When is it appropriate to use "spanning-tree bpdufilter enable"

Similar Messages

• When is it appropriate to use a servlet in a JSP/JSF environment?

  I have inherited a fairly old JSP-based application. I know that I need to update its technologies, in particular the use of AJAX so that I don't need to keep refreshing the page each time I want more data from the server. The problem is that I don't know a great deal about other technologies. There seem to be so many conflicting opinions about the way to go regarding servlets and JSP and JSF (and possibly JavaBeans). I am probably going to start using JSF and AJAX. I mention this to give you some background info. My real question is: when is best/appropriate to use a servlet? From what I have seen I do not want to use a servlet for generating HTML output - that seem just so last decade! But do they still have a good use over more modern technologies? Also, when is it appropriate to use JavaBeans? Are JavaBeans a thing of the past (or just plain inappropriate) for web applications?
  Regards,

  I suggest going to the bookstore and looking for a book on JSF and reading it cover to cover. It may tell you where servlets come into the picture (if at all). I suggest paying attention to MVC design that it discusses, and working through the examples before working on your project (assuming you have the time). Then creating a simple project and refactor it over and over to meet MVC.
  For your project, I suggest just doing ONE JSF page (and its underlying database access) and refactor it over and over again (MVC) before doing the other JSF pages. This way, you dont have to refactor 34 JSF pages to correct the same mistake appearing in all the pages (saves a LOT of time).
  I don't know enough about AJAX to really comment on it. However, I would ask myself if refreshing the JSF page is really enough of a concern for your end-users to make it worth while to use AJAX on this project.

• When is it appropriate to use DataSource (or Connection pooling)?

  Hello all,
  I'm having some design issues with my application and I'm starting to think that maybe using Connection pooling is not suited for my application. I'm using Tomcat 5.5.12 if it's any relevant..
  The architecture of our application looks like this:
  Servlets -> App Helper classes -> DB/Accessor classes
  looks like the three-tier architecture described in this document: http://www.subrahmanyam.com/articles/servlets/ServletIssues.html
  I have read on the Tomcat docs that said that using DataSource is good practice and improves efficiency since it recycles database connections. However, if the accessor/DB classes are not servlets, how can I use the DataSource facility that interacts with Tomcat?
  I would like to know whether it is a good idea to use DataSource in my case and if so, how? (since they are not servlets)
  Thanks in advance :)

  Hi. Thank you for replying.
  In the examples that I've seen that use JNDI for Database access, it seems that DataSource is always used--in other words, JNDI and DataSource always seem to be used together (in Servlets). I have not found a case where JNDI is used by itself to access the Database--perhaps I'm not looking in the right place. Could you point me to some documentation maybe?
  Thanks a lot!

• ISE - 802.1X - Loop not detected by spanning-tree

  Hello,
  I have recently implemented the 802.1X on switchs 3750-X running 15.0(2)SE IOS version.
  The spanning-tree bpdufilter and bpduguard are globally enabled on the switchs.
  A user has created a loop on the network by connecting its Cisco IP-Phone twice on the network : one wire connected normally from switch to the RJ-45 phone connector and the second wire that should be connected to the PC had also been connected to the switch !
  The loop created has not been detected by the switch !
  I have made several tests and re-created the problem 3 times on 4 (only one time, the loop has been detected by bpduguard  20 seconds after the port up).
  Notice that without 802.1X configured on the same switch port, the loop is quickly detected and ports are err-disabled shutdown.
  Switch port with 802.1X is following :
  interface GigabitEthernet1/0/9
  switchport access vlan 950
  switchport mode access
  switchport nonegotiate
  switchport voice vlan 955
  no logging event link-status
  authentication control-direction in
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 950
  authentication event server dead action authorize voice
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 10
  storm-control broadcast level 10.00
  storm-control multicast level 10.00
  spanning-tree portfast
  If I change the host-mode to multi-domain, a MAC violation restriction occurs and shutdown the port. But this is not the config I need.
  Is there any reason for spanning-tree not works properly with 802.1X ?
  Thanks,
  Olivier

