Re: mst vlans issue

tferg155 · ‎09-13-2021

hello everyone

I have a problem and i hope to find the solution here so i have a lab with 3 switches 1 core and 2 aggr all the switches are linked together using etherchannel and MSTP

all the switches have hosts on valns 10 20 30 40 50 60

all the informations are below in the config

MY PROBLEM IS WHY SWITCH 3 IS BLOKING THE VLAN

hosts int switch 1 and 2 can reach each other and also can reach switch 3 but SWITCH CAN NOT REACH ANY OF THEM

I WILL BE HAPPY IF SOMEONE GIVE THE SOLUTION

this is the diagram

SWITCH 1CORE CONFIG

S1(config)#do sh run
Building configuration...

Current configuration : 3153 bytes
!
! Last configuration change at 02:42:14 UTC Tue Sep 14 2021
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ipv6 cef
ipv6 multicast rpf use-bgp
no ip icmp rate-limit unreachable
!
no ip domain-lookup
ip cef
!
!
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name INE
revision 6767
instance 1 vlan 10, 20
instance 2 vlan 30, 40
instance 3 vlan 50, 60
!
spanning-tree mst 1-3 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 2 mode desirable
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 1 mode desirable
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 1 mode desirable
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 2 mode desirable
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet2/3
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/0
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/1
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/2
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/3
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
!
interface Vlan40
ip address 192.168.40.1 255.255.255.0
!
interface Vlan50
ip address 192.168.50.1 255.255.255.0
!
interface Vlan60
ip address 192.168.60.1 255.255.255.0
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

SWITCH 2 CONFIG

S2(config)#do sh run
Building configuration...

Current configuration : 2972 bytes
!
! Last configuration change at 02:42:10 UTC Tue Sep 14 2021
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname S2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ipv6 cef
ipv6 multicast rpf use-bgp
no ip icmp rate-limit unreachable
!
no ip domain-lookup
ip cef
!
!
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name INE
revision 6767
instance 1 vlan 10, 20
instance 2 vlan 30, 40
instance 3 vlan 50, 60
!
spanning-tree mst 1-3 priority 28672
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name IT
!
vlan 20
name PR
!
vlan 30
name HR
!
vlan 40
name SLAES
!
vlan 50
name SUPPORT
!
vlan 60
name SOCIAL
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Port-channel3
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 3 mode desirable
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 2 mode desirable
!
interface Ethernet0/2
duplex auto
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 3 mode desirable
!
interface Ethernet1/0
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 2 mode desirable
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet2/3
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/0
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/1
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/2
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/3
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

SWITCH 3 CONFIG

S3(config-if)#do sh run
Building configuration...

Current configuration : 2935 bytes
!
! Last configuration change at 02:42:06 UTC Tue Sep 14 2021
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname S3
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ipv6 cef
ipv6 multicast rpf use-bgp
no ip icmp rate-limit unreachable
!
no ip domain-lookup
ip cef
!
!
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name INE
revision 6767
instance 1 vlan 10, 20
instance 2 vlan 30, 40
instance 3 vlan 50, 60
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name IT
!
vlan 20
name PR
!
vlan 30
name HR
!
vlan 40
name SLAES
!
vlan 50
name SUPPORT
!
vlan 60
name SOCIAL
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel3
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 3 mode desirable
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 1 mode desirable
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 3 mode desirable
!
interface Ethernet1/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
channel-protocol pagp
channel-group 1 mode desirable
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
switchport access vlan 10
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet2/3
switchport access vlan 20
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/0
switchport access vlan 30
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/1
switchport access vlan 40
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/2
switchport access vlan 50
switchport mode access
duplex auto
spanning-tree portfast
!
interface Ethernet3/3
switchport access vlan 60
switchport mode access
duplex auto
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

balaji.bandi · ‎09-13-2021

hosts int switch 1 and 2 can reach each other and also can reach switch 3 but SWITCH CAN NOT REACH ANY OF THEM

When you mention can reach also switch3 ? in terms of what? switch 2 and 3 as per the config only Layer2, how they can be reachable?

Due to STP, i am sure one of the Link will be BLOCK mode, you can change show spann block

You need to explain more, is the devices connected to Switch3 ports are up and running ?

Also all the switches are configured as desirable, is this intention of the test ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

tferg155 · ‎09-13-2021

thanks for your replay

update the switch 3

by its self the switch 3 response to pings sometime and sometimes the ping from the core and switch 2 made it to switch 3 but switch 3 doesn't know how to response back its very very confusing

you wrote that switch 2 and 3 are L2 how are they reachable the S2 and S3 are forwarding packet to the core why do i need them to operate at L3 even though i make them operate at level 3 still its the same am i wrong sir ? anyway i don't know maybe my gns3 is causing the problem or the vpcs i don't know my config seems fine

about STP he is blocking the port between him and switch 2

the core switch is the primary root switch 2 is the secondary root

all the link in switch 3 are up and running

for the etherchannel i just wanted to bundle the links this not why i build this topology the desirable mode should work fine or there a problem with it too ??

thanks again sir

paul driver · ‎09-14-2021

Hello
I dont see any mgt addressing on either of those switches, is it just the case you have negated posting that?

Regards STP, the MST estate is now ran on a per instance not per vlan so, So you should NOT be manually pruning any vlans off any trunks, also make sure all the switches have their vlan database populated correctly with all vlans ran on the MST instances.

sh etherchannel summary
sh spanning-tree mst detail
sh spanning-tree blockedports

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

tferg155 · ‎09-14-2021

can you be more specific please

paul driver · ‎09-14-2021

Hello

@tferg155 wrote:

can you be more specific please

Are you manually pruning vllans off any trunks?
What ports are actually being blocked by stp , can you post this
Do you have any issues with link aggregation.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

tferg155 · ‎09-15-2021

hello thanks for your replay

look at this

S1(config-if)#do sh int t

Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 1
Po2 on 802.1q trunking 1

Port Vlans allowed on trunk
Po1 1-4094
Po2 1-4094

Port Vlans allowed and active in management domain
Po1 1,10,20,30,40,50,60
Po2 1,10,20,30,40,50,60

Port Vlans in spanning tree forwarding state and not pruned
Po1 none
Po2 1,10,20,30,40,50,60

S2(config-if)#do sh int t

Port Mode Encapsulation Status Native vlan
Po3 on 802.1q trunking 1
Po2 on 802.1q trunking 1

Port Vlans allowed on trunk
Po3 1-4094
Po2 1-4094

Port Vlans allowed and active in management domain
Po3 1,10,20,30,40,50,60
Po2 1,10,20,30,40,50,60

Port Vlans in spanning tree forwarding state and not pruned
Po3 none
Po2 1,10,20,30,40,50,60

S3(config-if)#do sh int t

Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 1
Po3 on 802.1q trunking 1

Port Vlans allowed on trunk
Po1 1-4094
Po3 1-4094

Port Vlans allowed and active in management domain
Po1 1,10,20,30,40,50,60
Po3 1,10,20,30,40,50,60

Port Vlans in spanning tree forwarding state and not pruned
Po1 1,10,20,30,40,50,60
Po3 1,10,20,30,40,50,60

truks port are allowing 1-4094

stp is blocking port e0/0 e0/3 on switch 2

link aggregation are configured and bundle with no problem

i have 2 question

-do i need to open int vlan 10-60 with ip addresses on all the switch or just the core switch like im doing now is enough since the switch 2 and 3 are forwarding to the core

-and can the link aggregation cause a problem with mstp even if its well configured ?

Giuseppe Larosa · ‎09-15-2021

Hello @tferg155 ,

you have confugured Switch1 in the following manner:

spanning-tree mst configuration
name INE
revision 6767
instance 1 vlan 10, 20
instance 2 vlan 30, 40
instance 3 vlan 50, 60
!
>> spanning-tree mst 1-3 priority 24576

This means that this switch is root bridge for all MST instances 1 to 3 and as a result of this:

on Switch 2 you have:

Port Vlans in spanning tree forwarding state and not pruned
Po3 none

Po2 1,10,20,30,40,50,60

Each MST instance takes the same decision because the root bridge is the same for all of them.

There is nothing wrong in this. Each port-channel is seen as a single logical link by STP ( any type inlcuding MST)

To be noted we don't know who is the root bridge of instance 0 the IST instance but at the moment all your VLANs in use are associated to MST instances 1 to 3.

About your questions:

>> -and can the link aggregation cause a problem with mstp even if its well configured ?

No the two protocols work in combination with STP that sees each bundle as a logical link and sends its BPDU out a single member link , PAGP manages each single link by sending and receiving its own L2 PDUs.

to be noted nowdays LACP is to be preferred over PAGP,

.

>> do i need to open int vlan 10-60 with ip addresses on all the switch or just the core switch like im doing now is enough since the switch 2 and 3 are forwarding to the core

Doing it on two switches of 3 , and using FHRP protocols like HSRP in each VLAN would provide default gateway redundancy to end users ( the HSRP VIP is different from SVI IP addresses but it is in the same IP subnet)

For a real world network would be a true benefit in lab it can be a chance to use HSRP or VRRP or GLBP.

Edit:

check who is the root bridge for instance 0, because all MST instances are actulally packed within a single BPDU with sections for each MST instance and the BPDU is asociated to instance 0 and all other MST instances.

show spanning-tree instance 0 detail

or

show spanning-tree mst instance 0 detail

Hope to help

Giuseppe

tferg155 · ‎09-15-2021

thanks you for your replay

Youu did clear some things thank you for that but giving this config can all the end hosts ping each other or my config is not correct ? ex end host in vlan 10 on SW2 can ping end hosts in vlan 10 on SW 1 and 3?

in my case hosts in SW 2 cant ping others hosts in SW1 and SW2 and for sec everything work fine and return to the same problem its very confusing that my problem in the first place look at thiis from SW 2

sh spanning su

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
MST0 1 0 0 13 14
MST1 1 0 0 3 4
MST2 1 0 0 3 4
MST3 1 0 0 3 4
---------------------- -------- --------- -------- ---------- ----------
4 msts 4 0 0 22 26

for your question the root for MST0 is the SW1 is the root for all mst inst

also i read that the core switch most be the root in real world network is that true or it depand on the designee of the network

UPDATE

SW 3 en hosts now are the cant ping hots in SW1 and SW2 and SW2 and SW1 host can ping on each other this the problem may be the GNS3 ? i do know

THANK YOU AGAIN

balaji.bandi · ‎09-14-2021

Not sure what you mean by SW2 ad SW3 reachable ? i do not see any configuration on the switch check can be reachble on Layer 3 ?

May be end Device can be reachbale, since it is device connected with IP.

as long as your vpc configured right VLAN IP address and Gateway, SW1 can take of routing.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎09-13-2021

check the native VLAN in all three SW it must be same.

tferg155 · ‎09-13-2021

thank you for your replay

of course all the switches are in the same native vlan 1 and its shut down so its not a native vlan problem thanks again

MHM Cisco World · ‎09-15-2021

Friend vlan 1 which is default native vlan can not shut down.

also native vlan must be up because each mst group exchange BPDU message with each other using native vlan.

tferg155 · ‎09-15-2021

yeah true i did open the vlan 1 also the same thanks for your replay

Mohsin Alam · ‎09-13-2021

can you post the lab file ?

## Make sure to mark post as helpful, If it resolved your issue. ##