Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1893
Views
0
Helpful
9
Replies

Multiple switches one trunk port

Go to solution
dan.letkeman
Level 4
Level 4

‎09-22-2012 04:07 PM - edited ‎03-07-2019 09:02 AM

Hello,

We have 7 3560's in 7 different locations connected to our providor for wan access.  Our provider has given us a copper cable at each point and we have connected it directly to our 3560 switch at each location.  Each port is configured the same way at each location.  Each switch is running eigrp.

All of the switch ports on each switch are configured as a trunk and vlan 299 had the ip address for the eigrp connection:

interface GigabitEthernet0/14

switchport trunk encapsulation dot1q

switchport trunk native vlan 299

switchport trunk allowed vlan 299,205,245,757

switchport mode trunk

This setup is working as each switch see's all of the other switches as an eigrp neighbor.  We have also made sure that the switch at our head office has spanning tree priority for vlan 299.

So the problem is, if there is a change in the topology at one of the locations it usually causes one or more of the other connections to go down for some reason.  We just cannot pinpoint what is causing this change.  There are no log's or anything that helps other than an eigrp hold time expired message.

Is there a different way we should be configuring this?  Should our provider be configuring something differently?

Thanks,

Dan.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-22-2012 04:17 PM

Hello Dan,

You seem to be using a kind of Layer2 VPN (VPLS, Q-in-Q or MAC-in-MAC) in which your tagged frames are transparently tunneled across provider's network. It is possible that the STP is tunneled, too, and that is precisely what I am aiming at: perhaps the topology change occuring on one site causes STP to recalculate the active topology, and it may take 50 seconds in the worst case, and 30 seconds in the slightly better case. That could explain the reason why your EIGRP adjacencies are flapping, as the Hold time in EIGRP is 15 seconds.

Are there any physical loops in the network between your sites? Theoretically, if there was no STP running between the sites, would there be a chance of a switching loop? So far, it seems that your topology is basically a star topology - the provider being the central "node" while your sites form the spokes, with no direct spoke-to-spoke links. Deactivating the STP on the trunks towards the provider could perhaps help in this case. If you are willing to try this out, add the following two lines to the trunk interfaces towards the provider:

spanning-tree portfast trunk

spanning-tree bpdufilter enable

The first command allows the trunk port to become forwarding rapidly (RSTP/MSTP should take care of that but it is not certain if your service provider speaks STP to you). The second command prevents STP BPDUs from being sent or processed on the interface. As I said, this might help but please be careful as deactivating STP in switched topologies must be done very, very cautiously.

Best regards,

Peter

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-22-2012 04:17 PM

Hello Dan,

You seem to be using a kind of Layer2 VPN (VPLS, Q-in-Q or MAC-in-MAC) in which your tagged frames are transparently tunneled across provider's network. It is possible that the STP is tunneled, too, and that is precisely what I am aiming at: perhaps the topology change occuring on one site causes STP to recalculate the active topology, and it may take 50 seconds in the worst case, and 30 seconds in the slightly better case. That could explain the reason why your EIGRP adjacencies are flapping, as the Hold time in EIGRP is 15 seconds.

Are there any physical loops in the network between your sites? Theoretically, if there was no STP running between the sites, would there be a chance of a switching loop? So far, it seems that your topology is basically a star topology - the provider being the central "node" while your sites form the spokes, with no direct spoke-to-spoke links. Deactivating the STP on the trunks towards the provider could perhaps help in this case. If you are willing to try this out, add the following two lines to the trunk interfaces towards the provider:

spanning-tree portfast trunk

spanning-tree bpdufilter enable

The first command allows the trunk port to become forwarding rapidly (RSTP/MSTP should take care of that but it is not certain if your service provider speaks STP to you). The second command prevents STP BPDUs from being sent or processed on the interface. As I said, this might help but please be careful as deactivating STP in switched topologies must be done very, very cautiously.

Best regards,

Peter

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to Peter Paluch

‎09-22-2012 04:25 PM

Wow, fast reply. 

There are no loops in the topology.  Our topology is a star like you mentioned and the providor would be the hub.  I had thought of of turning of spanning tree, but was leaning on the more cautious side and had not tried that yet.... I think that might be the only option to fix this problem.

Thanks,

Dan.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to dan.letkeman

‎09-23-2012 12:23 AM

Dan,

What STP version are you running on your sites, anyway? Is it PVST, RPVST or MSTP? Can you also confirm that your provider is tunneling the STP across his network?

Best regards,

Peter

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to Peter Paluch

‎09-23-2012 05:34 AM

I am running RPVST on all of the switches.  Yes, I can confirm that the provider is tunneling stp.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to dan.letkeman

‎09-23-2012 08:33 AM

Dan,

Thank you for the information. I wonder - is the EIGRP directly running on these switches, or are the EIGRP routers separate? I am basically trying to find out if the EIGRP routers are standalone devices possibly connected to these switches. If the ports towards the standalone EIGRP routers (if there are any) are not configured as PortFast ports then a topology change that creates a wave of RSTP Proposals/Agreements will put these ports to Discarding state and they will need 30s to recover.

Of course, ports between switches should never be configured as PortFast ports.

Best regards,

Peter

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to Peter Paluch

‎09-23-2012 08:36 AM

Eigrp is running on the 3560's.

Dan.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to dan.letkeman

‎09-23-2012 08:40 AM

Hello Dan,

Thanks for the reply. Hmmm, the RSTP (or RPVST) should not cause such outages...

Anyway - I suggest proceeding with the commands to disable STP on the appropriate ports towards your SP, and let's see if that helps. If it does, we should probably investigate why is the RPVST failing to react rapidly.

Best regards,

Peter

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to Peter Paluch

‎09-23-2012 08:41 AM

I will also be investigaing potential problems with our provider's network as well.

Thanks,
Dan.

0 Helpful

Go to solution
singhaam007
Level 3
Level 3

‎09-22-2012 04:31 PM

hello dan,

Explain bit more about what u changing in the topology ??

As you said you got “eigrp hold time expired message “

It could be

If no hellos are not received within the hold time, which is 15 seconds by default on most links, the router informs the neighbor that the neighbor relationship has been torn down and logs a syslog message

Check the routing table entries after the changes to verify the next-hop address is correct for the neighbor.

Other possibilities that can bring the neighbor relationship down are unidirectional links, uncommon subnet mismatches, mismatched masks, layer 2 problems, ACL deny statement, etc. may be after change these is an ACL with causing other links to go down.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094613.shtml

I am still a learner but hopefully this will help.

Please rate if this helps.

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card