cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1005
Views
0
Helpful
9
Replies

PVST+ Trunk Ports Blocking - No layer 3 connectivty

mattwilliams01
Level 1
Level 1

I have a small network with 4 access level switches and a core switch . These are in a star topology with the core in the centre and each switch connected to the core via a single Gig trunk Ethernet link. On the 3560 switches we run PVST on each of the 4 VLAN's in use. I find however

that two of the links between edge and core are not working at layer 3 level. CDP is ok and when I do a 'sho int' at either end of the link line, protocol etc is up, Speed and Duplex settings show 1000/full. I think it relates to the PVST as I found that the two trunk ports on the Core (which is the root primary on each vlan)

that don't have layer 3 connectity both appear in blocking state when I do 'sho spanning-tree summary'? It does not affect all the vlans as the other two sho learning etc etc then fwding after I do a 'shutdown' on the trunk ports. The two ports in blocking mode remain in blocking no change - I also noticed that when I do 'sho spanning tree detail' the tx and rx BPDU count is identical on those two ports. All the trunk ports are configured identically. Does anyone have any ideas on troubleshootin gthis.....

I have tried the usual playing with 'portfast trunk', shutting down ports etc to try to get them working but to no success. Any help would be appreciated...........

9 Replies 9

andrew.prince
Level 10
Level 10

SpanningTree is a layer 2 technology, and does not directly have any interaction with layer 3 interfaces.

It sounds to me that you have some loops in your topology, and you have connections to switches other than the gig trunks, that is why you are seeing ports in a blocking state.

I suggest you perform a physical inspection of the connections from the access layer switches to the core.

OR just jump onto all switches and use the "show cdp nei" to see what devices are directly connected.

HTH>

glen.grant
VIP Alumni
VIP Alumni

Andrew is correct , if a port shows blocking then you have a built in loop somewhere and you need to take a close look at your topology. If it was in a true star topology with no redundant links then no ports should be blocking .

Yep I know, I have checked cdp n d - it does not show any duplication of links between the core and edge devices.

Here is the spanning tree config...

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-4 priority 24576

!

vlan internal allocation policy ascending

!

vlan 2-3

!

!

Here is one of the problem ports (the other is identical)....

interface GigabitEthernet0/3

description EdgeSwitch Gig Trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 3

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust

!

Is this the config for the core switch? If so It's fine.

Can you post the output of the show cdp nei from ALL switches??

I am telnetting in to the core so can't really save & paste results but I have checked each of the switches individually to see if I can find a duplicate instance of a device and there is not one. The two ports on the core device remain in blocking state even though the Core is the root bridge1

OK here is the thing, IF the core switch is the root bridge for any or all VLANs, it will have any ports that are connected to any switches in a forwarding state regardless. In Spanningtree it is not the job of the ROOT switch to block or prevent loops, it forwards outwards into the LAN - as it's the ROOT. How can there be a loop to it's self???

You need to check ALL switches - as you now it sounds like you could have a mis-configuration somewhere.

Just one more thing - the ports in the locking state are they up/up and connected to a device?

HTH>

Yep, when I do sho interface the ports are up, up. Earlier I said the ports were blocking and that is correct when I do 'sho blocked ports' on the core these ports come up BUT when I do a sho spanning tree summary -they show the letters DWN (Down) as opposed to Block. Regardless the effect is the same....

Can you post the output of "show span summary" and "show span vlan <

Just amke sure that the core Swicth is the root bridge for all VLANs on all access Swicthes by using the command " show spanning-tree ".I would like to know whether the STP Bridge prioirity has been set for all VLANs on the Core Swicth or not .If no do cofigure the same.

Review Cisco Networking for a $25 gift card