  Hello Olivier
  When using bpdufilter, bpduguard and portfast all at the same time there are many things going on which are not well documented. Now when you add 802.1x to the mix then you really have no documentation. I had to do many labs on my own to finally have my configuration, and also discovered some bugs. According to my experience you shouldn't use bpdufilter and you should use bpduguard on the switchport not in the global config.
  Please read the following links about the differences between global and port bpdufilter, differences between global and port bpduguard, configuring bpduguard along with portfast , configuring bpdufilter along with portfast, and configuring bpduguard along with bpdufilter.
  http://aitaseller.wordpress.com/2010/01/17/bpdu-filter-vs-bpdu-guard-what-is-the-difference/
  http://costiser.wordpress.com/2011/05/23/subtle-difference-for-portfast-bpdufilter-used-together-globally-or-at-interface-level/
  https://learningnetwork.cisco.com/thread/21103
  http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
  Please rate if this helps

• About Spanning tree problem

  I am a newbie for cisco switch.
  I need a failover solution for both switch and AP Bridge link on both side.
  I have 2 of location (Location A and Location B)
  Location A
  There has 3 set of cisco 2960 switch.
  switch C is active switch
  switch A is redundancy switch , it will be active when primary Wi-FI Link and switch C is failure.
  Location B
  There has 3 set of cisco 2960 switch
  switch D is active switch
  switch B is redundancy switch ,it will be active when primary Wi-Fi Link and switch D is failure.
  I would like to use spanning tree protocol for this case.
  As show my diagram, Can it achive failover for both switch and AP bridge link if I use this network design
  Please help to comment
  Thanks
  John

  Hi John,
  This is achievable. The best way to do this is, If you can control the client switches,
  make the Client switch at location A, the root primary for the STP domain.
  On the Client switch at location B, make the STP cost high on the port towards the Switch B.
  Assuming all other STP settings are on default values,  this should block the link between LocationB client switch and Switch B. So all your traffic will take the path through switchC-SwitchD.
  If the Wifi Bridge fails (AP3-AP4), the blocked link will start forwarding (make sure you are using rapid spanning tree for fast transition)
  Now the most important thing in this design is to make sure that the Wifi bridges pass STP BPDU traffic, if they don't, this will not work.
  Even if one of the switches fails on the active path, the backup path would still kick in.. 
  Let me know how you go with this..
  please rate helpful posts.. :)

• Spanning-tree portfast trunk

  Hi all,
  i read that portfast should only be enabled on access ports  not on trunk ports.
  when this command is used
  spanning-tree portfast trunk?
  under what cases we will use portfast command on trunk port ?
  thanks
  mahesh

  .... and there is one more case:
  you have access switch full of users and you want to provide them redundancy for internet connection, sou you use HSRP for example and now you have switch connected to 2 or more routers with internet links
  now, those links between switch and routers are also trunks and the topology is like a triangle with the switch on the tip , omitting PCs for now , at this point the only device taken into consideration is the switch - others don't use STP because routers have configured IP addresses on subinterfaces (each for one VLAN) so they break BRdomain and computers don't care about STP. In this case, you are sure that no routing loop can occur because other devices (all of them are L3) are boundary for that L2 segment and arp requests broadcasted in your LAN stay inside.
  What you've just managed to make is faster trunk transition to UP state so after reload of that switch, your users can quickly use network again.

• Spanning tree loops

  Hi we are having regular spanning tree issues in our network.
  On our config we do not have bpduguard configured from what I can see? Could this be an issue?
  What can be done centrally on the core switches to remove this threat? Are their default configs that a wise network administrator would apply as standard?
  HELP!

