Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
952
Views
0
Helpful
5
Replies

RPVST+ instability?

mmelbourne
Level 5
Level 5

‎02-08-2011 07:53 AM - edited ‎03-06-2019 03:25 PM

We are seeing a random issues with STP on our core network. Occasionally, we will have TCN notifications which if investigated from the core 6500s (which show the port the TCN was learned on), point back to the core in a circular fashion - when this occurs, not all VLANs will be affected, but it is suspected that network connectivity is affected during this period (likely due to the TCN causing a CAM table refresh).

In addition, we are seeing some Root Guard alerts on the secondary root switch for the VLANs at the same time:

Feb  8 04:30:08: %SPANTREE-SP-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet2/28 on VLAN0066.
Feb  8 04:30:14: %SPANTREE-SP-2-ROOTGUARD_UNBLOCK: Root guard unblocking port GigabitEthernet2/28 on VLAN0066.
Feb  8 14:15:06: %SPANTREE-SP-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet2/15 on VLAN0200.
Feb  8 14:15:12: %SPANTREE-SP-2-ROOTGUARD_UNBLOCK: Root guard unblocking port GigabitEthernet2/15 on VLAN0200.

I am suspicious of the per-port STP vlan count on the core devices, which are at ~1550 and ~2200 for a couple of WS-X6748-GE-TX line cards within switch which is the STP root for all VLANs (we don't do any form of odd/even STP balancing).

Has anyone seen anything similar when these per-port STP vlan counts are exceeded, or any other reason why it doesn't appear possible to track down the source of the TCN?

We are looking to manually prune the VLANs to try and reduce the numbers, with a view to moving to MST in the medium term, but it's not clear whether this is the root cause of the issue.

Thanks,

Matt

Labels:
0 Helpful
5 Replies 5

sdheer
Cisco Employee
Cisco Employee

‎02-08-2011 08:02 AM

Hi,

the error message that you are seeing in the  logs shows that the root port is recieving a superior BPDU becuase of  which root gaurd kicks in and blocks the port.

There seems to be  some other device which starts claiming itself to be the root and sends  superior BPDUs.In order to resolve the issue we would need to track down  that device.

refer to the folleoing document:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

Also  note that 100 Mbps modules support only a maximum of 1200 logical interfaces each.  You can use the command 'show spanning-tree summary

totals' to display the number of logical interfaces used and available.

Regards,

Swati

Please rate if you find content useful

0 Helpful

Shashank Singh
Cisco Employee
Cisco Employee

‎02-08-2011 08:08 AM

Hi Matt,

The logs suggest ports 2/28 and 2/15 have root guard configured on them.

When root guard is applied to a port, it denies this port the possibility of becoming a root port. If the reception of a BPDU triggers a spanning tree convergence that makes a designated port become a root port, the port is then put into a root inconsistent state. Recovery is automatic and no human intervention is required. For more information visit:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml

Please find out which port is the root port for vlan 66 and 200 on this switch. Also find out as to how are ports 2/28 and 2/15 receiving superior BPDUs.

I am not sure if number of vlan-port instances may be a possible cause behind these logs.

HTH,

Shashank

P.S. Please rate the helpful posts.

0 Helpful

Shashank Singh
Cisco Employee
Cisco Employee

‎02-08-2011 08:20 AM

Hi Matt,

Do you see any logs like "%PM-SP-4-LIMITS: The number of vlan-port instances on module 2 exceeded the recommended limit of 1800". This may be an indication of the STP vlan-port instances being exceeded.

HTH,

Shashank

Please rate if this was helpful

0 Helpful

mmelbourne
Level 5
Level 5
In response to Shashank Singh

‎02-08-2011 09:34 AM

No, we're not seeing any "%PM-SP-4-LIMITS" errors in the logs. When this occurs, it's from different switch ports and different VLANs each time, so it's not necessarily pointing to a single downstream infrastructure component.

The output of "show spanning-tree summary totals" is:

Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN0004, VLAN0006, VLAN0010, VLAN0013
  VLAN0020-VLAN0024, VLAN0026-VLAN0027, VLAN0050, VLAN0064-VLAN0066, VLAN0070
  VLAN0075, VLAN0080-VLAN0081, VLAN0100-VLAN0101, VLAN0192, VLAN0194-VLAN0195
  VLAN0200-VLAN0202, VLAN0213, VLAN0215, VLAN0218, VLAN0222, VLAN0228
  VLAN0232, VLAN0251-VLAN0256, VLAN0332-VLAN0337, VLAN0495, VLAN0500-VLAN0501
  VLAN0503, VLAN0700-VLAN0702, VLAN0710-VLAN0712, VLAN0750, VLAN0790
  VLAN0799-VLAN0803
EtherChannel misconfig guard is enabled
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
UplinkFast                   is disabled
BackboneFast                 is disabled
Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
67 vlans                     0         0        0       3326       3326

0 Helpful

sdheer
Cisco Employee
Cisco Employee
In response to mmelbourne

‎02-09-2011 05:48 AM

Hi ,

The above proves that the errorr message that you are seeing is not due to the limit of instances on that particular switch or line card.

As i said earlier there is some device in your network which is sending out superior BPDUs ,so basically we would need to find out in your network what device is causing the same.

Regards,

Swati

Please rate if you find content useful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card