05-20-2015 04:30 AM - edited 03-08-2019 12:05 AM
Hi,
In which conditions can a VLAN in a 2960 switch can go to suspended state (beside manual config)?
Thank you.
BR,
NS
Solved! Go to Solution.
05-20-2015 01:08 PM
Hi Norberto,
Are you running VTP in your network?
I may have an idea. Do you happen to have any of the following two commands configured on your switch?
errdisable detect cause bpduguard shutdown vlan
errdisable detect cause security-violation shutdown vlan
If so, they can be related to the issue you have experienced. These two commands activate a specific reaction to the particular violation, either BPDU Guard or Port Security. If any of these commands are configured, and a corresponding cause is experienced, the switch will shutdown (or suspend) the entire VLAN instead of the offending port. That could explain what you have observed today.
Unless you have a specific need for deactivating the entire VLAN whenever a BPDU Guard or Port Security violation occurs, I suggest you remove those two commands.
Best regards,
Peter
05-20-2015 04:57 AM
Hi Norberto,
I am not aware of any circumstance in which a VLAN status would spontaneously change to suspended. Do you have a different experience?
Best regards,
Peter
05-20-2015 06:15 AM
Hi Peter,
we're investigating an issue, in which some VLANs went to the suspended state in a few switches. For what is indicated without manual intervention, but there is no logs from the time of the issue. With VTP active I know that the suspended state will be propagated in the domain, but I don't find any reason for automatic change to suspended.
05-20-2015 01:08 PM
Hi Norberto,
Are you running VTP in your network?
I may have an idea. Do you happen to have any of the following two commands configured on your switch?
errdisable detect cause bpduguard shutdown vlan
errdisable detect cause security-violation shutdown vlan
If so, they can be related to the issue you have experienced. These two commands activate a specific reaction to the particular violation, either BPDU Guard or Port Security. If any of these commands are configured, and a corresponding cause is experienced, the switch will shutdown (or suspend) the entire VLAN instead of the offending port. That could explain what you have observed today.
Unless you have a specific need for deactivating the entire VLAN whenever a BPDU Guard or Port Security violation occurs, I suggest you remove those two commands.
Best regards,
Peter
05-25-2015 02:28 AM
Hi Peter,
Yes, they're running VTP. Those two are not in the configuration, but perhaps they're enable by default. I'll check the show run all.
Thank you for your help!
BR,
Norberto
05-25-2015 09:45 AM
Hi Norberto,
I do not believe those commands are default. With BPDU Guard and Port Security violations, only the affected port is shutdown by default, not the entire VLAN.
However, if a VLAN was shutdown anywhere in the VTP domain, it would propagate across the entire domain. The fact that you are running VTP at least enables the possibility that the VLAN was suspended on another switch in the domain, and this change propagated to the switch you were working with. Tracking the source of changes in a VTP domain can be difficult, as this history is not usually kept anywhere. The show vtp status will show you the source of the last update but if multiple changes have occurred, the history will not be recorded (I believe that SNMP traps could be configured for that purpose, though).
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide