02-06-2016 05:41 AM - edited 03-08-2019 04:29 AM
Hi,
I've initiated the following configuration:
N7K-1:
interface Ethernet3/11
cts manual
sap pmk 01ab23cd45ef0000000000000000000000000000000000000000000000000000
switchport
switchport access vlan 1500
no shutdown
N7K-2:
interface Ethernet3/12
cts manual
sap pmk 01ab23cd45ef0000000000000000000000000000000000000000000000000000
switchport
switchport access vlan 1500
no shutdown
checking the CTS is working :
sh cts interface et3/11
CTS Information for Interface Ethernet3/11:
CTS is enabled, mode: CTS_MODE_MANUAL
IFC state: CTS_IFC_ST_CTS_OPEN_STATE
Authentication Status: CTS_AUTHC_SKIPPED_CONFIG
Peer Identity:
Peer is: Unknown in manual mode
802.1X role: CTS_ROLE_UNKNOWN
Last Re-Authentication:
Authorization Status: CTS_AUTHZ_SKIPPED_CONFIG
PEER SGT: 0
Peer SGT assignment: Not Trusted
SAP Status: CTS_SAP_SUCCESS
Configured pairwise ciphers: GCM_ENCRYPT
Replay protection: Enabled
Replay protection mode: Strict
Selected cipher: GCM_ENCRYPT
Current receive SPI: sci:c471fe38e0370000 an:0
Current transmit SPI: sci:c471fe38e0360000 an:0
Propagate SGT: Enabled
yet, when I check the spanning tree :
N7K-1:
sh spanning-tree vlan 1500
VLAN1500
Spanning tree enabled protocol rstp
Root ID Priority 5596
Address 0023.04ee.c0b1
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 5596 (priority 4096 sys-id-ext 1500)
Address 0023.04ee.c0b1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth3/11 Desg FWD 2 128.395 P2p
N7K-2:
sh spanning-tree vlan 1500
VLAN1500
Spanning tree enabled protocol rstp
Root ID Priority 5596
Address 0023.04ee.c0b1
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 5596 (priority 4096 sys-id-ext 1500)
Address 0023.04ee.c0b1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth3/12 Back BLK 2 128.396 P2p
any idea why ?
what am I doing wrong ?
02-06-2016 07:49 AM
Hi,
Can you clarify why are you looking for CTS output under show spanning-tree vlan command? This Command shows you the type of STP you are running which is RSTP in your case.
HTH
02-06-2016 07:51 AM
02-06-2016 05:04 PM
What happens when you delete the CTS command? Does the interface go from blocking to forwarding?
02-07-2016 03:11 AM
yep it does :-(
02-06-2019 02:17 AM
Hi I am seeing this exact issue on industrial Ethernet switches. It seems to not manifest itself initially but when an 802.1x port transitions to forwarding, with portfast enabled. It causes this issue on switches that are interconnected and on the same VLAN as port. If I disable CTS on the link between the switches. Spanning tree returns to normal operation. I might do a work around of removing CTS on the links interconnecting the switches. The switches can still get CTS environmental policy from ISE and get the SGT allocations via SXP. Did you ever discover the cause of this issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide