Solved: Re: Need Advice for redundancy between two Nos of 4510R-E - Page 3

Dipesh Patel · ‎10-21-2009

Dear All,

Pls suggest me the configuration for two Nos of 4510R-E chassis with 2 nos of SUP V plus 2 10GE.

On both switches config must be same.

Config will include 1 backbone vlan and some static routes.

I want to implement redundancy of Backbone for distribution using HSRP and also SUP redundancy.

Also want to know the config for using 3 nos of link between two 4510R-E .

Pls give me the sample config....

Regards,

Dipesh P.

Giuseppe Larosa · ‎11-10-2009

Hello Dipesh,

yes spanning-tree loop guard application is not intuitive.

My initial understanding of the feature was to apply it only on uplinks on access layer switch side but recommendations are different

It is recommended to apply it practically on all links both sides.

We are doing so in most of our more recent campus networks including links between core/distribution.

About UDLD: yes it is ok to use it.

For some time I thought it was not fast enough for rapid STP but I got a good explanation by cisco expert Francois Tallet.

I'm going to look at your attachment file

Edit:

the switch gi0/28 is configured as trunk port with native vlan5.

Nov 6 12:27:31: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on GigabitEthernet0/28 VLAN5.

this message means a wrong BPDU was received in vlan 5 with an internal vlan-id of 1 like the other end was using for a moment vlan1 as the native vlan.

these other messages are related to loop guard

Nov 8 20:16:56: %SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port GigabitEthernet0/3 on VLAN0001.

in this case: no BPDU for vlan 1 was received on port gi0/3 and instead of promoting the port to designated port for segment and to go in STP forwarding state the port is placed in inconsistent state.

This should be loop guard in action that blocks some topology changes that could lead to a brigding loop.

Normally the restore message happens quickly in your case I see

Nov 8 20:24:32: %SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port GigabitEthernet0/3 on VLAN0001.

it happened 7 minutes later.

it is this the RF link ?

it may be considered to skip loop guard on it for the nature of the media.

to be honest from time to time STP loop guard produces events in our networks but it recovers quickly.

Hope to help

Giuseppe

Dipesh Patel · ‎11-10-2009

Dear Giuseppe,

Thanks,

Is everything is ok ?

The config shown is same for all distribution sw. And there many times when due to looping one or many ports goes in to errdisable state and the same NW goes down.

So what should I change in this config?

If I use native vlan is seperate,not used and all port is either access or trunk than it is ok or what it is is ok?

And in a New NW as discussed earlier I am trying to change with OSPF and STP features what should I remove and what should I add?

Pls suggest.

Regards,

Dipesh P.

Giuseppe Larosa · ‎11-12-2009

Hello Dipesh,

if I have understood you correctly you are experiencing brief interruptions on several uplinks caused by STP loop guard.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/stp_enha.html#wp1033825

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml#loop_guard_considerations

loop guard should be able to put in a incosistent state selectively on a per vlan basis.

when you see the messages you see block for all vlans permitted on the trunk at the same time or only for some of them?

About configurations proposed for new setup they should be fine.

but this issue looks like more urgent now.

It may be wise to open a service request with TAC.

Hope to help

Giuseppe

Dipesh Patel · ‎11-13-2009

Dear,

I think the problem can be solved by new config.

As I have seen for many of Vlan Root is random instead it should be the same where the vlan is created and for backbone vlan root should be CORE switch . M I right ?

And in new config if I will enable loopguard on all ports ( Spanning tree loop guard default ) than is it ok ? or will it create any problem.

Dipesh P.

Giuseppe Larosa · ‎11-13-2009

Hello Dipesh,

yes in the new config template root bridge is enforced for all Vlans with explicit command.

this is good.

About STP loop guard probably that is a possible explanation of why it is recommended to configure it on both ends of a link.

as explained in the documents in previous post you can use the command

spanning-tree loop guard default

However, I think it makes sense to use it only on inter-switches links not on access ports

So I would enabled it on a per port basis to have more control.

To be honest we cannot say that all these STP events will disappear.

Hope to help

Giuseppe

Dipesh Patel · ‎11-16-2009

Dear Giuseppe,

Can I solve this problem by this way ;

â€¢ Many of the Vlans Roots are selected randomly except Vlan 2 Backbone. Hence I need to tune STP so that for all Vlan Root will be the 3560 SW only for the perticular SWitch block except the backbone vlan.

â€¢ STP convergence time is more than expected.

May be some perticular time the Process CPU is higher and due to that STP convergence take longer time. I have seen Spaaningtree sumurry and it shows no of STP instances are around 300. This can be reduced by VTP prunning and allowing onluy required no of Vlans on trunk. And also need to remove unneccessaru Vlans.

â€¢ More than one no of Native Vlan on topology.

We can use One Native Vlan common for all and this Vlan has no IP address. not routed.

This can solve the problem of Native Vlan Mismatch.

Pls suggest it is ok. Any bad effect is possible for the above solution ?

Will I get solution from this?

Pls suggest.

Dipesh P.

Dipesh Patel · ‎11-20-2009

Dear,

Pls reply ...

Giuseppe Larosa · ‎11-21-2009

Hello Dipesh,

it is nice to see this long thread has not been lost in the forum upgrade!

I answer to your questions:

1) Many of the Vlans Roots are selected randomly except Vlan 2 Backbone. Hence I need to tune STP so that for all Vlan Root will be the 3560 SW only for the perticular SWitch block except the backbone vlan.

â€¢ STP convergence time is more than expected.

yes for both the solution is to configure C3560 distribution nodes as the root bridge for all client vlans of the switch block

2) have seen Spaaningtree sumurry and it shows no of STP instances are around 300.

to limit number of running STP instances use switchport trun allowed vlan VTP pruning is NOT effective in this contrary to popular belief.

VTP pruning helps in limiting unnecessary traffic to be sent on L2 trunk ports. for a switch it is enough to have a vlan permitted on a single trunk to run an STP instance.

each C3560 distribution should run N+1 vlans if N are the client vlans.

Currently there is a risk that vlans extend in all campus. This has to be avoided

3) using a common native vlan on all trunks without IP services over it is recommended also for security reasons. I would do it

All these will provide improvements over current scenario. As I noted in previous posts if after all these changes you still see STP events it may be wise to open a service request

Hope to help

Giuseppe

Dipesh Patel · ‎11-25-2009

Sorry for late response.

Thanks for your help during long conversation.

Dipesh P.