cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
41843
Views
65
Helpful
25
Replies

Problem in migration from PVST to MSTP

Majed Saeed
Level 1
Level 1

Dears

I'm facing a problem during spanning-tree migration on our network from PVST to MSTP . I get such below error . 

 

%SPANTREE-2-PVSTSIM_FAIL: Blocking root port Fa0/1: Inconsitent inferior PVST 
BPDU received on VLAN 2, claiming root 12290:0022.0dba.9d00
SW2#show spanning-tree
MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    8193
             Address     0022.0dba.9d00
             Cost        200000
             Port        3 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    12288  (priority 12288 sys-id-ext 0)
             Address     0022.916d.5380
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root BKN*200000    128.3    P2p Bound(PVST) *PVST_Inc

Thanks in advance .

 

25 Replies 25

Thanks Peter, and I completely agree with you. No one should be able to simply plug a switch into the network without being correctly authorized and/or configured. Although not probable, this is however still possible. And 4 years down the track, someone may forget about all of this, and simply plug a Cisco switch in etc. This is the risk I am trying to mitigate here. 

I intend to be back onsite later in the week and will attempt your HP configuration to block the PVST+ BPDU's by destination MAC. I would prefer to be applying this restriction on the existing Cisco switches Portchannel interfaces rather.

You see, If I configure this ACL on the HP switch and it works, I would essentially need to apply this ACL on each and every interface to be entirely safe, rather than addressing the devices that are susceptible to this, the Cisco switches. Are you aware of Cisco IOS being able to filter and block based on destination MAC? i.e configure the same block filter and apply it to the ingress of the portchannel interfaces? This would enable the Cisco switches to drop the PVST packets before they are processed and prevent PVSTSIM from ever having to initiate. This would solve the problem. Then I could happily configure all of them to MST. 

Hi Brian,

Yes, filtering the ingress PVST+ frames on Cisco Catalyst switches is possible. You'd do it this way:

 

mac access-list extended NoPVST
 deny   any host 0100.0ccc.cccd
 permit any any
!
interface ...
 mac access-group NoPVST in

 

On my Catalyst 2960 and 3560 where I tested this, the mac access-group command was not supported on a Port-channel interface. Instead, it was to be placed on all physical ports that make up the single Port-channel. After doing this, I have been indeed able to filter out the incoming PVST+ BPDUs while leaving the IEEE BPDUs operational. This could be used on all your existing Catalysts to prevent them from triggering PVST Simulation even if they received a PVST+ BPDU.

Best regards,
Peter

Peter, just an update on this. I made the changes and applied it to the physical interfaces of the Cisco switches. It successfully blocked PVST packets and ultimately ensured that PVSTSIM did not activate. I moved them all into MST mode (one by one) and testing was successful.

I would like to thank you for your input on this - it truly was a great help. I will be sure to look you up the next time I am in Slovakia.

 

Brian,

It was a thrill to have helped, and trust me, I've learned a lot here as well! Should you ever be around Slovakia please be sure to let me know - you are much welcome! Do you actually come to this world's corner from time to time?

Best regards,
Peter

No, I have never been to that side of the globe, but it has always been on my radar. So on day when I find myself there I will certainly let you know and I will buy you a beer in appreciation for your assistance.

Until then.

Brian

Hi Peter,

We have got similiar issues which has annoyed us for 2 months. I was led to this great article while I searching the solution from Internet.

We deployed VCE Vblock 320 last year and all has been working properly until we tried to add a new VLAN in VBlock 2 months ago.

 

Vblock contains 2 Cisco Nexus 5548 which connected as vPV peer-link at port -channel 50. The port-channel 1 is formed by GE1/9, 1/10 ports on both N5K and connected to the trk7 on HP ProCurve 8212 core switch via 10G links. PO101 and PO102 connect to the FI of Cisco UCS.

