Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2660
Views
0
Helpful
15
Replies

Spanning-tree basic: root bridge selects the wrong path

Simonoulx27068
Level 1
Level 1

‎01-19-2020 04:32 AM

Got a problem with integration between Ruckus and Cisco 9300 but after investigating the problem seems general and more related with the basic of STP behavior that I can't understand.

First here the schematic of the simplified network in cause:

schema..png

Everything is working with spanning-tree PVST+. The Cisco 9300 is the root bridge and the Ruckus got the port 1/1/1 in the blocked state. We are using native vlan (1) for management. We know it's not the best practice we plan to change this.

 

All traffic for all VLANs works as it should. We can reach the Cisco management IP 172.16.1.39 without issue.

 

BUT we loose the connection intermittently to the Ruckus management IP address 172.16.1.109.

After investigating the log from both sides the issue seems from Cisco 9300.

 

The problem happens when the control data (CDP, LLDP, BDPU) flows on the block port 1/1/1 as it should. But at that time the Cisco 9300 (root bridge) updates is mac address table for the Ruckus device but on the wrong port 1/0/23. After that all user data like HTTP or ICMP takes the wrong designed port 1/0/23 to the Ruckus device. Since on the other side the port is blocked the communication is lost.

 

With Cisco device we don't have this problem. So maybe there is some kind of mecanism to prevent this (CDP?).

 

So how the root bridge knows wich designated port to use if control data can be receive from two ports coming from the same foreign device?

Labels:
0 Helpful
15 Replies 15

paul driver
VIP
VIP
In response to Simonoulx27068

‎01-20-2020 06:47 AM - edited ‎01-20-2020 11:40 AM

@Simonoulx27068 wrote:

 

BUT the root bridge still continues to receive flow control even if the downward bridge is blocked (CDP, LLDP, PAgP, LACP, VTP). To verify that if we do "show cdp neighbors" on the root bridge we can see foreign Cisco devices even if the downward port is blocked. So CDP is going upward to the root bridge from the blocked port.

L2 cdp/lldp announcements from/to stp block port shouldn’t make a root switch designated port attached to it blackhole traffic unless that is the ruckas has informed the root switch of a TCN or the TCN has originated elsewhere to initiate a topology change which would in turn decrease the switches cam-table aging timers for mac address relearning

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card