08-05-2008 03:30 PM - edited 03-06-2019 12:38 AM
It's Cisco shop ranging from Cat2900 to 3750 (dual 3750 is stacked with 2 units used as a core and router)
Everything within VLAN 1 (management VLAN) is working (10+ Servers & few workstations)
Accessing any vlan (In/out) is next to impossible as 40% of packets are dropped.
Even within all VLAN's packets are dropped, except from VLAN 1 which works just fine
suspect is spanning tree configuration or misconfiguration but there is no blocked ports or any errors or core switch overload.
Problem started when I have configured already in production swith for trunking but that switch had duplicate IP(IP address of an old switch - 1900 series that should't be in production to begin with). I have removed that VLAN (and old switch from VTP server and changed the IP address on the switch, configured as a VTP Client and VTP Domain name - VLANs propagated from Core/VTP Server but problem is still there.
Thank you for any assistance or suggestion you may have.
==================================
Access switch :
3750_M_Office#sho spanni root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 1000 0004.27be.4d40 12 2 20 15 Gi1/0/49
VLAN0003 32768 0004.27be.4d41 12 2 20 15 Gi1/0/49
VLAN0004 32768 0004.27be.4d42 12 2 20 15 Gi1/0/49
VLAN0005 32768 0004.27be.4d43 12 2 20 15 Gi1/0/49
VLAN0006 32768 0004.27be.4d44 12 2 20 15 Gi1/0/49
VLAN0007 32768 0004.27be.4d45 12 2 20 15 Gi1/0/49
VLAN0008 32768 0004.27be.4d46 12 2 20 15 Gi1/0/49
VLAN0009 32768 0004.27be.4d47 12 2 20 15 Gi1/0/49
VLAN0010 32768 0004.27be.4d48 12 2 20 15 Gi1/0/49
VLAN0011 32768 0004.27be.4d49 12 2 20 15 Gi1/0/49
VLAN0012 32768 0004.27be.4d4a 12 2 20 15 Gi1/0/49
VLAN0013 32768 0004.27be.4d4b 12 2 20 15 Gi1/0/49
VLAN0020 32768 0004.27be.4d4c 12 2 20 15 Gi1/0/49
Core switch:
interface Vlan1
description Management Interface
ip address 10.0.0.30 255.0.0.0
!
interface Vlan3
description Steelprep
ip address 192.168.3.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan4
description Works Office
ip address 192.168.4.1 255.255.255.0
ip helper-address 10.0.0.1
ip helper-address 192.168.2.1
!
interface Vlan5
description Time bunker
ip address 192.168.5.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan7
description QPS
ip address 192.168.7.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan9
description Q.A.
ip address 192.168.9.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan10
description Engineering VLAN
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan11
description HR 2nd Floor
ip address 192.168.11.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan12
ip address 192.168.12.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan13
description Warehouse
ip address 192.168.13.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
interface Vlan20
description Wireless
ip address 192.168.20.1 255.255.255.0
ip helper-address 10.0.1.1
ip helper-address 192.168.1.2
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
Core#show vtp st
VTP Version : 2
Configuration Revision : 10
Maximum VLANs supported locally : 1005
Number of existing VLANs : 17
VTP Operating Mode : Server
VTP Domain Name : NSC
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
08-05-2008 04:22 PM
You should figure out exactly where the root is, or if you want it to be your core switches (you do, trust me) then you should make sure they have the lowest priority.
In your 3750 stack, configure them for root priority. This command will allow the stack to automatically work out the priority for every VLAN so it is the root:
(config)# spanning-tree vlan 1-4094 root primary
Right now it looks like your root is off the core at port gig0/49. Maybe that device can't handle the traffic.
Let us know how it goes,
Ryan
08-05-2008 04:27 PM
Please provide a diagram and the STP configs of each switch....
VL
08-05-2008 06:19 PM
Thank you both for replies.
Hopefully attached info will provide adequate info Lamav requested.
Yes the root switch is the Core (stacked 3750)
What's annoying is that even from the core it self, provider of ip routing simple ping to VLANs (other that VLAN 1) will sometimes fail - 25% fail rate.
