Hello Alfred,

The behavior of STP should not differ with respect to native VLAN. Once a VLAN is created on a switch and is enabled on at least one physical switchport, STP should run an instance for it.

I suspect that the problem is related to your configuration of trunking, specifically, to the switchport mode dynamic desirable command. This instructs the switch to make this port a trunk port only when the other switch agrees also to trunk. This negotiation is performed using the Dynamic Trunk Protocol (DTP). Otherwise, the port remains an access port.

The behavior you observed very nicely aligns with the scenario that this DTP negotiation failed and the port remained in access mode instead of becoming a trunk. If the port remained in access mode, it was placed into its access VLAN which is, by default, VLAN1. Note that the entire trunk configuration is irrelevant if the port operates in access mode. Therefore, referencing native VLAN 805 had no effect - as an access port, it was assigned to VLAN1. Only when you used the switchport access vlan 805, you moved the port to access VLAN 805 and allowed the switch to start a STP instance for it. To put it simply, you may have thought that the port operates as trunk with native VLAN 805, but in reality, the port most probably operated as an access port placed into VLAN1. Only after adding the switchport access vlan command, you actually forced it to operate as an access port in VLAN 805 - but again, no trunk.

Using DTP to dynamically negotiate trunks is strongly discouraged. The DTP is a Cisco proprietary protocol so no other vendor uses it. DTP is spoken only by Cisco switches, not by Cisco routers. In addition, DTP requires both switches to have the same VTP domain configured even if you do not use or run VTP. All in all, you are not benefitted by running DTP and having your trunks negotiated dynamically - there's just too much clutter and too much volatility in dynamic trunk negotiation. You should definitely be configuring your trunks statically using the switchport mode trunk command.

Also make sure that the show interfaces trunk comand displays all appropriate trunk ports.

Can you try this out - converting your configuration to static trunks and moving away from DTP?

Best regards,

Peter

thanks for your comments.

@Peter, thanks for your detailed explaination. The port is definitive in trunking state and for the other vlans on the trunk (see above) RSTP works as expected, except the VLAN defined as native. BTW on the other side there is a C6509 with the same trunk configuration and on the 6509 even with IOS SUP-2T with IOS 15.0(1)SY1 also this workaround for the trunk is not needed. So its maybe a platform specific issue. 

Hello Alfred,

Thanks for information.

STP must run even in native VLAN. There is absolutely no exception allowed. Otherwise, the native VLAN would not be protected against loops and it could itself bring down your entire network. If your 3750X refuses to start a STP instance for the native VLAN then it is not a platform-specific behavior but either a misconfiguration or a bug.

I wonder... is it by any chance possible that you have more than 128 VLANs created and active on the 3750X? This platform allows at most 128 STP instances. If more VLANs are used then some of then won't be protected by per-VLAN STP. The only safe way in that case is to run MSTP.

If you are absolutely sure that the ports are operating as trunks, that you have less than 128 VLANs created on the switch, and that the STP for VLAN 805 is not explicitly deactivated using the no spanning-tree vlan 805 then I would be interested in seeing the output of the show vlan id 805 command.

This is indeed a most strange behavior...

Best regards,

Peter

I´ve got in total 12 VLANs in addition to the default VLANs. I also use VTP mode transparent.

Unfortunately, I am from mid of this week in production with the workaround command above,

so I am no longer able to easy reproduce the issue.

This is the output for VLAN 805 in working mode with the workaround command:

(Gi 1/0/1 is the Trunk Port)

sho vlan id 805

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
805  transfer-805                     active    Gi1/0/1

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
805  enet  100805     1500  -      -      -        -    -        0      0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

I also am not seeing native vlan spanning tree. One end is Cisco 2520 the other is a garretcom.  All other VLANs are seeing the root. 25020 is running CGS2520-IPSERVICESK9-M.  Any ideas?  Please see below for 2520 info

interface GigabitEthernet0/1
 description Trunk-to-Mountain
 switchport trunk allowed vlan 1-3,8-99,101-4094
 switchport mode trunk

turh1xxcomswt1#show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-3,8-99,101-4094

Port        Vlans allowed and active in management domain
Gi0/1       1-3,150,200

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1-3,150,200

turh1xxcomswt1#sh span root

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
---------------- -------------------- --------- ----- --- ---  ------------
VLAN0001         32769 00c1.b136.1700         0    2   20  15
VLAN0002             2 00c1.b136.0880        65    2   20  15  Gi0/1
VLAN0003             3 00c1.b136.0880        65    2   20  15  Gi0/1
VLAN0150           150 00c1.b136.0880        65    2   20  15  Gi0/1
VLAN0200           200 00c1.b136.0880        65    2   20  15  Gi0/1

turh1xxcomswt1#show span vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     00c1.b136.1700
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     00c1.b136.1700
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p