on this.
  Regards