VLAN spanning-tree root and VLAN L3 SVI

Similar Messages

• Spanning-tree Root changes

  Hi All,
  I presently have a switched VLAN network (one 6500, several 4912G and 2948Gs) with a 2948G access-layer switch as spanning-tree root.I am planning to change the Spanning tree root to the core 6500 switch running PVST+.All switches are running trunking between them.I have read through the basic STP documents and would like to know any precautions to be aware of before doing it.Any first hand experience will be of great help.
  Thanx,
  Praful

  Praful,
  Wise decision to change your root switch, I'd just suggest doing it during your slower periods of time, just-in-case.
  It really is a quick change, just expect network connectivity to "pause" for up to 50 seconds while spanning tree stablizes.
  Provided you have a good handle on how your network is wired, and you're currently running PVST+ across your network, the actual outage should only be 2-3 seconds. I know I've had to tweak our vlans from time to time and I've never seen it take any longer than 2-3 seconds.
  HTH
  Steve

• Sg-300 - 3750 stack with SPANNING-TREE root problem.

  Morning. I think ive configured a few hundred switches, maybe a thousand in my time, but never have a faced such horribleness that is the SG-300. After this week, I think ill refuse to touch them.
  Got 2 voice vlans and running a few vrf's on a 3750 stack. but this discussion is about layer 2.
  2 x 3750 stacked
  1 x voice switch sg-300 company A voice vlan 18 - Po1 up to 3750 distributed etherchannel Po1 (LACP active both sides) 2 ports in channel
  1 x voice switch sg-300 company B voice vlan 19 - Po1 up to 3750 distributed etherchannel Po2 (LACP active both sides) 2 ports in channel
  Allowed vlans on both sides (command on Port-channel) are data A, Voice A, Mgt A to switch A
  Allowed vlans on both sides (command on Port-channel) are data B, Voice B, Mgt B to switch B
  It seems that these switches are limited to one voice vlan....
  and that spanning tree BPDU's are ignored (or not recevied- havnt released the shark yet).  let me explain.
  originally when using "smart port" the switch with the lowest mac address, whatever Voice vlan was configured would take over the other switche's voice vlan, argh what a nightmare.
  I gave up on the GUI as its far to complcated and have Almost got this working.
  I am now using auto voice vlan, but have disabled smart macro. I hope that disabling smart macro stop other switches from learning the switch with the lowest mac address's voice vlan.  So far so good - in the LAB. No where was it documented in the cli guide how do disable this stupid feature.
  DHCP is working from scope on core, can mange the switches etc etc, access vlan voice vlan all good (after a monster battle).
  Now I have an issue with spanning tree.
  spanning tree priority for vlans 1-4094 on the 3750 is 4096.
  spanning tree priority for vlans 1-4094 on the SG-300's is 6xxxx.
  ALL switches think that they are the root. (well the "logical" 3 of them) The 3750's for all vlans, and the SG-300 for the one instance as it doesnt support per vlan.  (I am not interested in trying MST here..this is not a datacentre)
  On the 3750's Ive tried ieee, pvst, rpvst, while matching the non per-vlan equivalent on the SG series.
  What is the difference between a General port and Trunk Port on a SG-300 specific to spanning tree, native vlans (when you can just configure an untagged vlan anyway!!) and what is the relevance to the way the bpdu's are carried?
  And why the need for a PVID, when you can tell a port what is tagged and what isnt.
  Does the trunk need Vlan1 to be explicitly allowed, and untagged? Does the Po trunk need to be a general port with PVID configured? in vlan 1?
  I need to sort this, as cannot put an access switch into production that thinks it is the root of the tree.  I wish I had a 2960.... a 3500XL..anything
  Does anyone have CLI commands that can help here?

