02-08-2011 07:53 AM - edited 03-06-2019 03:25 PM
We are seeing a random issues with STP on our core network. Occasionally, we will have TCN notifications which if investigated from the core 6500s (which show the port the TCN was learned on), point back to the core in a circular fashion - when this occurs, not all VLANs will be affected, but it is suspected that network connectivity is affected during this period (likely due to the TCN causing a CAM table refresh).
In addition, we are seeing some Root Guard alerts on the secondary root switch for the VLANs at the same time:
Feb 8 04:30:08: %SPANTREE-SP-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet2/28 on VLAN0066.
Feb 8 04:30:14: %SPANTREE-SP-2-ROOTGUARD_UNBLOCK: Root guard unblocking port GigabitEthernet2/28 on VLAN0066.
Feb 8 14:15:06: %SPANTREE-SP-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet2/15 on VLAN0200.
Feb 8 14:15:12: %SPANTREE-SP-2-ROOTGUARD_UNBLOCK: Root guard unblocking port GigabitEthernet2/15 on VLAN0200.
I am suspicious of the per-port STP vlan count on the core devices, which are at ~1550 and ~2200 for a couple of WS-X6748-GE-TX line cards within switch which is the STP root for all VLANs (we don't do any form of odd/even STP balancing).
Has anyone seen anything similar when these per-port STP vlan counts are exceeded, or any other reason why it doesn't appear possible to track down the source of the TCN?
We are looking to manually prune the VLANs to try and reduce the numbers, with a view to moving to MST in the medium term, but it's not clear whether this is the root cause of the issue.
Thanks,
Matt
02-08-2011 08:02 AM
Hi,
the error message that you are seeing in the logs shows that the root port is recieving a superior BPDU becuase of which root gaurd kicks in and blocks the port.
There seems to be some other device which starts claiming itself to be the root and sends superior BPDUs.In order to resolve the issue we would need to track down that device.
refer to the folleoing document:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml
Also note that 100 Mbps modules support only a maximum of 1200 logical interfaces each. You can use the command 'show spanning-tree summary
totals' to display the number of logical interfaces used and available.
Regards,
Swati
Please rate if you find content useful
02-08-2011 08:08 AM
Hi Matt,
The logs suggest ports 2/28 and 2/15 have root guard configured on them.
When root guard is applied to a port, it denies this port the possibility of becoming a root port. If the reception of a BPDU triggers a spanning tree convergence that makes a designated port become a root port, the port is then put into a root inconsistent state. Recovery is automatic and no human intervention is required. For more information visit:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml
Please find out which port is the root port for vlan 66 and 200 on this switch. Also find out as to how are ports 2/28 and 2/15 receiving superior BPDUs.
I am not sure if number of vlan-port instances may be a possible cause behind these logs.
HTH,
Shashank
P.S. Please rate the helpful posts.
02-08-2011 08:20 AM
Hi Matt,
Do you see any logs like "%PM-SP-4-LIMITS: The number of vlan-port instances on module 2 exceeded the recommended limit of 1800". This may be an indication of the STP vlan-port instances being exceeded.
HTH,
Shashank
Please rate if this was helpful
02-08-2011 09:34 AM
No, we're not seeing any "%PM-SP-4-LIMITS" errors in the logs. When this occurs, it's from different switch ports and different VLANs each time, so it's not necessarily pointing to a single downstream infrastructure component.
The output of "show spanning-tree summary totals" is:
Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN0004, VLAN0006, VLAN0010, VLAN0013
VLAN0020-VLAN0024, VLAN0026-VLAN0027, VLAN0050, VLAN0064-VLAN0066, VLAN0070
VLAN0075, VLAN0080-VLAN0081, VLAN0100-VLAN0101, VLAN0192, VLAN0194-VLAN0195
VLAN0200-VLAN0202, VLAN0213, VLAN0215, VLAN0218, VLAN0222, VLAN0228
VLAN0232, VLAN0251-VLAN0256, VLAN0332-VLAN0337, VLAN0495, VLAN0500-VLAN0501
VLAN0503, VLAN0700-VLAN0702, VLAN0710-VLAN0712, VLAN0750, VLAN0790
VLAN0799-VLAN0803
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
67 vlans 0 0 0 3326 3326
02-09-2011 05:48 AM
Hi ,
The above proves that the errorr message that you are seeing is not due to the limit of instances on that particular switch or line card.
As i said earlier there is some device in your network which is sending out superior BPDUs ,so basically we would need to find out in your network what device is causing the same.
Regards,
Swati
Please rate if you find content useful
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide