Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
2
Helpful
26
Replies

SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking

Go to solution
awojtowicz
Level 1
Level 1

‎03-25-2024 06:37 AM

i just swapped out a 3850 POE switch to a 3850 non-poe.  i upgraded the OS to 16.6.9.  then i copied the config back to the new non-poe switch.  now i cant ping or access the switch via the network.  constantly getting

 

%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking TenGigabitEthernet1/1/4 on VLAN0101. Port consistency restored.ig in 27:10:0 recurring

 

both vlan0100 and vlan0101 are getting these errors.  everything worked fine with this config when i had it on the poe switch.  i just moved same config to different switch.  nothing changed on the port my Ten gig port on the other switch.

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2024.03.25 09:17:59 =~=~=~=~=~=~=~=~=~=~=~=
sho run
Building configuration...

Current configuration : 28536 bytes
!
! Last configuration change at 02:21:41 EDT Mon Mar 25 2024 by admin
!
version 16.6
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service compress-config
no platform punt-keepalive disable-kernel-core
!
hostname BOE_IDF_Tech_3850
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 30000
enable password removed
!
aaa new-model
!
!
aaa authentication login LOGIN local
!
!
!
!
!
!
aaa session-id common
boot system switch all flash:packages.conf
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3850-48t
!
!
!
!
--More--  !
no ip domain lookup
ip domain name removed
!
!
!
no ip dhcp snooping information option
login on-success log
!
!
!
!
!
udld enable

!
crypto removed
!
port-channel load-balance src-dst-ip
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
no spanning-tree vlan 100
archive
path flash:
--More--   maximum 7
write-memory
time-period 38880
memory free low-watermark processor 79468
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause channel-misconfig
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery interval 900
!
username admin privilege 15 sremoved
!
redundancy
mode sso
!
!
transceiver type all
monitoring
lldp run
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
--More--   description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
--More--   description System Critical and Gold
!
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
--More--  !
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 100
speed 1000
storm-control action trap
spanning-tree portfast disable
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
--More--   ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
--More--   switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/6
--More--   switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
--More--   ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
--More--   storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
--More--   switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/13
switchport access vlan 100
--More--   switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/14
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
--More--  !
interface GigabitEthernet1/0/15
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/16
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
--More--   storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/17
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/18
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging
*Mar 25 02:26:25.183: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking TenGigabitEthernet1/1/4 on VLAN0101. Inconsistent local vlan. time 2
--More--   switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/19
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/20
switchport trunk native vlan 100
switchport mode trunk
--More--   spanning-tree portfast trunk
!
interface GigabitEthernet1/0/21
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
--More--   storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/23
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/24
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
--More--   switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/25
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/26
switchport access vlan 100
--More--   switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/27
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
--More--  !
interface GigabitEthernet1/0/28
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/29
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
--More--   storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/30
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/31
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
--More--   switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/32
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/33
switchport access vlan 100
switchport voice vlan 101
--More--   switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/34
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
--More--  interface GigabitEthernet1/0/35
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/36
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
--More--   spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/37
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/38
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
--More--   ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/39
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/40
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
--More--   switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast trunk
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/41
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/42
switchport access vlan 100
--More--   switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/43
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
--More--  !
interface GigabitEthernet1/0/44
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/45
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
--More--   storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/46
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/47
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
--More--   switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/0/48
switchport access vlan 100
switchport voice vlan 101
switchport port-security maximum 70
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 200
storm-control broadcast level pps 2k
storm-control action trap
spanning-tree portfast
ip dhcp snooping limit rate 300
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
--More--  !
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
description UPLINK
switchport mode trunk
ip arp inspection trust
logging event trunk-status
logging event bundle-status
ip dhcp snooping trust
!
interface TenGigabitEthernet1/1/2
description UPLINK
switchport mode trunk
ip arp inspection trust
logging event trunk-status
logging event bundle-status
ip dhcp snooping trust
!
interface TenGigabitEthernet1/1/3
description UPLINK
--More--   switchport mode trunk
ip arp inspection trust
logging event trunk-status
logging event bundle-status
ip dhcp snooping trust
!
interface TenGigabitEthernet1/1/4
description UPLINK
switchport trunk native vlan 500
switchport mode trunk
ip arp inspection trust
logging event trunk-status
logging event bundle-status
ip dhcp snooping trust
!
interface Vlan1
no ip address
shutdown
!
interface Vlan500
description mgmt
ip address 192.168.101.20 255.255.255.0
!
ip default-gateway 192.168.101.1
ip forward-protocol nd
ip pim rp-address 192.168.101.1
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.101.1
ip ssh version 2
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
--More--  ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
--More--   permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
ip sla enable reaction-alerts
kron occurrence backup-conf
policy-list backup-config
!
kron policy-list backup-config
cli write
!
logging trap debugging
!
!
snmp-server community tpstech RO
!
!
!
control-plane
service-policy input system-cpp-policy
--More--  !
!
line con 0
exec-timeout 15 0
privilege level 15
logging synchronous
login authentication LOGIN
stopbits 1
line aux 0
stopbits 1
line vty 0 4
--More--   exec-timeout 15 0
privilege level 15
logging synchronous
login authentication LOGIN
length 0
transport input telnet ssh
line vty 5 15
exec-timeout 15 0
privilege level 15
logging synchronous
login authentication LOGIN
transport input telnet ssh
!
ntp server 10.1.0.201
!
mac address-table aging-time 172800
mac address-table aging-time 300 vlan 500
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
--More--   profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
end