HP core switch has been setup as MST as below

dm-hp8212a# sh spanning-tree          

 Multiple Spanning Tree (MST) Information

  STP Enabled   : Yes
  Force Version : MSTP-operation
  IST Mapped VLANs : 1-4094
  Switch MAC Address : c09134-afe200
  Switch Priority    : 0    
  Max Age  : 20
  Max Hops : 20   
  Forward Delay : 15

  Topology Change Count  : 4164        
  Time Since Last Change : 2 days      

  CST Root MAC Address : c09134-afe200
  CST Root Priority    : 0           
  CST Root Path Cost   : 0           
  CST Root Port        : This switch is root

  IST Regional Root MAC Address : c09134-afe200
  IST Regional Root Priority    : 0           
  IST Regional Root Path Cost   : 0           
  IST Remaining Hops            : 20          

  Root Guard Ports     :
  Loop Guard Ports     :
  TCN Guard Ports      :
  BPDU Protected Ports :                                         
  BPDU Filtered Ports  :                                         
  PVST Protected Ports :                                         
  PVST Filtered Ports  :                                         

                   |           Prio              | Designated    Hello         
  Port   Type      | Cost      rity State        | Bridge        Time PtP Edge
  ------ --------- + --------- ---- ------------ + ------------- ---- --- ----
  A1     100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes Yes
  A2     100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes Yes
  A3     100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes Yes
  A4     100/1000T | Auto      128  Disabled     |
  A5     100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes Yes
  A6     100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes Yes
  A7     100/1000T | Auto      128  Disabled     |
  A8     100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes Yes
  A9     100/1000T | Auto      128  Disabled     |
  A10    100/1000T | Auto      128  Disabled     |
  A11    100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes No  
  A12    100/1000T | 20000     128  Forwarding   | c09134-afe200 2    Yes No  
  A13    100/1000T | Auto      128  Disabled     |
  A14    100/1000T | Auto      128  Disabled     |
  A15    100/1000T | Auto      128  Disabled     |

And both N5K01 and N5K02 have been setup as MST as well to match the HP core switch.

We decided to add a new VLAN 46 to the Vblock and we did add to UCS, Nexus 1000v and then two N5K switches. The issue of disconnection between Vblock (N5K) and HP core occurred just after we finished the N5K01 and started to add VLAN 46 to PO50 at N5K02.  Here are the running-config spanning tree, commands we tried to run on both N5K switches and followed by spanning tree information BEFORE and AFTER changes:

Spanning-tree in running-config:

spanning-tree mode mst
spanning-tree port type edge bpduguard default
spanning-tree port type edge bpdufilter default
spanning-tree vlan 1-3967,4048-4093 priority 49152
spanning-tree mst configuration
  name c09134afe200

 

Commands we run:

conf t

vlan 46

name NumerisDMServer

interface port-channel50

switchport trunk allowed vlan add 46

interface port-channel101

switchport trunk allowed vlan add 46

interface port-channel102

switchport trunk allowed vlan add 46

 

interface port-channel1

switchport trunk allowed vlan add 46

 

Before Change:

dmvb-nx5k01# sh spanning-tree detail

 

 MST0000 is executing the mstp compatible Spanning Tree protocol

  Bridge Identifier has priority 32768, sysid 0, address 002a.6a26.4901

  Configured hello time 2, max age 20, forward delay 15

  Current root has priority 0, address c091.34af.e200

  Root port is 4096 (port-channel1), cost of root path is 200

  Topology change flag not set, detected flag not set

  Number of topology changes 31 last change occurred 132:50:39 ago

          from port-channel1

  Times:  hold 1, topology change 35, notification 2

          hello 2, max age 20, forward delay 15

  Timers: hello 0, topology change 0, notification 0

 

 Port 4096 (port-channel1, vPC) of MST0000 is root forwarding

   Port path cost 200, Port priority 128, Port Identifier 128.4096

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 0, address c091.34af.e200

   Designated port id is 64.296, designated path cost 0

   Timers: message age 4, forward delay 0, hold 0

   Number of transitions to forwarding state: 3

   Link type is point-to-point by default, Boundary RSTP

   PVST Simulation is enabled by default

   BPDU: sent 2, received 239141

 

 Port 4132 (port-channel37, vPC) of MST0000 is designated forwarding

   Port path cost 200, Port priority 128, Port Identifier 128.4132

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.4132, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 1

   Link type is point-to-point by default, Boundary PVST

   PVST Simulation is enabled by default (port is in PVST simulation mode)

   BPDU: sent 10039928, received 96

 

 Port 4133 (port-channel38, vPC) of MST0000 is designated forwarding

   Port path cost 200, Port priority 128, Port Identifier 128.4133

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.4133, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 1