Again thank you for your replies
08-06-2008 05:39 AM
I reviewed quickly... your core switch is NOT the root for VLAN 1. Check this out:
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1000
Address 0004.27be.4d40
Cost 4
Port 3 (GigabitEthernet1/0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0016.461a.c500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
The root for VLAN1 is somewhere up port Gig1/0/3. This could be affecting you.
What about routing? Are you running any routing protocols? I don't think it's an issue here because you're talking about routing between vlans local on the switch, but if you're routing stuff into vlan1 which has an upstream root port and there's a layer 2 issue it might cause odd behaviour.
Also, is the server farm switch root port correct? If you're using etherchannel, are both links up and forwarding frames properly? Try turning UDLD on for the uplink ports, it will detect errors with unidirectional links. This can cause really weird stuff to happen if not detected. You need to turn it on on both sides of the link.
Let us know,
Ryan
08-06-2008 05:44 AM
I just noticed that it's an old 3500 that is root for vlan 1 and poor thing is overloaded.
as for wiring it is a mess to say the list.
All links are up & running but will follow suggestion & turn on UDLD.
Thank you very much for your reply
Regards,
Trbonja
08-06-2008 06:52 AM
With UDLD turned on the Server Farm switch I can't see any errors
Anything else I can try?
Thank you
Trbonja
Interface Gi1/0/25
---
Port enable administrative configuration setting: Follows device default
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Unknown
Current operational state: Advertisement
Message interval: 7
Time out interval: 5
No neighbor cache information stored
Interface Gi1/0/26
---
Port enable administrative configuration setting: Follows device default
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Unknown
Current operational state: Advertisement
Message interval: 7
Time out interval: 5
No neighbor cache information stored
08-06-2008 07:39 AM
You need to turn it on on both sides of the link. It should look something like this:
Interface Gi1/1
---
Port enable administrative configuration setting: Enabled / in aggressive mode
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 15
Time out interval: 5
Entry 1
---
Expiration time: 44
Device ID: 1
Current neighbor state: Bidirectional
Device name: 00d0003aa400
Port ID: 3/3
Neighbor echo 1 device: SCA033000W6
Neighbor echo 1 port: Gi1/1
Message interval: 15
Time out interval: 5
CDP Device name: SCA03430130
If you already turned it on on both sides of the link, it's possible the messages aren't getting there, which would be the sign of a problem.
Ryan
08-06-2008 09:56 AM
It was enabled on both ends but it took almost 5 min to get the cdp info.
I have specified core (stacked 3750) as primary and and another barely used 3750_equipment as a secondary. Path costs are below and I'm not sure if they are adequate
Attached diagram as some one else requested is attached. VLAN 10 (prodend) is very high priority.
Thank you
Trbonja
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1
Address 0016.461a.c500
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address 0016.461a.c500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/3 Desg FWD 4 128.3 P2p
Gi1/0/4 Desg FWD 4 128.4 P2p
Gi1/0/5 Desg FWD 4 128.5 P2p
Gi1/0/7 Desg FWD 19 128.7 P2p
Gi1/0/8 Desg FWD 19 128.8 P2p
Gi1/0/9 Desg FWD 19 128.9 P2p
Gi1/0/10 Desg FWD 4 128.10 P2p
Po1 Desg FWD 3 128.616 P2p
Po3 Desg FWD 3 128.632 P2p
Gi2/0/3 Desg FWD 4 128.55 P2p
Gi2/0/5 Desg FWD 4 128.57 P2p
Gi2/0/6 Desg FWD 19 128.58 P2p
Gi2/0/7 Desg FWD 19 128.59 Shr
Gi2/0/9 Desg FWD 4 128.61 P2p
Gi2/0/10 Desg FWD 4 128.62 P2p
08-05-2008 07:10 PM
if u send a simple diagram will be easier to have look at
by the way in the following valn i think the second dhcp server is configured mistakenly
interface Vlan4
description Works Office
ip address 192.168.4.1 255.255.255.0
ip helper-address 10.0.0.1
ip helper-address 192.168.2.1
08-06-2008 03:12 AM
I've used the cofing backup on the core - no change.
Removed all trunks but 2 - 3750_server_farm & 3750_Main_ofice - No Change.
As soon as I can spare some time I'll make a diagram.
Again, thank you
Regards,
Trbonja
08-06-2008 10:00 AM
Both of them were mistyped. Corrected. Thank you for the info
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide