Re: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Inconsistent peer vlan

AndreyPokorskiy · ‎11-30-2023

Hello Comunity!
Spanning Tree %SPANTREE-2-BLOCK_PVID_PEER: I know there are a lot of posts about inconsistent peer VLANs being blocked
But in my situation, both switches are in the same mode "Switches are in Rapid PvST mode", all VLANs are allowed on the trunks, and both switches have the same VLANs configured.
But the trunk port between two switches are blocked every 30-40 minutes and then "Port consistency restored":
Nov 30 15:17:12.777 MST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 11 on GigabitEthernet1/1 VLAN1.
Nov 30 15:17:12.777 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0011. Inconsistent peer vlan.
Nov 30 15:17:12.777 MST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/1 on VLAN0001. Inconsistent local vlan.
Nov 30 15:17:12.777 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0012. Inconsistent peer vlan.
Nov 30 15:17:12.781 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0013. Inconsistent peer vlan.
Nov 30 15:17:12.844 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0014. Inconsistent peer vlan.
Nov 30 15:17:12.844 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0023. Inconsistent peer vlan.
Nov 30 15:17:12.844 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0101. Inconsistent peer vlan.
Nov 30 15:17:12.844 MST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/1 on VLAN0201. Inconsistent peer vlan.
Nov 30 15:17:27.780 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0011. Port consistency restored.
Nov 30 15:17:27.780 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0012. Port consistency restored.
Nov 30 15:17:27.787 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0013. Port consistency restored.
Nov 30 15:17:27.846 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0014. Port consistency restored.
Nov 30 15:17:27.846 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0001. Port consistency restored.
Nov 30 15:17:27.846 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0023. Port consistency restored.
Nov 30 15:17:27.846 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0101. Port consistency restored.
Nov 30 15:17:27.846 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/1 on VLAN0201. Port consistency restored.

In the same time the second switch shows that port "Down":
001204: Nov 30 15:16:58.727 MST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/1/4, changed state to down
001205: Nov 30 15:16:59.738 MST: %LINK-3-UPDOWN: Interface TenGigabitEthernet1/1/4, changed state to down
001206: Nov 30 15:17:11.771 MST: %LINK-3-UPDOWN: Interface TenGigabitEthernet1/1/4, changed state to up
001207: Nov 30 15:17:13.782 MST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/1/4, changed state to up

SW1:

#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is enabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is long

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 1 2
VLAN0010 1 0 0 1 2
VLAN0011 1 0 0 2 3
VLAN0012 1 0 0 1 2
VLAN0013 1 0 0 1 2
VLAN0014 1 0 0 3 4
VLAN0023 1 0 0 1 2
VLAN0101 1 0 0 1 2
VLAN0200 1 0 0 2 3
VLAN0201 1 0 0 1 2
---------------------- -------- --------- -------- ---------- ----------
10 vlans 10 0 0 14 24

SW2:

#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
Portfast Edge BPDU Guard Default is disabled
Portfast Edge BPDU Filter Default is disabled
Loopguard Default is disabled
PVST Simulation Default is enabled but inactive in rapid-pvst mode
Bridge Assurance is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0010 0 0 0 1 1
VLAN0011 0 0 0 1 1
VLAN0012 0 0 0 1 1
VLAN0013 0 0 0 1 1
VLAN0014 0 0 0 1 1
VLAN0023 0 0 0 1 1
VLAN0101 0 0 0 1 1
VLAN0201 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
9 vlans 0 0 0 9 9

If there is any misconfiguration that trunk port should be down but it flaps Down and UP

Thank you!
Andrey P.

MHM Cisco World · ‎11-30-2023

Vlan 200 is missing

The cost one use long and other use short

Sw2 bridge assurance is enabled and this make trunk down since vlan 200 os missing.

MHM

AndreyPokorskiy · ‎12-01-2023

Thank you MHM!
I saw that VLAN200 was missing on SW2 but the trunk went UP and Down ....
That is weird.
SW2 is cisco IE-4000-8T4G-E
I add command to allow LVANs on SW1 trunk connected to SW2 to restrict VLAN200:

switchport trunk allowed vlan 1,10,11,12,13,14,23,101,201,1002-1005

This morning I found that the port on SW1 UP/UP but SW2 is not reachable any more

I'll do "no spanning-tree bridge assurance" on both switches once the connection will be restored or we can get console connection to SW2

MHM Cisco World · ‎12-01-2023

Sorry

The trunk now up/up

No need to enable bridge assurance anymore.

For reachability what is the mgmt vlan of SW2?

MHM

AndreyPokorskiy · ‎12-01-2023

VLAN10

MHM Cisco World · ‎12-01-2023

You use default gateway using ip as next-hop form this vlan?

Do you run ip routing or it l2sw?

MHM

AndreyPokorskiy · ‎12-01-2023

Yes
The " ip default-gateway <IP> " from the same VALN 10 on core switch
There is no routing on SW2

MHM Cisco World · ‎12-01-2023

Connect using pc with IP in same subnet of vlan 10 and check reachability.

MHM

AndreyPokorskiy · ‎12-01-2023

Thank you Sir!
I'll ask local tech try this way

balaji.bandi · ‎12-01-2023

what device models both side ?

what IOS code running ? show version

Do you have VTP instance running on any of the device ? show vtp status give you information

SW1 shows 10 VLAN , SW2 show 9 VLAN - so 1 VLAN Missing that is VLAN 200

Can you post both the side each connected interface configuration ?

check the below document help you :

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24063-pvid-inconsistency-24063.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

AndreyPokorskiy · ‎12-01-2023

Hello Balaji.Bandi!
SW1

RDW-SW34#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled (Operationally Disabled)
VTP Traps Generation : Enabled
Device ID : xxxx.xxxx.xxxx
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 14
Configuration Revision : 0
MD5 digest : 0xA4 0xBB 0xF8 0xF3 0x9D 0x3F 0x1B 0xF7
0xD0 0xA9 0x6A 0xF8 0x3B 0x7E 0xD0 0x19

PREVIEW

SW1 C9200CX-12P-2X2G
SW2 IE-4000-8T4G-E

I saw that VLAN200 was missing on SW2
I add command to allow LVANs on SW1 trunk connected to SW2 to restrict VLAN200:
switchport trunk allowed vlan 1,10,11,12,13,14,23,101,201,1002-1005

This morning I found that the port on SW1 has status UP/UP but SW2 is not reachable any more

SW1 trunk config:
switchport trunk allowed vlan 1,10-14,23,101,201,1002-1005 (no VLAN 200)
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust

SW2 trunk config:
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust

Thank you!

balaji.bandi · ‎12-01-2023

For consistance i would suggest below and see how this stable your issue :

below config should try : (removing allowed VLAN).

SW1 trunk config:
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust

SW2 trunk config:
switchport mode trunk
ip arp inspection trust
ip dhcp snooping trust

Also you configured ip arp inspection on Trunk port - is this requirement (for better look some guidelines)

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swdynarp.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎12-03-2023

Hello
Nov 30 15:17:27.846 MST: %SPANTREE-2-UNBLOCK_CONSIST_PORT

IF you have any other switchs running MST, You need to make sure the root prioritys are designated to either MST or RSTP domains and not left to default

RSTP stp root
RSTP switches:
vlan 2 + lower than mst switches instance X
vlan 1 Higher than rstp vlan 2+ but lower then mst switches instance X

MST stp root
MST switches:
mst switches instance X lower than all rstp switches vlans

RSTP switches:
vlan 2 + higher than mst switches instance X
vlan 1 Higher than rstp switches vlan 2+

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

AndreyPokorskiy · ‎12-04-2023

Thank you Paul!
I'll check