cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1043
Views
5
Helpful
16
Replies

STP is making a mess of my network

chrissolo88
Level 1
Level 1

I installed redundant link between my switches and set up port channels and everything was working fine at first then stp started blocking host ports and not effectivley utilizing the port channels like it should

 

Switch 1 which goes out to the edge router and down to switch 2 and 3

spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id

!
interface Port-channel2
switchport trunk native vlan 100
switchport mode trunk
!
interface Port-channel3
switchport trunk native vlan 100
switchport mode trunk
!
interface FastEthernet0/1
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet0/2
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 2 mode desirable
!
interface FastEthernet0/3
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 2 mode desirable
!
interface FastEthernet0/4
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 3 mode passive
!
interface FastEthernet0/5
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 3 mode passive
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/11
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/12
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/13
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/14
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/15
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/16
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/21
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/22
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/23
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet0/24
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface GigabitEthernet0/1
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface GigabitEthernet0/2
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
mac-address 0006.2a7a.e801
ip address 10.24.0.11 255.255.255.0
!
ip default-gateway 10.24.0.1

 

Switch 2 which is blocking the host ports f0/11 and 6

spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
!
interface Port-channel1
switchport trunk native vlan 100
switchport mode trunk
!
interface Port-channel3
switchport trunk native vlan 100
switchport mode trunk
!
interface FastEthernet0/1
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 1 mode auto
!
interface FastEthernet0/2
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 1 mode auto
!
interface FastEthernet0/3
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/4
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/5
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/11
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/12
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/13
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/14
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/15
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/16
switchport access vlan 5
switchport port-security mac-address sticky
duplex full
speed 100
spanning-tree portfast
spanning-tree bpduguard enable
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/21
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/22
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/23
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface FastEthernet0/24
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
shutdown
!
interface GigabitEthernet0/1
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 100
channel-group 3 mode desirable
!
interface GigabitEthernet0/2
switchport trunk native vlan 100
switchport trunk allowed vlan 2,5,100
switchport mode trunk
duplex full
speed 1000
channel-group 3 mode desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
mac-address 0004.9a5b.9a01
ip address 10.24.0.12 255.255.255.0
!
ip default-gateway 10.24.0.1
!

 

switch 3 which goes to 1 and 2 then out to a edge router to a remote office all traffic should head to switch 1

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

interface Port-channel1

switchport trunk native vlan 100

switchport mode trunk

!

interface Port-channel2

switchport trunk native vlan 100

switchport mode trunk

!

interface FastEthernet0/1

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

!

interface FastEthernet0/2

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface FastEthernet0/3

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface FastEthernet0/4

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

channel-group 1 mode active

!

interface FastEthernet0/5

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

channel-group 1 mode active

!

interface FastEthernet0/6

switchport access vlan 2

switchport mode access

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

!

interface FastEthernet0/7

switchport access vlan 2

switchport mode access

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/8

switchport access vlan 2

switchport mode access

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/9

switchport access vlan 2

switchport mode access

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/10

switchport access vlan 2

switchport mode access

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/11

switchport access vlan 5

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

!

interface FastEthernet0/12

switchport access vlan 5

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/13

switchport access vlan 5

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/14

switchport access vlan 5

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/15

switchport access vlan 5

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/16

switchport access vlan 5

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/17

switchport access vlan 100

switchport mode access

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security violation restrict

duplex full

speed 100

spanning-tree portfast

spanning-tree link-type point-to-point

spanning-tree bpduguard enable

shutdown

!

interface FastEthernet0/18

shutdown

!

interface FastEthernet0/19

shutdown

!

interface FastEthernet0/20

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface FastEthernet0/21

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface FastEthernet0/22

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface FastEthernet0/23

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface FastEthernet0/24

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

shutdown

!

interface GigabitEthernet0/1

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 100

channel-group 2 mode auto

!

interface GigabitEthernet0/2

switchport trunk native vlan 100

switchport trunk allowed vlan 2,5,100

switchport mode trunk

duplex full

speed 1000

channel-group 2 mode auto

!

interface Vlan1

no ip address

shutdown

!

interface Vlan100

mac-address 0060.2f92.4201

ip address 10.24.0.13 255.255.255.0

!

ip default-gateway 10.24.0.1

really confused on this one 

1 Accepted Solution

Accepted Solutions

A couple of things I noticed are the following:
1) There is "speed" mismatch on SW3 Po2 member interfaces (Gig0/1 is 100 and Gig0/2 is 1000). Match the speed.
2) I am not sure how you configure the Port-channels. I prefer them to have similar configuration with the member interfaces interms of allowed VLANs. It is a good practice to allow similar VLANs. If you are going to make the change, you will need to shutdown/ no shutdown the interfaces. Please make sure you have console access as you might lose your connection.

