12-03-2018 03:41 AM - edited 03-08-2019 04:44 PM
Hello,
All has settled down and it's all working, however....
On the 3750 switch we had some flapping ports on 2/0/11 last night, which were also seen on other switches. A few devices on switches 1 and 2 had to be rebooted which caused this flood/loop it seems.
On the 3750 (root switch I saw this).
The trunk ports on the 3750 leading to switch 1 and 2 are all set as and the 2960s (switch 1 and 2 are the same on all trunks):
interface GigabitEthernet2/0/11
description Trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10
switchport mode trunk
end
3750 info:
interface Vlan1
description ***Default VLAN not to be used***
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Vlan10
description ***Picc LUS LAN***
ip address x.x.x.x 255.255.254.0
no ip route-cache
no ip mroute-cache
Spanning tree for vlan 1 and 10 are all in forwarding mode to these switches.
On the 2960s (switch 1 and 2) port 24 are the root ports leading to the 3750 and 1 of the 0/23 ports are in Alt mode due to spanning tree.
To me all looks good, can you think of anything? It seems the same mac address where being seen from multiple ports (loop).
Switches use rapid-pvst
Thanks
12-03-2018 05:49 AM - edited 12-03-2018 08:24 AM
Hello
A port between sw1 -2 should have become a blocked port but it seems this blocked port lost or stop receiving bpdu hellos and transitioned into a forwarding state thus creating a loop.
Is it possible you have a unmamaged device attached to these switches being looped back into the network?
Are you filtering bpdu's ( bpdu-filtering) or is portfast trunk applied to the interconnects.
Faulty sfp/port creating unidirectional links problems?
12-03-2018 08:07 AM
Some great points there, thanks. The typology is good now and a port between 1 & 2 is in blocking mode. There are sfps used so I suspect it's one of those.
I never use that portfast on trunk ports, as I've seen horrid loops with that.
12-03-2018 08:32 AM
Hello
In addition to UDLD/loopguard features I would also suggest look into applying some L2 port security.
12-04-2018 05:47 AM
Hi, thanks again for the help.
What is the best debug spanning tree command to use when you see a change, I've enabled some but I get to much info.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide