07-20-2017 09:57 AM - edited 03-08-2019 11:24 AM
I'm having an issue with SPT after adding more VLANS. For now I'm trying to set it up so all of my VLANS just take the same route with the same root bridge. The issue I'm having seems like it has a simple solution that I'm just overlooking. Here's what I know for sure.
STP Port, Bridge, and Root settings are the exact same for all VLANS.
VLAN 1 Elects Root Bridge just fine-- all other VLANS just elect themselves as Root Bridge.
VLAN 1 Sends and Recieves BPDU's just fine. All other/new vlans just send BPDU's but don't receive.
ALL VLANS allowed on all Trunk ports with no pruning.
-----------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
SW1
-----------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
SW1#show spanning-tree summary
SW1#show spanning-tree
LOGGING
Log Buffer (4096 bytes):
AA AA 03 00000C 010B SSTP
264487: *Mar 1 09:45:36.262: CFG P:0000 V:02 T:02 F:3C R:7154 001e.7ab0.8380 00000000
264488: *Mar 1 09:45:36.262: B:7154 001e.7ab0.8380 70.1C A:0000 M:1400 H:0200 F:0F00
264489: *Mar 1 09:45:36.262: T:0000 L:0002 D:0154
264490: *Mar 1 09:45:36.262: RSTP(340): sending BPDU out Fa1/0/46
264491: *Mar 1 09:45:36.262: STP SW: TX: 0100.0ccc.cccd<-001e.7ab0.83b2 type/len 0032
264492: *Mar 1 09:45:36.262: encap SNAP linktype sstp vlan 340 len 64 on v340 Fa1/0/46
264493: *Mar 1 09:45:36.262: AA AA 03 00000C 010B SSTP
264494: *Mar 1 09:45:36.262: CFG P:0000 V:02 T:02 F:3C R:7154 001e.7ab0.8380 00000000
264495: *Mar 1 09:45:36.262: B:7154 001e.7ab0.8380 80.32 A:0000 M:1400 H:0200 F:0F00
264496: *Mar 1 09:45:36.262: T:0000 L:0002 D:0154
264497: *Mar 1 09:45:36.262: RSTP(360): sending BPDU out Fa1/0/1
4 6001001E7A9B7480 7052 0200 1400 0200 0F00
264595: *Mar 1 09:45:38.628: RSTP(1): Gi1/0/4 repeated msg
264596: *Mar 1 09:45:38.628: RSTP(1): Gi1/0/4 rcvd info remaining 6
264597: *Mar 1 09:45:38.645: RSTP(1): sending BPDU out Fa1/0/1
264598: *Mar 1 09:45:38.645: STP SW: TX: sstp copy: 0100.0ccc.cccd<-001e.7ab0.8383 type/len
264599: *Mar 1 09:45:38.645: encap SNAP linktype sstp vlan 1 len 64 on v1 Fa1/0/1
264600: *Mar 1 09:45:38.645: AA AA 03 00000C 010B SSTP
A 03 00000C 010B SSTP
265023: *Mar 1 09:45:38.712: CFG P:0000 V:02 T:02 F:3C R:7154 001e.7ab0.8380 00000000
265024: *Mar 1 09:45:38.712: B:7154 001e.7ab0.8380 80.32 A:0000 M:1400 H:0200 F:0F00
265025: *Mar 1 09:45:38.712: T:0000 L:0002 D:0154
265026: *Mar 1 09:45:38.712: RSTP(360): sending BPDU out Fa1/0/1
265027: *Mar 1 09:45:38.712: STP SW: TX: 0100.0ccc.cccd<-001e.7ab0.8383 type/len 0032
265028: *Mar 1 09:45:38.712: encap SNAP linktype sstp vlan 360 len 64 on v360 Fa1/0/1
265029: *Mar 1 09:45:38.712: AA AA 03 00000C 010B SSTP
8.201: encap SNAP linktype sstp vlan 360 len 64 on v360 Gi1/0/3
269243: *Mar 1 09:45:58.201: AA AA 03 00000C 010B SSTP
269244: *Mar 1 09:45:58.201: CFG P:0000 V:02 T:02 F:3C R:7168 001e.7ab0.8380 00000000
269245: *Mar 1 09:45:58.201: B:7168 001e.7ab0.8380 70.1B A:0000 M:1400 H:0200 F:0F00
269246: *Mar 1 09:45:58.201: T:0000 L:0002 D:0168
269247: *Mar 1 09:45:58.201: RSTP(360): sending BPDU out Gi1/0/4
269248: *Mar 1 09:45:58.201: STP SW: TX: 0100.0ccc.cccd<-001e.7ab0.839c type/len 0032
269249: *Mar 1 09:45:58.201: encap SNAP linktype sstp vlan 360 len 64 on v360 Gi1/0/4
269250: *Mar 1 09:45:58.201: AA AA 03 00000C 010B SSTP
269251: *Mar 1 09:45:58.201: CFG P:0000 V:02 T:02 F:3C R:7168 001e.7ab0.8380 00000000
269252: *Mar 1 09:45:58.201: B:7168 001e.7ab0.8380 70.1C A:0000 M:1400 H:0200 F:0F00
269253: *Mar 1 09:45:58.201: T:0000 L:0002 D:0168
269254: *Mar 1 09:45:58.201: RSTP(360): sending BPDU out Fa1/0/46
269255: *Mar 1 09:45:58.201: STP SW: TX: 0100.0ccc.cccd<-001e.7ab0.83b2 type/len 0032
269256: *Mar 1 09:45:58.201: encap SNAP linktype sstp vlan 360 len 64 on v360 Fa1/0/46
269257: *Mar 1 09:45:58.201: AA AA 03 00000C 010B SSTP
269258: *Mar 1 09:45:58.201: CFG P:0000 V:02 T:02 F:3C R:7168 001e.7ab0.8380 00000000
269259: *Mar 1 09:45:58.201: B:7168 001e.7ab0.8380 80.32 A:0000 M:1400 H:0200 F:0F00
269260: *Mar 1 09:45:58.201: T:0000 L:0002 D:0168
269261: *Mar 1 09:45:58.562: STP SW: RX ISR: 0100.0ccc.cccd<-001e.7ab0.9d1c type/len 0032
269262: *Mar 1 09:45:58.562: encap SNAP linktype sstp vlan 1 len 64 on v1 Gi1/0/4
00000004
B:6001 001e.7a9b.7480 70.52 A:0200 M:1400 H:0200 F:0F00
02 F:3C R:7154 001e.7ab0.8380 00000000
270775: *Mar 1 09:46:04.485: B:7154 001e.7ab0.8380 70.1C A:0000 M:1400 H:0200 F:0F00
270776: *Mar 1 09:46:04.485: T:0000 L:0002 D:0154
270777: *Mar 1 09:46:04.485: RSTP(340): sending BPDU out Fa1/0/46
270778: *Mar 1 09:46:04.485: STP SW: TX: 0100.0ccc.cccd<-001e.7ab0.83b2 type/len 0032
270779: *Mar 1 09:46:04.485: encap SNAP linktype sstp vlan 340 len 64 on v340 Fa1/0/46
270780: *Mar 1 09:46:04.485: AA AA 03 00000C 0
07-20-2017 10:37 AM
Hi
In order to select the root bridge a I recommend to use priorities,
Root Switch