  HI Mike [Pls Rate if HELPS]
  Refer link below for examples and identify redundant links, root and backup root bridge etc..
  http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml#intro
  Refer link for usage guidelines in implementing loopguard, bpdu guard etc..
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/stp_enha.html#wp1019943
  A Cisco router will give you a warning when you configure PortFast:
  SW1(config)#int fast 0/5
  SW1(config-if)#spanning-tree portfast
  %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
  %Portfast has been configured on FastEthernet0/5 but will only
  have effect when the interface is in a non-trunking mode.
  SW1(config-if)#
  Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.
  But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn't even in your network!
  BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.
  BPDU Guard is off on all ports by default, and is enabled as shown here:
  SW1(config)#int fast 0/5
  SW1(config-if)#spanning-tree bpduguard enable
  It's a good idea to enable BPDU Guard on any port you're running PortFast on. There's no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!
  Refer link below for Understanding Spanning Tree Protocol:
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cwsiug2/vlan2/stpapp.htm
  Hope i am Informative and this HELPS.
  PLS RATE if HELPS
  Best Regards,
  Guru Prasad R

• Do I configure spanning-tree port type ed trunk on LACP port-channels

  Hello,
  Can't seem to see a clear answer and wondering if something could offer some advice please?
  We are using LACP aggregation across all our 10 gig attached servers and also trunking them.  We're running a VPC pair of 5596 Nexus.
  For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
  However I think I should be adding this to the overiding port-channel config.  At present a colleague has configured the VPC below omitting the spanning-tree port type config.
  interface port-channel100
    description a-server
    switchport mode trunk
    switchport trunk allowed vlan 100
    vpc 100
  The port member configs are these which do contain the spanning tree port type:
  interface Ethernet1/1
    description a-server(1)
    switchport mode trunk
    switchport trunk allowed vlan 100
    spanning-tree port type edge trunk
    channel-group 100 mode active
  I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
  However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
  However I have this issue with STP:
  Switch1# show spanning-tree interface po100
  Vlan             Role Sts Cost      Prio.Nbr Type
  VLAN0100         Desg BKN*200       128.4996 (vPC) Network P2p *BA_Inc
  Is this due to the inconsistency with my port channel to member configs?
  Any advice would be gratefully accepted.
  Thanks!

  Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
  There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
  Evren

• The spanning-tree add strange value when I create new Vlans

  Hi,
  On all switchs access, the spanning-tree add strange value when I create new Vlans from Distrib Layer,
  and no association is created with any interface with spanning-tree vlan 700, see below in this exemple,
  until I reboot the switch.
  somebody already saw this values ?
  DSFDS112#sh span sum
  Switch is in rapid-pvst mode
  Root bridge for: none
  EtherChannel misconfig guard is enabled
  Extended system ID           is enabled
  Portfast Default             is disabled
  PortFast BPDU Guard Default  is disabled
  Portfast BPDU Filter Default is disabled
  Loopguard Default            is enabled
  UplinkFast                   is disabled
  Stack port is StackPort1
  BackboneFast                 is disabled
  Configured Pathcost method used is long
  Name                   Blocking Listening Learning Forwarding STP Active
  VLAN0001                     0         0        0          3          3
  VLAN0002                     0         0        0         22         22
  VLAN0006                     0         0        0          3          3
  VLAN0007                     0         0        0          8          8
  VLAN0009                     0         0        0          4          4
  VLAN0010                     0         0        0          3          3
  VLAN0011                     0         0        0          3          3
  VLAN0012                     0         0        0          3          3
  VLAN0013                     0         0        0          3          3
  VLAN0090                     0         0        0         15         15
  VLAN0109                     0         0        0          3          3
  VLAN0200                     0         0        0          4          4
  VLAN0300                     0         0        0         26         26
  VLAN0302                     0         0        0          4          4
  VLAN0700               -   253  -1872756560  2087191206  -1872756549  2080375982
  VLAN0702               -   253  -1872756560  2087191206  -1872756549  2080375982
  VLAN0704                     0         0        0          4          4
  VLAN0710               -   253  -1872756560  2087191206  -1872756549  2080375982
  VLAN0816                     0         0        0          3          3
  VLAN0820                     0         0        0          3          3
  20 vlans               -   759  -1323302384  1966606322  -1323302237  1946160764
  DSFDS112#sh span vlan 700
  VLAN0700
    Spanning tree enabled protocol rstp
    Root ID    Priority    4796
               Address     0008.e3ff.fcbc
               Cost        10000
               Port        608 (Port-channel1)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    62140  (priority 61440 sys-id-ext 700)
               Address     885a.9213.6880
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec
  Interface           Role Sts Cost      Prio.Nbr Type
  Po1                Root FWD 10000     128.608  P2p
  DSFDS112#sh run int Gi1/0/25
  Building configuration...
  Current configuration : 194 bytes
  interface GigabitEthernet1/0/25
   description Station12
   switchport access vlan 700
   switchport mode access
  end
  DSFDS112#sh span interface Gi1/0/25
  no spanning tree info available for GigabitEthernet1/0/25
  DSFDS112#sh int status interface Gi1/0/25
  Port      Name               Status       Vlan       Duplex  Speed Type
  Gi1/0/25  Station12          connected    700          full    100 10/100/1000BaseTX
  Thanks for your help,
  Regards.