HTH,
Meheretab
HTH,
Meheretab

View solution in original post

16 Replies 16

Hello

make switch 1 your stp root

 

Sw1

conf t

spanning-tree vlan 1-4094 priority 0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

i had it that way originally but stp blocks the port out to the branch office, just incase it worked i just switched it back a and sure enough f0/1 on switch 3 is being blocked

Hi @chrissolo88 ,

 

Could you share some diagram of your network indicating the ports between switches?

Reindicate the problem you have and what you want to achieve

 

Regards

netTopology.PNG

the problem is STP is blocking host ports/ ports to my routers, routing updates are not being passed through from R1 to R2 because STP is blocking ports. this problem only started after i initiated port-channels. and im not sure how to resolve this

Please share the output of "show interface trunk" and "show etherchannel summary" on all switches.
HTH,
Meheretab

S1#sh int trunk
Port Mode Encapsulation Status Native vlan
Po2 on 802.1q trunking 100
Po3 on 802.1q trunking 100
Fa0/1 on 802.1q trunking 100

Port Vlans allowed on trunk
Po2 1-1005
Po3 1-1005
Fa0/1 2,5,100

Port Vlans allowed and active in management domain
Po2 1,2,5,100
Po3 1,2,5,100
Fa0/1 2,5,100

Port Vlans in spanning tree forwarding state and not pruned
Po2 1,2,5,100
Po3 1,2,5,100
Fa0/1 2,5,100

S1#sh ethe sum
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 2
Number of aggregators: 2

Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------

2 Po2(SU) PAgP Fa0/2(P) Fa0/3(P)
3 Po3(SU) LACP Fa0/4(P) Fa0/5(P)

S2#sh int trunk
Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 100
Po3 on 802.1q trunking 100

Port Vlans allowed on trunk
Po1 1-1005
Po3 1-1005

Port Vlans allowed and active in management domain
Po1 1,2,5,100
Po3 1,2,5,100

Port Vlans in spanning tree forwarding state and not pruned
Po1 1,2,5,100
Po3 2,5,100

S2#sh ethe sum
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 2
Number of aggregators: 2

Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------

1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P)
3 Po3(SU) PAgP Gig0/1(P) Gig0/2(P)
S2#

S3#sh int tr
Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 100
Po2 on 802.1q trunking 100
Fa0/1 on 802.1q trunking 100

Port Vlans allowed on trunk
Po1 1-1005
Po2 1-1005
Fa0/1 2,5,100

Port Vlans allowed and active in management domain
Po1 1,2,5,100
Po2 1,2,5,100
Fa0/1 2,5,100

Port Vlans in spanning tree forwarding state and not pruned
Po1 1,2,5
Po2 1
Fa0/1 2,5,100

S3#sh eth sum
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 2
Number of aggregators: 2

Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------

1 Po1(SU) LACP Fa0/4(P) Fa0/5(P)
2 Po2(SU) PAgP Gig0/1(P) Gig0/2(P)
S3#

A couple of things I noticed are the following:
1) There is "speed" mismatch on SW3 Po2 member interfaces (Gig0/1 is 100 and Gig0/2 is 1000). Match the speed.
2) I am not sure how you configure the Port-channels. I prefer them to have similar configuration with the member interfaces interms of allowed VLANs. It is a good practice to allow similar VLANs. If you are going to make the change, you will need to shutdown/ no shutdown the interfaces. Please make sure you have console access as you might lose your connection.

HTH,
Meheretab
HTH,
Meheretab

i didnt notice the speed mismatch, i have 2,5,and 100 allowed on each trunk interface im not seeing a mismatch in that

wow a speed mismatch caused all that thanks for the input its always the smallest things

Hi @chrissolo88 ,

 

If it is an exercise in PacketTracer, can you compress the exercise (with Winzip, for example) and attach it to review the configurations?

 

Regards

it isnt a packet tracer exercise, i do have my main part of my network configured on packet tracer so i can see what changes will do to my system before implementing it on production equipment ill zip and post

 

Hello

now seeing your topology yo need  also to make sw3 more  stp preferable then sw2

 

Sw1

conf t

spanning-tree vlan 1-4094 priority 0

 

Sw3

conf t

spanning-tree vlan 1-4094 priority 4096


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco