From a spanning-tree's

Landry Hermann SAMBA · ‎08-14-2017

Hello;

We are facing spanning-tree issue.

we have a switch sw1 connected to another switch sw2, on sw1 we can see the trunk port going to broken (BKN*) and vlan ID mismatch (this concerned all vlan).

Note that native vlan is the same on all infrastructure, so that we can exclude the issue is not native vlan mismatch.

I tried to capture packets on that trunk, we remark something that I don't know if it is normal or not.

is someone can explain me, why a switch can send BPDU with system ID extension different on Root Bridge Identifier and Bridge Identifier (see my file attached)

Thanks for your reply

Kevin Rivest · ‎08-14-2017

Is the native VLAN 76? I do not see an 802.1Q tag on the SSTP BPDU, so it would seem it is. I know you said the native VLAN is configured the same for the entire infrastructure, but can you make sure that it is not possible on either this switch or the opposite switch on the link the native VLAN was not fat fingered as 776. The system id extension normally corresponds to the VLAN ID (or instance ID for MST) of the STP instance which is showing up as 776 for the RBID in the BPDU.

Also, are all switches running PVST+, or is this a mixed PVST+, CST (802.1D), and MST environment? If this is a mixed environment with PVST+ and MST, on older switches the PVID error can indicate a PVST simulation error instead of a VLAN ID mismatch. If the switch in the PVST+ region is the root bridge it must be the root bridge for all VLANs, and same if the root bridge is in the MST region.

If this is a mixed environment of PVST+ and CST you have to make sure that the native VLAN is consistent on all PVST+ trunk ends of a CST region, instead of just on the link, to make sure that the PVID matches the native VLAN for untagged packets tunneled across the CST region.

Lastly, ensure that all links in the spanning-tree topology are configured as trunks. If a switch port is configured as an access port somewhere in the network it will only merge with either the CST, if consistent with the native VLAN and VLAN1, or the SSTP VLAN that corresponds to the native VLAN. If the native VLAN is configured differently than the access port VLAN on the PVST+ ends of the CST region you will get a port inconsistent error.

Hopefully this helps resolve the issue.

Landry Hermann SAMBA · ‎08-14-2017

Hi Kevin Rivest ;

Thanks for your reply.

Vlan 76 is not native vlan

All switches (cisco) are running rapid-pvst

Note that, this link is between Cisco 3850 and Cisco 3750 over service provider

Ex: Cisco 3850 <-gi1/0/10---------------------------------------gi1/0/10->Cisco 3750

Port connected to link are trunk mode

on service provider each edge port is configuring as below :

interface GigabitEthernet0/1
description to Customer
port-type nni
switchport access vlan 1305
switchport mode dot1q-tunnel
media-type rj45
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter disable
end

stp is properly transport by service provider

So that, I still not understand why le system ID extesion which should be the same as the vlan is different for Root Bridge and Brigde Identifier. I think if I can understand this point, this will make clear why the port is going to broken (BKN*)

Did you already see system ID extension be different as I'm getting ?

thanks

Rolf Fischer · ‎08-14-2017

Hi,

from what I see, the native VLAN is 1 (IEEE and SSTP BPDU, #2265/2266 in your capture).

The root bridge for VLAN 76 on the local switch is the VLAN 776 STP instance of the very same switch. Seems like there is a loop between those VLANs somewhere in your network, possibly caused by an interconnection of access-ports; the pathcost of that loop is 4.

On the local switch, you can find the VLAN 76 root port with 'show spanning-tree root". Then track the next hop to the root bridge on the neighbor switch connected to the root port, and so on.

HTH
Rolf

Landry Hermann SAMBA · ‎08-15-2017

Hi Rolf Fischer;

Thanks for your reply, yes your rigth native vlan is 1 (#2265/2266)

## The root bridge for VLAN 76 on the local switch is the VLAN 776 STP instance of the very same switch##

This is the one I'm not understanding, may-be if I found why I have this, we can know and explain de issue.

Did you aready see this kind of capture with system ID extension different ?

As I said to another on this forum:

All switches (cisco) are running rapid-pvst

Note that, this link is between Cisco 3850 and Cisco 3750 over service provider

Ex: Cisco 3850 <-gi1/0/10---------------------------------------gi1/0/10->Cisco 3750

Port connected to link are trunk mode

on service provider each edge port is configuring as below :

interface GigabitEthernet0/1
description to Customer
port-type nni
switchport access vlan 1305
switchport mode dot1q-tunnel
media-type rj45
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter disable
end

stp is properly transport by service provider

So that, I still not understand why le system ID extesion which should be the same as the vlan is different for Root Bridge and Brigde Identifier. I think if I can understand this point, this will make clear why the port is going to broken (BKN*)

thanks

Rolf Fischer · ‎08-16-2017

From a spanning-tree's perspective, every PVST-instance on a switch represents its own bridge. In VLAN 776 your local switch is the root brigde and sends BPDUs with 0/776/<MAC-address> as the sending bridge ID (Priority=0; VLAN-ID=776).

The same switch receives somehow those BPDUs on the VLAN 76 (which is another STP bridge) root port and relays them to all the VLAN 76 designated ports. The sender bridge ID in this BPDUs then is 32768/76/<MAC-address> (Priority=0x8000; VLAN-ID=76). This is what you can see in frame #2260.

In order to find the interconnection between VLANs 776 and 76, I'd suggest to track the root port of VLAN 76 towards the root bridge. Possibly the problem is caused by the service provider network.

Spanning-tree issue : wireshark traces