  Venki,
  The ORA-00942 is okay because there is no existing object. But what stuck me is the ORA-01921 error which may indicate that this might not be a new database.
  CREATE ROLE exp_full_database
  ERROR at line 1:
  ORA-01921: role name 'EXP_FULL_DATABASE' conflicts with another user or role name
  CREATE ROLE imp_full_database
  ERROR at line 1:
  ORA-01921: role name 'IMP_FULL_DATABASE' conflicts with another user or role name
  Are there any existing databases on this server? Have you tried to create it on other machine?I searched on Metalink too and found Doc ID: 237486.1 ORA-29807 Signalled While Creating Database using DBCA which say that eroror could be ignored. You may want to review that as well.
  Ittichai

• I am trying to find out how to assign files with particular extensions to the appropriate software. At the moment when I create a file using Word it is apparently given the extension .docx but Word doesn't recognise its own files. How do I alocate th

  I am trying to find out how to assign files with particular extensions to the appropriate software. At the moment when I create a file using Word it is apparently given the extension .docx but Word doesn't recognise its own files. How do I allocate the extension .docx to Word? There used to be a way of doing it, I think under "Preferences" but I can't seem to find it.

  Still in the same location:
  File > Get Info > Open with (select) > Change All (button)

• Spanning tree - balanced without use vlan ?

  Hi, i´m sorry if this is a classic question.
   i have implemented rapid pvst like show in the image. The dotted lines are the alternative links. (image 1)
  SwitchA# spanning-tree vlan 1 root primary
  SwitchB# spanning-tree vlan 1 root secondary
  I want to make a kind of balancing like image 2. But the problem is that i have vlan 100 (and other vlans) in side A and Side B.
    So, if i make 
  SwitchB: spanning-tree vlan 100 root primary
  SwitchA: spanning-tree vlan 100 root secondary
    The SwB it change to primary for vlan 100. 
    But i want to the switchB be the primary for side A and secondary for side A. No matter the vlan. Is possible?
  Thanks a lot!
  IMAGE 1
  IMAGE 2
  PS: Later i will implement HSRP.

    Hi, i know that is possible, but doing this the result is unbalanced for mi network. For example vlan 20 reside in all switches and vlan 21 reside in only one switch. 
    i want to the switchA be the primary for side A and secondary for side B. No matter the vlan. Like image 2.
    I hope to be clear.
  Thanks.

