Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3854
Views
1
Helpful
2
Replies

Mutiple spanning-tree root bridges

gkuzmowycz
Level 1
Level 1

‎01-22-2015 03:23 PM - last edited on ‎03-25-2019 04:31 PM by Community Manager

We've started installing some new 3650 switches (replacing 3560's at the access layer) running XE 03.03.05SE. We've run into some problems as a result of "ip device tracking" being on by default, but in the process of debugging I've found that three separate switches all believe they are the spanning-tree root bridge for the same VLANs. The new switches are by default in rapid-pvst mode; the distribution switches are set to rapid-pvst as well. All 3650's are dual-homed.

SW1#sh span vlan 999

VLAN0999
  Spanning tree enabled protocol rstp
  Root ID    Priority    33767
             Address     78da.6e6f.6d00
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
             Address     78da.6e6f.6d00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/1/4             Desg FWD 4         128.52   P2p
Gi2/1/4             Desg FWD 4         128.116  P2p

 

SW2#sh span vlan 999

VLAN0999
  Spanning tree enabled protocol rstp
  Root ID    Priority    33767
             Address     f40f.1b84.9680
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
             Address     f40f.1b84.9680
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/1/3             Desg FWD 4         128.51   P2p
Gi1/1/4             Desg FWD 4         128.52   P2p

 

SW3#sh span vlan 999

VLAN0999
  Spanning tree enabled protocol rstp
  Root ID    Priority    33767
             Address     78da.6e6f.7180
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33767  (priority 32768 sys-id-ext 999)
             Address     78da.6e6f.7180
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/1/3             Desg FWD 4         128.51   P2p
Gi2/1/4             Desg FWD 4         128.116  P2p

Switch 1 seems to behave as if it is the real root, but this still does not make much sense to me. Does anyone have an explanation? It's been a long time since my switching class, and I very seldom have to deal with spanning-tree issues.

 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎01-22-2015 03:41 PM

Hi,

Having more than one root switch for a VLAN is definitely a sign of some foul play. A contiguous VLAN can never have more than one root switch. Multiple root switches would occur if, for example, the trunks interconnecting the switches had this VLAN excluded from the list of allowed VLANs, or if they were interconnected by access ports (in a different VLAN) rather than trunks. Another possibility could be an inappropriately constructed MAC ACL or VLAN ACL inadvertently block BPDUs. In any case, this may be a source of serious trouble.

Without further information about your network, it is difficult to suggest anything more specific. Would it be possible to post a diagram explaining your network topology? Also, would it be possible to post the show span root and show span bridge outputs from every switch in your network?

Thank you!

Best regards,
Peter

gkuzmowycz
Level 1
Level 1
In response to Peter Paluch

‎01-23-2015 10:34 AM

Thank you for taking the time to respond.

 

I have in fact found what I think is the cause of the problem: some of the uplink ports have VLAN pruning in effect on one side and not the other, so that traffic on the VLANs which are showing the multiple purported roots is not bidirectional to/from the switches which *think* they are roots. They are, I suspect, isolated from a BPDU perspective.

 

Your suggestions were instrumental in locating this problem, for which I thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card