Solved

Loop in my network

Posted on 2014-02-14
24
2,202 Views
Last Modified: 2014-02-19
Hi

I got a loop in my network which causes packet loss and high CPU usage on my switch.
I get error messages on my distribution switch

%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel1 on vlan 832
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port port-channel1 on vlan 832

This happened about everything 10 minutes.
Please advice how I can find the device causing the loop
I captured packets with wireshark but don’t know how to find loop
0
Comment
Question by:ciscosupp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 6
  • +1
24 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 39859926
run this command:

show spanning-tree inconsistentports
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39859979
Look for what is connected to your port-channel 1

and do sh log on the switch that is connected to port-channel.

What is the make and model for your switches?
0
 

Author Comment

by:ciscosupp
ID: 39860091
Please see output

Switch01#show spanning-tree inconsistentports

Name                 Interface                Inconsistency
-------------------- ------------------------ ------------------

Number of inconsistent ports (segments) in the system : 0


I have 4 WS-C3750X-48P switches stacked together connecting to a N5K-C5548P. They connect via fiber ether channel

I get error message on my WS-C3750X-48P switch logs
%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel1 on vlan 832
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port port-channel1 on vlan 832

And in the N5K-C5548P logs there is nothing
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 12

Expert Comment

by:Infamus
ID: 39860123
switch37500#sh etherchannel summary

Then

switch3750#sh run int po 1

switch3750#sh run int fa0/1

switch3750#sh cdp nei

Can you post your config?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39860161
In addition to Infamus' request can you also post the following output...

show mac address-table
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39860193
and:

sh spanning-tree
0
 

Author Comment

by:ciscosupp
ID: 39860254
please see attached my configs
config.txt
stp-and-mac-table.txt
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39860323
can you also post

sh in vlan 832?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39860329
ciscosupp:

Sorry - I think I should have had you just do the command this way:

sh spanning-tree summary
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39860336
Is this still happening?

Error Message    SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port [chars] on
[chars].
Explanation    This message means that the listed interface has received a BPDU, and, therefore, if the inconsistency was caused by a unidirectional link failure, the problem no longer exists. The loop-guard-inconsistency is cleared for the interface, which is taken out of the blocking state, if appropriate. The first [chars] is the name of this port, and the second [chars] is the spanning-tree mode displayed in the show spanning-tree privileged EXEC command.

Recommended Action    No action is required.
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39860337
And here's the Cisco's explanation :

Error Message    SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port [chars] on
[chars].
Explanation    This message means that the spanning-tree message age timer has expired because no bridge protocol data units (BPDUs) were received from the designated bridge. Because this condition could be caused by a unidirectional-link failure, the interface is put into the blocking state and marked as loop-guard-inconsistent to prevent possible loops from being created. The first [chars] is the name of this port, and the second [chars] is the spanning-tree mode displayed in the show spanning-tree privileged EXEC command.

Recommended Action    Enter the show spanning-tree inconsistentports privileged EXEC command to review the list of interfaces with loop-guard inconsistencies. Determine why devices connected to the listed ports are not sending BPDUs. One reason might be that they are not running the STP. If so, you should disable loop guard on the inconsistent interfaces by using the spanning-tree guard none interface configuration command or by starting STP on the remote side of the links.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39860360
I agree with Infamus... there doesn't look to be a loop there.

You don't have UDLD configured on the TenGig links in the PortChannel though, so try enabling that and also turn off flow-control.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39860394
I also agree except for the following:

"This happened about everything 10 minutes."

So Infamus's question of "Is this still happening?" is what needs an answer.

Doing the initial sh spanning-tree inconsistentports I asked you to do did not show any errors.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39860406
I think it is still happening, but it should stop if UDLD is configured on the links.

What do you think??
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 150 total points
ID: 39860448
Yes, as a matter of fact it should be since they will catch different situations providing a higher level of security anyway.
0
 
LVL 12

Assisted Solution

by:Infamus
Infamus earned 150 total points
ID: 39860458
As Pony mentioned.....
Doing the initial sh spanning-tree inconsistentports I asked you to do did not show any errors.

Author should run this command when it's on blocking state.

And I do agree with Craig.
0
 

Author Comment

by:ciscosupp
ID: 39861914
Thanks all.
This message (loopguard blocked/unblocked) appears about every 10 minutes in my log file of switch for not only one vlan for a couple of vlan’s and Number of inconsistent ports (segments) in the system : 0

Please see attached file.
Also see output of following command.

#show spanning-tree blockedports

Name                 Blocked Interfaces List
-------------------- ------------------------------------
VLAN0952             Gi1/0/39, Gi2/0/9
VLAN0961             Gi1/0/39, Gi2/0/9
VLAN1007             Gi1/0/39, Gi2/0/9
VLAN1008             Gi1/0/39, Gi2/0/9
VLAN1009             Gi1/0/39, Gi2/0/9
VLAN1010             Gi1/0/39, Gi2/0/9
VLAN1013             Gi1/0/39, Gi2/0/9
VLAN1014             Gi1/0/39, Gi2/0/9
VLAN1102             Gi1/0/39, Gi2/0/9
VLAN1105             Gi1/0/39, Gi2/0/9

Number of blocked ports (segments) in the system : 20
config-log.txt
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39861919
Ok so that means you have multiple links to the other switches where these VLANs exist.

What speed are your primary links between the switches?
0
 

Author Comment

by:ciscosupp
ID: 39861948
some are 1000Mb and some are 1Gb on port Gi1/0/39 is AP
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39862096
An AP shouldn't create a loop unless it's configured as a bridge. You should check its configuration.
0
 

Author Comment

by:ciscosupp
ID: 39862670
Ok
I disabled the ports Gi1/0/39, Gi2/0/9 which get blocked but I still get loop guard blocked unblocked message in my logs.
How can I get rid of the message any advice.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39862729
Just remove loop guard from the interfaces.
0
 

Author Comment

by:ciscosupp
ID: 39862731
can it cause any harm to my network dont you think i have a loop on my network
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 200 total points
ID: 39862753
I don't think you do.

Its fine as long as you use UDLD and STP is working properly.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question