?
Solved

Spanning Tree Blocks Port

Posted on 2014-08-09
7
Medium Priority
?
599 Views
Last Modified: 2014-08-10
Hi
Please see attached my diagram.
Both switches run Rapid PVST and a vpc domain.
Port eth1/10 gets blocked by spanning tree on switch 2. My question is why does it get block by spanning tree as I want to use it as a dedicated link for vpc keepalives.


Please advice
Diagram.jpg
0
Comment
Question by:ciscosupp
  • 3
  • 3
7 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40251049
Please post the output (on both switches):

show spann
show vpc brief
show port-channel sum
0
 

Author Comment

by:ciscosupp
ID: 40251093
please see attached my output.
Please note my first diagram was only an example what problem is.
As you will see my vpc peer link is po 4096 and blocked port is eth1/23 on switch 2.
Output-SW1.txt
Output-SW2.txt
Diagram.jpg
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40251463
You may be missing some steps.
See the following link and compare your setup.
Confirm the following have been configured
- vPC Domain
- Management VRF
- Keepalive link

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/configuration_guide_c07-543563.html

Step 1. Configure the management interface IP address and default route.
N5k-1(config)# int mgmt 0
N5k-1(config-if)# ip address 172.25.182.51/24
N5k-1(config-if)# vrf context management
N5k-1(config-vrf)# ip route 0.0.0.0/0 172.25.182.1
 
Step 2. Enable vPC and LACP.
N5k-1(config)# feature vpc
N5k-1(config)# feature lacp
 
Step 3. Create a VLAN.
N5k-1(config)#vlan 101
 
Step 4. Create the vPC domain.
 
N5k-1(config)# vpc domain 1
 Step 5. Configure the vPC role priority (optional).
 N5k-1(config-vpc-domain)# role priority 1000
 
Step 6. Configure the peer keepalive link. The management interface IP address for Cisco Nexus 5000 Series Switch 2 is 172.25.182.52.
 
N5k-1(config-vpc-domain)# peer-keepalive destination 172.25.182.52
 
Note:
 
--------:: Management VRF will be used as the default VRF ::--------
 
Step 7. Configure the vPC peer link. Note that, as for a regular interswitch trunk, trunking must be turned on for the VLANs to which the vPC member port belongs.
 
N5k-1(config-vpc-domain)# int ethernet 1/17-18
 
N5k-1(config-if-range)# channel-group 1 mode active
 
N5k-1(config-if-range)# int po1
 
N5k-1(config-if)# vpc peer-link
 
N5k-1(config-if)# switchport mode trunk
 
N5k-1(config-if)# switchport trunk allowed vlan 1,101
 
Step 8. Configure the Cisco Nexus 2000 Series Fabric Extenders and the fabric interface.
 
N5k-1(config)# fex 100
N5k-1(config-fex)# pinning max-links 1
Change in Max-links will cause traffic disruption.
N5k-1(config-fex)# int e1/7-8
 
N5k-1(config-if-range)# channel-group 100
 
N5k-1(config-if-range)# int po100
 
N5k-1(config-if)# switchport mode fex-fabric
 
N5k-1(config-if)# fex associate 100
 
Step 9. Move the fabric extender interface to vPC. After fabric extender 100 (fex 100) comes online, create the PortChannel for interface eth100/1/1 and move the PortChannel to the vPC. Note that the PortChannel number and vPC number can be different, but the vPC number must be the same on both Cisco Nexus 5000 Series Switches.

N5k-1(config-if)# int ethernet 100/1/1
N5k-1(config-if)# channel-group 10
N5k-1(config-if)# int po10
N5k-1(config-if)# vpc 10
N5k-1(config-if)# switchport access vlan 101
 
The configuration steps for the second switch, Cisco Nexus 5000 Series Switch 2, are:
N5k-2(config)# int mgmt 0
N5k-2(config-if)# ip address 172.25.182.52/24
N5k-2(config-if)# vrf context management
N5k-2(config-vrf)# ip route 0.0.0.0/0 172.25.182.1
N5k-2(config)# feature vpc
N5k-2(config)# feature lacp
N5k-2(config)#vlan 101
N5k-2(config)# vpc domain 1
N5k-2(config-vpc-domain)# peer-keepalive destination 172.25.182.51
 
Note:
 --------:: Management VRF will be used as the default VRF ::--------


N5k-2(config-vpc-domain)# int ethernet 1/17-18
N5k-2(config-if-range)# channel-group 1 mode active
N5k-2(config-if-range)# int po1
N5k-2(config-if)# vpc peer-link
N5k-2(config-if)# switchport mode trunk
N5k-2(config-if)# switchport trunk allowed vlan 1,101
N5k-2(config)# fex 100
N5k-2(config-fex)# pinning max-links 1
 
Change in Max-links will cause traffic disruption.
 
N5k-2(config-fex)# int e1 /9-10
N5k-2(config-if-range)# channel-group 100
N5k-2(config-if-range)# int po100
N5k-2(config-if)# switchport mode fex-fabric
N5k-2(config-if)# fex associate 100
N5k-2(config-if)# int ethernet 100/1/1
N5k-2(config-if)# channel-group 10
N5k-2(config-if)# int po10
N5k-2(config-if)# vpc 10
N5k-2(config-if)# switchport access vlan 101
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ciscosupp
ID: 40251559
Akinsd
My problem is why does STP block the port and not VPC setup as its working.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 40251648
You've got a rather unusual problem here.  Specifically:

VLAN4091
  Spanning tree enabled protocol rstp
  Root ID    Priority    36859
             Address     0023.04ee.be01
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    36859  (priority 32768 sys-id-ext 4091)
             Address     0023.04ee.be01
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth1/23          Back BLK 2         128.151  P2p 

Open in new window


There is simply no way to have a backup port in spanning-tree given the technology being used today.  A backup port is two ports on the same switch connected to each other.

As to why this is happening, I'm going to guess that it's because you have an additional L2 link between the two vPC peers. Here's why: With vPC, both switches will behave as one switch for the purposes of spanning-tree and etherchannel.  That's why you see both switches saying "This bridge is the root" using a common BID.

When you connect the e1/23 from SW1 to SW2, because the two switches are vPC peers, they treat that link as if it were a loop.  I would have thought that with the 1/23 port carrying non-vPC traffic that is would have worked as expected.

Unfortunately, I can't think of an easy work-around.

Why do you want this secondary link anyway?
0
 

Author Comment

by:ciscosupp
ID: 40251680
Thanks
That was also my guess.
I wanted to have a dedicated link for my vpc keepalives but will sick to mgmt interface.
Anything you like to add
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40251762
Typically, people use either the mgmt interface or a separate vrf with a layer 3 link for the keepalives.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question