   Link type is point-to-point by default, Boundary PVST

   PVST Simulation is enabled by default (port is in PVST simulation mode)

   BPDU: sent 10039929, received 64

 

 Port 4145 (port-channel50, vPC Peer-link) of MST0000 is designated forwarding

   Port path cost 1000, Port priority 128, Port Identifier 128.4145

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.4145, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 4

   The port type is network

   Link type is point-to-point by default, Internal

   PVST Simulation is enabled by default

   BPDU: sent 2008423, received 2008430

 

 Port 4196 (port-channel101, vPC) of MST0000 is designated forwarding

   Port path cost 200, Port priority 128, Port Identifier 128.4196

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.4196, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 6

   The port type is edge by port type edge trunk configuration

   Link type is point-to-point by default, Internal

   Bpdu guard is enabled by default

   Bpdu filter is enabled by default

   PVST Simulation is enabled by default

   BPDU: sent 11, received 0

 

 Port 4197 (port-channel102, vPC) of MST0000 is designated forwarding

   Port path cost 200, Port priority 128, Port Identifier 128.4197

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.4197, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 5

   The port type is edge by port type edge trunk configuration

   Link type is point-to-point by default, Internal

   Bpdu guard is enabled by default

   Bpdu filter is enabled by default

   PVST Simulation is enabled by default

   BPDU: sent 11, received 0

 

 Port 4297 (port-channel202, vPC) of MST0000 is designated forwarding

   Port path cost 200, Port priority 128, Port Identifier 128.4297

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.4297, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 3

   Link type is point-to-point by default, Internal

   Bpdu guard is enabled

   PVST Simulation is enabled by default

   BPDU: sent 2008002, received 0

 

 Port 151 (Ethernet1/23) of MST0000 is designated forwarding

   Port path cost 2000, Port priority 128, Port Identifier 128.151

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.151, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 3

   Link type is point-to-point by default, Internal

   PVST Simulation is enabled by default

   BPDU: sent 2008186, received 0

 

 Port 157 (Ethernet1/29) of MST0000 is designated forwarding

   Port path cost 20000, Port priority 128, Port Identifier 128.157

   Designated root has priority 0, address c091.34af.e200

   Designated bridge has priority 32768, address 002a.6a26.4901

   Designated port id is 128.157, designated path cost 200

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 1

   The port type is edge

   Link type is point-to-point by default, Internal

   Bpdu guard is enabled by default

   Bpdu filter is enabled by default

   PVST Simulation is enabled by default

   BPDU: sent 11, received 0

 

 

 

 

 

dmvb-nx5k01# sh spanning-tree brief

 

MST0000

  Spanning tree enabled protocol mstp

  Root ID    Priority    0

             Address     c091.34af.e200

             Cost        200

             Port        4096 (port-channel1)

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)

             Address     002a.6a26.4901

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1              Root FWD 200       128.4096 (vPC) P2p Bound(RSTP)

Po37             Desg FWD 200       128.4132 (vPC) P2p Bound(PVST)

Po38             Desg FWD 200       128.4133 (vPC) P2p Bound(PVST)

Po50             Desg FWD 1000      128.4145 (vPC peer-link) Network P2p

Po101            Desg FWD 200       128.4196 (vPC) Edge P2p

Po102            Desg FWD 200       128.4197 (vPC) Edge P2p

Po202            Desg FWD 200       128.4297 (vPC) P2p

Eth1/23          Desg FWD 2000      128.151  P2p

Eth1/29          Desg FWD 20000     128.157  Edge P2p

 

dmvb-nx5k01#

 

 

dmvb-nx5k01# sh spanning-tree

 

MST0000

  Spanning tree enabled protocol mstp

  Root ID    Priority    0

             Address     c091.34af.e200

             Cost        200

             Port        4096 (port-channel1)

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)

             Address     002a.6a26.4901

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1              Root FWD 200       128.4096 (vPC) P2p Bound(RSTP)

Po37             Desg FWD 200       128.4132 (vPC) P2p Bound(PVST)

Po38             Desg FWD 200       128.4133 (vPC) P2p Bound(PVST)

