Re: Trouble with Spanning-tree maybe?

Dano_Arg · ‎07-04-2019

Hi, my name is Daniel and i have a problem since we make a 3850 installation.

in this site we have several buildings with some 2960 and 2960X and this 3850 as our core receiving data from every building. Each building as a different VLAN with a /24 subnet. all of them as the gateway in the 3850.

Our issue is with 2 of these Vlans... 102 and 106 (172.19.102.0/24 and 172.19.106.0/24)

At some points of the day the PCs lose IP and usually the way to solve that is shutting down and then activate the Vlans again.

When the PCs fails, we can see the macs in the access ports, but not in the arp table in the core. This problem occurs at the same time in both Vlans. we have several more but with no issues.

recently we discover that when we set down the spanning tree in those switches, the issue solves too (no spanning-tree vlan 102 i.e.)

the "debug spanning-tree events" don't show anything in this switches (we checked that with the STP activated btw).

All the switches and the core use rapid-pvst, and the core is manually set as the root for every Vlan.

Today, people in site said to me that suddenly in one of the buildings the problem was solved, and in the log of one of the switches of that building i see this:

.Jul 4 19:56:32.924: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 200 on GigabitEthernet1/0/1 VLAN1.
.Jul 4 19:56:32.924: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/1 on VLAN0200. Inconsistent peer vlan.
.Jul 4 19:56:32.924: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/1 on VLAN0001. Inconsistent local vlan.
.Jul 4 19:56:32.924: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/1 on VLAN0253. Inconsistent peer vlan.
.Jul 4 19:56:33.756: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
.Jul 4 19:56:47.934: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/1 on VLAN0200. Port consistency restored.
.Jul 4 19:56:47.934: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/1 on VLAN0253. Port consistency restored.
.Jul 4 19:56:47.934: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/1 on VLAN0001. Port consistency restored.
.Jul 4 19:56:49.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up.

G1/0/1 is my trunk link with the core, and Vlan 1 is the default native vlan in both sides trunk configuration:

Sw_2960Rack1Edif2_N2(1)#sh run int g1/0/1
Building configuration...

Current configuration : 90 bytes
!
interface GigabitEthernet1/0/1
description Link Cisco 3850
switchport mode trunk
end

---------------

SW-CORE-SALGUERO#sh run int g1/0/25
Building configuration...

Current configuration : 100 bytes
!
interface GigabitEthernet1/0/25
description Sw_2960Rack1Edif2_N2 (1)
switchport mode trunk

This is the trunk information in both interfaces (the STP for vlan 102 is shutted down in the access switch):

Sw_2960Rack1Edif2_N2(1)#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/1 1-4094

Port Vlans allowed and active in management domain
Gi1/0/1 1,10,100-117,122,150-151,190,200,253

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1

-----------------

SW-CORE-SALGUERO#sh int g1/0/25 trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/25 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/25 1-4094

Port Vlans allowed and active in management domain
Gi1/0/25 1,10,100-117,122,150-151,190,200,253

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/25 1,10,100-117,122,150-151,190,200,253

Do you see anything that can help me identify the problem? here's some information about the core:

Technology Package License Information:

-----------------------------------------------------------------
Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipservicesk9 Permanent ipservicesk9

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 56 WS-C3850-48T 16.3.1 CAT3K_CAA-UNIVERSALK9 INSTALL

i'm attaching the show tech of both switches, just in case.

Thanks

Oleg Volkov · ‎07-04-2019

It may be, because you have connected (may be throught pc with two interfaces or any devices with two interfaces) vlan200 access port to vlan1 access port.

Check log on all access switches.

You can try to enable BPDU Guard on access interfaces and will see blocked port - at this point you have problem.

You can enable BPDU Guard on all access port by global commands:

spanning-three portfast default

spanning-three portfast bpduguard default

It will enable portfast and PBDU guard in all access port.

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog

Dano_Arg · ‎07-10-2019

Thanks Oleg.
I tried that but i don't have any log or blocks regarding this problem yet.

pendal8286 · ‎07-09-2019

It seems you have a mismatch relative to your trunk endpoints. Try setting a Native Vlan on the Trunk port such as 102 for that Vlan. I know the Primary Vlan ID is the numbered id assigned to the vlan but I had a situation where traffic was not staying on a specific vlan until I used the native vlan designation.

Dano_Arg · ‎07-10-2019

thanks Pendal, just tried this but nothing happened.
Actually that's not entirely right. After that test I remove the config from the access switch first, and in that short period till remove the same config from the core, the restored consistency solve the issue al least for now.
Can someone guide me to some useful debug that I can apply to the switches without crash them? "debug spann events" does not shows anything