Solved: Loop guard inconsistent - Page 2

aok · ‎10-22-2018

Hello

We have a pair of Nexus 9363 switches connected to a Dell 5548 switch stack and a pair of Meraki MX100s connected to the Dells. The firmware on the MX100s was upgraded yesterday and after the reboot they are not able to reach their gateway. The SVI for the vlan resides on the Nexus core pair. We see this in the Nexus logs:

2018 Oct 21 23:16:47 VCR1C1R4CS1 %STP-2-LOOPGUARD_BLOCK: Loop guard blocking port port-channel102 on VLAN0085.

Here is the vlan's configuration and spanning-tree output:

VCR1C1R4CS1# sh spanning-tree vlan 85

VLAN0085
Spanning tree enabled protocol rstp
Root ID Priority 36949
Address 0078.8810.52af
This bridge is the root
Hello Time 4 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 36949 (priority 36864 sys-id-ext 85)
Address 0078.8810.52af
Hello Time 4 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po7 Desg FWD 200 128.4102 (vPC) P2p
Po8 Desg FWD 200 128.4103 (vPC) P2p
Po9 Desg FWD 200 128.4104 (vPC) P2p
Po10 Desg FWD 200 128.4105 (vPC) P2p
Po11 Desg FWD 200 128.4106 (vPC) P2p
Po12 Desg FWD 200 128.4107 (vPC) P2p
Po23 Desg FWD 200 128.4118 (vPC) P2p
Po49 Desg FWD 250 128.4144 (vPC peer-link) Network P2p
Po101 Desg FWD 200 128.4196 (vPC) P2p
Po102 Desg BKN*200 128.4197 (vPC) P2p *LOOP_Inc
Po103 Desg FWD 200 128.4198 (vPC) P2p
Po104 Desg FWD 200 128.4199 (vPC) P2p
Po105 Desg FWD 200 128.4200 (vPC) P2p
Po106 Desg FWD 200 128.4201 (vPC) P2p
Po109 Desg FWD 200 128.4204 (vPC) P2p
Po110 Desg FWD 200 128.4205 (vPC) P2p
Po200 Desg FWD 200 128.4295 (vPC) P2p
Po201 Desg FWD 200 128.4296 (vPC) P2p
Po989 Desg FWD 200 128.5084 (vPC) P2p

___

VCR1C1R4CS1# sh run int vlan 85

!Command: show running-config interface Vlan85
!Time: Mon Oct 22 18:44:18 2018

version 7.0(3)I2(3)

interface Vlan85
description Meraki Handoff
no shutdown
ip address 172.19.11.44/29
hsrp version 2
hsrp 85
authentication md5 key-string 85
preempt delay minimum 30
priority 110
timers 1 3
ip 172.19.11.41

___

The port-channel from the Nexus to Dell's is po102 and consists of ports E1/3 and E/4. Both physical ports and the port-channel are up and passing traffic, but vlan 85 is no longer being passed through it.

___

The Dell switches are connected to the Nexus switches on ports Te1/0/1, Te1/0/2, Te2/0/1 & Te2/0/2 bundled into Po30. Ports gi1/0/19, gi1/0/20, gi2/0/19 & gi2/0/20 are all access ports in vlan 85 connecting to the two Meraki MX100s.

___

My question is....how do we get vlan 85 working on the link between the Nexus and Dell switches without impacting other traffic?

Please let me know what additional information you need.

Thanks

A

paul driver · ‎11-07-2018

Hello

Why do you have the lan port of the MX in access mode, isnt this carrying multiple vlans?

Have you tried aggregating the two lan ports connecting into the MX?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

aok · ‎11-07-2018

It's just carrying 1 transit vlan. The MX participates in site-to-site VPN and this MX is the remote sites' way in to access resources.

No we haven't tried aggregating the ports. You mean putting gi1/0/19 & 2/0/19 into a port-channel and the same with 1/0/20 & 2/0/20? Or putting all four ports in one port-channel? I don't know if the MXs are capable of port aggregation on their end but can check.

Thanks

A

aok · ‎11-19-2018

Removing portfast from the access ports on the Dell switch resolved the issue.