Po50             Desg FWD 1000      128.4145 (vPC peer-link) Network P2p

Po101            Desg FWD 200       128.4196 (vPC) Edge P2p

Po102            Desg FWD 200       128.4197 (vPC) Edge P2p

Po202            Desg FWD 200       128.4297 (vPC) P2p

Eth1/23          Desg FWD 2000      128.151  P2p

Eth1/29          Desg FWD 20000     128.157  Edge P2p

 

dmvb-nx5k01#

 

 

 

 

dmvb-nx5k01# sh spanning-tree mst

 

##### MST0    vlans mapped:   1-4094

Bridge        address 002a.6a26.4901  priority      32768 (32768 sysid 0)

Root          address c091.34af.e200  priority      0     (0 sysid 0)

              port    Po1             path cost     200     

Regional Root this switch

Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6

Configured    hello time 2 , forward delay 15, max age 20, max hops    20

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1              Root FWD 200       128.4096 (vPC) P2p Bound(RSTP)

Po37             Desg FWD 200       128.4132 (vPC) P2p Bound(PVST)

Po38             Desg FWD 200       128.4133 (vPC) P2p Bound(PVST)

Po50             Desg FWD 1000      128.4145 (vPC peer-link) Network P2p

Po101            Desg FWD 200       128.4196 (vPC) Edge P2p

Po102            Desg FWD 200       128.4197 (vPC) Edge P2p

Po202            Desg FWD 200       128.4297 (vPC) P2p

Eth1/23          Desg FWD 2000      128.151  P2p

Eth1/29          Desg FWD 20000     128.157  Edge P2p

 

dmvb-nx5k01# sh spanning-tree mst configuration

Name      [c09134afe200]

Revision  0     Instances configured 1

Instance  Vlans mapped

--------  ---------------------------------------------------------------------

0         1-4094

-------------------------------------------------------------------------------

dmvb-nx5k01#

 

 

 

 

dmvb-nx5k01# sh spanning-tree summary

Switch is in mst mode (IEEE Standard)

Root bridge for: none

Port Type Default                        is disable

Edge Port [PortFast] BPDU Guard Default  is enabled

Edge Port [PortFast] BPDU Filter Default is enabled

Bridge Assurance                         is enabled

Loopguard Default                        is disabled

Pathcost method used                     is long

PVST Simulation                          is enabled

STP-Lite                                 is enabled

 

Name                   Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------

MST0000                      0         0        0          9          9

---------------------- -------- --------- -------- ---------- ----------

1 mst                        0         0        0          9          9

dmvb-nx5k01#

 

 

 

dmvb-nx5k01# sh spanning-tree active

 

MST0000

  Spanning tree enabled protocol mstp

  Root ID    Priority    0

             Address     c091.34af.e200

             Cost        200

             Port        4096 (port-channel1)

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)

             Address     002a.6a26.4901

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1              Root FWD 200       128.4096 (vPC) P2p Bound(RSTP)

Po37             Desg FWD 200       128.4132 (vPC) P2p Bound(PVST)

Po38             Desg FWD 200       128.4133 (vPC) P2p Bound(PVST)

Po50             Desg FWD 1000      128.4145 (vPC peer-link) Network P2p

Po101            Desg FWD 200       128.4196 (vPC) Edge P2p

Po102            Desg FWD 200       128.4197 (vPC) Edge P2p

Po202            Desg FWD 200       128.4297 (vPC) P2p

Eth1/23          Desg FWD 2000      128.151  P2p

Eth1/29          Desg FWD 20000     128.157  Edge P2p

 

dmvb-nx5k01#

dmvb-nx5k01#

dmvb-nx5k01# show spanning-tree mst configuration digest

Name      [c09134afe200]

Revision  0     Instances configured 1

Digest          0xac36177f50283cd4b83821d8ab26de62

Pre-std Digest  0xbb3b6c15ef8d089bb55ed10d24df44de

dmvb-nx5k01#

 

 

dm-hp8212a#

dm-hp8212a# sh spanning-tree mst-config

 

 MST Configuration Identifier Information

 

  MST Configuration Name : c09134afe200                   

  MST Configuration Revision : 0   

  MST Configuration Digest : 0xAC36177F50283CD4B83821D8AB26DE62

 

  IST Mapped VLANs : 1-4094

 

  Instance ID Mapped VLANs                                            

  ----------- ---------------------------------------------------------

 

dm-hp8212a#

 

 

 

 

After Change

`show spanning-tree summary`
Switch is in mst mode (IEEE Standard)
Root bridge for: none
Port Type Default                        is disable
Edge Port [PortFast] BPDU Guard Default  is enabled
Edge Port [PortFast] BPDU Filter Default is enabled
Bridge Assurance                         is enabled
Loopguard Default                        is disabled
Pathcost method used                     is long
PVST Simulation                          is enabled
STP-Lite                                 is enabled

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
MST0000                      1         0        0          8          9
---------------------- -------- --------- -------- ---------- ----------
1 mst                        1         0        0          8          9
`show spanning-tree active`

MST0000
  Spanning tree enabled protocol mstp
  Root ID    Priority    0
             Address     c091.34af.e200
             Cost        200
             Port        4096 (port-channel1)
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)
             Address     002a.6a26.4901
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Root BKN*200       128.4096 (vPC) P2p Bound(PVST) *PVST_Inc
Po37             Desg FWD 200       128.4132 (vPC) P2p Bound(PVST)
Po38             Desg FWD 200       128.4133 (vPC) P2p Bound(PVST)
Po50             Desg FWD 1000      128.4145 (vPC peer-link) Network P2p
Po101            Desg FWD 200       128.4196 (vPC) Edge P2p
Po102            Desg FWD 200       128.4197 (vPC) Edge P2p
Po202            Desg FWD 200       128.4297 (vPC) P2p
Eth1/23          Desg FWD 2000      128.151  P2p
Eth1/29          Desg FWD 20000     128.157  Edge P2p

 

From above you can see the message like this:

Po1              Root BKN*200       128.4096 (vPC) P2p Bound(PVST) *PVST_Inc

I've touched base with HP and Cisco and I haven't got any action plan for this. We've also done the changes for 4 times and were walked through with VCE/Cisco people however, we still have't got it resolved.

 

the last email I received from Cisco and was told "the reason that the Nexus believes that the HP switch is configured as PVST, is because it is receiving PVST BPDU’ rather than MST BPDU’s."

 

Is that true?

 

Thanks for your time to read the post and I hope you can shed some lights to the solutions.

 

Thanks!

 

Wilson

 

 

 

 

 

 

 

 

 

Hi Wilson,

I apologize for responding so late. I still hope this response will be helpful.

You have quite an interesting problem at hand. If I understand your network setup properly, you do not have any switches in your network configured for PVST, they all run MST, and yet the Nexus switches claim they have PVST boundary ports and they even declare PVST Simulation inconsistency.

I have a hypothesis that could explain the issue you are experiencing but it is up to you to say whether it is plausible. What I believe has happened is that you were migrating your Nexus switches from PVST to MSTP gradually. When you migrated one of the Nexus switches to MSTP while the other Nexus switches still ran PVST, the migrated Nexus declared the ports receiving PVST BPDUs as PVST boundary ports and also started sending PVST BPDUs on them (as a part of the PVST Simulation). When you migrated the other switch to MSTP, it was receiving PVST BPDUs from the already-migrated Nexus that still ran PVST Simulation on its apparent boundary ports, so the other switch started the PVST Simulation as well. Effectively, all Nexus switches have been migrated to MSTP but they are holding each other in deadlock and cause each other to keep the PVST Simulation running.

There are multiple steps to prevent this from occurring:

  1. Your HP switch has a feature called PVST Filtering. Effectively, this feature causes your HP switch to drop PVST BPDUs. I strongly suggest activating it. That will prevent the HP switch from propagating PVST BPDUs between the attached Nexus switches, causing them to start the PVST Simulation. As the Nexus switches run MSTP, switching loops should not occur as MSTP BPDUs will continue to be processed normally and MSTP will itself take care of eliminating them. The PVST Filtering feature can be enabled on the HP switch using the spanning-tree port-list pvst-filter global configuration command. In the port-list argument, list all ports including EtherChannel ports if possible (called trunks on HP switches).
  2. If the Nexus switches indeed hold each other in a deadlock, try pushing the Nexus switches into re-detecting the neighbor's STP version. This can be accomplished using the clear spanning-tree detected-protocol command. This command may need to be used repeatedly on all Nexus switches. The renegotiation may cause transient connectivity outages as it may result into MSTP reestablishing the port roles and states.
  3. Try deactivating the PVST Simulation on the Nexus switches using the no spanning-tree mst simulate pvst global command in the global config mode. This command will stop PVST Simulation on the switch, preventing it from sending PVST BPDUs on boundary ports. However, even with the PVST Simulation deactivated, a Nexus switch will immediately put a port receiving PVST BPDUs into blocking state (exactly because the PVST Simulation is not running so the contents of the PVST BPDUs cannot be processed appropriately). Therefore, perform this particular step only if the previous steps solved the issue and the show spanning-tree command on the Nexus switches does not report any PVST boundary ports.

