Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
74067
Views
9
Helpful
7
Replies

This port is blocked by Spanning Tree Protocol (STP)-Catalyst Express 500

Go to solution
Sundeep Dsouza
Level 1
Level 1

‎01-09-2011 06:02 AM - edited ‎03-06-2019 02:53 PM

Hello everyone,

This is my first post in this community. We have 6 Cisco 500 switches and all 6 switches have 2 ports ( Gig1 and 2) connected to the core switch. I have noticed the following 2 error message occur on all 6 switches

" Description: Gi1: This port is blocked by Spanning Tree Protocol (STP).

Recommendation: Make sure that no Spanning Tree Protocol loops exist in the network". The same error is reported on Gig2 as well.

However when I do show spanning-tree via http://x.x.x.x/exec this is the output I get.

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1               Root FWD 4         128.1    P2p Peer(STP)
Gi2                Altn BLK 4            128.2    P2p Peer(STP)
Fa1              Desg FWD 100     128.3    Edge Shr
Fa4              Desg FWD 19        128.6    Edge P2p

From the above output its clearly visible that only the alternate port is in block mode which is correct. Also if both the uplink ports report as block by STP, then how am i still connected to the network. I feel this is some kinda bug in the IOS. By the way I am running IOS software version 12.2 (25) FY.

Regards

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Sundeep Dsouza

‎01-10-2011 03:44 AM

Hello Sundeep,

as a result of the fact that core1 is root bridge for a subset of Vlans and core2 for the other Vlans each switch at access layer will set gi0/1 as root port when the root bridge is core1 and will set gi0/2 as root port for those Vlans with root bridge = core2

if you verify this your network is fine and the log messages as noted by Alain should also contain a Vlan number.

>> Why some vlans have selected core 1 as root while others core 2?

because someone has configured different STP priorities for different set of Vlans. This is typically done as a way to use both core switches instead of having one sitting idle.

if you can access the core switches look for lines like the following in configuration

spanning-tree vlan X,Y priority P

where typically P in modern switches is a multiple of 4096.

Hope to help

Giuseppe

View solution in original post

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Sundeep Dsouza

‎01-10-2011 05:27 AM

Hello Sundeep,

the log messages on the web interface may have been manipulated stripping the vlan info.

However, if nothing appears on the device logs, this can be a small SW defect of the WEB interface that tries to apply some very basic knowledge base to the received logs and to provide some hint.

In this case the web interface may be puzzled by the fact the for some vlans Gi0/1 is root port and for some others Gi0/1 is ALTN BLK, but this is what happens in your environment and not a problem.

From what you have reported your network looks like to work correctly and this is what is most important.

Share with your colleagues your findings so that none will be alarmed by those messages.

Hope to help

Giuseppe

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-09-2011 07:04 AM

Hello Sandeep,

>> I feel this is some kinda bug in the IOS. By the way I am running IOS software version 12.2 (25) FY.

it is probably a SW problem of the web interface you are using as the show spanning-tree from shell shows the expected output

if both gi0/1 and gi0/2 ports were blocked for all vlans the switch would be isolated from the rest of the network.

if a bridging loop were happening the network would be unusable

So it is likely a so called "cosmetic" error if no real issue is reported

Edit:

be aware that if your switches are running per Vlan spanning-tree (PVST+ or Rapid PVST) a port can be in forwarding state for Vlan X and blocked for Vlan Y as the STP parameters can be tuned per Vlan and per port.

so the message could refer to a different Vlan then the one you look at in the show.

Hope to help

Giuseppe

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to Giuseppe Larosa

‎01-09-2011 09:40 PM

Hi Giuseppe,

The switch is running rapid-pvst as visible from the show run output "spanning-tree mode rapid-pvst". However, it shows a different result when you do show spanning-tree command. Shouldnt it be showing R-PVST?

-------------------------------------------------------------------------------------

VLAN0001
  Spanning tree enabled protocol "rstp"
  Root ID    Priority    24577
             Cost        4
             Port        1 (GigabitEthernet1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec


  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300


Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1              Root FWD 4         128.1    P2p Peer(STP)
Gi2              Altn BLK 4         128.2    P2p Peer(STP)

----------------------------------------------------------------------------------

You were right in saying that status of gig1 and 2 will vary depending on the PVST status. On some vlans it shows....

VLANX

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1              Root FWD 4         128.1    P2p Peer(STP)
Gi2              Altn BLK 4         128.2    P2p Peer(STP)

and on some...

VLAN Y

Gi1              Desg FWD 4         128.1    P2p Peer(STP)
Gi2              Root FWD 4         128.2    P2p Peer(STP)

Also check this...

VLAN Z

Gi1              Altn BLK 4         128.1    P2p Peer(STP)
Gi2              Root FWD 4         128.2    P2p Peer(STP)

So is it because of PVST that I see STP block messages appear on the web console?

Regards.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Sundeep Dsouza

‎01-09-2011 10:45 PM

Hi,

Shouldnt it be showing R-PVST?

No, the same way it is not showing PVST but ieee

So is it because of PVST that I see STP block messages appear on the web console?

Maybe but then it should mention the VLAN in the log message.

Regards.

Alain.

Don't forget to rate helpful posts.

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to cadet alain

‎01-10-2011 03:34 AM

Kindly refer to the attached jpeg file. Our network is setup in a similar way where each catalyst 500 switch connects to both Core 1 and Core 2. I have noticed that the root bridge for some vlans is core 1, while for some its core 2. Why some vlans have selected core 1 as root while others core 2? Configuration for Core 1 and core 2 are identical and have hsrp running for redundancy.

Regards

Preview file
34 KB
0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Sundeep Dsouza

‎01-10-2011 03:44 AM

Hello Sundeep,

as a result of the fact that core1 is root bridge for a subset of Vlans and core2 for the other Vlans each switch at access layer will set gi0/1 as root port when the root bridge is core1 and will set gi0/2 as root port for those Vlans with root bridge = core2

if you verify this your network is fine and the log messages as noted by Alain should also contain a Vlan number.

>> Why some vlans have selected core 1 as root while others core 2?

because someone has configured different STP priorities for different set of Vlans. This is typically done as a way to use both core switches instead of having one sitting idle.

if you can access the core switches look for lines like the following in configuration

spanning-tree vlan X,Y priority P

where typically P in modern switches is a multiple of 4096.

Hope to help

Giuseppe

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to Giuseppe Larosa

‎01-10-2011 04:51 AM

Thanks Giuseppe,

You are right. The previous administrator has manually influenced STP operation, that is why some vlans have root bridge as core 1 while others have core 2. Interestingly, I am still getting STP logs from the catalyst 500 switches via web but without any Vlan information. However, the show log command would not report any such STP events. Wierd isnt it?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Sundeep Dsouza

‎01-10-2011 05:27 AM

Hello Sundeep,

the log messages on the web interface may have been manipulated stripping the vlan info.

However, if nothing appears on the device logs, this can be a small SW defect of the WEB interface that tries to apply some very basic knowledge base to the received logs and to provide some hint.

In this case the web interface may be puzzled by the fact the for some vlans Gi0/1 is root port and for some others Gi0/1 is ALTN BLK, but this is what happens in your environment and not a problem.

From what you have reported your network looks like to work correctly and this is what is most important.

Share with your colleagues your findings so that none will be alarmed by those messages.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents