Solved

Cisco 2950 switch - enabling spanning tree

Posted on 2004-04-05
12
2,493 Views
Last Modified: 2007-12-19
Hi,

I've got a Cisco 2950 switch that I want to enable spanning tree protocol on.

I've been reading the IOS cmd reference at:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087463.html
and used the relevant commands, but when I do a "show spanning" it gives me:

========
switch1#sho span

Spanning tree 1 is not currently active
No parameters have been configured
========
switch1#sho ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-C3H2S-M), Version 12.0(5.3)WC(1), MAINTENANCE INTERIM SOFTWARE
========

To try and enable it on VLAN 100, I do:
crm_switch1(config)#spanning-tree vlan 100

which just takes me back to the prompt (ie. no error).

If I do a show vlan, I can see that it is NOT enabled on any of the VLANs:

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
10   enet  100010     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        ibm  -        0      0


The reason for needing STP is that this network has an ethernet<->Token Ring bridge (2600 Cisco router actually) that is bridging the two. I am having a problem with a Linux machine on the TR network not being able to talk to the eth segment and one of the suggested resolutions is to enable STP, hence my requirement.



0
Comment
Question by:td_miles
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
Comment Utility
It does not make logical sense to need to enable spanning-tree on an interface that connects to a router.
Have you tried re-setting the MTU on the Linux machine? TR defaults to 4500, Ethernet is 1500.
Unless you have specifically configured it otherwise:

Defaults

Spanning tree is enabled on all VLANs.
The forward-delay time is 15 seconds.
The hello time is 2 seconds.
The max-age is 20 seconds.
The primary root switch priority is 24576.
The secondary root switch priority is 28672.

Try these commands:
show spanning-tree active
show spanning-tree detail


0
 
LVL 1

Expert Comment

by:roddie
Comment Utility
This might be a stupid question, but do you have vlan 100 assigned to any ports?

You should also enter "vlan database" mode and confirm that the vlan is created properly.

"show vlan 100" output might help me with a bit more information.

Roddie
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 150 total points
Comment Utility
Here are my comments:
1. If the Linux box is on the other side of the router, spanning tree (or the lack) on the 2950 switch will have no impact on Linux box connectivity. The purpose of spanning tree is to prevent Layer 2 loops. The router is a Layer 2 boundary.

2. The output you gave us for "show vlan" is normal, don't worry about it.

3. MTU size difference shouldn't be a major issue unless the "Do Not Fragment" bit is being set by the applications running on it. Normally it isn't and the router will take care of differing MTU sizes.

3. Are there other devices on the Token Ring that do work correctly? If so, the problem is with the Linux box, not your network. Check netstat -rn and see if it's routing is configured correctly. Perhaps it is running a dynamic routing protocol and something is giving it a false route to the ethernet. Is there more than one way out of the token ring? Maybe it needs to have a route configured to the ethernet because it's default is sending it the wrong way.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
Further comment/question: If my above advice didn't help, please provide more information: Is the router actually bridging as you said, or are they on different IP subnets? What exactly is the problem that the Linux box is experiencing?

I would disagree with lrmoore that it doesn't make sense to enable spanning tree on a port connected to a router. It depends what you are doing.

Spanning tree is enabled by default on any VLAN you configure, unless you've specifically disabled it. You won't see it in the configuration for that reason.
0
 
LVL 13

Author Comment

by:td_miles
Comment Utility
output requested:

switch1#sho spanning-tree active
                          ^
% Invalid input detected at '^' marker.

switch1#sho spanning-tree detail
                          ^
% Invalid input detected at '^' marker.

### I'm guessing that those commands are from a newer IOS, so here is the output from some one DOES exist :)

switch1#sho spanning-tree brief

VLAN10
  Spanning tree enabled protocol IEEE
  ROOT ID    Priority 32768
             Address 0007.5015.a582
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     0007.5015.a582
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec


Port                           Designated
Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID
------- ------- ---- ---- ---  ----  -------------- -------
Fa0/1   128.7   128  19   FWD  0     0007.5015.a582 128.7
Fa0/2   128.8   128  19   FWD  0     0007.5015.a582 128.8
Fa0/3   128.9   128  19   FWD  0     0007.5015.a582 128.9
Fa0/4   128.10  128  19   FWD  0     0007.5015.a582 128.10
Fa0/5   128.11  128  19   BLK  0     0007.5015.a582 128.11
Fa0/6   128.12  128  100  BLK  0     0007.5015.a582 128.12

VLAN100
  Spanning tree enabled protocol IEEE
  ROOT ID    Priority 32768
             Address 0007.5015.a581
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     0007.5015.a581
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec


Port                           Designated
Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID
------- ------- ---- ---- ---  ----  -------------- -------
Fa0/7   128.13  128  100  FWD  0     0007.5015.a581 128.13
Fa0/8   128.14  128  19   FWD  0     0007.5015.a581 128.14
Fa0/9   128.15  128  100  FWD  0     0007.5015.a581 128.15
Fa0/10  128.16  128  19   FWD  0     0007.5015.a581 128.16
Fa0/11  128.17  128  19   FWD  0     0007.5015.a581 128.17
Fa0/12  128.18  128  19   FWD  0     0007.5015.a581 128.18
Fa0/13  128.19  128  19   FWD  0     0007.5015.a581 128.19
Fa0/14  128.20  128  100  FWD  0     0007.5015.a581 128.20
Fa0/15  128.21  128  19   FWD  0     0007.5015.a581 128.21
Fa0/16  128.22  128  19   FWD  0     0007.5015.a581 128.22


Port                           Designated
Name    Port ID Prio Cost Sts  Cost  Bridge ID      Port ID
------- ------- ---- ---- ---  ----  -------------- -------
Fa0/17  128.23  128  19   FWD  0     0007.5015.a581 128.23
Fa0/18  128.24  128  19   FWD  0     0007.5015.a581 128.24
Fa0/19  128.25  128  19   FWD  0     0007.5015.a581 128.25
Fa0/20  128.26  128  19   FWD  0     0007.5015.a581 128.26
Fa0/21  128.27  128  19   FWD  0     0007.5015.a581 128.27
Fa0/22  128.28  128  19   FWD  0     0007.5015.a581 128.28
Fa0/23  128.29  128  19   BLK  0     0007.5015.a581 128.29
Fa0/24  128.30  128  19   BLK  0     0007.5015.a581 128.30

switch1#sho vlan 100
                 ^
% Invalid input detected at '^' marker.


---------------

Now to answer comments:

> Have you tried re-setting the MTU on the Linux machine?
No, I haven't. I will check this, but I can't do it right now, as due to this problem, I can't get to the Linux box remotely and have to physically go to the console to do anything. I have my doubts that this is the problem as someone else said the MTU differences should be taken care of by the bridge, which I tend to agree with.

> This might be a stupid question, but do you have vlan 100 assigned to any ports?
Yes. As you should be able tell from the above output ports 1-6 are assigned to VLAN 10 & ports 7-24 are in VLAN 100. The bridge is connected to one of the ports in VLAN 100.

> 3. Are there other devices on the Token Ring that do work correctly? If so, the problem is with the Linux box,
> not your network.
Yes, there are plenty of other devices that are working fine on the TR network. The only one that isn't is the Linux box, which now that I write this makes it seem quite obvious where the problem lies. The only reason I was questioning about STP protocol was in response to something I read when I did some googling for Linux TR problems, the post said that Linux could have problems if STP wasn't enabled for a TR card. I know it is enabled on the bridge, but couldn't be sure about the switch, hence this question.

> Check netstat -rn and see if it's routing is configured correctly. Perhaps it is running a
> dynamic routing protocol and something is giving it a false route to the ethernet.
I will check this, although no dynamic routing protocols are being used and unless the Linux install (RH9) decided to enable one by default there shouldn't be.

> Is there more than one  way out of the token ring?
No, there is a single eth/TR bridge (2600 router with one eth int & one TR int).

> Maybe it needs to have a route configured to the ethernet because it's default is sending it the wrong way.
Possibly, but the ethernet NIC in the Linux box is disabled and it only has the TR interface to use.

> Is the router actually bridging as you said, or are they on different IP subnets?
Yes the router IS bridging. It is the same IP subnet (192.168.3.0/24) throughout. Output from the bridge:

bridge1#sho bridge

Total of 300 station blocks, 236 free
Codes: P - permanent, S - self

Bridge Group 1:

