STP blocking VLAN communication on Cisco Catalyst 2950 switch
Hi All,
I'm currently trying to configure VLANs across some Cisco switches however the inter-switch communication appears to be getting blocked by STP.
I've broken the network topology down to it's most basic level, working with the gateway server, two switches and two client devices.
In our network topology, all clients exist on the same VLAN but are prevented from inter-client communication by wireless client isolation and switchport protection.
Bridges between sites (forming the trunks between switches) are managed on a separate VLAN to switch management.
Attached is an image of the network topology as it currently stands. This is working with non-cisco switches with no STP.
I'm wanting to change to Cisco switches and have STP enables so that I can put in place redundant links between second and third level switches.
When I use only one switch in the lab environment I can communicate with a client and their request is trunked and vlan tagged properly to the gateway.
With the second level switch disconnected, I can communicate with the bridging devices that connect the core switch to the second level switch but as soon as the second level switch is connected, the core switch blocks the port.
Both ports connecting the two switches are configured exactly the same with the same Native VLAN tag (1701), but still no success.
I'm running out of ideas to try, I'm certain it's something simple but can't seem to find it.
Thanks
Anubis.
Network-Diagram.jpg
Level-1-Switch-Config.txt
Level-2-Switch-Config.txt
I'm currently trying to configure VLANs across some Cisco switches however the inter-switch communication appears to be getting blocked by STP.
I've broken the network topology down to it's most basic level, working with the gateway server, two switches and two client devices.
In our network topology, all clients exist on the same VLAN but are prevented from inter-client communication by wireless client isolation and switchport protection.
Bridges between sites (forming the trunks between switches) are managed on a separate VLAN to switch management.
Attached is an image of the network topology as it currently stands. This is working with non-cisco switches with no STP.
I'm wanting to change to Cisco switches and have STP enables so that I can put in place redundant links between second and third level switches.
When I use only one switch in the lab environment I can communicate with a client and their request is trunked and vlan tagged properly to the gateway.
With the second level switch disconnected, I can communicate with the bridging devices that connect the core switch to the second level switch but as soon as the second level switch is connected, the core switch blocks the port.
Both ports connecting the two switches are configured exactly the same with the same Native VLAN tag (1701), but still no success.
I'm running out of ideas to try, I'm certain it's something simple but can't seem to find it.
Thanks
Anubis.
Network-Diagram.jpg
Level-1-Switch-Config.txt
Level-2-Switch-Config.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have less than 200 Hosts wipe out all the VLANs and forget it.
If you have more than 200 Hosts create one Layer3 IP Segment per every 200 Hosts and allow the Core Switch to operated as a Layer3 Router (assuming it is capable). Looking at the 2nd Level you appear to have three distinct branches,..you could easily make each one of those a Layer3 IP Segment which would give you a host capacity of just over 750.
If I came into your place the first thing I would want to do is reset every switch back to factory defaults, and if there were more than 200 Hosts, possibly create two additional VLAN on the Core Switch (Default VLAN, VLAN2, VLAN3) and run 3 IP Segments. All the other switches would have no VLANs configured,...they would just be VLAN "agnostic". The VLANs on the Core Switch would be tied to the Backbone Cable leaving the Core Switch and anything physically plugged into a particular cable would just naturally and agnostically be part of that particular VLAN.
If you have more than 200 Hosts create one Layer3 IP Segment per every 200 Hosts and allow the Core Switch to operated as a Layer3 Router (assuming it is capable). Looking at the 2nd Level you appear to have three distinct branches,..you could easily make each one of those a Layer3 IP Segment which would give you a host capacity of just over 750.
If I came into your place the first thing I would want to do is reset every switch back to factory defaults, and if there were more than 200 Hosts, possibly create two additional VLAN on the Core Switch (Default VLAN, VLAN2, VLAN3) and run 3 IP Segments. All the other switches would have no VLANs configured,...they would just be VLAN "agnostic". The VLANs on the Core Switch would be tied to the Backbone Cable leaving the Core Switch and anything physically plugged into a particular cable would just naturally and agnostically be part of that particular VLAN.
I realize my suggestion is drastically different then what you are trying to do,...and I make no real attempt to consider the physical geographical layout of the facility or facilities. I cannot say anything about redundant links simply due to that. So I cannot comment on anything I have no information about.
Can you remove the switchport protected command from each of your trunk links and see how that affects things?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi All,
Thanks for your comments.
@pwindell:
Unfortunately the image which I made up to represent the network isn't really the best diagram. Yes, there are well over 200 hosts and the network spans a city (and will be expanding further). There is reasoning for this particular network topology as no 'client' should be allowed to see any other 'client' without passing through the gateway; this is enforced with VLANing and switchport protection.