BOE_IDF_Tech_3850#

 

 

 

Labels:
0 Helpful
26 Replies 26

Go to solution
awojtowicz
Level 1
Level 1
In response to MHM Cisco World

‎03-25-2024 08:40 AM

now its disabling my ap ports when i add spanning-tree vlan 100 back.  now getting bpduguard blocking my ports.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to awojtowicz

‎03-25-2024 08:45 AM

Show spanning tree <- can I see this 

MHM

0 Helpful

Go to solution
awojtowicz
Level 1
Level 1
In response to MHM Cisco World

‎03-25-2024 08:47 AM

BOE_IDF_Tech_3850#sho spanning-tree

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 10b3.c6ec.0500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 10b3.c6ec.0500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 172800 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/4 Desg FWD 2 128.56 P2p

 

VLAN0100
Spanning tree enabled protocol rstp
Root ID Priority 32868
Address 10b3.c6ec.0500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32868 (priority 32768 sys-id-ext 100)
Address 10b3.c6ec.0500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 172800 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/4 Desg FWD 2 128.56 P2p

 

VLAN0101
Spanning tree enabled protocol rstp
Root ID Priority 32869
Address 10b3.c6ec.0500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32869 (priority 32768 sys-id-ext 101)
Address 10b3.c6ec.0500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 172800 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/4 Desg FWD 2 128.56 P2p

 

VLAN0500
Spanning tree enabled protocol rstp
Root ID Priority 33268
Address 10b3.c6ec.0500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33268 (priority 32768 sys-id-ext 500)
Address 10b3.c6ec.0500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/4 Desg FWD 2 128.56 P2p

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to awojtowicz

‎03-25-2024 08:58 AM

Everything is now OK' 

And I dont see port only port under each vlan in STP.

Which port you talking about?

Can yoh share it config 

MHM

0 Helpful

Go to solution
awojtowicz
Level 1
Level 1
In response to MHM Cisco World

‎03-25-2024 09:05 AM

if i add the spanning-tree vlan 100 i lose my gig ports.  if i bounce the port i get error about bpduguard and disables it again.  if i add the no spanning-tree vlan 100 command back its up and running now.  all errors seem to have went away.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to awojtowicz

‎03-25-2024 09:18 AM

No spanning tree  portfast 

No spanning tree bpduguard 

In any port that go to error disable' 

You run portfast in global so it apply to all ports with bpduguard' you need to hardcoded disable it.

MHM

0 Helpful

Go to solution
awojtowicz
Level 1
Level 1
In response to MHM Cisco World

‎03-25-2024 09:21 AM

so you are saying to take out the "no spanning-tree vlan 100" command and
manually disable bpduguard and portfast on the ports?
0 Helpful

Go to solution
chrihussey
VIP Alumni
VIP Alumni

‎03-25-2024 08:03 AM

When you enabled spanning tree for VLAN 100 you would probably lose connectivity to the access ports for that VLAN for about 45 seconds while spanning tree reconverges and establishes a topology. Was that the case?

Also, is VLAN 500 in the VLAN database for the switch? "sh vtp status" "sh vlan brief" "sh spanning-tree root"

 

 

0 Helpful

Go to solution
awojtowicz
Level 1
Level 1

‎03-25-2024 08:06 AM

could it be because the other end switch is a different version of OS.  its 16.3.6 and this switch is 16.6.9?  i saw something about different versions on STP?

0 Helpful

Go to solution
chrihussey
VIP Alumni
VIP Alumni

‎03-25-2024 08:17 AM

Anything is possible with the different IOS...possibly a bug...but there are definitely issues with the config. Please respond to my previous post about enabling VLAN 100 spanning tree and about VLAN 500.

0 Helpful

Go to solution
Elliot Dierksen
VIP
VIP

‎03-26-2024 12:59 AM

If you have a link between switches, portfast is not something you want on that type of link. Portfast is intended for ports facing end stations. Unless the link flaps, it won't change its spanning tree state so it isn't needed on switch to switch links. Is it possible you have trunk links between the switches but the native VLAN is different on the two switches? That is where I have most often seen the message about STP port consistency. One side is expecting (or not expecting) an 802.1Q BPDU, and that is what cause it to be annoyed.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎03-26-2024 07:10 AM - edited ‎03-26-2024 07:11 AM

Hello
Suggest keep STP portfast and bpduguard at an interface level (edge ports ONLY -not any trunks)
Enable stp for vlan 100 , Remove error recovery pertaining to Bpduguard/UDLD and check the native vlan/ vlans allowed on both ends of the 1/1/4 trunk


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card