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Mutiple spanning-tree root bridges

  We've started installing some new 3650 switches (replacing 3560's at the access layer) running XE 03.03.05SE. We've run into some problems as a result of "ip device tracking" being on by default, but in the process of debugging I've found that three separate switches all believe they are the spanning-tree root bridge for the same VLANs. The new switches are by default in rapid-pvst mode; the distribution switches are set to rapid-pvst as well. All 3650's are dual-homed.
  SW1#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     78da.6e6f.6d00
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     78da.6e6f.6d00
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/4             Desg FWD 4         128.52   P2p
  Gi2/1/4             Desg FWD 4         128.116  P2p
  SW2#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     f40f.1b84.9680
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     f40f.1b84.9680
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/3             Desg FWD 4         128.51   P2p
  Gi1/1/4             Desg FWD 4         128.52   P2p
  SW3#sh span vlan 999
  VLAN0999
    Spanning tree enabled protocol rstp
    Root ID    Priority    33767
               Address     78da.6e6f.7180
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
               Address     78da.6e6f.7180
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Gi1/1/3             Desg FWD 4         128.51   P2p
  Gi2/1/4             Desg FWD 4         128.116  P2p
  Switch 1 seems to behave as if it is the real root, but this still does not make much sense to me. Does anyone have an explanation? It's been a long time since my switching class, and I very seldom have to deal with spanning-tree issues.

  Hi,
  Having more than one root switch for a VLAN is definitely a sign of some foul play. A contiguous VLAN can never have more than one root switch. Multiple root switches would occur if, for example, the trunks interconnecting the switches had this VLAN excluded from the list of allowed VLANs, or if they were interconnected by access ports (in a different VLAN) rather than trunks. Another possibility could be an inappropriately constructed MAC ACL or VLAN ACL inadvertently block BPDUs. In any case, this may be a source of serious trouble.
  Without further information about your network, it is difficult to suggest anything more specific. Would it be possible to post a diagram explaining your network topology? Also, would it be possible to post the show span root and show span bridge outputs from every switch in your network?
  Thank you!
  Best regards,
  Peter

• Change of spanning-tree root

  Hi,
  Would appreciate some advise on the following:
  The network has already been configured with spanning-tree root primary as well as secondary.
  Reassigning another switch to be the spanning-tree root primary/secondary, will it cause a downtime in the network? If yes, how long?
  Thanks,
  Christina

  I'm assuming PVST (not rapid-PVST nor MST, that should behave better)
  It is very hard to give an exact estimate of a downtime. First, it's not going to be a global downtime. You can basically compare the topology with your current root bridge and the one with your new root bridge. The ports that need to block in the new topology will block quickly, in a matter of few seconds. However, the ports that were blocked in the old topology and that need to be forwarding in the new topology will take a little bit more than 30 seconds to become forwarding (15 second listening + 15 second learning phases). The topology change mechanism will age out stale CAM entries in 15 seconds. If you add a little margin for BPDU propagation, I would estimate that you are looking at a connectivity loss of about a minute, in part of your network.
  The more blocked ports need to move from the old to the new topology, the most connectivity loss you will experience. Some feature like uplinfast are able to switchover quickly between their uplinks in case of root ID changing and will reduce the downtime dramatically. It's mainly the core bridges that will take time to unblock their port.
  Note that you can expect better convergence time when a better root is introduced in the network (you are lowering the numerical value of the secondary root priority so that it takes over the primary) than when the primary root is downgraded into secondary (you increase the numerical value of the primary root so that it becomes worse than the secondary).
  Regards,
  Francois

• Spanning tree root ports in back to back VPC

  Ok so I have a question about back to back VPC configuration.
  I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
  However I am seeing an issue on the agg layer.  Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
  Po1 is my uplink from the agg
  Po4 is my vpc peerlink on the Agg
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  Eth2/6           Altn BLK 2000      128.262  P2p

  a little more info.
  Po1 is my uplink to the core
  Po4 is my agg vpc peer.
  I see 2 paths to root on one swith.  it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4099 (port-channel4)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.d2c1
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4096 (port-channel1)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.ce41
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po3              Desg FWD 200       128.4098 (vPC) P2p
  Po4              Desg FWD 330       128.4099 (vPC peer-link) Network P2p

