Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1571
Views
5
Helpful
2
Replies

PVST and native VLAN problem

Jozef Galbicka
Level 1
Level 1

‎03-30-2020 05:01 AM

Hello,

in these days I am learning about STP(PVST+) and I got some questions. I would be really thankful for anwering them. 

 

I created redundant topology with some switches using VLAN10, 20, 30 and 90. Because of security I put native VLAN into some unused VLAN, in this example into 999. So I decided to not use this native VLAN, just configure it as native on trunks and allow there only 10, 20, 30 and 90. VLAN 1 and 999 dont have any end nodes. Here is example of configuration. 

 

interface FastEthernet0/1

switchport trunk native vlan 999

switchport trunk allowed vlan 10,20,30,90

switchport mode trunk

 

1) So that means through trunks configured like this will pass only trafic from VLAN10, 20, 30 and 90 + management traffic from VLAN1, like VTP and other protocols cisco uses in VLAN1. No data traffic from VLAN1. Also there shouldnt be any VLAN999 traffic passing trunks, because it is not allowed. Am I right?

 

Next, I configured primary root switch:

 

spanning-tree vlan 10,20,30,90 priority 4096

 

And secondary root switch:

 

spanning-tree vlan 10,20,30,90 priority 8192

 

2) Every root switch for VLAN 10,20,30 and 90 works good. But, there I found a problem. VLAN999 in this topology found its own root switch too. It was random switch because every switch for this VLAN got priority 33767, it is normal, every other switch for VLAN999 became non-root. But how this happened, when I didnt allow traffic for this VLAN on trunks? Is it normal? Or am I wrong? BPDU are sent over their VLANs, no? So if there are not allowed VLAN1 and VLAN999 on trunks, they wont be able to send their BPDUs through them. So why then VLAN999 created its own STP topology and VLAN1 not? How to prevent this if I want to remove this VLAN999 STP topology, if it is possible.

 

3) Also on switches, that have etherchannel I found this kind of output for VLAN10,20,30 and 90 with 4 interfaces listed. Portchannel 1 consists of Fa0/1 and Fa0/2. So output is correct.

 

VLAN10

Fa0/4 Desg FWD 19 128.4 P2p

Fa0/3 Root FWD 19 128.3 P2p

Gi0/1 Desg FWD 4 128.25 P2p

Po1 Altn BLK 9 128.27 Shr

 

And this for VLAN999. Why is it showing me Po1 and his interfaces Fa0/1 and Fa0/2 too? Is it problem?

VLAN999

Fa0/1 Desg FWD 19 128.1 P2p

Fa0/4 Altn BLK 19 128.4 P2p

Fa0/3 Root FWD 19 128.3 P2p

Fa0/2 Desg FWD 19 128.2 P2p

Gi0/1 Desg FWD 4 128.25 P2p

Po1 Altn BLK 9 128.27 Shr

 

Please correct me and help me, I am really getting lost in this. Also sorry for my English, I think I made some mistakes. Thanks.   

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎03-31-2020 06:20 AM

==>> the BPDU's are  still sent and received!

it is intended for vlan 1 but is actually sent on the native vlan untagged

not including "1" in allowed vlans does not help because the packet is untagged!

-> you may consider use the vlan dot1Q tag native command

 

look at this post

in short, if the native VLAN is VLAN1 then:

  • VLAN1 standard STP BPDU is sent untagged
  • VLAN1 PVST+ BPDU is sent untagged
  • Other VLAN's PVST+ BPDUs are sent tagged with their appropriate VLAN

If the native VLAN is different from VLAN1 then:

  • VLAN1 standard STP BPDU is sent untagged
  • VLAN1 PVST+ BPDU is sent tagged with VLAN1
  • Other VLAN's PVST+ BPDUs are sent tagged accordingly (the one for the native VLAN will be untagged).

Jozef Galbicka
Level 1
Level 1
In response to pieterh

‎04-04-2020 04:47 AM

Thanks, I read all topics so i finally understand.

0 Helpful
Customers Also Viewed These Support Documents