Ports blocked from spanning tree
I am trying to replace a failing 2950 switch (DT01) with a new switch. Both switches are connected to an ASA. All ports on DT01 are assigned to default vlan 1.
When I try to bring up the new switch (SW02) , the vlan are blocked from spanning tree despite nothing is plugged in to the new switch (SW02). All ports on SW02 are configured to use vlan100 with access mode. (vlan 1 and 100 are in the same network, 192.168.200.0/24).
interface Ethernet0/1
description DT01-0/23
switchport access vlan 100
!
interface Ethernet0/2
description SW02-0/47
switchport trunk allowed vlan 50,80,100,800
switchport mode trunk
!When I try to bring up the new switch (SW02) , the vlan are blocked from spanning tree despite nothing is plugged in to the new switch (SW02). All ports on SW02 are configured to use vlan100 with access mode. (vlan 1 and 100 are in the same network, 192.168.200.0/24).
DT01#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0100
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 10 10
VLAN0100 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 12 12
#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0014.a8ba.2340
Cost 38
Port 24 (FastEthernet0/24)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 001a.2fc0.f7c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 Edge P2p
Fa0/4 Desg FWD 19 128.4 Edge P2p
Fa0/8 Desg FWD 19 128.8 Edge P2p
Fa0/10 Desg FWD 19 128.10 Edge P2p
Fa0/12 Desg FWD 19 128.12 Edge P2p
Fa0/13 Desg FWD 19 128.13 Edge P2p
Fa0/16 Desg FWD 19 128.16 P2p
Fa0/21 Desg FWD 19 128.21 P2p
Fa0/23 Desg FWD 19 128.23 Edge P2p
Fa0/24 Root FWD 19 128.24 P2p
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 32868
Address 001a.2fc0.f7c0
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 001a.2fc0.f7c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Desg FWD 19 128.23 Edge P2p
Fa0/24 Desg FWD 19 128.24 P2p SW02#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0050, VLAN0100, VLAN0800
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 0 1
VLAN0050 0 0 0 1 1
VLAN0100 1 0 0 0 1
VLAN0800 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
4 vlans 2 0 0 2 4
SWCH02#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0015.c620.2240
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0015.c620.2240
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/47 Desg BKN*19 128.47 P2p *PVID_Inc
VLAN0050
Spanning tree enabled protocol ieee
Root ID Priority 32818
Address 0015.c620.2240
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32818 (priority 32768 sys-id-ext 50)
Address 0015.c620.2240
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/47 Desg FWD 19 128.47 P2p
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 32868
Address 0015.c620.2240
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 0015.c620.2240
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/47 Desg BKN*19 128.47 P2p *PVID_Inc
VLAN0800
Spanning tree enabled protocol ieee
Root ID Priority 33568
Address 0015.c620.2240
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33568 (priority 32768 sys-id-ext 800)
Address 0015.c620.2240
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/47 Desg FWD 19 128.47 P2p
# sh log
Apr 4 16:23:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet0/47 VLAN100.
.Apr 4 16:23:13: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet0/47 on VLAN0001. Inconsistent peer vlan.
.Apr 4 16:23:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/47 on VLAN0100. Inconsistent local vlan.
You don't have a spanning-tree problem. The ports aren't "blocked", they're "broken". This is due to what appears to be a native VLAN mismatch. The native VLAN on each end of the link has to be the same.
ASKER
Salah,
They are connected to an ASA. These are 802.1Q. I have a back up config but I would like to migrate away from default vlan 1 and add new vlans on SW02 (replacement). That's the reason I trunk couple new vlans on it.
Don,
I didn't specify native vlan on these ones. I am confused here as spanning tree reporting they are blocked.
Is it possible to have vlan 100 coexist with vlan 1 and other switch? If not, any suggestion?
They are connected to an ASA. These are 802.1Q. I have a back up config but I would like to migrate away from default vlan 1 and add new vlans on SW02 (replacement). That's the reason I trunk couple new vlans on it.
ASA # sh switch vlan
VLAN Name Status Ports
---- -------------------------------- --------- -----------------------------
1 - down Et0/7
40 outside up Et0/0
50 guest50 up Et0/2, Et0/3, Et0/4, Et0/5
Et0/6
80 prod80 up Et0/2, Et0/3, Et0/4, Et0/5
Et0/6
100 inside up Et0/1, Et0/2, Et0/3, Et0/4
Et0/5, Et0/6
200 voice200 down
500 serv500 down
800 mgmt800 up Et0/2, Et0/3, Et0/4, Et0/5
Et0/6DT01#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Gi0/1, Gi0/2
100 VLAN0100 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------SW02#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/48, Gi0/1
Gi0/2
50 guest50 active
100 prod100 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
500 serv500 active
800 mgmt800 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
500 enet 100500 1500 - - - - - 0 0
800 enet 100800 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- -----------------------------------------Don,
I didn't specify native vlan on these ones. I am confused here as spanning tree reporting they are blocked.
Is it possible to have vlan 100 coexist with vlan 1 and other switch? If not, any suggestion?
SW02#sh spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0001 Fa0/47
VLAN0100 Fa0/47
Number of blocked ports (segments) in the system : 2
(vlan 1 and 100 are in the same network, 192.168.200.0/24).
Is it possible to have vlan 100 coexist with vlan 1 and other switch?That's your problem. The switch is seeing a BPDU with two VLAN IDs as native, and blocking the port. Choose an unused VLAN ID as the native VLAN if you can, and don't use the same IP subnet on both VLANs.
ASKER
don't use the same IP subnet on both VLANs. This is tough as I have some hard coded ip address deviced that are not easy migrated off. I will try it again this weekend. (Can't touch it during weekday)Can I temporary shut off spanning tree and turn it back on after moving all interfaces over?
It's not hard. You can run 2 IP ranges on one VLAN - that's OK. What makes things difficult is managing STP with bridged VLANS, etc.
ASKER
Is it possible to disable STP temporary while I migrate the VLANs?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is the first command lines are from DT01? if so why connecting Fa0/1 to Fa0/23??
On SW02, the logs shows that the VLAN misunderstood, do you have ISL configured?
If you want to make a HW replace after failed Switch, do you have a backup configuration file used to configure the new switch or you are configuring the new switch from scrach?
Please post configuration and show vlan output in order to understand you topology.
Best Regards.
Salah