• Cisco Noob - Layer 3 Routing / VLAN / Spanning Tree

  Hi All ...
  I need some pointers on which commands / settings and where, I know what I want to achieve but the things I am trying seem to be 'mutually exclusive' - either that or i'm missing something - I am not a Cisco IOS expert but I know my way around a network.
  Take 3 3560 switches in Layer 3 mode, there is a 'local' fibre spanning tree ring serving mulriple switches on each, each ring is it's own IP segment / VLAN. There is then a trunk between each switch on which I want to establish a load sharing / spanning tree circuit i.e.
  SW1 hosts VLAN 2 via copper on fa0/1 -12, ip address 10.10.2.254
  SW1 hosts VLAN 3 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.3.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
  SW1 hosts VLAN 10, ip address 10.10.10.1 (trunks 1 and 2 have no IP address but are members of VLAN 10)
  SW2 hosts VLAN 4 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.4.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
  SW2 hosts VLAN 10, ip address 10.10.10.2 (trunks 1 and 2 have no IP address but are members of VLAN 10)
  SW3 hosts VLAN 5 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.5.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
  SW3 hosts VLAN 10, ip address 10.10.10.3 (trunks 1 and 2 have no IP address but are members of VLAN 10)
  SW1 G0/3 is a SMF trunk to SW2 G0/3
  SW1 G0/4 is a SMF trunk to SW3 G0/3
  SW2 G0/4 is a SMF trunk to SW3 G0/4
  The trunks are configured as "trunk encapsulation dot1q", ip routing is  enabled.
  I can get the trunks working OK - but I can't seem to get routing to work across them - if I define an interface on SW1 with an IP set in SW3 the switch complains so it can clearly see it so which command have I missed.
  All VLAN's are part of the same domain, each VLAN has it's own DHCP hosted on it's hosting switch. The VLAN ip address is excluded from DHCP and is the default gateway for each VLAN.
  All VLAN's must be able to reach VLAN2 (contains SQL servers and DNS, Time etc etc), the VLAN's are working, DHCP etc is all working - but I can't get anything other than VLAN 10 IP's to talk across the trunks - I've tried adding spanning-tree vlan 2,3,4,5,10 but this hasn't worked, the ip route-map shows nothing, if you show spanning-tree the trunk ports do show up as an interface for all VLAN's - and yet no traffic passes across them - show route displays nothing. I tried adding ip route 10.10.*.0 255.255.255.0 10.10.2.254 (where 10.10.2.254 is the ip address of VLAN 2) but that's done nothing.
  I have tried various combinations - unsuccessful so far - I need the trunks to be not only fault tolerant but load sharing which kind of negates fixing IP's on them - or does it ?? - what am I missing ?
  (switches are all running IP services IOS)

