Spanning tree and loopguard/udld

gurowar · ‎01-31-2024

Maybe I am not understanding but not sure how I can have a loop, I have a hub and spoke topology here

                                         Sw-A 
                                           |
                                        Metro-E
                                       /       \
                                   Sw-B         Sw-C

The connection is a Metro-E that connects all 3 sites together. I have vlan 1925 that resides in all 3 sites. The subnet for vlan 1925 is 192.168.3.XX.

Sw-A - 192.168.3.2 - Fiber connects to Metro-E via te1/1/1
Sw-B - 192.168.3.3 - Copper connect to Metro-E via g1/2
Sw-C - 192.168.3.4 - Copper connects to Metro-E via gi1/0/2

I have STP loopguard and udld aggressive running on all 3 switches

I am running OSPF for the 192.168.3.0 subnet

The interfaces that connect SW-A to SW-B and SW-A to SW-C are trunk ports, there is no connection between SW-B and SW-C.
So with this set up I don't think I should have any spanning tree issues correct because there is only one physical connection that connects to the Metro-E from each location. But for the past 3 days I have noticed for a brief 2 min. that I get an alert that the connection went down and when I check I see the following message

SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port te1/1/1 on VLAN1925

I checked to see which is the root and saw that SW-B is the root, I believe SW-A should be the root bridge because SW-A our main site and has all the compute. I also noticed that in SW-A vlan 1 is enabled and the root for that is also SW-B, when I check vlan1 nothing is configured and I see that both vlan 1 and 1925 use the same interface, te1/1/1 to get to the root. Checking the logs prior to Vlan 1925 loopguard alert. I also see it on vlan1, not sure if this has anything to do with each other but it looks like they happen with in 2-3 hours of each other.

SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port te1/1/1 on VLAN001

This just started on Monday and so far has been happening every night, no changes have been made to the network so I don't see what is causing this perhaps I need to move the root to SW-A and maybe VLAN 1 is part of the issue? Any suggestion would be greatly appreciated. I was just going to move the root from SW-B to SW-A and disable VLAN 1 but figure ask for advise first.

Thank you in advance!!!

MHM Cisco World · ‎01-31-2024

One SW use fiber' if there is cut then some bpdu loss and port go to forward' this port protects by loopguard and hence stp log message.

To check

Show spanning tree interface x/x

Check bpdu send receive in both side of fiber connection.

MHM

gurowar · ‎01-31-2024

So TenGigabitEthernet1/1/1 is the connection that connect to the Metro-E and it shows

SW-A#show spanning-tree inter TenGigabitEthernet1/1/1

Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001 Root FWD 4 128.2 P2p
VLAN0301 Desg FWD 4 128.2 P2p
VLAN0302 Desg FWD 4 128.2 P2p
VLAN0303 Desg FWD 4 128.2 P2p
VLAN0304 Desg FWD 4 128.2 P2p
VLAN0313 Desg FWD 4 128.2 P2p
VLAN0353 Desg FWD 4 128.2 P2p
VLAN0700 Desg FWD 4 128.2 P2p
VLAN0888 Desg FWD 4 128.2 P2p
VLAN1925 Root FWD 4 128.2 P2p
SW-A#

MHM Cisco World · ‎01-31-2024

SW-A#show spanning-tree inter TenGigabitEthernet1/1/1 detail <<-

gurowar · ‎01-31-2024

I only included VLAN1925 and VLAN1 as those are the ones that show up in the logs when get alerts, I am assuming BPDUs sent and receive should be the same?

SW-A#sh span inter te1/1/1 deta
Port 2 (TenGigabitEthernet1/1/1) of VLAN0001 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 8193, address 0011.5d27.6840
Designated bridge has priority 32769, address 4c4e.35e2.8880
Designated port id is 128.2, designated path cost 1
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 117
Link type is point-to-point by default
Loop guard is enabled by default on the port
BPDU: sent 574, received 26228256

Port 2 (TenGigabitEthernet1/1/1) of VLAN1925 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 34693, address 30e4.db90.df80
Designated bridge has priority 34693, address 30e4.db90.df80
Designated port id is 128.2, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 8
Link type is point-to-point by default
Loop guard is enabled by default on the port
BPDU: sent 153, received 6571333

MHM Cisco World · ‎01-31-2024

check the number of received since this SW is not root for these VLAN also check sent bpdu it must be still same at least 1 hr
the Forwarding state for vlan 1 is high 117
MHM

gurowar · ‎01-31-2024

checking again looks like BPDU are the same for both Vlans and receives incremented:

Vlan 1 - BPDU: sent 574, received 26243584

Vlan 1925 - BPDU: sent 153, received 6575170

OmedaISP#sh span inter te1/0/2 deta
Port 2 (TenGigabitEthernet1/0/2) of VLAN0001 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 8193, address 0011.5d27.6840
Designated bridge has priority 32769, address 4c4e.35e2.8880
Designated port id is 128.2, designated path cost 1
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 117
Link type is point-to-point by default
Loop guard is enabled by default on the port
BPDU: sent 574, received 26243584

Port 2 (TenGigabitEthernet1/0/2) of VLAN1925 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 34693, address 30e4.db90.df80
Designated bridge has priority 34693, address 30e4.db90.df80
Designated port id is 128.2, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 8
Link type is point-to-point by default
Loop guard is enabled by default on the port
BPDU: sent 153, received 6575170

MHM Cisco World · ‎01-31-2024

And there is no log anymore?

If yes then it was SP issue and it not Ok.

The SW not root and it receive bpdu and forwarding is still same 117.

MHM

gurowar · ‎02-01-2024

Apologies for the delay, no there is no other logs, not seeing anymore loop guard blocking. The only thing I see in the logs is my session timing out and logged me out. I checked again for the heck of it and since we last talked looks like the BPDU sent for Vlan 1 incremented by one everything else stayed the same.

VLAN 1

Number of transitions to forwarding state: 117

BPDU: sent 575, received 26358063

OmedaISP#sh span inter te1/0/2 deta
Port 2 (TenGigabitEthernet1/0/2) of VLAN0001 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 8193, address 0011.5d27.6840
Designated bridge has priority 32769, address 4c4e.35e2.8880
Designated port id is 128.2, designated path cost 1
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 117
Link type is point-to-point by default
Loop guard is enabled by default on the port
BPDU: sent 575, received 26358063

VLAN 1925

Number of transitions to forwarding state: 8

BPDU: sent 153, received 6603849

Port 2 (TenGigabitEthernet1/0/2) of VLAN1925 is root forwarding
Port path cost 4, Port priority 128, Port Identifier 128.2.
Designated root has priority 34693, address 30e4.db90.df80
Designated bridge has priority 34693, address 30e4.db90.df80
Designated port id is 128.2, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 8
Link type is point-to-point by default
Loop guard is enabled by default on the port
BPDU: sent 153, received 6603849

MHM Cisco World · ‎02-01-2024

so as a role
root port<<- you must see only BPDU received count increase
designated port or BLK <<- you must see only sent count increase
the number of transitions to forwarding must be stable fix, this number is increase rapidly only when you first time connect SW or add new SW to STP domain otherwise it must stay same, this the more number indicate the your STP is healthy.
keep monitoring it
and I wish you goodluck friend
MHM

gurowar · ‎02-01-2024

Thank you sir for your help!!!! After this I need to brush up on my STP but appreciate the advice!!! It doesn't help that this occurs while I am asleep but if I find anything I will update this but for now will monitor.

Thank you sir!!!

MHM Cisco World · ‎02-01-2024

You are so so welcome
MHM

paul driver · ‎02-01-2024

Hello
Suggest check your cabling first.
Loopguard will not detect a intermittent unidirectional physical issue even if there was one, UDLD should do this however if for some reason a physical isn't detected but loopguard still fails to receive its bpdus (max age) it is expecting it will block the entire etherchannel unlike UDLD that will only shutdown part of the either channel

Intermittently when all comes good again STP then will going through its listen/learning/forwarding states again so there we have a loop.

Each switch - look at the stp transitions, you shroud find the culprit ...eventually
show spanning-tree detail | inc ieee|occurr|from|is exec

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gurowar · ‎02-02-2024

Hi Paul

Thank you for your suggestion will take a look and see, Once I find the issue I will post here. On a side note I checked for any physical connections bouncing, logs don't indicate any interfaces going down. Out of all 3 connections SW-A is the only one that has fiber the other 2 have coper going into the metro-e. At any rate thank you for this and will keep everyone posted.

Thank you, sir!