What isn't shown is a number of 'franchisee' endpoints where their network runs on top of ours in a separate VLAN re-branding our service as theirs.
Switch and bridge management is placed in separate VLAN's to provide blocking (denial of access further down the chain) to prevent points of attack. If it was all done with IP segments, simply changing the IP address that one was connecting with would potentially allow them to administer other points of the network.
Currently this topology runs fine and achieves all the points we desire; except, it's not currently running on Cisco brand switches and there is no STP operating, this is what I'm trying to change.
@craigbeck & rfc1180
Thanks for the comment, I had already tried this and did try again (just to be sure) but it unfortunately makes no difference.
When running "sh span incon" I get reports of "Port VLAN ID Mismatch" on almost every VLAN. This is obviously the problem but according to the configuration of the trunk ports (0/13 on 1 and 0/24 on the other) their native VLAN ID's match. Looking up Cisco's document on 'Theory behind PVID and Type inconsistencies' doesn't help much in the way of explaining how to rectify it.
Thanks
Anubis.
Thanks for your comments.
@pwindell:
Unfortunately the image which I made up to represent the network isn't really the best diagram. Yes, there are well over 200 hosts and the network spans a city (and will be expanding further). There is reasoning for this particular network topology as no 'client' should be allowed to see any other 'client' without passing through the gateway; this is enforced with VLANing and switchport protection.
What isn't shown is a number of 'franchisee' endpoints where their network runs on top of ours in a separate VLAN re-branding our service as theirs.
Switch and bridge management is placed in separate VLAN's to provide blocking (denial of access further down the chain) to prevent points of attack. If it was all done with IP segments, simply changing the IP address that one was connecting with would potentially allow them to administer other points of the network.
Currently this topology runs fine and achieves all the points we desire; except, it's not currently running on Cisco brand switches and there is no STP operating, this is what I'm trying to change.
@craigbeck & rfc1180
Thanks for the comment, I had already tried this and did try again (just to be sure) but it unfortunately makes no difference.
When running "sh span incon" I get reports of "Port VLAN ID Mismatch" on almost every VLAN. This is obviously the problem but according to the configuration of the trunk ports (0/13 on 1 and 0/24 on the other) their native VLAN ID's match. Looking up Cisco's document on 'Theory behind PVID and Type inconsistencies' doesn't help much in the way of explaining how to rectify it.
Thanks
Anubis.
Ok, fair enough.
I disagree with the necessity of the design and disagree that a Layer3 design (done properly) would present the risks you say, but I accept that that are many more factors to this than the diagram shows.
I disagree with the necessity of the design and disagree that a Layer3 design (done properly) would present the risks you say, but I accept that that are many more factors to this than the diagram shows.
"Port VLAN ID Mismatch" This was my original thought, but based on your network diagram and the configs, I thought it might not be an issue; and I can understand your frustration. If there is more to the diagram than what you actually have running, this is very important to lay down on the table, the more information we have the better we can assist!
The only recommendation that I can make that should resolve your issue is that when adding Cisco PVST+ switches to standards based switches (if you have any; HP, etc) or to any other Cisco based switch, make sure that all switches are connected using dot1q trunks and have consistent native vlan configurations end to end. How you have the native vlan setup between the trunks is not best practice and can cause the issues you are experiencing.
Billy
The only recommendation that I can make that should resolve your issue is that when adding Cisco PVST+ switches to standards based switches (if you have any; HP, etc) or to any other Cisco based switch, make sure that all switches are connected using dot1q trunks and have consistent native vlan configurations end to end. How you have the native vlan setup between the trunks is not best practice and can cause the issues you are experiencing.
Billy
ASKER
Hi rfc1180,
Thanks for the reply.
On the diagram I only omitted repeated nodes and/or parts which are reasonably identical to the basic operation, once the basic level of the network is operational the rest would function in the same manner.
With regards to the native VLAN, this I did change and it was configured identically on both ends.
Yesterday I defaulted both switches that I was testing with and connected them together Fe0/13 to Fe0/24 using the default switch settings. This worked as expected. As soon as I added one additional VLAN (VTP Transparent Mode) the same problems started occurring.
I've included below the results and configs of this test so that you can see what's happening (from a default switch with no port isolation). As you can see, the moment that I added the one additional VLAN it starting having problems. Also keep in mind that there is currently only '1' physical link between the two switches.
Thanks
Anubis.
BEFORE ADDING ADDITIONAL VLAN:
Switch 1:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
---------------------- -------- --------- -------- ---------- ----------
1 vlan 0 0 0 3 3
Switch 2:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
1 vlan 0 0 0 2 2
ADDING VLAN 1500 (Clients) TO A SWITCH:
Got this error (on Switch 2) while adding the VLAN to Switch 1:
00:04:28: %SPANTREE-2-RECV_PVID_ERR:
00:04:28: %SPANTREE-2-BLOCK_PVID_LOC
00:04:46: %SPANTREE-2-BLOCK_PVID_PEE
AFTER ADDING ADDITIONAL VLAN:
Switch 1:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
VLAN1500 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 4 4
Switch 2:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 1 2
VLAN1500 1 0 0 0 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 2 0 0 1 3
SETTING SWITCH 1 TO ROOT PRIMARY AND RELOADING BOTH SWITCHES PRODUCED THIS OUTPUT:
Switch 1:
00:00:16: %SPANTREE-5-EXTENDED_SYSID
00:00:19: %SYS-5-CONFIG_I: Configured from memory by console
00:00:19: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by cisco Systems, Inc.
Compiled Tue 26-Oct-10 10:35 by nburra
00:00:19: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
00:00:19: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
00:00:23: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
00:00:23: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up
00:00:23: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
00:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
00:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to up
00:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
00:00:26: %SPANTREE-2-RECV_PVID_ERR:
00:00:26: %SPANTREE-2-BLOCK_PVID_PEE
00:00:26: %SPANTREE-2-BLOCK_PVID_LOC
Switch>en
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 2 3
VLAN1500 1 0 0 0 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 2 0 0 2 4
Switch#sh sp vl 1500
VLAN1500
Spanning tree enabled protocol ieee
Root ID Priority 26076
Address 0013.190b.db80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 26076 (priority 24576 sys-id-ext 1500)
Address 0013.190b.db80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Fa0/13 Desg BKN*19 128.13 P2p *PVID_Inc
Switch 2:
00:00:15: %SPANTREE-5-EXTENDED_SYSID
00:00:17: %SYS-5-CONFIG_I: Configured from memory by console
00:00:17: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by cisco Systems, Inc.
Compiled Tue 26-Oct-10 10:35 by nburra
00:00:17: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
00:00:18: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
00:00:21: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
00:00:21: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
Switch>en
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
VLAN1500 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 3 3
Switch#sh sp vl 1500
VLAN1500
Spanning tree enabled protocol ieee
Root ID Priority 34268
Address 000c.ce45.a540
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 34268 (priority 32768 sys-id-ext 1500)
Address 000c.ce45.a540
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Fa0/24 Desg FWD 19 128.24 P2p
CONFIGS OF SWITCHES:
Switch 1:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp domain LabTest
vtp mode transparent
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
!
!
!
vlan 1500
name Clients
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end
Switch 2:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp domain LabTest
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 1500
name Clients
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end
Thanks for the reply.
On the diagram I only omitted repeated nodes and/or parts which are reasonably identical to the basic operation, once the basic level of the network is operational the rest would function in the same manner.
With regards to the native VLAN, this I did change and it was configured identically on both ends.
Yesterday I defaulted both switches that I was testing with and connected them together Fe0/13 to Fe0/24 using the default switch settings. This worked as expected. As soon as I added one additional VLAN (VTP Transparent Mode) the same problems started occurring.
I've included below the results and configs of this test so that you can see what's happening (from a default switch with no port isolation). As you can see, the moment that I added the one additional VLAN it starting having problems. Also keep in mind that there is currently only '1' physical link between the two switches.
Thanks
Anubis.
BEFORE ADDING ADDITIONAL VLAN:
Switch 1:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
---------------------- -------- --------- -------- ---------- ----------
1 vlan 0 0 0 3 3
Switch 2:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
1 vlan 0 0 0 2 2
ADDING VLAN 1500 (Clients) TO A SWITCH:
Got this error (on Switch 2) while adding the VLAN to Switch 1:
00:04:28: %SPANTREE-2-RECV_PVID_ERR:
00:04:28: %SPANTREE-2-BLOCK_PVID_LOC
00:04:46: %SPANTREE-2-BLOCK_PVID_PEE
AFTER ADDING ADDITIONAL VLAN:
Switch 1:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
VLAN1500 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 4 4
Switch 2:
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 1 2
VLAN1500 1 0 0 0 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 2 0 0 1 3
SETTING SWITCH 1 TO ROOT PRIMARY AND RELOADING BOTH SWITCHES PRODUCED THIS OUTPUT:
Switch 1:
00:00:16: %SPANTREE-5-EXTENDED_SYSID
00:00:19: %SYS-5-CONFIG_I: Configured from memory by console
00:00:19: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by cisco Systems, Inc.