  Hi John ,, here is the sh ip route and sh ip eigrp from all three.
  The ip address I'm trying to reach from SW1, SW2 is 10.10.2.253 - the DNS server - the server is available and connected to a copper port designated and assigned to VLAN 2 (which has the root ip of 10.10.2.254) dhcp is not enabled for VLAN 2.
  I can ping the DNS box from VLAN 5 (same switch as VLAN 2).
  The copper ports on the SW1 and SW2 boxes refuse to 'come up' - they remain shutdown no matter what. I haven't yet configured VLAN 10 ....
  (NOTE - these switches are on the bench right now - I intend to ge tthe config sorted / tested and verified before they go into production)
  SWITCH 1 - Host for VLAN 3 and 10
  SW1#sh ip route
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is not set
       10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
  D       10.10.2.0/24 [90/3072] via 10.10.10.6, 01:19:29, GigabitEthernet0/2
  C       10.10.10.0/30 is directly connected, GigabitEthernet0/1
  C       10.10.10.4/30 is directly connected, GigabitEthernet0/2
  SW1#sh ip eigrp interfaces
  EIGRP-IPv4:(10) interfaces for process 10
                          Xmit Queue   Mean   Pacing Time   Multicast    Pending
  Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
  Gi0/2              1        0/0         1       0/1            0           0
  Vl3                0        0/0         0       0/1            0           0
  SW1#
  SWITCH 2 - Host for VLAN 4 and 10
  SW2#sh ip route
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is not set
       10.0.0.0/30 is subnetted, 2 subnets
  C       10.10.10.8 is directly connected, GigabitEthernet0/1
  C       10.10.10.0 is directly connected, GigabitEthernet0/2
  SW2#sh ip eigrp interfaces
  EIGRP-IPv4:(10) interfaces for process 10
                          Xmit Queue   Mean   Pacing Time   Multicast    Pending
  Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
  Gi0/2              0        0/0         0       0/1            0           0
  Gi0/1              0        0/0         0       0/1            0           0
  Vl4                0        0/0         0       0/1            0           0
  SW2#
  SWITCH 3 - Host for VLAN 2, 5 and 10
  SW3#sh ip route
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is not set
       10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
  C       10.10.10.8/30 is directly connected, GigabitEthernet0/1
  C       10.10.2.0/24 is directly connected, Vlan2
  C       10.10.10.4/30 is directly connected, GigabitEthernet0/2
  SW3#sh ip eigrp interfaces
  EIGRP-IPv4:(5) interfaces for process 5
                          Xmit Queue   Mean   Pacing Time   Multicast    Pending
  Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
  Vl2                0        0/0         0       0/1            0           0
  Vl5                0        0/0         0       0/1            0           0
  EIGRP-IPv4(0)(0) interfaces for process 0
                          Xmit Queue   Mean   Pacing Time   Multicast    Pending
  Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
  EIGRP-IPv4:(10) interfaces for process 10
                          Xmit Queue   Mean   Pacing Time   Multicast    Pending
  Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
  Gi0/2              1        0/0         1       0/1           50           0
  Vl5                0        0/0         0       0/1            0           0
  Vl2                0        0/0         0       0/1            0           0
  SW3#
  SW3#show vlan
  VLAN Name                             Status    Ports
  1    default                          active   
  2    SERVERS                          active    Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                  Fa0/17, Fa0/18, Fa0/19, Fa0/20
  4    DB5-LAN                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                  Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                  Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                  Gi0/1, Gi/2
  10   MANAGER                          active    Fa0/21, Fa0/22, Fa0/23, Fa0/24
  1002 fddi-default                     act/unsup
  1003 token-ring-default               act/unsup
  1004 fddinet-default                  act/unsup
  1005 trnet-default                    act/unsup
  VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
  1    enet  100001     1500  -      -      -        -    -        0      0  
  2    enet  100002     1500  -      -      -        -    -        0      0  
  3    enet  100003     1500  -      -      -        -    -        0      0  
  4    enet  100004     1500  -      -      -        -    -        0      0  
  5    enet  100005     1500  -      -      -        -    -        0      0  
  10   enet  100010     1500  -      -      -        -    -        0      0  
  1002 fddi  101002     1500  -      -      -        -    -        0      0  
  1003 tr    101003     1500  -      -      -        -    srb      0      0  
  1004 fdnet 101004     1500  -      -      -        ieee -        0      0  
  1005 trnet 101005     1500  -      -      -        ibm  -        0      0  
  Remote SPAN VLANs
  Primary Secondary Type              Ports
  PPS : I'm using ports Gi0/1 and Gi0/2 for now - I removed these from DB5-LAN and can now 'ping' from SW1 but not from SW2 - but the local copper is still dead on SW1 and SW2
  Copper channels not dead - faulty patch lead ... the simplest things ....

