Please find the O/P below:

Switch is in rapid-pvst mode

Root bridge for: VLAN0001, VLAN0128-VLAN0129, VLAN0253-VLAN0254

  VLAN2178-VLAN2179

EtherChannel misconfig guard            is enabled

Extended system ID                      is enabled

Portfast Default                        is disabled

PortFast BPDU Guard Default            is disabled

Portfast BPDU Filter Default           is disabled

Loopguard Default                      is disabled

UplinkFast                              is disabled

BackboneFast                            is disabled

Configured Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------

VLAN0001                     0         0        0          2          2

VLAN0030                     0         0        0          3          3

VLAN0128                     1         0        0         28         29

VLAN0129                     1         0        0          3          4

VLAN0253                     0         0        0          2          2

VLAN0254                     0         0        0          2          2

VLAN2178                     0         0        0          2          2

VLAN2179                     0         0        0          2          2

---------------------- -------- --------- -------- ---------- ----------

8 vlans                      2         0        0         44         46

TXO-AJAXCNTLRM-9200-S01#sh spanning-tree blockedports

Name                 Blocked Interfaces List

-------------------- ------------------------------------

VLAN0128             Gi1/1/4

VLAN0129             Gi1/1/4

Number of blocked ports (segments) in the system : 2

TXO-AJAXCNTLRM-9200-S01#

Please note: This switch is only allowing frames tagged with VLAN 128 and 129 on trunk port (which are two fiber ports). When I allow all the frames (After I ran this command, no switchport trunk allowed vlan 128, 129), this switch cannot able to ping some switches in the network but suddenly some third-party switches accepting this switch as root bridge. As, these switches are in production I cannot able to make more changes.

So, you have 2 fiber ports as uplinks in trunk mode. One of the fiber port (gi1/1/4) is in blocking mode and the other one is forwarding right? if that is the case, this is the correct behavior. STP supposed to block one of the uplink ports. Can you also post "sh run" and point out which is the other uplink port?

I am away from the switch. So, it will take some time to provide you the that info. In the meantime, could you please answer why the blocking port is taking backup role? and could you please explain a bit more on this "STP supposed to block one of the uplink ports". From my understanding, all the ports in the root bridge must be in designated role and should be in forwarding state! correct me If I'm wrong.

Here you go,

interface GigabitEthernet1/1/3

switchport trunk allowed vlan 128,129

switchport mode trunk

duplex full

Hi,

Could you please explain a bit more? what do you mean by tag frame in trunk? that is the usual behavior of trunk ports, right? tagging VID into the frames before forwarding into the trunk link and how this will resolve this issue? please explain, as this switches are in production, I need to be so careful before making any changes. 

Thank You!

you mention that the BPDU is send within untag frame (native VLAN of trunk) and 3rd party SW  dont understand the tag the frame (include BPDU) so with command above we tag the frame. 

Thanks for the quick reply. Now, I understood what you are saying but how this will fix my issue, could you please give your comment on that. 

are the VLAN 128 is native vlan of trunk ?

No, VLAN 1

show spanning tree vlan128  detail <<- share this 

  Spanning tree enabled protocol rstp

  Root ID    Priority    128

             Address     3c26.e4dd.a480

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    128    (priority 0 sys-id-ext 128)

             Address     3c26.e4dd.a480

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi1/0/1             Desg FWD 4         128.1    P2p

Gi1/0/2             Desg FWD 4         128.2    P2p

Gi1/0/3             Desg FWD 4         128.3    P2p

Gi1/0/4             Desg FWD 19        128.4    P2p

Gi1/0/6             Desg FWD 4         128.6    P2p

Gi1/0/13            Desg FWD 4         128.13   P2p

Gi1/0/14            Desg FWD 4         128.14   P2p

Gi1/0/15            Desg FWD 4         128.15   P2p

Gi1/0/17            Desg FWD 4         128.17   P2p

Gi1/0/18            Desg FWD 4         128.18   P2p

Gi1/0/19            Desg FWD 4         128.19   P2p

Gi1/0/21            Desg FWD 4         128.21   P2p

Gi1/0/22            Desg FWD 4         128.22   P2p

Gi1/0/23            Desg FWD 4         128.23   P2p

Gi1/0/24            Desg FWD 4         128.24   P2p

Gi1/0/25            Desg FWD 4         128.25   P2p

Gi1/0/26            Desg FWD 4         128.26   P2p

Gi1/0/27            Desg FWD 4         128.27   P2p

Gi1/0/28            Desg FWD 4         128.28   P2p

Gi1/0/33            Desg FWD 4         128.33   P2p

Gi1/0/34            Desg FWD 4         128.34   P2p

Gi1/0/35            Desg FWD 4         128.35   P2p

Gi1/0/37            Desg FWD 4         128.37   P2p

Gi1/0/38            Desg FWD 19        128.38   P2p

Gi1/0/41            Desg FWD 19        128.41   P2p

Gi1/0/48            Desg FWD 4         128.48   P2p

Gi1/1/1             Desg FWD 4         128.49   P2p

Gi1/1/3             Desg FWD 19        128.51   P2p

Gi1/1/4             Back BLK 19        128.52   P2p

Vlan 128 is root and must all ports desg but I see one port BLK g1/1/4

Where this port lead?