Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1966
Views
0
Helpful
12
Replies

Cisco<->HPE Comware Private VLAN

segrana
Level 1
Level 1

‎10-20-2022 08:28 AM - edited ‎10-20-2022 09:14 AM

Hi,

We are trying to interconnect Cisco and HPE Comware switches with private vlan definition on HPE side. Cisco is detecting inconsistent PVID on the primary promiscuous trunk VLAN.

HPE Config

#
interface Bridge-Aggregation1
description ***-1:1/17***
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 270 2180 2184 to 2196 2198 to 2199 2203 to 2205
port trunk pvid vlan 1000
port private-vlan 2180 trunk promiscuous
link-aggregation mode dynamic
#

Cisco Config

interface Port-channel26
description 
switchport trunk native vlan 1000
switchport trunk allowed vlan 270,2180
switchport mode trunk
!

Result

show spanning-tree interface te1/0/17
Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0270 Desg FWD 20000 128.2306 P2p
VLAN2180 Desg BKN*20000 128.2306 P2p *PVID_Inc

Filtering BPDUs on Cisco side resolves the inconsistency and traffic flows normaly.

Both devices configured with pvst. Topology is converged.

Cisco

spanning-tree mode rapid-pvst

HPE

stp mode pvst

 

 

STP info on HPE side looks correct, at least for the 2 VLANs we are allowing in the Cisco trunk

dis stp int bagg 1 brief

VLAN ID Port Role STP State Protection
270 Bridge-Aggregation1 ROOT FORWARDING NONE
2180 Bridge-Aggregation1 ROOT FORWARDING NONE
2184 Bridge-Aggregation1 DESI FORWARDING NONE
2185 Bridge-Aggregation1 DESI FORWARDING NONE
2186 Bridge-Aggregation1 DESI FORWARDING NONE
2187 Bridge-Aggregation1 DESI FORWARDING NONE
2188 Bridge-Aggregation1 DESI FORWARDING NONE
2189 Bridge-Aggregation1 DESI FORWARDING NONE
2190 Bridge-Aggregation1 DESI FORWARDING NONE
2191 Bridge-Aggregation1 DESI FORWARDING NONE
2192 Bridge-Aggregation1 DESI FORWARDING NONE
2193 Bridge-Aggregation1 DESI FORWARDING NONE
2194 Bridge-Aggregation1 DESI FORWARDING NONE
2195 Bridge-Aggregation1 DESI FORWARDING NONE
2196 Bridge-Aggregation1 DESI FORWARDING NONE
2198 Bridge-Aggregation1 DESI FORWARDING NONE
2199 Bridge-Aggregation1 DESI FORWARDING NONE
2203 Bridge-Aggregation1 DESI FORWARDING NONE
2204 Bridge-Aggregation1 DESI FORWARDING NONE
2205 Bridge-Aggregation1 DESI FORWARDING NONE

Why is Cisco detecting PVID as 2180?

It is being correctly sent with TAG because otherwise it would not work with bpdus filtered, right?

Thank you

Best regards

 

1 person had this problem
Labels:
0 Helpful
12 Replies 12

MHM Cisco World
VIP
VIP

‎10-20-2022 08:44 AM

I think HPE tag native VLAN but Cisco not tag it so the STP failed 
you can config below command in cisco to make cisco SW tag native VLAN
vlan dot1q tag native

note:- check if you run compatible STP between cisco and HPE

0 Helpful

segrana
Level 1
Level 1

‎10-20-2022 09:21 AM

Hi MHM

Thanks for taking the time to reply. Cisco is rapid-pvst and hpe is pvst, but they are compatible as per hpe guidelines. In fact topology is fine and stable.

HPE is not tagging the native vlan. This VLAN 1000 is untagg for the port.

Any other thought are welcome.

Thank you

Best regards

 

0 Helpful

MHM Cisco World
VIP
VIP

‎10-20-2022 09:55 AM

share the following 
show spanning-tree summary 

0 Helpful

segrana
Level 1
Level 1
In response to MHM Cisco World

‎10-20-2022 03:42 PM

Thanks.