• VLAN Spanning-tree (VSTP) issue with Metro-E links

  Hi Everyone,
  We have Juniper EX 4200 as core switch at two sites connected Cisco  2960s and Cisco 3560s (access layer switches). For even-numbered VLANs,  one Juniper switch is root bridge and for odd-numbered VLANs, other  Juniper switch is the root bridge.
  We have Cox and Verizon Metro-E links connecting core switches (Juniper EX 4200 at both sites).
  I want to do VLAN load sharing using VSTP but somehow it is not  working as expected. I want to pass some VLANs through COX and some  through Verizon. When there is any issue with Cox, all VLAN traffic pass  through Verizon and vice-versa. RSTP is also enabled on both Juniper  switches.
  I see MAC flapping in log messages on all Cisco access layer switches  when I bring up both Metro-E links together. When only Cox is  connected, everything works fine. When only Verizon is connected,  everything works fine. But when BOTH COX and Verizon are connected,  network gets disrupt and I see MAC flapping on all Cisco switches. All  cisco switches are running PVST.
  Anybody knows what is happening  and why VSTP is not working when both COX and VERIZON Metro-E links are active ?

  Hi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
  Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
  In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
  -Tom
  Please mark answered for helpful posts

• Spanning Tree MST per Vlan, best practice

  Hi Community.
  I did the following MST Spanning Tree Config
  spanning-tree mst configuration
    name xxxxxxx
    revision1
    instance 1 vlan 1, 10-20, 25, 30
  So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
  I see lots of MAC Flaps on ports with two Server links and the outage is for some seconds.
  Is it a better practice to add all possible Vlans to the config. So I do the config like that:
    instance 1 vlan 1-4096
  What you think.
  Best Regards patrick

  Hi,
  So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
  Correct, that is normal behavior with MST.
  I would just add "instance 1 vlan 1-4094" this way there is no outage when you bring up a new vlan.
  HTH

• Identifying spanning-tree root switch

  Looking at a network with a 6509 at the core running in pvst mode. I think the 6509 is the root switch but need to confirm this.
  Show spanning-tree gives a bridge id and a root id. My understanding is that the root id should be the MAC address of the root switch.
  However I can't find the MAC address given as the root id in the 6509s mac address table, nor in the access switches mac address tables.
  I'm sure I'm missing something here - any ideas?

  Hi,
  in the output of "show spanning-tree" you should look for a line "This bridge is the root". The output will give you the root id and the bridge id of the switch, where you execute the command.
  The output looks like this:
  Router# show spanning-tree vlan 200
  VLAN0200
  Spanning tree enabled protocol ieee
  Root ID Priority 32768
  Address 00d0.00b8.14c8
  This bridge is the root
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Bridge ID Priority 32768
  Address 00d0.00b8.14c8
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Aging Time 300
  ------------- snip -----------
  The MAC used for creating the bridge id is not used for forwarding BPDUs and thus does not show up in the CAM table afaik.
  To find the root in a switch network, follow the root ports for a given spanning tree instance.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Moving spanning tree root bridge

  Hello everybody,
  I have a lot of vlans trunkated to one link(trunk). If I move root bridge for 1 vlan, do i have impact(recalculating) to all vlans in this trunk or only for this one.
  Thanks!

  do i have impact(recalculating) to all vlans in this trunk or only for this one??????

• Debug spanning-tree bpdu brought the network down

  I'm troubleshooting a pair of Dell Power-Connect switches in a Dell blade chassis connected to a pair of Cisco 4900M switches. I have my 4900M switches set as spanning-tree root and backup root. The Dell switches are connected via LACP trunks to the 4900M's. Dell switch 1 to 4900 #1 and Dell switch 2 to 4900M #2. Both of the Dell switches are reporting as root switches.
  I was trying to troubleshoot this yesterday and ran 'debug spanning-tree bpdu' on the primary 4900M. There was a masive amount of BPDU events scrolling by. This debug command actually took the network down. The primary 4900M was non-responsive and the secondary unit had it's CPU go to 100%. The fix was to power cycle the primary 4900M.
  Why did this command take my network down?
  --Patrick

