Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
202
Views
0
Helpful
9
Replies

spanning-tree not blocking

Ruhtra
Level 1
Level 1

‎11-25-2025 08:05 AM

I have unexpected behavior from connected field devices.  For redundancy, there are field devices that have two Ethernet ports and act as bridges.  One port will be to my 9300 switch, second port to another field device, and daisy chain maybe two-five devices, the last being connected back to the 9300 switch.  Done this before with no issue on different field hardware.  But for some reason STP doesn't like this particular field device (or vlan).  Here's the weird part; if I remove the vlan from the uplink to the core router, it will forward/block the two ports as expected.  But if I add the vlan back to the uplink, once it finishes learning, I start getting the  %SW_MATM-4-MACFLAP_NOTIF errors again.  Both ports are forwarding, and the core router starts seeing it MACFLAP between port channels on other switches that have that vlan.  when I do a show cdp neighbor, I see my switch as a neighbor between the two ports.  If it makes a difference, the field device in question is a Distech ECY-300.

Labels:
0 Helpful
9 Replies 9

Ruhtra
Level 1
Level 1

‎11-25-2025 08:22 AM

After thinking about this, it does make sense to see macflap on other port channels on the router since a port is not blocking like it should.  So, I guess the question becomes why isn't the port blocking.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Ruhtra

‎11-25-2025 09:19 AM

Are you using PVST or rapid PVST?

0 Helpful

Ruhtra
Level 1
Level 1

‎11-25-2025 09:39 AM

Field switches have:

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id

I do not have portfast enabled on these ports. 

The router (9606 vss pair) has this for spanning-tree
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-4093 priority 24576

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Ruhtra

‎11-25-2025 10:28 AM

That leads me to believe the field device is not passing those packets.

@Ruhtra wrote:

Field switches have:

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id

I do not have portfast enabled on these ports. 

The router (9606 vss pair) has this for spanning-tree
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-4093 priority 24576

The 9300 also using rapid-pvst?

Possibly one of the following, on the field devices, is blocking BPDUs:

spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎11-26-2025 01:48 PM

Hello @Joseph W. Doherty and @Ruhtra ,

>> spanning-tree portfast bpdufilter default

on Cisco switches this blocks sending of STP BPDUs and receiving of STP BPDUs and it not recommended in general.

I see you field switches are made by another vendor . However the BPDU filter has to be used only in special cases like avoiding to interconnect two STP domains 

Hope to help

Giuseppe

 

0 Helpful

Ruhtra
Level 1
Level 1

‎11-25-2025 09:41 AM

I just spoke with the vendor installing the field devices.  Apparently, we are having issues with just one flavor that is brand new, and there is a firmware update coming our next week that addresses spanning-tree issues.  So, this may not be a 'me' issue.

0 Helpful

Ruhtra
Level 1
Level 1

‎11-25-2025 09:52 AM

New update.  I think I relied too much on the SHOW CDP NEIGHBOR command.  When I do a SHOW SPANNING-TREE INTERFACE Tw1/0/13 (one of the two ports in the "loop"), the number of BPDU packets received is 0 for both sides.  That leads me to believe the field device is not passing those packets.

0 Helpful

pieterh
VIP
VIP

‎11-26-2025 05:58 AM

check if the Distech ECY-300 supports vlan-trunks!
my guess is it doesn't
it probably will support STP, but as result of above NOT (R)PVST.
as such it will forward all vlan-tagged packets while removing the vlan-tag in the process!

-> allow only a single VLAN on the connecting Cisco switch (configured as accessport for a single vlan)

0 Helpful

pieterh
VIP
VIP

‎11-26-2025 07:37 AM

this document 
https://docs-be.distech-controls.com/bundle/IP-Networking_UG/raw/resource/enus/IP%20Networking_UG.pdf 
mentions a "trunk mode" is possible, but of course it must be configured (this could be the information I asked in my previous post)
VLAN Mode This column indicates whether the VLAN is in access (A), trunk (T), or local (L) mode.
Click on the field to change the mode and click “Save Changes” in the bottom right.

unfortunately no further explanation -> ask your Distech supplier.
a loop (double connected to the same switch) is alo possible, Chapter 5.
but here also no reference about multiple vlan's found

0 Helpful
Customers Also Viewed These Support Documents