Compiled Tue 26-Oct-10 10:35 by nburra
00:00:19: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
00:00:19: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
00:00:23: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
00:00:23: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up
00:00:23: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
00:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
00:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to up
00:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
00:00:26: %SPANTREE-2-RECV_PVID_ERR:
00:00:26: %SPANTREE-2-BLOCK_PVID_PEE
00:00:26: %SPANTREE-2-BLOCK_PVID_LOC
Switch>en
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 2 3
VLAN1500 1 0 0 0 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 2 0 0 2 4
Switch#sh sp vl 1500
VLAN1500
Spanning tree enabled protocol ieee
Root ID Priority 26076
Address 0013.190b.db80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 26076 (priority 24576 sys-id-ext 1500)
Address 0013.190b.db80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Fa0/13 Desg BKN*19 128.13 P2p *PVID_Inc
Switch 2:
00:00:15: %SPANTREE-5-EXTENDED_SYSID
00:00:17: %SYS-5-CONFIG_I: Configured from memory by console
00:00:17: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by cisco Systems, Inc.
Compiled Tue 26-Oct-10 10:35 by nburra
00:00:17: %SNMP-5-COLDSTART: SNMP agent on host Switch is undergoing a cold start
00:00:18: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
00:00:21: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
00:00:21: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
00:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
Switch>en
Switch#sh sp s
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN1500
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 2 2
VLAN1500 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 3 3
Switch#sh sp vl 1500
VLAN1500
Spanning tree enabled protocol ieee
Root ID Priority 34268
Address 000c.ce45.a540
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 34268 (priority 32768 sys-id-ext 1500)
Address 000c.ce45.a540
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------
Fa0/24 Desg FWD 19 128.24 P2p
CONFIGS OF SWITCHES:
Switch 1:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp domain LabTest
vtp mode transparent
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
!
!
!
vlan 1500
name Clients
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end
Switch 2:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp domain LabTest
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 1500
name Clients
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end
Try configuring the native VLAN on the trunk port on each switch as follows:
switchport trunk native vlan 1500
See what happens...
switchport trunk native vlan 1500
See what happens...
I believe you are running into a bug based on what you have describe thus far; the native vlan by default is vlan1 (still the case when the vlan 1 interface is admin down); you have not remapped the native vlan, so this should not be occuring. Are you running the same version of code on all switches?
Additionally, are the trunks active?
show int trunk
Additionally, are the trunks active?
show int trunk
ASKER
Hi All,
"I believe you are running into a bug"... This is what I'm starting to think.
I'm running the same version of IOS on both switches:
Switch1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
I've managed to get around the issue in the mean time by using MSTP which seems to be working fine so far.
The trunks are active but being blocked by STP.
It does seem odd. I've even confirmed the issue with some other cisco tech and they too are puzzled. They also tell me it's configured correctly.
So, for the time being, I'll just have to stick to MSTP and see how it goes.
Thanks all for your help.
Anubis.
"I believe you are running into a bug"... This is what I'm starting to think.
I'm running the same version of IOS on both switches:
Switch1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)
I've managed to get around the issue in the mean time by using MSTP which seems to be working fine so far.
The trunks are active but being blocked by STP.
It does seem odd. I've even confirmed the issue with some other cisco tech and they too are puzzled. They also tell me it's configured correctly.
So, for the time being, I'll just have to stick to MSTP and see how it goes.
Thanks all for your help.
Anubis.
ASKER
Hi All,
Solved the issue with PVST.
It was a bug, but not with Cisco!
The microwave equipment I was using in the lab to test as bridges between the sites was for some reason working perfectly talking and passing some data, but having a heart attack with STP.
I've changed the bridge equipment to, first a patch cable and it all functioned as expected (including using my original configs with switchport protection) and the testing with a different (better) brand of microwave linkage gear, it continued to work as expected!
Thanks very much to all who have helped; just another one of those lessons that if it 'appears' to work, doesn't necessarily mean that it 'is' working properly!
Thanks
Anubis.
Solved the issue with PVST.
It was a bug, but not with Cisco!
The microwave equipment I was using in the lab to test as bridges between the sites was for some reason working perfectly talking and passing some data, but having a heart attack with STP.
I've changed the bridge equipment to, first a patch cable and it all functioned as expected (including using my original configs with switchport protection) and the testing with a different (better) brand of microwave linkage gear, it continued to work as expected!
Thanks very much to all who have helped; just another one of those lessons that if it 'appears' to work, doesn't necessarily mean that it 'is' working properly!
Thanks
Anubis.
ASKER
Problem was resolved, not with the device in question but another part of it.
ASKER
Thanks for the reply.
Even with stormcontrol disabled on the trunk ports this doesn't make a difference.
With regards to the bridges, these are ethernet based microwave bridging devices (non-cisco). They simply act as simple bridge devices passing data entering one side of the bridge to the other and do not participate (or interact with) STP in any way.
Thanks
Anubis.