  Typically, the device prioritizes console output ahead of other functions. The debug spanning-tree bpdu generates a lot of output. That is what jumped the CPU to 100% and ultimately caused the device to crash.
  You should be very careful with debug commands and log to the internal buffer, instead of the console.
  See: http://www.cisco.com/c/en/us/support/docs/dial-access/integrated-services-digital-networks-isdn-channel-associated-signaling-cas/10374-debug.html.

• Spanning Tree VLAN Priority Issue

  We have two 6500E switches and running spanning tree with rapid-pvst.We have also configured per vlan spanning tree priority with 100,200 so odd vlan have one switch hight priority and even vlans have  another switch high priority.
  I have created new vlan 10 and tring to add spanning tree priority to the switches i am getting the following error
  Core-switch(config)#spanning-tree vlan 10  priority 100
  % Bridge Priority must be in increments of 4096.
  % Allowed values are:
    0     4096  8192  12288 16384 20480 24576 28672
    32768 36864 40960 45056 49152 53248 57344 61440
  Can some experts help me why i am getting the above message and how can i add the priority to the same as existing vlans

  Hi ,
   Spanning tree priority can be set in increment of 4096 , any other values will be rejected . if you want to know about priority value of existing vlan execute command show spanning-tree vlan X / show spanning-tree command which will show you switch priority value 
  Step 2 
  spanning-tree vlan vlan-idpriority priority
  Configure the switch priority of a VLAN.
  •For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.
  •For priority, the range is 0 to 61440 in increments of 4096; the default is 32768. The lower the number, the more likely the switch will be chosen as the root switch.
  Valid priority values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
  HTH
  Sandy

• Spanning Tree and Admin mac address issues srw2048

  Ok, I have a somewhat complex problem and hopefully someone may shed some light or have an idea as to whats wrong.
  First the scenario:
  I have two Cisco Cat 6509's etherchanneled to each other via two fiber cables.  One of these is the STP/RSTP root.  I have two SRW2048's.. one trunked to each of these 6509 switches.  There is also a trunk between the SRW2048's.  All this is to create a redundant topology so that if one of the switches fail's the others can still forward packets to each other.  Of course the scenario described is in fact a loop that should be handled by STP/RSTP.  I have RSTP enabled on all the switches in the scenario (PV RSTP on the cisco switches as they only do Cisco's brand of per vlan spanning tree).  There are 3 vlan's configured on each of the srw2048's (2,55,96).  There are corresponding vlan's also on the 6509's.  I have put the srw2048's management interface into vlan 2.
  The problem:
  I need to forward packets between the srw2048's primarily and only use the 6509 that is not the root when a failure happens.  I have configured the non-root 6509's spanning tree cost on the etherchannel to be higher then the alternate path through the srw's to the root.  I can hook everything up and view the spanning tree and see that the srw2048's interface that goes to the non-root 6509 is blocked, and all other interfaces on the other switches are forwarding.  I can in fact ping and get to the admin interface on all the switches.  Then for some strange reason the admin interface of the srw2048 plugged into the non-root 6509 stops responding.  If I disable either the interface its plugged into on the 6509 or the other srw2048 everything starts working again.  Sometimes it responds after many failures for no apparent reason.  I looked into the mac-address table on the 6509's and they are conflicting, pointing to each other for the mac-address of the broken srw2048.  When I clear the mac-table the admin port comes back for about 5 seconds then again goes dark.  When reviewing mac-table on the 6509's they are back to pointing to each other.  The odd thing (although I haven't confirmed this completely) is that hosts placed into vlan 2 on that same srw2048 seem to work fine.  If there was an STP loop or something misconfigured, I would expect it to effect any host in vlan 2 or the other vlan's for that matter on the srw2048 that stops responding.  Alas, I am stuck because I need to manage this switch remotely.  My only thought is that for some reason even when the STP status is blocked the broken srw2048 is still sending out arp's of its admin interface and bypassing the STP protocol.  I have no way to confirm this, but maybe someone has an idea as to what I'm doing wrong, or otherwise offer a solution.  For now, I simply removed vlan 2 from the 6509 that the broken srw2048 is plugged into and everything seems fine.
  My apologies for such a long post, but this is somewhat complicated.  Thanks in advance for any info.
  -Geoff
  Message Edited by gmyers on 08-19-2008 10:35 PM

