CTS & Spanning Tree

Shlomy Maron · ‎02-06-2016

Hi,

I've initiated the following configuration:

N7K-1:

interface Ethernet3/11
cts manual
sap pmk 01ab23cd45ef0000000000000000000000000000000000000000000000000000
switchport
switchport access vlan 1500
no shutdown

N7K-2:

interface Ethernet3/12
cts manual
sap pmk 01ab23cd45ef0000000000000000000000000000000000000000000000000000
switchport
switchport access vlan 1500
no shutdown

checking the CTS is working :

sh cts interface et3/11
CTS Information for Interface Ethernet3/11:
CTS is enabled, mode: CTS_MODE_MANUAL
IFC state: CTS_IFC_ST_CTS_OPEN_STATE
Authentication Status: CTS_AUTHC_SKIPPED_CONFIG
Peer Identity:
Peer is: Unknown in manual mode
802.1X role: CTS_ROLE_UNKNOWN
Last Re-Authentication:
Authorization Status: CTS_AUTHZ_SKIPPED_CONFIG
PEER SGT: 0
Peer SGT assignment: Not Trusted
SAP Status: CTS_SAP_SUCCESS
Configured pairwise ciphers: GCM_ENCRYPT
Replay protection: Enabled
Replay protection mode: Strict
Selected cipher: GCM_ENCRYPT
Current receive SPI: sci:c471fe38e0370000 an:0
Current transmit SPI: sci:c471fe38e0360000 an:0
Propagate SGT: Enabled

yet, when I check the spanning tree :

N7K-1:

sh spanning-tree vlan 1500

VLAN1500
Spanning tree enabled protocol rstp
Root ID Priority 5596
Address 0023.04ee.c0b1
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 5596 (priority 4096 sys-id-ext 1500)
Address 0023.04ee.c0b1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth3/11 Desg FWD 2 128.395 P2p

N7K-2:

sh spanning-tree vlan 1500

VLAN1500
Spanning tree enabled protocol rstp
Root ID Priority 5596
Address 0023.04ee.c0b1
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 5596 (priority 4096 sys-id-ext 1500)
Address 0023.04ee.c0b1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth3/12 Back BLK 2 128.396 P2p

any idea why ?

what am I doing wrong ?

Reza Sharifi · ‎02-06-2016

Hi,

Can you clarify why are you looking for CTS output under show spanning-tree vlan command? This Command shows you the type of STP you are running which is RSTP in your case.

HTH

Shlomy Maron · ‎02-06-2016

I've done CTS command that shows that everything is working as it should. YET - there is no traffic due to Spanning-Tree block. thats why I've attached both of the outputs.

Reza Sharifi · ‎02-06-2016

What happens when you delete the CTS command? Does the interface go from blocking to forwarding?

Shlomy Maron · ‎02-07-2016

yep it does :-(

Martin Hart · ‎02-06-2019

Hi I am seeing this exact issue on industrial Ethernet switches. It seems to not manifest itself initially but when an 802.1x port transitions to forwarding, with portfast enabled. It causes this issue on switches that are interconnected and on the same VLAN as port. If I disable CTS on the link between the switches. Spanning tree returns to normal operation. I might do a work around of removing CTS on the links interconnecting the switches. The switches can still get CTS environmental policy from ISE and get the SGT allocations via SXP. Did you ever discover the cause of this issue?