spanning-tree vlan A,B,C,D,E... priority 4096 (the lowest value is 0)
Backup Root Switch
spanning-tree vlan A,B,C,D,E... priority 8192
* The lowest priority value will be selected as prefered, now each new VLAN must be added to the previous command lines.
It will resolve any problem with STP, also I recommend to use, spanning-tree guard root command line under the trunk interfaces facing to the access switches only (on the root and backup root switch)
Hope it is useful
:-)
07-20-2017 11:48 AM
NB: You can target all your VLANs with a statement like:
spanning-tree vlan 1-1004 priority #
Also BTW, some devices offer a symbolic for setting priority, but as it sometimes varies between platforms, suggest you use a numeric.
07-20-2017 07:50 PM
Thank you for the response. I've tried lowering the root cost for all of the vlans on the root bridge but it doesn't work. For VLAN1, the election process works fine. But for all of the other VLANS they just elect themselves-- even though the root priorities are all set the same for all VLANS including VLAN1.
I think this is more of an issue with the BPDU's. When I look at each the trunk ports for the VLAN they all show sending but not receiving BPDU's. All VLANS are allowed on all trunks and VTP propagates just fine.
I feel like I'm overlooking something.
07-21-2017 05:37 AM
is the core switch the vtp server as well?
How many switches do you have, could you please provide the configs? also please include a show vtp status of each switch.
07-21-2017 09:41 AM
07-21-2017 07:37 PM
You are in a big trouble trouble there. Redundant topology and only VLAN1 has blocking port.
To begin with something remove portfast from all trunk ports that are not connected to end devices. Configurations are full of inconsistencies. If ports on topology are properly marked:
!S-SW1
interface FastEthernet1/0/3
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/4
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet2/0/4
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
H-SW1
interface FastEthernet1/0/3
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/4
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet2/0/4
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
SW1
interface FastEthernet1/0/3
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/4
no spanning-tree portfast trunk
switchport trunk encapsulation dot1q
switchport mode trunk
Can you paste result from
sh interface trunk
from all switches?
07-21-2017 07:37 PM
Thank you for the response. I'm attaching the requested information. The trunk ports with fastport enabled are for Access Points with Multiple Vlans. The Bridge Trunk Ports are the gigabit ports I've indicated below.
07-21-2017 10:40 PM
The only explanations that only VLAN1 is finding loop free topology that I can think of:
- BPDUs are filtered (not present in configurations)
- There are devices between switches that are configured only with VLAN1 (or filtering BPDUs)
Currently, according to output from STP and the fact that the same VLANs are allowed on trunks between switches and only VLAN1 has blocking port you have network loops in all VLANs except VLAN1. In that case you should at least shut down one interface to break loop and enable that port only when you are troubleshooting issue until issue is resolved. Or you can manually prune VLANs except VLAN1 on one interface (VLAN1 is blocking port on one of switches so there is no network loop there). One of ports Gi1/0/3 or Gi1/0/4 on SW1 looks like good candidate to be shutdown.
07-22-2017 05:24 PM
Thanks for the response. I'm going to do that for now. I'm not sure if this would have anything to do with it, but the routers having 4 port gb switching modules installed which attached to the main network. They all find the correct root bridge, so I'm curious if there's a protocol misconfiguration on the switches. The switchports on the routers all show they're using ieee stp protocol while the switches show they're using rstp protocol. Should I just disable STP on the routers all together?
07-23-2017 10:04 AM
I did some further troubleshooting.
I'm not receiving BPDU's for any VLANS other than 1.
I am receiving multicast packets without errors.
I changed the trunks to ISL encapsulation and STP works perfectly fine with bpdus being received but all my other access point trunks and router trunks are all still dot1q.
Below is some of the troubleshooting I did for dot1q trunks. For now, I'll just leave them as ISL trunks though I prefer dot1q.
07-24-2017 07:48 AM
Just wanted to give an update. The issue actually was with the Ubiquiti wireless bridges we were using. They are supposed to be completely transparent but I guess that SSTP's were being dropped with the current firmware. They had a newer release candidate firmware that fixed it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide