management vlan for 2950

Thanks. I am looking to retire the old switches and only have 2 2950s, each with single uplink to the ASA. Would the etherchannel config apply?

Current
ASA5500---C2950-1----C2950-2---C2950-3

Planned
_____________
|                     C2950-3
ASA5500          ||
|                        ||
|                      (||)  Etherchannel
|                       ||
|____________C2950-4 (New)

Yes. You can use etherchannel between the two switches.

Does the following looks right for the uplink port?

BPDU keeps slamming the port  when I try to bring up 2950-4. Looks like I need to port the config to GNS3 and test.

interface FastEthernet0/48
 description uplink-ASA-0/2
 switchport mode trunk
 switchport nonegotiate
 shutdown
 spanning-tree portfast trunk
 spanning-tree bpduguard enable

Select allOpen in new window

ASA5500---C2950-1----C2950-2---C2950-3
|
|
|_______C2950-4 (NEW)

Please post the full configuration of both switches.

Please see below. I was wrong about 2 and 3. The physical layout should be as following.

                               
                              _____C2950-2
                              |
ASA5500---C2950-1
|                           |_____C2950-3
|
|_______C2950-4 (NEW)

C2950-1

SWCH01#sh run
Building configuration...

Current configuration : 4800 bytes
!
!
version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname SWCH01
!
aaa new-model
enable X
enable X
!
username X
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
 --More--         !
ip name-server 192.168.200.250
ip name-server 192.168.100.250
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description port to 1/F apch12
!
interface FastEthernet0/2
 description YCDC-1F-MCH-44
 switchport mode trunk
 switchport nonegotiate
 auto qos voip trust 
 --More--          macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface FastEthernet0/3
 description AP112 computer lab
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
!
interface FastEthernet0/5
 description AP111 music room
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
 --More--         
SWCH01#[6~~sh run
Building configuration...

Current configuration : 4800 bytes
!
! Last configuration change at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
! NVRAM config last updated at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
!
version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname SWCH01
!
aaa new-model
enable secret 5 $1$7DdO$uNOzR48dU3ny.hhglhPK40
enable password tf375
!
username hstfadmin password 0 375Centre
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
 --More--         !
ip domain-name hstf.local
ip name-server 192.168.200.250
ip name-server 192.168.100.250
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description port to 1/F apch12
!
interface FastEthernet0/2
 description YCDC-1F-MCH-44
 switchport mode trunk
 switchport nonegotiate
 auto qos voip trust 
 --More--          macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface FastEthernet0/3
 description AP112 computer lab
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
!
interface FastEthernet0/5
 description AP111 music room
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
 --More--         interface FastEthernet0/6
!
interface FastEthernet0/7
 description AP113 hcap room
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
!
interface FastEthernet0/9
 description AP110 staffroom
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 --More--         !
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description PC desktop
 --More--          switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 --More--          description 041
 switchport mode access
 logging event status
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
 --More--         !
interface FastEthernet0/21
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description YCDC-2F-R4LAB
 switchport mode trunk
 switchport nonegotiate
 auto qos voip trust 
 macro description cisco-switch
 --More--          spanning-tree link-type point-to-point
!
interface FastEthernet0/24
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.200.241 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.200.1
ip http server
logging trap warnings
logging 192.168.50.44
snmp-server community Ritmo RO
 --More--         !
line con 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
ntp clock-period 17179703
ntp server 192.168.200.250 prefer
ntp server 192.168.100.250
!
end

SWCH01#   sh run      en
SWCH01#sh run
Building configuration...

Current configuration : 4800 bytes
!
! Last configuration change at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
! NVRAM config last updated at 15:09:34 EST Thu Jan 22 2015 by hstfadmin
!
version 12.1
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname SWCH01
!
aaa new-model
enable secret 5 $1$7DdO$uNOzR48dU3ny.hhglhPK40
enable password tf375
!
username hstfadmin password 0 375Centre
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
 --More--         !
ip domain-name hstf.local
ip name-server 192.168.200.250
ip name-server 192.168.100.250
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description port to 1/F apch12
!
interface FastEthernet0/2
 description YCDC-1F-MCH-44
 switchport mode trunk
 switchport nonegotiate
 auto qos voip trust 
 --More--          macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface FastEthernet0/3
 description AP112 computer lab
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/4
!
interface FastEthernet0/5
 description AP111 music room
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
 --More--         interface FastEthernet0/6
!
interface FastEthernet0/7
 description AP113 hcap room
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/8
!
interface FastEthernet0/9
 description AP110 staffroom
 switchport mode trunk
 switchport nonegotiate
 mls qos trust cos
 auto qos voip trust 
 macro description cisco-wireless
 spanning-tree bpduguard enable
!
interface FastEthernet0/10
 --More--         !
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/14
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/15
 description PC desktop
 --More--          switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/16
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/17
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/18
 --More--          description 041
 switchport mode access
 logging event status
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/19
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/20
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
 --More--         !
interface FastEthernet0/21
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/22
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet0/23
 description YCDC-2F-R4LAB
 switchport mode trunk
 switchport nonegotiate
 auto qos voip trust 
 macro description cisco-switch
 --More--          spanning-tree link-type point-to-point
!
interface FastEthernet0/24
 description PC desktop
 switchport mode access
 mls qos cos override
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.200.241 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.200.1
ip http server
logging trap warnings
logging 192.168.50.44
snmp-server community Ritmo RO
 --More--         !
line con 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
ntp clock-period 17179703
ntp server 192.168.200.250 prefer
ntp server 192.168.100.250
!
end

SWCH01#                    sh cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
0060B9C84F1E     Fas 0/14           174           H       BCM91100  
0060B9C86FE2     Fas 0/17           162           H       BCM91100  
0060B9C8BA7B     Fas 0/2            178           H       BCM91100  
0060B9C8D5EF     Fas 0/9            121           H       BCM91100  
0060B9C84F30     Fas 0/13           170           H       BCM91100  
C2950-2
                 Fas 0/12           171          S I      WS-C2950-2Fas 0/6
C2950-3
                 Fas 0/23           123          S I      WS-C2950G-Fas 0/24
0060B9C862A8     Fas 0/9            138           H       BCM91100  

Select allOpen in new window

C2950-4

interface FastEthernet0/48
 description uplink-ASA-0/2
 switchport mode trunk
 switchport nonegotiate
 shutdown
 spanning-tree portfast trunk
 spanning-tree bpduguard enable

interface Vlan1
 ip address 192.168.2.244 255.255.255.0
 no ip route-cache
!

Select allOpen in new window

What do you mean by "BPDU keeps slamming the port  when I try to bring up 2950-4."?

You don't have any loops and all you're doing is connecting a switch to a port on the ASA.  It doesn't get much easier than this.

The switchport in C2950-4 went to error disable with BDP error when I try to bring it up.

cdp neighbor doesn't show router ...... I missed one link to the ASA, By looking the port description in C2950-2 and ASA. I think this should be physical layout. (Apologize for the confusion) Would this leg to the ASA causing aloop?

Is there a way to spill out verbose log of what is causing the loop from STP?

_________________________
|                            _____C2950-2
|                              |
ASA5500---C2950-1
|                           |_____C2950-3
|
|_______C2950-4 (NEW)

C2950-2

interface FastEthernet0/23
 description uplink-ASA-0/1
 switchport mode trunk
 switchport nonegotiate
 mls qos trust dscp
 auto qos voip trust
 macro description cisco-router
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
end

SWCHDT01#sh run int  fa 0/24
Building configuration...

Current configuration : 207 bytes
!
interface FastEthernet0/24
 description uplink-swch01-0/23
 switchport mode trunk
 switchport nonegotiate
 auto qos voip trust
 macro description cisco-switch
 spanning-tree link-type point-to-point
end

Select allOpen in new window

ASA# sh run int
!
interface Ethernet0/0
 description internet-uplink
 switchport access vlan 40
!
interface Ethernet0/1
 description C2950-2-0/23
 switchport access vlan 100
!
interface Ethernet0/2
 description SWCH02-0/48
 switchport access vlan 100
 shutdown
!
interface Ethernet0/3
 description 2F-TLC:apch21
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!
interface Ethernet0/4
 description 2F-STAFFROOM:apch22
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!
interface Ethernet0/5
 description 1F-STAFFROOM:apch11
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!
interface Ethernet0/6
 description 1F-PCLAB:apch12
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!

Select allOpen in new window

It's impossible to say for certain without a more detailed understanding of your network, but I can almost guarantee that you should not have BPDU guard enabled on the switch 4 ports connecting to any other network devices (switches, ASA).

I can provide any log except C2950-4 as the port is shut and I have no console access until tomorrow. Would that help?

The picture above should provide the complete topology .

There is more to this than a diagram.  For example, where is the root bridge.  I'm assuming it's not switch 4. So you do not want BPDU guard on that switch.

As long as you have BPDU guard enabled on that switch, the port will go err-disable within 2 seconds of connecting it.

Thanks. I verified the links between between the switch have no bpdu guard and portfast.

Once I removed bpdu on switch4 (No devices are connected yet), the link comes up but there are errors. Is it correct that I should only enable BDPU and portfast on access port?

.Mar  8 14:24:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/47, changed state to up
.Mar  8 14:24:45: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet0/47 VLAN100.
.Mar  8 14:24:45: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/47 on VLAN0100. Inconsistent local vlan.

Select allOpen in new window

C2950-1# sh spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0014.a8ba.2340
             Cost        19
             Port        12 (FastEthernet0/12)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0019.e774.b2c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2            Desg FWD 19        128.2    P2p
Fa0/6            Desg FWD 19        128.6    P2p
Fa0/9            Desg FWD 19        128.9    P2p
Fa0/12           Root FWD 19        128.12   P2p
Fa0/13           Desg FWD 19        128.13   Edge P2p
Fa0/14           Desg FWD 19        128.14   Edge P2p
Fa0/17           Desg FWD 19        128.17   Edge P2p

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Fa0/23           Desg FWD 19        128.23   P2p
Fa0/24           Desg FWD 19        128.24   Edge P2p

Select allOpen in new window

C2950-4

interface FastEthernet0/47
 description UPLINK-RCH01-0/2
 switchport trunk allowed vlan 50,80,100,800
 switchport mode trunk
!
interface FastEthernet0/48
 shutdown
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan800
 ip address 192.192.200.52 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.192.200.1
ip http server
logging trap warnings
logging 192.168.50.44
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
ntp clock-period 17179867
ntp server 192.168.200.250 key 0 prefer
ntp server 192.168.100.250 key 1
!
end

C2950-4#sh vlan            

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/40
                                                Fa0/41, Fa0/42, Fa0/43, Fa0/44
                                                Fa0/45, Fa0/46, Fa0/48, Gi0/1
                                                Gi0/2
50   guest50                          active    
100  prod100                          active    
500  serv500                          active    
800  mgmt800                          active    
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 

Select allOpen in new window

Is it correct that I should only enable BDPU and portfast on access port?

By "BPDU" do you mean BPDU guard? If so, that is correct. Portfast (and other related enhancements) should never be applied to ports which connect to other network devices.

The error you're receiving is due to a VLAN mis-match on port f0/47.  Most likely, the allowed VLANs for the port are not the same as on switch 4 or you have a native VLAN mis-match.

Would need to see the config for that switch to know for sure.

VLAN 100 is in the trunk on ASA 0/2 and so does on C2950-4. (See my previous post)

ASA

interface Ethernet0/0
 description internet-uplink
 switchport access vlan 40
!
interface Ethernet0/1
 description C2950-1-0/23 (TO BE DECOMMISSION)
 switchport access vlan 100
!
interface Ethernet0/2
 description C2950-4-0/48 (NEW)
 switchport trunk allowed vlan 50,80,100,800
 switchport mode trunk
!
interface Ethernet0/3
 description 2F-TLC:apch21
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!
interface Ethernet0/4
 description 2F-STAFFROOM:apch22
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!
interface Ethernet0/5
 description 1F-STAFFROOM:apch11
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk
!
interface Ethernet0/6
 description 1F-PCLAB:apch12
 switchport trunk allowed vlan 50,80,100,800
 switchport trunk native vlan 800
 switchport mode trunk

Select allOpen in new window

Minor point:  On the ASA, it shows connecting to port "C2950-4-0/48",  but you say that it's connected to port 47.

Are you certain that VLAN 100 is correctly defined on the ASA?

Yes sir. It was a typo in the label.

ASA

 sh sw vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -----------------------------
1    -                                down      Et0/7
40   outside                          up        Et0/0
50   guest50                          up        Et0/2, Et0/3, Et0/4, Et0/5
                                                Et0/6
80   prod80                           up        Et0/2, Et0/3, Et0/4, Et0/5
                                                Et0/6
100  inside                           up        Et0/1, Et0/2, Et0/3, Et0/4
                                                Et0/5, Et0/6
200  voice200                         down
500  serv500                          down
800  mgmt800                          up        Et0/2, Et0/3, Et0/4, Et0/5
                                                Et0/6

Select allOpen in new window

C2950-4

sh int fa0/47 switchport
Name: Fa0/47
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 50,80,100,800
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

Select allOpen in new window

Does the following matter? switch 1-3 are using vlan 1. Literally vlan 1 is the same 100 but I would like to migrate off vlan 1 for best practice.

C2950-1#

sh spanning-tree root

                                        Root Hello Max Fwd
Vlan                   Root ID          Cost  Time Age Dly  Root Port
---------------- -------------------- ------ ----- --- ---  ----------------
VLAN0001         32769 0014.a8ba.2340     38    2   20  15  Fa0/24    

Select allOpen in new window

Literally vlan 1 is the same 100 but I would like to migrate off vlan 1 for best practice.

I'm not sure what you're trying to say here, but 1 and 100 are not the same thing.  You may be using them as the same thing, but they are most certainly not the same.

That said, you're going to want to have the same approach on all the switches. Otherwise, it's just going to confuse the issue.

This setup was done by someone long time and will be replaced by vlan 100 with the exact same subnet and ip address. I am curious if the messages can be ignored in the meantime?

.Mar 8 14:24:45: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet0/47 VLAN100. .Mar 8 14:24:45: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/47 on VLAN0100. Inconsistent local vlan.

Select allOpen in new window

I made the change over the weekend (Can't make the change during business hours) on the ASA / switch and the error went away.

It is a requirement on setting native vlan the same on all the trunk ports in ASA, when one of them is have native vlan set?

Mar 16 20:24:36: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/47 on VLAN0100. Port consistency restored.

Select allOpen in new window

It is a requirement on setting native vlan the same on all the trunk ports in ASA,

No.  The native VLAN only has to match both ends of a trunk.

Thanks. Going to swap the switch this weekend!