    Address       Action   Interface       Age   RX count   TX count
0009.6bb4.5151   forward   Ethernet0/0      1          50          0
00c0.02d6.1716   forward   Ethernet0/0      0     1816672          0
0008.2131.1211   forward   Ethernet0/0      1         133        125
0002.550d.f0f8   forward   Ethernet0/0      4       22723      17010
0002.5522.b8b2   forward   TokenRing0/0     0       19924      21141
0009.6b71.aea2   forward   Ethernet0/0      0        4913       4518
0006.2961.6771   forward   TokenRing0/0     2           2          0
0008.2129.8891   forward   Ethernet0/0      0         390        314
0060.b096.eaf1   forward   Ethernet0/0      0        2326          0
0006.29ca.cdd2   forward   TokenRing0/0     0        9979      11193
0007.5015.a589   forward   Ethernet0/0      0         775          0
00a0.c963.caf9   forward   TokenRing0/0     0      491121     118936
0002.5552.86b3   forward   TokenRing0/0     0       14258      15034
0004.238d.6452   forward   Ethernet0/0      4           2          0
0006.29ca.cdfb   forward   TokenRing0/0     0        2907       1786
--- SNIP ---


> What exactly is the problem that the Linux box is experiencing?
The problem is that the Linux box cannot communicate with anything on the ethernet network. It can talk just fine to any TR device. I can also ping both the TR & eth interfaces of the bridge (from Linux box), but no further.

Now that I know STP is configured and working on the switch properly, maybe I need to take this question to the Linux group, but I suspect that the chances of finding anyone there with TR experience are not that great...
0
 
LVL 13

Author Comment

by:td_miles
Comment Utility
output from bridge "sho span":

bridge1#sho span

 Bridge group 1 is executing the IEEE compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address 0007.50f0.81c0
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 32768, address 0007.5015.a581
  Root port is 2 (Ethernet0/0), cost of root path is 100
  Port Number size is 9
  Topology change flag not set, detected flag not set
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0
  bridge aging time 300

Port 2 (Ethernet0/0) of Bridge group 1 is forwarding
   Port path cost 100, Port priority 128
   Designated root has priority 32768, address 0007.5015.a581
   Designated bridge has priority 32768, address 0007.5015.a581
   Designated port is 15, path cost 0
   Timers: message age 2, forward delay 0, hold 0
   BPDU: sent 2, received 933620

Port 3 (TokenRing0/0) of Bridge group 1 is forwarding
   Port path cost 62, Port priority 128
   Designated root has priority 32768, address 0007.5015.a581
   Designated bridge has priority 32768, address 0007.50f0.81c0
   Designated port is 3, path cost 100
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 0

===========
MAC addresses:

bridge1 eth0/0 - 0007.50f0.81c0
bridge1 tr0/0 - 00e7.0a0f.8183
switch1 VLAN1 - 0007.5015.a580
switch1 VLAN100 - 0007.5015.a580
switch1 Fa0/1 - 0007.5015.a581
switch1 Fa0/2 - 0007.5015.a582
switch1 Fa0/3 - 0007.5015.a583
   ...
switch1 Fa0/24 - 0007.5015.a598



0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
You know, you might also consider upgrading your router software if you can. Also the 2950- what you have is pretty old for that switch. It is possible that there is a translational bridging anomaly that is causing a problem at the router, or some other issue on the switch. If everything is on the same subnet, obviously it's not a Layer 3 issue. And if you can't even ping the ethernet stuff from the Linux box, MTU is not the issue either.

The fact that it stops at the router (but you can ping the router's ethernet interface) makes me wonder if the problem is at the router or the 2950. In the bridging table, does it see the Linux MAC address on the token ring interface? You will have to do the MAC translation, then see if you see the translated MAC on the switch, pointing back toward the token ring.
0
 
LVL 13

Author Comment

by:td_miles
Comment Utility
unfortunately neither device is under Cisco maintenance, so I can't legally update them.

I'm having a mental block in regard to the translation, from memory what I do is convert the HEX to a binary address, flip each byte round, then convert back to HEX ?

Eg. for a four digit hex number

12ab = 00010010 10101011
flip each byte (8 bits) to give -> 01001000 11010101 = 48d5

is that correct ?
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
Yep
0
 
LVL 13

Author Comment

by:td_miles
Comment Utility
Guys,

I'm going to request that this question be removed. The "powers" have decided to not waste any more time on trying to work out why the Linux box on TR can't talk to the ethernet machines and simply replace it with a WinXP box.

Any objections to this course of action ?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Regardless of whether or not your questions about Spanning Tree resolved the underlying issue, your original question "I want to enable Spanning Tree" was answered.
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
It was answered, plus a lot more help was given. A management decision not to pursue the problem further doesn't invalidate the value of the help we provided.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now