Re: VLAN 1 becomes inaccessible after a trunk port flaps

Srijit Banerjee · ‎04-18-2018

Hi,

I am facing a strange problem these days. I have a network where PoP-A is connected to PoP-B via a single non-redundant path.

PoP-A has a Cisco 2960G switch with STP enabled. PoP-B has a Cisco SG300 with STP disabled. PoPA to PoPB connected via trunk port. PoP B has 4 trunk links to other devices (like Access Points). Now suppose one of the AP restarts or say I plug in a new device to a trunk port on SG300 then all devices under VLAN 1 under SG300 switch becomes inaccessible, ping drops massively. Again automatically it comes back after 3-4 minutes.

Again same thing happens after an AP restarts. But the ports which are access port on SG300 no problem with that even if the port flaps. Most interstingly only VLAN 1 gets affected as when other APs MGMT Vlan 1 cannot be accessed the customers connected to those APs under different VLAN surfs the internet smoothly and without any packet loss.

What could be the issue? I have enabled STP/RSTP on SG300 too but same result. No important / significant message in switch log too.

Thanks,

Srijit B

Deepak Kumar · ‎04-18-2018

Hi,

this looks like STP issue. Can you check both switches are having same STP protocol enable?

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Srijit Banerjee · ‎04-18-2018

Spanning tree details on both switches:

pop a#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0101-VLAN0104, VLAN0106, VLAN0110, VLAN0113, VLAN0200
VLAN0202-VLAN0203
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 13 13
VLAN0101 0 0 0 9 9
VLAN0102 0 0 0 9 9
VLAN0103 0 0 0 9 9
VLAN0104 0 0 0 9 9
VLAN0105 0 0 0 8 8
VLAN0106 0 0 0 8 8
VLAN0107 0 0 0 8 8
VLAN0108 0 0 0 8 8
VLAN0109 0 0 0 8 8
VLAN0110 0 0 0 8 8
VLAN0111 0 0 0 8 8
VLAN0112 0 0 0 8 8
VLAN0113 0 0 0 8 8
VLAN0114 0 0 0 8 8
VLAN0115 0 0 0 8 8
VLAN0116 0 0 0 8 8
VLAN0200 0 0 0 8 8
VLAN0201 0 0 0 10 10
VLAN0202 0 0 0 12 12
VLAN0203 0 0 0 8 8
VLAN0204 0 0 0 8 8
---------------------- -------- --------- -------- ---------- ----------
22 vlans 0 0 0 191 191

------------------------------------------------------------------------------------------

pop a#sh spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address e48d.8c01.ee82
Cost 14
Port 20 (GigabitEthernet0/20)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0024.c30c.c000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 19 128.1 P2p
Gi0/10 Desg FWD 4 128.10 P2p
Gi0/11 Desg FWD 4 128.11 P2p
Gi0/12 Desg FWD 4 128.12 P2p
Gi0/13 Desg FWD 19 128.13 P2p
Gi0/14 Desg FWD 19 128.14 P2p
Gi0/15 Desg FWD 19 128.15 P2p ///////////////////////////// TRUNK PORT to PoP B ///////////////////////////
Gi0/17 Desg FWD 19 128.17 P2p
Gi0/18 Desg FWD 4 128.18 P2p
Gi0/19 Desg FWD 4 128.19 P2p
Gi0/20 Root FWD 4 128.20 P2p
Gi0/21 Desg FWD 19 128.21 P2p
Gi0/22 Desg FWD 4 128.22 P2p

----------------------------------------------------------------------------------------

pop b#sh spanning-tree detail

Spanning tree disabled (BPDU flooding) mode RSTP
Default port cost method: long

Deepak Kumar · ‎04-18-2018

Hi,

I can see "Spanning tree disabled" on pop-b. Please enable the STP on this switch.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Srijit Banerjee · ‎04-18-2018

Yes, I intentionally disabled it as it was the same case when it was enabled. Shall I enable again and check?

Deepak Kumar · ‎04-18-2018

Yes,

and share the port configuration and STP output.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Julio E. Moisa · ‎04-18-2018

Hi

A gold recomendation, never disable STP. Try to set up the root for vlan 1 on the 2960.

How are configured the ports? verify if the ports on the SG300 are configured as mode access and not as trunk mode.

I have seen that before, I had a situation where the SG300 was reset (write erase and reload) and it fixed the problem.

*make a backup of the config.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Srijit Banerjee · ‎04-18-2018

I also didn't want to disable STP but was testing if it works under Non STP mode.

In SG300 - some ports are access directly connected to end users & some are trunk ports connected to APs. From APs end users are connected on VLANs.

I am thinking of replacing the SG300 with a same 2960G switch? Will that be any good? Other than that what might be the solution.

Julio E. Moisa · ‎04-18-2018

Well, a Cisco 2960G from my point of view is more robust but you will lose the layer 3 capability (Which I think you dont need it right now).

Try to optimize the SG300 and 2960 First, using spanning tree port fast / bpduguard under the end users ports. and set up the Cisco 2960 as the root for the VLAN 1.

conf t

spanning-tree vlan 1 priority 4096

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<