Solved

Loop in my network

Posted on 2014-02-14
24
1,789 Views
Last Modified: 2014-02-19
Hi

I got a loop in my network which causes packet loss and high CPU usage on my switch.
I get error messages on my distribution switch

%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel1 on vlan 832
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port port-channel1 on vlan 832

This happened about everything 10 minutes.
Please advice how I can find the device causing the loop
I captured packets with wireshark but don’t know how to find loop
0
Comment
Question by:ciscosupp
  • 7
  • 6
  • 6
  • +1
24 Comments
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
run this command:

show spanning-tree inconsistentports
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
Look for what is connected to your port-channel 1

and do sh log on the switch that is connected to port-channel.

What is the make and model for your switches?
0
 

Author Comment

by:ciscosupp
Comment Utility
Please see output

Switch01#show spanning-tree inconsistentports

Name                 Interface                Inconsistency
-------------------- ------------------------ ------------------

Number of inconsistent ports (segments) in the system : 0


I have 4 WS-C3750X-48P switches stacked together connecting to a N5K-C5548P. They connect via fiber ether channel

I get error message on my WS-C3750X-48P switch logs
%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel1 on vlan 832
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port port-channel1 on vlan 832

And in the N5K-C5548P logs there is nothing
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
switch37500#sh etherchannel summary

Then

switch3750#sh run int po 1

switch3750#sh run int fa0/1

switch3750#sh cdp nei

Can you post your config?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
In addition to Infamus' request can you also post the following output...

show mac address-table
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
and:

sh spanning-tree
0
 

Author Comment

by:ciscosupp
Comment Utility
please see attached my configs
config.txt
stp-and-mac-table.txt
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
can you also post

sh in vlan 832?
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
ciscosupp:

Sorry - I think I should have had you just do the command this way:

sh spanning-tree summary
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
Is this still happening?

Error Message    SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port [chars] on
[chars].
Explanation    This message means that the listed interface has received a BPDU, and, therefore, if the inconsistency was caused by a unidirectional link failure, the problem no longer exists. The loop-guard-inconsistency is cleared for the interface, which is taken out of the blocking state, if appropriate. The first [chars] is the name of this port, and the second [chars] is the spanning-tree mode displayed in the show spanning-tree privileged EXEC command.

Recommended Action    No action is required.
0
 
LVL 12

Expert Comment

by:Infamus
Comment Utility
And here's the Cisco's explanation :

Error Message    SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port [chars] on
[chars].
Explanation    This message means that the spanning-tree message age timer has expired because no bridge protocol data units (BPDUs) were received from the designated bridge. Because this condition could be caused by a unidirectional-link failure, the interface is put into the blocking state and marked as loop-guard-inconsistent to prevent possible loops from being created. The first [chars] is the name of this port, and the second [chars] is the spanning-tree mode displayed in the show spanning-tree privileged EXEC command.

Recommended Action    Enter the show spanning-tree inconsistentports privileged EXEC command to review the list of interfaces with loop-guard inconsistencies. Determine why devices connected to the listed ports are not sending BPDUs. One reason might be that they are not running the STP. If so, you should disable loop guard on the inconsistent interfaces by using the spanning-tree guard none interface configuration command or by starting STP on the remote side of the links.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
I agree with Infamus... there doesn't look to be a loop there.

You don't have UDLD configured on the TenGig links in the PortChannel though, so try enabling that and also turn off flow-control.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 26

Expert Comment

by:pony10us
Comment Utility
I also agree except for the following:

"This happened about everything 10 minutes."

So Infamus's question of "Is this still happening?" is what needs an answer.

Doing the initial sh spanning-tree inconsistentports I asked you to do did not show any errors.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
I think it is still happening, but it should stop if UDLD is configured on the links.

What do you think??
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 150 total points
Comment Utility
Yes, as a matter of fact it should be since they will catch different situations providing a higher level of security anyway.
0
 
LVL 12

Assisted Solution

by:Infamus
Infamus earned 150 total points
Comment Utility
As Pony mentioned.....
Doing the initial sh spanning-tree inconsistentports I asked you to do did not show any errors.

Author should run this command when it's on blocking state.

And I do agree with Craig.
0
 

Author Comment

by:ciscosupp
Comment Utility
Thanks all.
This message (loopguard blocked/unblocked) appears about every 10 minutes in my log file of switch for not only one vlan for a couple of vlan’s and Number of inconsistent ports (segments) in the system : 0

Please see attached file.
Also see output of following command.

#show spanning-tree blockedports

Name                 Blocked Interfaces List
-------------------- ------------------------------------
VLAN0952             Gi1/0/39, Gi2/0/9
VLAN0961             Gi1/0/39, Gi2/0/9
VLAN1007             Gi1/0/39, Gi2/0/9
VLAN1008             Gi1/0/39, Gi2/0/9
VLAN1009             Gi1/0/39, Gi2/0/9
VLAN1010             Gi1/0/39, Gi2/0/9
VLAN1013             Gi1/0/39, Gi2/0/9
VLAN1014             Gi1/0/39, Gi2/0/9
VLAN1102             Gi1/0/39, Gi2/0/9
VLAN1105             Gi1/0/39, Gi2/0/9

Number of blocked ports (segments) in the system : 20
config-log.txt
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Ok so that means you have multiple links to the other switches where these VLANs exist.

What speed are your primary links between the switches?
0
 

Author Comment

by:ciscosupp
Comment Utility
some are 1000Mb and some are 1Gb on port Gi1/0/39 is AP
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
An AP shouldn't create a loop unless it's configured as a bridge. You should check its configuration.
0
 

Author Comment

by:ciscosupp
Comment Utility
Ok
I disabled the ports Gi1/0/39, Gi2/0/9 which get blocked but I still get loop guard blocked unblocked message in my logs.
How can I get rid of the message any advice.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Just remove loop guard from the interfaces.
0
 

Author Comment

by:ciscosupp
Comment Utility
can it cause any harm to my network dont you think i have a loop on my network
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 200 total points
Comment Utility
I don't think you do.

Its fine as long as you use UDLD and STP is working properly.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now