Solved: Re: Spanning tree blocking port on vlan

linh.hl.nguyen · ‎06-12-2020

I have two Cisco 9508 running NX-OS, and I just want to simply create a vlan, and assign a port that connects the two 9508s.

On one 9508, the spanning tree shows the port (1/36) in that vlan in FWD state, but on the other 9508 spanning tree shows the port (1/36) in that vlan in BLK state; therefore it is preventing traffic from going across that link.

What am I missing? Please help.

Please see output on both switches:

# show spanning-tree vlan 15

VLAN0015
Spanning tree enabled protocol rstp
Root ID Priority 32783
Address 0023.04ee.be01
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32783 (priority 32768 sys-id-ext 15)
Address 0023.04ee.be01
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth1/36 Desg FWD 1 128.141 Network P2p

*******************************************

# show spanning-tree vlan 15

VLAN0015
Spanning tree enabled protocol rstp
Root ID Priority 32783
Address 0023.04ee.be01
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32783 (priority 32768 sys-id-ext 15)
Address 0023.04ee.be01
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth1/36 Back BLK 1 128.141 Network P2p

Reza Sharifi · ‎06-12-2020

Make one of the switches the root for all vlans

spanning-tree vlan 15 root primary

Once you do this, you should see one of the switches is the root.

Can you post the output of "sh run int e1/36" and "sh int e1/36" from both switches?

HTH

View solution in original post

Reza Sharifi · ‎06-12-2020

Make one of the switches the root for all vlans

spanning-tree vlan 15 root primary

Once you do this, you should see one of the switches is the root.

Can you post the output of "sh run int e1/36" and "sh int e1/36" from both switches?

HTH

linh.hl.nguyen · ‎06-12-2020

Hi Reza,

Thank you very much for your suggestion.

I did what you suggested and things look better now. I can ping across. Please see output and the config of int e1/36 that you asked for.

One question though, why do I not have this problem when I add vlans over and existing port-channel between the two 9508s?

# spanning-tree vlan 15 root primary
# show spanning-tree vlan 15

VLAN0015
Spanning tree enabled protocol rstp
Root ID Priority 24591
Address 0023.04ee.be01
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24591 (priority 24576 sys-id-ext 15)
Address 0023.04ee.be01
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth1/36 Desg FWD 1 128.141 Network P2p

R1638-Vz(config)# show run interface e1/36

!Command: show running-config interface Ethernet1/36
!Time: Fri Jun 12 15:14:18 2020

version 7.0(3)I5(1)

interface Ethernet1/36
switchport mode trunk
switchport trunk allowed vlan 15
spanning-tree port type network
mtu 9216

R1638-Vz(config)# ping 15.15.15.1 vrf linh
PING 15.15.15.1 (15.15.15.1): 56 data bytes
36 bytes from 15.15.15.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 15.15.15.1: icmp_seq=1 ttl=254 time=0.682 ms
64 bytes from 15.15.15.1: icmp_seq=2 ttl=254 time=0.573 ms
64 bytes from 15.15.15.1: icmp_seq=3 ttl=254 time=0.538 ms
64 bytes from 15.15.15.1: icmp_seq=4 ttl=254 time=0.528 ms

*************************************************************

R1637-Vz(config-if)# show spanning-tree vlan 15

VLAN0015
Spanning tree enabled protocol rstp
Root ID Priority 24591
Address 0023.04ee.be01
Cost 1
Port 141 (Ethernet1/36)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32783 (priority 32768 sys-id-ext 15)
Address 0023.04ee.be01
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Eth1/36 Root FWD 1 128.141 Network P2p

R1637-Vz(config-if)# show run interface e1/36

!Command: show running-config interface Ethernet1/36
!Time: Fri Jun 12 15:14:41 2020

version 7.0(3)I5(1)

interface Ethernet1/36
switchport mode trunk
switchport trunk allowed vlan 15
spanning-tree port type network
mtu 9216

R1637-Vz(config-if)# ping 15.15.15.2 vrf linh
PING 15.15.15.2 (15.15.15.2): 56 data bytes
64 bytes from 15.15.15.2: icmp_seq=0 ttl=254 time=0.736 ms
64 bytes from 15.15.15.2: icmp_seq=1 ttl=254 time=0.571 ms
64 bytes from 15.15.15.2: icmp_seq=2 ttl=254 time=0.631 ms
64 bytes from 15.15.15.2: icmp_seq=3 ttl=254 time=0.579 ms
64 bytes from 15.15.15.2: icmp_seq=4 ttl=254 time=0.563 ms

Reza Sharifi · ‎06-12-2020

Hi,

I see below command in your config.

spanning-tree port type network

Is port e1/36 supposed to be a vPC peer link?

If yes, you would need to all vlans (not just 15) over that link. something like this:

nterface Ethernet1/36
switchport mode trunk
spanning-tree port type network
mtu 9216

Also, it is always good idea to use a Portchannel with multiple links in it for vPC peer link, so you have redundancy.

HTH

linh.hl.nguyen · ‎06-25-2020

Hello,

Thanks for your recommendation.

Since I've already had a vpc peer link on an existing port channel, it will not let me have vpc peer link on a new port channel (with different port members). Is only one vpc peer link allowed between the 2 switches? In that case, will my new port channel work well without vpc peer link?

Reza Sharifi · ‎06-25-2020

You only need one vPC peer link, as you can put up to 16 physical links in one vPC Portchannel. If you want to have a second one, a simple Portchannel is sufficient.

HTH