Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
40857
Views
19
Helpful
5
Replies

(PVID) inconsistency *PVID_Inc Issue

Muhammad Anser Khan
Level 1
Level 1

‎11-01-2009 02:39 AM - edited ‎03-06-2019 08:24 AM

Hello,

Issue: Vlan 1 is in (PVID) inconsistency state on the Core switch for some access switches trunk ports.

Native Vlan is 1 (same on all the switches)

Find the output below:Core Switch (6513)

SW-Core#sh spanning-tree inconsistentports

Name Interface Inconsistency ----------------------

VLAN0001 GigabitEthernet11/1 Port VLAN ID Mismatch

VLAN0001 GigabitEthernet11/2 Port VLAN ID Mismatch

SW-Core#sh spanning-tree vlan 1

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- ---------

Gi11/1 Desg BKN*4 128.1281 P2p *PVID_Inc

Gi11/2 Desg BKN*4 128.1282 P2p *PVID_Inc

SW-Core#sh logging

%SPANTREE-SP-2-RECV_PVID_ERR: Received BPDU with inconsistent peer

vlan id 1 on GigabitEthernet11/2 VLAN1012.

%SPANTREE-SP-2-BLOCK_PVID_PEER: Blocking GigabitEthernet11/2 on

VLAN0001. Inconsistent peer vlan.

SW-Core#sh spanning-tree vlan 1 detail | inc 11/2

Port 1282 (GigabitEthernet11/2) of VLAN0001 is broken (Port VLAN ID Mismatch)

BPDU: sent 0, received 1173

Access Switch(2960) :

SWITCH 1 (which is connected through 11/2 of CORE SW)

switch01#sh spanning-tree vlan 1

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 49153

Address 0018.18aa.aaaa

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 49153 (priority 49152 sys-id-ext 1)

Address 0018.18aa.aaaa

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Uplinkfast enabled

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- ---------

Gi0/21 Desg FWD 3004 128.21 P2p

Gi0/22 Desg FWD 3004 128.22 P2p

" VLAN 1 is root bridge "

Whereas all other Vlans are working normal.

VLAN0100

Spanning tree enabled protocol ieee

Root ID Priority 100

Address 0014.f1bb.bbbb

Cost 3004

Port 21 (GigabitEthernet0/21)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 49252 (priority 49152 sys-id-ext 100)

Address 0018.18aa.aaaa

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Uplinkfast enabled

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi0/21 Root FWD 3004 128.21 P2p

Gi0/22 Altn BLK 3004 128.22 P2p

On the Core switch:

SW-Core#sh inter trunk

Port Vlans in spanning tree forwarding state and not pruned

Gi11/2 100-105

I have fixed this issue by forcefully allowing under trunk interface(

even though this the default):

switchport trunk allowed vlan 1-4094

After applying the above command, Core switch output changed to and

the PVID_Inc error went away :

SW-Core#sh inter trunk

Port Vlans in spanning tree forwarding state and not pruned

Gi11/2 1,100-105

I have solved this issue on 3560 Access Switch by applying:

SW-3560(config)#vlan dot1q tag native

Core Switch Logs :

%SPANTREE-SP-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet11/1

on VLAN0001. Port consistency restored.

I have many access switches with the same configuration but WHY I am getting this issue only on some switches. I want to know why this

problem is random in nature (occurring on only some switches).

Secondly "vlan dot1q tag native" is not supported some of the access switches(2960) but this command has applied on the core switch. Should I remove it from the Core switch or keep it there? What is the best

practice? But other access switches are working properly without "vlan

dot1q tag native" command.

How can I fix this issue without applying "switchport trunk allowed vlan 1-4094".

This problem is not solved by SHUT/NOSHUT under the trunk interfaces.

All switching are working in PVST+ mode

Regards,

Anser

1 person had this problem
Labels:
0 Helpful
5 Replies 5

glen.grant
VIP Alumni
VIP Alumni

‎11-01-2009 04:58 AM

You will see this if the trunk configs do not match on each end and native vlan mismatches are a cause in a lot of cases . Make sure trunk parameters match exactly on each end including native vlans. Also what vlans allowed across the trunk probably do not match. The switch looks at these if you are using DTP to create the the trunks , its a self protection mechanism. All newer switches including the 2960 support specifying a specific native vlan for the trunks , if none is specified it defaults to vlan 1.

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-01-2009 05:02 AM

Hello Anser,

on an 802.1Q trunk a Cisco switch uses a proprietary version of BPDU to send PVST BPDUs.

This version includes a field that is the vlan-id.

When the external 802.1Q vlan-id is different from the vlan-id in the received BPDU the switch reacts by rising an STP inconsistency.

in this case the switch named

SW-core complains of:

%SPANTREE-SP-2-RECV_PVID_ERR: Received BPDU with inconsistent peer

vlan id 1 on GigabitEthernet11/2 VLAN1012.

so it says it has received a BPDU with inner vlan-id 1 on vlan 1012.(802.1Q vlan-id).

as a result of this the port is placed in an incostistent state.

sw-core doesn't sends out BPDUs for vlan1.

As a result of this the C2960 sees itself as the root bridge for vlan1 even if it has an high switch priority (probably the result of uplinkfast)

to be noted that when the native Vlan is untagged, a IEEE version of STP BPDU for vlan1 is sent out for backward compatibility with legacy 802.1D devices.

The root cause of your issue is probably the setting

vlan dot1q tag native

on core switches.

Tagging the native vlan is useful when you use 802.1Q in Q to avoid to expose the inner vlan-tag in the service provider network.

In a normal campus network you should be fine with default settings that is

native vlan untagged.

>> problem is random in nature (occurring on only some switches).

this is the worst part of this issue.

Also restating the list of permitted vlans may fix.

To be noted that permitting only used vlans on both ends of the trunk is recommended.

C2960 may not be able to run as many STP instances as the number of existing vlans in the campus.

So a trunk allowed vlan list limits the number of STP instances running on access switches and contributes to network scalability.

Hope to help

Giuseppe

briceleck
Level 1
Level 1

‎12-30-2014 07:06 AM

One way to fix this is to have your customers use "spanning-tree bpdufilter enable" at both ends of the circuit so that their gears don't attempt to send BPDUs across the cloud.

 

interface GX/X
  description connection to the ISP
  switchport mode trunk
  switchport trunk allowed vlan YYY
  spanning-tree bpdufilter enable

 

0 Helpful

rsijori@
Level 1
Level 1
In response to briceleck

‎06-24-2019 06:27 AM

BPDU filter will not stop the BPDU's it will just let BPDU's pass without any issues and one of the major causes of loop

0 Helpful

andy!doesnt!like!uucp
Spotlight
Spotlight
In response to rsijori@

‎12-18-2019 08:56 AM

hi rsijori

for better accuracy it will make port to ignore any incoming BPDU putting the port  into always forwarding/designated state

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card