Two root bridges VLAN1 rapid-pvst

ALIAOF_ · ‎04-02-2013

I have two locations DC and Corp connected to each other via Point to Point Circuit. I have forced the two core switches setup as GLBP pair to be primary and secondary for certain VLAN's including VLAN1.

I have a switch in our Corporate office 3750 which is where the point to point circuit terminates. VLAN1 SVI is manually shut on that switch. Also the priority on VLAN1 is increased manually like this, "spanning-tree vlan 1 priority 28672".

Now the issue is that the Primarey Root Bridge in the DC is the root bridge for VLAN 1. But this other switch 3750 in our corporate office also is a root bridge for VLAN1. Any ideas?

CORP SWITCH:

show runn | i spanning

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree vlan 1 priority 28672

spanning-tree vlan 4,7-8,128,132,136,160,170 priority 24576

DC SWITCH:

show runn | i spanning

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree vlan 1,5,9,25,48,120,200,250 priority 24576

Reza Sharifi · ‎04-02-2013

Can you add spanning-tree vlan 1 primary on the switch you want to be the root and

"spanning-tree vlan 1 second" on the backup root

Then post

"sh spann" from both switch

HTH

InayathUlla Sharieff · ‎04-02-2013

HI Mohammad,

As suggested by Reza ,Can you try the following thing:

Corp Switch:

spanning-tree vlan 1 root primary

DC SWITCH:

spanning-tree vlan 1 root secondary

then provide us the below output from both the switches: ( Usually the above command should resolve your issue for 100%)

sh spanning-tree vlan 1

HTH

Regards

Inayath

ALIAOF_ · ‎04-03-2013

I actually have that already.

spanning-tree vlan 1,5,9,25,48,120,200,250 priority 24576 (this is on the main DC Switch - NOTE: This value is the default value with the "root primary" command)

spanning-tree vlan 1,5,9,25,48,120,200,250 priority 28672 (this is on the second DC Switch that is the GLBP AVF - NOTE: This value is the default value with the "root secondary" command)

spanning-tree vlan 1 priority 28672

spanning-tree vlan 4,7-8,128,132,136,160,170 priority 24576

(These two lines are on the Corporate Switch)

Now I'm thinking that may be the issue because the GLBP AVF (Which is the second switch in the DC) has the same priority on VLAN1 as the Corporate Switch might be the issue along with the fact that the VLAN1 SVI on the corporate switch is turned off. Thoughts?

paul driver · ‎04-03-2013

Hello Mohammad,

Make sure your trunks are allowing all the vlans traversing the interconnects becasue if the neighboring switch doesn't see any bridge priority for a vlan it has its database then that switch will make itself root for that vlan.

For the primary root = spanning-tree vlan x,x,x,x,x priority 0

For the secondary stp root = spanning-tree vlan x,x,x,x,x priority 4096

Also apply root-guard on the ports connecting to your access or distribution switches.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ALIAOF_ · ‎04-03-2013

Thank you for the reply all VLAN's are allowed currently on the trunks

I do have root guard on the ports connecting to the access switches. I can't turn on root guard on the ports connecting DC Switch to the Corporate switch with the point to point circuit because each one of them have a separate set of VLAN's they are a root for.

ALIAOF_ · ‎04-10-2013

I did notice the following, so looks like both of the switches are not receiving any BPDU's on VLAN 1 so they are both thinking they are the root bridge for that VLAN. Also when I do "show cdp ne" I do not see any information on these interfaces. Is it possible that there might be something going on with the point to point link?

This is the switch at our corporate office:

Port 12 (GigabitEthernet1/0/12) of VLAN0001 is designated forwarding

Port path cost 4, Port priority 128, Port Identifier 128.12.

Designated root has priority 28673, address e05f.b935.4f80

Designated bridge has priority 28673, address e05f.b935.4f80

Designated port id is 128.12, designated path cost 0

Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 12

Link type is point-to-point by default

BPDU: sent 8229287, received 0

This is in our Data Center:

Port 52 (TenGigabitEthernet1/52) of VLAN0001 is designated forwarding

Port path cost 4, Port priority 128, Port Identifier 128.52.

Designated root has priority 24577, address a493.4cda.5840

Designated bridge has priority 24577, address a493.4cda.5840

Designated port id is 128.52, designated path cost 0

Timers: message age 0, forward delay 0, hold 0

Number of transitions to forwarding state: 1

Link type is point-to-point by default

Loop guard is enabled by default on the port

BPDU: sent 119603, received 0

paul driver · ‎04-10-2013

Hello Mohammad,

I can see you still have the priorities the same

Try this below

For the primary root = spanning-tree vlan x,x,x,x,x priority 0
For the secondary stp root = spanning-tree vlan x,x,x,x,x priority 4096

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ALIAOF_ · ‎04-10-2013

Thanks for the reply Paul but the switch in the data center has a priority of 24577 for VLAN1 and some other VLAN's and Switch in our corporate office has a priority of 28673.

When I test this in a lab environment I see both switches receving BPDU's on VLAN 1 but not on this point to point link.

Also here are some notes from above:

spanning-tree vlan 1,5,9,25,48,120,200,250 priority 24576 (this is on the main DC Switch - NOTE: This value is the default value with the "root primary" command)

spanning-tree vlan 1,5,9,25,48,120,200,250 priority 28672 (this is on the second DC Switch that is the GLBP AVF - NOTE: This value is the default value with the "root secondary" command)

spanning-tree vlan 1 priority 28672

spanning-tree vlan 4,7-8,128,132,136,160,170 priority 24576

(These two lines are on the Corporate Switch)

Gabriel Hill · ‎04-10-2013

Hello Mohammad,

Very interesting issue!

At first I was thinking maybe vlan 1 was pruned (show interface trunk), but that doesn't make sense due to the vlan 1 instance being up on those interfaces. Then you said CDP wasn't showing anything, that's really odd, as it's control traffic.

It could be a issue with the point-to-point circuit, but I am skeptical of such.

Can you post your show version of both your endpoints? Are they both 3750's?

Would you also post the "show running-config interface X" for both sides. Curious if your native vlan is still 1 or not?

-Gabriel

ALIAOF_ · ‎04-10-2013

Thank you Gabriel. Here is the info:

One side is 3750 running 12.2(44)SE5

Other side (DC) is 4948E running 15.1(1)SG1

Note. On the 3750 which is in our corporate office VLAN 1 SVI is shut off by going to "interface vlan 1" and then issuing the shut command. However I did try to trun it up but no use, I even tested it in the lab and same results.

3750 Switch:

interface GigabitEthernet1/0/12

description XO Fiber Cross Connect

switchport trunk encapsulation dot1q

switchport mode trunk

speed nonegotiate

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust

end

--------------------------------------------------------------------------

Name: Gi1/0/12

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

4948 Switch:

interface TenGigabitEthernet1/52

description XO's Fiber Cross Connect

switchport mode trunk

speed nonegotiate

---------------------------------------------------------------

Name: Te1/52

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Gabriel Hill · ‎04-10-2013

Your other STP vlans are passing just fine through those interfaces right?
Do you have any vlan filters configured on either switch?

I didn't see any relevant bugs that came close to your issue.

ALIAOF_ · ‎04-11-2013

Good morning Gabriel, yes rest of the VLAN's are showing up fine on both sides and I can see that the BPDUs are being received on those VLANs on both switches. No VLAN filters configured at all, "show runn | i filter" returns nothing at all. Not blocking any VLANs on the trunks either.

Last night I even rebooted the 3750 switch which some one recommended and restarted spanning tree as well. All I can think of is the point to point link.

Gabriel Hill · ‎04-11-2013

Hello Mohammad,

Just a suggestion

What I would do is start by inquiring about why CDP over this p2p is blocked. May be easier to get the ball rolling than saying a vlan is being blocked.

Also Vikaspurohi, spanning-tree portfast bpduguard default only applies to ports with port-fast configured. His links do not have that, so they are exempt from this command.

vikaspurohit1 · ‎04-11-2013

Hi Mohammed,

I believe the problem is that none of the switch is receiving BPDUs and hence considering each other root bridge. Since you have BPDU guard enabled, the two switches are not able to exchange BPDUs.

Do you really need to enable BPDU guard here, as this is not an edge port?