If the above steps, especially step 1 and 2 do not help, please try to provide the following information:

  • show spanning-tree bridge from a bridge that reports the PVST Simulation inconsistency
  • show spanning-tree root from the same bridge
  • The exact logging message that is generated by the switch when it detects the PVST Simulation inconsistency. That message contains the Bridge ID of the offending switch that appears to originate the inconsistent BPDUs.
  • Locate the offending switch based on the MAC address from the Bridge ID, and provide the show spanning-tree bridge and show spanning-tree root from that switch as well

Looking forward to hearing from you!

Best regards,
Peter

Nice explanation Peter.

Just to add to this. I have run in to the same thing in the past.  HP switches at the core of the network in a ring. Multiple Cisco Access switches plugged in to the HP core. All switches were running MST (we did the migration during a downtime so this particular behavior was not noticed or may have been ignored). So everything was working nicely everyone was happy.. until one day I decided to plug in a seemingly "innocent" Cisco 887 router (with multiple BVI/VLANs configured) in to the core HP switch. Yeah.. took down the whole network. Ended up disabling STP on the router to get the network back online.

Ruben Leal
Level 1
Level 1

Hello Paul,

I've read you're explanation but still there are details that I don't understand. I just had the same issue and I was able to replicate it on the lab. The topology is very simple

 

SW1(MSTP priority 0 for MSTI0 and priority 4096 for MSTI1(vlan 300))

|

SW2(PVST default priority for all vlans)

|

SW3(MSTP default priority on both MSTI0 and MSTI1)

 

Although SW1 is the root for all VLANs the mismatch in priorities is causing the issue, SW3 put the uplink in BKN state, If I set the priority to a same value or join SW2 to MSTP the issue disappear. Is there any explanation for this behavior?

 

Hi Ruben,

It would seem that in your lab scenario, the default setup on SW2 is causing the PVST Simulation on SW3 to fail. Specifically, the rules of PVST Simulation require that for a MST boundary port to become a Root port, the following conditions must all be met:

  1. Received VLAN1 PVST+ BPDUs on this port must advertise a root switch whose Bridge ID is lower than the Bridge ID of the receiving switch
  2. Received VLAN1 PVST+ BPDUs on this port must be superior to any other VLAN1 BPDUs received by any other port of the receiving switch
  3. Received PVST+ BPDUs for VLANs other than VLAN1 received on this port must be superior to VLAN1 BPDUs received on this port

Note that in your case, condition 3 is not met. SW2 with its default settings forwards two BPDUs to SW3 each two seconds:

VLAN1:
Root BID = 0:0:SW1-MAC
Root Path Cost = x
Sending BID = 32768:1:SW2-MAC
Sending PID = y

VLAN 300:
Root BID = 0:0:SW1-MAC
Root Path Cost = x
Sending BID = 32768:300:SW2-MAC
Sending PID = y

Note that because of the Extended System ID used by SW2, its own Sending BID in VLAN300 is higher, thus inferior, to its own Sending BID in VLAN1. Consequently, BPDUs in VLAN300 are inferior to BPDUs in VLAN1 while the rules for PVST Simulation require the relation of the BPDUs to be just the opposite.

If my theory is correct then simply lowering the SW2 priority in VLAN 300 (and all non-VLAN1 VLANs) below 32768 should allow SW3 to be happy and keep its Root port in the Forwarding state. Can you please confirm this?

Best regards,
Peter

You're right, I can confirm that lowering all VLANs priorities but 1 on SW2 fixed the issue.

Thank you so much for your prompt response

 

Review Cisco Networking for a $25 gift card