show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0232, VLAN0234-VLAN0239, VLAN1000, VLAN2120
VLAN2188-VLAN2189
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is long
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0202 0 0 0 5 5
VLAN0203 0 0 0 5 5
VLAN0204 0 0 0 5 5
VLAN0205 0 0 0 5 5
VLAN0206 0 0 0 5 5
VLAN0208 0 0 0 5 5
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0210 0 0 0 5 5
VLAN0212 0 0 0 5 5
VLAN0213 0 0 0 5 5
VLAN0214 0 0 0 5 5
VLAN0215 0 0 0 5 5
VLAN0216 0 0 0 5 5
VLAN0217 0 0 0 5 5
VLAN0218 0 0 0 5 5
VLAN0219 0 0 0 5 5
VLAN0220 0 0 0 5 5
VLAN0221 0 0 0 5 5
VLAN0222 0 0 0 5 5
VLAN0223 0 0 0 5 5
VLAN0224 0 0 0 5 5
VLAN0228 0 0 0 5 5
VLAN0232 0 0 0 1 1
VLAN0234 0 0 0 1 1
VLAN0235 0 0 0 1 1
VLAN0236 0 0 0 1 1
VLAN0237 0 0 0 1 1
VLAN0238 0 0 0 1 1
VLAN0239 0 0 0 1 1
VLAN0240 0 0 0 5 5
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0242 0 0 0 5 5
VLAN0243 0 0 0 5 5
VLAN0244 0 0 0 5 5
VLAN0245 0 0 0 5 5
VLAN0246 0 0 0 5 5
VLAN0247 0 0 0 5 5
VLAN0250 0 0 0 5 5
VLAN0251 0 0 0 5 5
VLAN0252 0 0 0 5 5
VLAN0253 0 0 0 5 5
VLAN0254 0 0 0 5 5
VLAN0256 0 0 0 5 5
VLAN0257 0 0 0 5 5
VLAN0258 0 0 0 5 5
VLAN0260 0 0 0 5 5
VLAN0261 0 0 0 5 5
VLAN0262 0 0 0 5 5
VLAN0263 0 0 0 5 5
VLAN0264 0 0 0 5 5
VLAN0265 0 0 0 5 5
VLAN0266 0 0 0 5 5
VLAN0267 0 0 0 5 5
VLAN0268 0 0 0 5 5
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0269 0 0 0 5 5
VLAN0270 0 0 0 6 6
VLAN1000 0 0 0 1 1
VLAN1351 0 0 0 5 5
VLAN1371 0 0 0 5 5
VLAN1372 0 0 0 5 5
VLAN1373 0 0 0 5 5
VLAN1374 0 0 0 5 5
VLAN1381 0 0 0 5 5
VLAN1382 0 0 0 5 5
VLAN1383 0 0 0 5 5
VLAN1384 0 0 0 5 5
VLAN1385 0 0 0 5 5
VLAN1386 0 0 0 5 5
VLAN1387 0 0 0 5 5
VLAN1388 0 0 0 5 5
VLAN1401 0 0 0 5 5
VLAN2000 0 0 0 5 5
VLAN2001 0 0 0 5 5
VLAN2002 0 0 0 5 5
VLAN2003 0 0 0 5 5
VLAN2004 0 0 0 5 5
VLAN2005 0 0 0 5 5
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN2006 0 0 0 5 5
VLAN2007 0 0 0 5 5
VLAN2008 0 0 0 5 5
VLAN2009 0 0 0 5 5
VLAN2010 0 0 0 5 5
VLAN2011 0 0 0 5 5
VLAN2012 0 0 0 5 5
VLAN2013 0 0 0 5 5
VLAN2014 0 0 0 5 5
VLAN2019 0 0 0 5 5
VLAN2020 0 0 0 5 5
VLAN2021 0 0 0 5 5
VLAN2022 0 0 0 5 5
VLAN2023 0 0 0 5 5
VLAN2024 0 0 0 5 5
VLAN2025 0 0 0 5 5
VLAN2026 0 0 0 5 5
VLAN2027 0 0 0 5 5
VLAN2028 0 0 0 5 5
VLAN2029 0 0 0 5 5
VLAN2030 0 0 0 5 5
VLAN2040 0 0 0 5 5
VLAN2060 0 0 0 5 5
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN2100 0 0 0 5 5
VLAN2120 0 0 0 1 1
VLAN2140 0 0 0 5 5
VLAN2160 0 0 0 5 5
VLAN2180 1 0 0 5 6
VLAN2188 0 0 0 1 1
VLAN2189 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
106 vlans 1 0 0 483 484

0 Helpful

segrana
Level 1
Level 1

‎10-20-2022 03:44 PM

Hi,

Maybe an option is to disable PVID inconsistency check.

I didn't find a command for that. Yet.

Thanks 

0 Helpful

MHM Cisco World
VIP
VIP
In response to segrana

‎10-21-2022 02:14 AM

just let me check all info you provide I will reply you today 

0 Helpful

Georg Pauwen
VIP
VIP

‎10-21-2022 05:20 AM

Hello,

I might be completely off here, but I remember a similar case from a while ago where the issue was related to the pathcost parameter on the HP switches. Check the discussion below:

https://networkguy.de/spanning-tree-between-hp-comware-and-cisco/

0 Helpful

segrana
Level 1
Level 1
In response to Georg Pauwen

‎10-21-2022 05:34 AM

Hi Georg,

I will give "stp pathcost-standard dot1d-1998" a try. Is the only one missing in our configuration.

Let you know.

Thanks!

0 Helpful

MHM Cisco World
VIP
VIP

‎10-23-2022 04:08 AM

http://www.ccieordie.com/2-1-diii-native-vlan

Either  use isl

Or use vlan native tag command.

0 Helpful

segrana
Level 1
Level 1

‎10-24-2022 05:05 AM

Hello guys,

Adding stp pathcost-standard dot1d-1998 had no effect. Same situation.

Tomorrow I'll be on the site and will setup a lab to test further. There are some live connections on the switches where we detected the issue now.

I will try the isl and tagging the PVID and let you know.

Meanwhile, If you have any other option to test please share it.

Thank you

Best regards

0 Helpful

segrana
Level 1
Level 1

‎10-25-2022 04:42 PM

Hi MHM,

No way to select trunking protocol on this switch, Catalyst 9200L.

And tagging the native vlan had no effect. Still the message that the PVID is inconsistent.

*Oct 25 23:37:52.158: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel1 on VLAN2180. Inconsistent local vlan.

do sh run int po1
Building configuration...

Current configuration : 147 bytes
!
interface Port-channel1
description Test
switchport trunk native vlan 1000
switchport trunk allowed vlan 270,2180
switchport mode trunk
end

do sh runn | i dot1q
vlan dot1q tag native

Any other thoughts?

Thank you

Best regards

0 Helpful

segrana
Level 1
Level 1

‎10-25-2022 07:15 PM

Hi,

Solution so far seems to configure STP in any of the single instance modes (stp, rstp) or mstp with only one instance. Ok for us as there are no multiple paths (etherchannels on all uplinks).

At least this is consistent.

Thank you

Best regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card