• Spanning Tree and Admin mac address issues srw2048

  Ok, I have a somewhat complex problem and hopefully someone may shed some light or have an idea as to whats wrong.
  First the scenario:
  I have two Cisco Cat 6509's etherchanneled to each other via two fiber cables.  One of these is the STP/RSTP root.  I have two SRW2048's.. one trunked to each of these 6509 switches.  There is also a trunk between the SRW2048's.  All this is to create a redundant topology so that if one of the switches fail's the others can still forward packets to each other.  Of course the scenario described is in fact a loop that should be handled by STP/RSTP.  I have RSTP enabled on all the switches in the scenario (PV RSTP on the cisco switches as they only do Cisco's brand of per vlan spanning tree).  There are 3 vlan's configured on each of the srw2048's (2,55,96).  There are corresponding vlan's also on the 6509's.  I have put the srw2048's management interface into vlan 2.
  The problem:
  I need to forward packets between the srw2048's primarily and only use the 6509 that is not the root when a failure happens.  I have configured the non-root 6509's spanning tree cost on the etherchannel to be higher then the alternate path through the srw's to the root.  I can hook everything up and view the spanning tree and see that the srw2048's interface that goes to the non-root 6509 is blocked, and all other interfaces on the other switches are forwarding.  I can in fact ping and get to the admin interface on all the switches.  Then for some strange reason the admin interface of the srw2048 plugged into the non-root 6509 stops responding.  If I disable either the interface its plugged into on the 6509 or the other srw2048 everything starts working again.  Sometimes it responds after many failures for no apparent reason.  I looked into the mac-address table on the 6509's and they are conflicting, pointing to each other for the mac-address of the broken srw2048.  When I clear the mac-table the admin port comes back for about 5 seconds then again goes dark.  When reviewing mac-table on the 6509's they are back to pointing to each other.  The odd thing (although I haven't confirmed this completely) is that hosts placed into vlan 2 on that same srw2048 seem to work fine.  If there was an STP loop or something misconfigured, I would expect it to effect any host in vlan 2 or the other vlan's for that matter on the srw2048 that stops responding.  Alas, I am stuck because I need to manage this switch remotely.  My only thought is that for some reason even when the STP status is blocked the broken srw2048 is still sending out arp's of its admin interface and bypassing the STP protocol.  I have no way to confirm this, but maybe someone has an idea as to what I'm doing wrong, or otherwise offer a solution.  For now, I simply removed vlan 2 from the 6509 that the broken srw2048 is plugged into and everything seems fine.
  My apologies for such a long post, but this is somewhat complicated.  Thanks in advance for any info.
  -Geoff
  Message Edited by gmyers on 08-19-2008 10:35 PM

  To follow up, I had a ticket open with Linksys about this for about 3 months with no resolution.  I submitted packet captures, stp outputs, etc and no luck.  I gave up and basically had to revert to a manual failover for redundancy.  It's no perfect or fast, but it works every time.
  Unless linksys issues a firmware upgrade with this as a fix, I doubt we will be able to ever resolve this on our own.

• Switching Best Practice - Spanning Tree andEtherchannel

  Dear All,
  Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
  1. Manually configure STP Root Bridge.
  2. On end ports, enable portfast and bpduguard.
  3. On ports connecting to other switches enable root guard.
  In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
  Thank You,
  Abhisar.

  Hi Abhisar,
  Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
  On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
  Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
  Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
  If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
  My $0.02...
  Best regards,
  Peter

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

• 2950 spanning tree issue

  Here is the problem we are having , we have a 2950 hooked to a 6509 hybrid dist box with approx 90 vlans on it . We hook up a new 2950 and we get the following message, Dec 21 19:47:45.116: %SPANTREE_VLAN_SW-2-MAX_INSTANCE: Platform limit of 64 STP instances exceeded. No instance created. Ok , I know about the spanning tree issues with the 2950 only having limited PVST instances . But up at the dist side we have "manually pruned off all but 5 vlans on the trunk feeding this 2950 with the "clear trunk" command . I thought manually pruning off the vlans from the trunk would eliminate this problem , maybe i have a misunderstanding of how this works. Also the message on the 2950 complains about it only having 64 instances of spanning tree yet when you do a "show vtp status it says it supports 250 instances locally so whats up with that , 2950 running 12.1.22EA4 . So I guess I'm asking is there any way around this for the 2950 . Also in client/server mode do you have to manually prune off the vlans on both the server side and the client side ??

  Hello Glen,
  I guess instead of manually pruning the VLANs off the trunk, you could also try and enable VTP pruning globally on the 6509 (set vtp pruning enable). I assume you have the 6509 configured as the VTP server (set vtp mode server) ?
  I am not sure if CatOS and IOS defaults to the same VTP version, can you check this (with 'show vtp domain' for CatOS and 'show vtp status' for the IOS switch) ?
  Also, in a purely IOS environment, manually pruning VLANs off a trunk requires doing that only on the server side, but with a mix of CatOS and IOS, it might have to be done on both sides, you might want to give it a try and use the 'switchport trunk allowed' command on the 2950 as well...
  Regards,
  GP