[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2591
  • Last Modified:

Loop in my network

Hi

I got a loop in my network which causes packet loss and high CPU usage on my switch.
I get error messages on my distribution switch

%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel1 on vlan 832
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port port-channel1 on vlan 832

This happened about everything 10 minutes.
Please advice how I can find the device causing the loop
I captured packets with wireshark but don’t know how to find loop
0
ciscosupp
Asked:
ciscosupp
  • 7
  • 6
  • 6
  • +1
3 Solutions
 
pony10usCommented:
run this command:

show spanning-tree inconsistentports
0
 
InfamusCommented:
Look for what is connected to your port-channel 1

and do sh log on the switch that is connected to port-channel.

What is the make and model for your switches?
0
 
ciscosuppAuthor Commented:
Please see output

Switch01#show spanning-tree inconsistentports

Name                 Interface                Inconsistency
-------------------- ------------------------ ------------------

Number of inconsistent ports (segments) in the system : 0


I have 4 WS-C3750X-48P switches stacked together connecting to a N5K-C5548P. They connect via fiber ether channel

I get error message on my WS-C3750X-48P switch logs
%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel1 on vlan 832
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port port-channel1 on vlan 832

And in the N5K-C5548P logs there is nothing
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
InfamusCommented:
switch37500#sh etherchannel summary

Then

switch3750#sh run int po 1

switch3750#sh run int fa0/1

switch3750#sh cdp nei

Can you post your config?
0
 
Craig BeckCommented:
In addition to Infamus' request can you also post the following output...

show mac address-table
0
 
pony10usCommented:
and:

sh spanning-tree
0
 
ciscosuppAuthor Commented:
please see attached my configs
config.txt
stp-and-mac-table.txt
0
 
InfamusCommented:
can you also post

sh in vlan 832?
0
 
pony10usCommented:
ciscosupp:

Sorry - I think I should have had you just do the command this way:

sh spanning-tree summary
0
 
InfamusCommented:
Is this still happening?

Error Message    SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port [chars] on
[chars].
Explanation    This message means that the listed interface has received a BPDU, and, therefore, if the inconsistency was caused by a unidirectional link failure, the problem no longer exists. The loop-guard-inconsistency is cleared for the interface, which is taken out of the blocking state, if appropriate. The first [chars] is the name of this port, and the second [chars] is the spanning-tree mode displayed in the show spanning-tree privileged EXEC command.

Recommended Action    No action is required.
0
 
InfamusCommented:
And here's the Cisco's explanation :

Error Message    SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port [chars] on
[chars].
Explanation    This message means that the spanning-tree message age timer has expired because no bridge protocol data units (BPDUs) were received from the designated bridge. Because this condition could be caused by a unidirectional-link failure, the interface is put into the blocking state and marked as loop-guard-inconsistent to prevent possible loops from being created. The first [chars] is the name of this port, and the second [chars] is the spanning-tree mode displayed in the show spanning-tree privileged EXEC command.

Recommended Action    Enter the show spanning-tree inconsistentports privileged EXEC command to review the list of interfaces with loop-guard inconsistencies. Determine why devices connected to the listed ports are not sending BPDUs. One reason might be that they are not running the STP. If so, you should disable loop guard on the inconsistent interfaces by using the spanning-tree guard none interface configuration command or by starting STP on the remote side of the links.
0
 
Craig BeckCommented:
I agree with Infamus... there doesn't look to be a loop there.

You don't have UDLD configured on the TenGig links in the PortChannel though, so try enabling that and also turn off flow-control.
0
 
pony10usCommented:
I also agree except for the following:

"This happened about everything 10 minutes."

So Infamus's question of "Is this still happening?" is what needs an answer.

Doing the initial sh spanning-tree inconsistentports I asked you to do did not show any errors.
0
 
Craig BeckCommented:
I think it is still happening, but it should stop if UDLD is configured on the links.

What do you think??
0
 
pony10usCommented:
Yes, as a matter of fact it should be since they will catch different situations providing a higher level of security anyway.
0
 
InfamusCommented:
As Pony mentioned.....
Doing the initial sh spanning-tree inconsistentports I asked you to do did not show any errors.

Author should run this command when it's on blocking state.

And I do agree with Craig.
0
 
ciscosuppAuthor Commented:
Thanks all.
This message (loopguard blocked/unblocked) appears about every 10 minutes in my log file of switch for not only one vlan for a couple of vlan’s and Number of inconsistent ports (segments) in the system : 0

Please see attached file.
Also see output of following command.

#show spanning-tree blockedports

Name                 Blocked Interfaces List
-------------------- ------------------------------------
VLAN0952             Gi1/0/39, Gi2/0/9
VLAN0961             Gi1/0/39, Gi2/0/9
VLAN1007             Gi1/0/39, Gi2/0/9
VLAN1008             Gi1/0/39, Gi2/0/9
VLAN1009             Gi1/0/39, Gi2/0/9
VLAN1010             Gi1/0/39, Gi2/0/9
VLAN1013             Gi1/0/39, Gi2/0/9
VLAN1014             Gi1/0/39, Gi2/0/9
VLAN1102             Gi1/0/39, Gi2/0/9
VLAN1105             Gi1/0/39, Gi2/0/9

Number of blocked ports (segments) in the system : 20
config-log.txt
0
 
Craig BeckCommented:
Ok so that means you have multiple links to the other switches where these VLANs exist.

What speed are your primary links between the switches?
0
 
ciscosuppAuthor Commented:
some are 1000Mb and some are 1Gb on port Gi1/0/39 is AP
0
 
Craig BeckCommented:
An AP shouldn't create a loop unless it's configured as a bridge. You should check its configuration.
0
 
ciscosuppAuthor Commented:
Ok
I disabled the ports Gi1/0/39, Gi2/0/9 which get blocked but I still get loop guard blocked unblocked message in my logs.
How can I get rid of the message any advice.
0
 
Craig BeckCommented:
Just remove loop guard from the interfaces.
0
 
ciscosuppAuthor Commented:
can it cause any harm to my network dont you think i have a loop on my network
0
 
Craig BeckCommented:
I don't think you do.

Its fine as long as you use UDLD and STP is working properly.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 7
  • 6
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now