  To follow up, I had a ticket open with Linksys about this for about 3 months with no resolution.  I submitted packet captures, stp outputs, etc and no luck.  I gave up and basically had to revert to a manual failover for redundancy.  It's no perfect or fast, but it works every time.
  Unless linksys issues a firmware upgrade with this as a fix, I doubt we will be able to ever resolve this on our own.

• My Interface VLANS keep going up, and then down!

  I have an 1841 router and a 2950 switch and VLANing/trunking from scratch for the first time. Keep in mind that if you see any unnecessary config don't feel bad to point it out. I am just compiling bits and pieces of what I know and what I'm reading. I want 3 VLANS on the switch. VLAN1 is the default with all of the ports right now and working fine with forwarding? out of the box. I guess I will make this my management/native? VLAN when everything is moved over.
  VLAN2 will be workstations 10.1.2.0 255.255.255.0
  VLAN3 will be voice. 10.1.3.0 255.255.255.0
  VLAN4 will be servers. 10.1.4.0 255.255.255.0
  I have set port 0/48 on the switch as a trunk with the below config:
  interface FastEthernet0/48
  description SWT-RTR-TRUNK
  switchport access vlan 2
  switchport trunk allowed vlan 2-4
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast
  Switch VLANS:
  interface Vlan1
  no ip address
  no ip route-cache
  shutdown
  interface Vlan2
  description Workstation VLAN
  ip address 10.1.2.2 255.255.255.0
  no ip route-cache
  shutdown
  interface Vlan3
  description Voice VLAN
  ip address 10.1.3.2 255.255.255.0
  no ip route-cache
  shutdown
  interface Vlan4
  description Server VLAN
  ip address 10.1.4.2 255.255.255.0
  no ip route-cache
  shutdown
  Router Config:
  interface FastEthernet0/1
  description Workstation IP
  ip address 10.1.2.1 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1.1
  description Voice IP
  encapsulation dot1Q 3
  ip address 10.1.3.1 255.255.255.0
  no snmp trap link-status
  interface FastEthernet0/1.2
  description Server IP
  encapsulation dot1Q 4
  ip address 10.1.4.1 255.255.255.0
  no snmp trap link-status
  For like a few minutes, I was able to ping all interfaces on the router 4.1,3.1,2.1 from the switch. BUT, I was unable to ping the switch interfaces 4.2,3.2,2.2. So, I looked at the switch vlans... and they were all shutdown. I tried to no shutdown on lets say vlan4, and write mem and it's fine. I try to bring up another and 4 goes back to saying shutdown. The shutdown is hopping around and I cannot ping anything any more. Anyone know what I have wrong?
  Thanks!

  As previous poster said , the 2950 is a layer 2 switch only ,cannot do any routing . As such it can only have 1 ip address which is to manage the switch and nothing else , all routing between vlans is done by your router over your trunk link between the router and the 2950 so choose what you want the address to be to manage the switch and that is the only address you will need and why it keeps shutting all others down because only 1 active ip address is allowed . If you want the management ip to be an address in vlan 2 then you create the layer 3 SVI and put your interface on that interface . Delete all other layer 3 SVI's they are not needed. Also you will need to define your ip default-gateway pointing towards the router address of whatever vlan you decide to use for management.