Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4460
Views
0
Helpful
11
Replies

Edge switch thinks it is the spanning tree root, gets blocked

Go to solution
ross.hansen
Level 1
Level 1

‎11-14-2017 07:36 AM - edited ‎03-08-2019 12:44 PM

We have (what I would consider) a fairly simple topology. I have a 4507 Core switch that has a trunk to a 2960X. The 2960X has a trunk port that connects to a 2960S edge switch. That link spans an ubiquiti ptp link. The following vlans are present across this link: 1 (native), 41, 42, 45 and 230. vlan 1 and 45 seem to pass just fine. I can get to the 2960 management interface on vlan 45. But vlans 41,42 and 230 get blocked and the switch thinks it's root for these vlans (but recognizes the 4507 as the root for 45).

 

The 2960S only has two active ports. G/01 (Trunk), and f0/1 (host - vlans 230,42)

It generates the following log messages:

%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 41 on GigabitEthernet0/1 VLAN42.
%SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet0/1 on VLAN0041. Inconsistent peer vlan.
%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on VLAN0042. Inconsistent local vlan.
%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 41 on GigabitEthernet0/1 VLAN230.
%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/1 on VLAN0230. Inconsistent local vlan.
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
%SPANTREE-5-ROOTCHANGE: Root Changed for vlan 45: New Root Port is GigabitEthernet0/1. New Root Mac Address is 00f6.6361.6d00
%SPANTREE-5-TOPOTRAP: Topology Change Trap for vlan 45
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan45, changed state to up
%NTP-6-PEERREACH: Peer 192.168.45.2 is reachable

 

Any ideas on what is causing this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
BradEast1
Level 3
Level 3
In response to ross.hansen

‎11-14-2017 08:37 AM

Your Cisco config looks good from what I can tell. I would check the ubiquiti to make sure it is passing the correct tags on the P2P link.

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎11-14-2017 07:52 AM

Hi there,

On the 2960X and 2960S, looking at the interfaces used to connect them what is the output of:

 

sh int gix/x switchport

 

What version of IOS are you running on the 2960X and 2960S. There are a few bugs related to %SPANTREE-2-RECV_PVID_ERR

 

cheers,

Seb.

 

 

0 Helpful

Go to solution
ross.hansen
Level 1
Level 1
In response to Seb Rupik

‎11-14-2017 08:07 AM

2960X port 4/0/4 (IOS 15.2(2)E7):

sh int g4/0/4 switchport
Name: Gi4/0/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

 

 

2960S port g0/1 (IOS 12.2(55)SE12):

sh int g0/1 switchport
Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to ross.hansen

‎11-14-2017 08:25 AM

Looks good to me.

Looking at the error message maybe the issue is on the L3 switch, sending BPDU with the incorrect VLAN ID. What IOS is the 4507 running? could be this bug:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb98872

0 Helpful

Go to solution
ross.hansen
Level 1
Level 1
In response to Seb Rupik

‎11-14-2017 08:31 AM - edited ‎11-14-2017 08:34 AM

4507 is on 15.1(1r)SG10

ver 03.06.07.E

 

Oh, and these aren't new vlans and looks like we're not on the "known affected release".

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to ross.hansen

‎11-14-2017 08:35 AM

What supervisor does it have installed?

 

sh inv

0 Helpful

Go to solution
ross.hansen
Level 1
Level 1
In response to Seb Rupik

‎11-14-2017 08:59 AM

2 supervisors, both WS-X45-SUP8-E

also looking at wireless link closer to see if it's tagging as expected.
0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-14-2017 08:03 AM - edited ‎11-14-2017 08:20 AM

Hello

Does the trunk between the 2960x and 2960s have inconsistnt native vlans?

 

Make sure both sides of that interconect have the same native vlan, and allows the vlans you need to traverse it.

Have the layer 2 vlans being propergated into the vtp d/b of both swtches?

 

sh vlan brief
sh int trunk
sh vtp status

res
Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
ross.hansen
Level 1
Level 1
In response to paul driver

‎11-14-2017 08:28 AM

There are inconsistent ports:

VLAN0041             GigabitEthernet0/1       Port VLAN ID Mismatch
VLAN0042             GigabitEthernet0/1       Port VLAN ID Mismatch
VLAN0230             GigabitEthernet0/1       Port VLAN ID Mismatch

 

The same on both switches.

 

From 'sh vlan brief' I don't see the trunk port listed anywhere accept vlan1.  But I would expect that if it's being blocked.

 

From 'sh in trunk' I see from 2960S
Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1
Port        Vlans allowed on trunk
Gi0/1       1-4094
Port        Vlans allowed and active in management domain
Gi0/1       1,41-42,45,230
Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,45

From 2960S:

Port        Mode             Encapsulation  Status        Native vlan
Gi2/0/24    on               802.1q         trunking      1
Gi4/0/4     on               802.1q         trunking      1
Gi4/0/51    on               802.1q         trunking      1
Gi4/0/52    on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi2/0/24    1-4094
Gi4/0/4     1-4094
Gi4/0/51    1-4094
Gi4/0/52    1-4094

Port        Vlans allowed and active in management domain
Gi2/0/24    1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999
Gi4/0/4     1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999
Gi4/0/51    1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999
Gi4/0/52    1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999

Port        Vlans in spanning tree forwarding state and not pruned
Gi2/0/24    1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999
Gi4/0/4     1,10-15,33,43,45,72,95,141,172,196,200,232,235,241,999
Gi4/0/51    1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999
Gi4/0/52    1,10-15,33,41-43,45,72,95,141,172,196,200,230,232,235,241,999

 

Lastly, we aren't currently utilizing vtp. We've recently built out new areas in the facility and thats looking like something we should use.

0 Helpful

Go to solution
BradEast1
Level 3
Level 3
In response to ross.hansen

‎11-14-2017 08:37 AM

Your Cisco config looks good from what I can tell. I would check the ubiquiti to make sure it is passing the correct tags on the P2P link.

0 Helpful

Go to solution
ross.hansen
Level 1
Level 1
In response to BradEast1

‎11-15-2017 11:42 AM

Thanks everyone, looks like the P2P link was messing with the tags. Modified them and it's all passing as expected. Spanning-tree is unblocked and recognizing the true root.
0 Helpful

Go to solution
paul driver
VIP
VIP
In response to ross.hansen

‎11-14-2017 11:46 AM - edited ‎11-14-2017 11:51 AM

Hello

Do you have have any other devices between these two switches? , As the problem seems to suggest an STP inconsistancy which needs to be identified, Can you please post a topology

diagram of your network and if applicable the config of both these switches.

 

Include:
sh spanning-tree summary

 

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card