Thnks for the quick replies

Here is the show vrrp brief on both routers:

pcpt391#sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Gi0/0.10           10  100 3609       Y  Backup  10.25.128.118   10.25.128.116 

pcpt384#sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Gi0/0.10           10  110 3570       Y  Master  10.25.128.118   10.25.128.116 

And the the "show interface trunk" and "show cdp nei " on both switches :

show interface trunk

x1035#sh interfaces trunk

Port        Mode             Encapsulation  Status        Native vlan

Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk

Gi0/1       10,51,950

Port        Vlans allowed and active in management domain

Gi0/1       10,51,950

Port        Vlans in spanning tree forwarding state and not pruned

Gi0/1       10,51,950

x1034#sh int trunk  

Port        Mode             Encapsulation  Status        Native vlan

Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk

Gi0/1       10,51,99,950

Port        Vlans allowed and active in management domain

Gi0/1       10,51,99,950

Port        Vlans in spanning tree forwarding state and not pruned

Gi0/1       10,51,99,950

x1035#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

x1034         Gig 0/7           141              S I   WS-C2960G Gig 0/7

x1034         Gig 0/8           141              S I   WS-C2960G Gig 0/8

x1034#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

x1035         Gig 0/7           178              S I   WS-C2960G Gig 0/7

x1035         Gig 0/8           178              S I   WS-C2960G Gig 0/8

thanks !

Hi Thomas,

I'm lost here :-( Where are you running this VRRP? What devices are these pcpt39, pcpt38, x1035 & x1034 as i can not see them on your diagram? It would help to get the running VRRP configuration.

Also it looks like you have two port connected back to back between x1034 & x1035. Why are you not running etherchannel two bundle these two ports.

Regards

Najaf

Please rate when applicable or helpful !!!

I gave the HLD for BER but CPT and all the others location are physically connected in the same way .

the vrrp config is there

primary router:

interface GigabitEthernet0/0.10

encapsulation dot1Q 10

ip address 10.25.128.118 255.255.255.240

vrrp 10 ip 10.25.128.116

vrrp 10 priority 110

vrrp 10 track 10 decrement 20

Secondary router

interface GigabitEthernet0/0.10

encapsulation dot1Q 10

ip address 10.25.128.117 255.255.255.240

vrrp 10 ip 10.25.128.116

no etherchannel as one port carry data and the other voice only .

rgds

T

Thomas,

Both router would be sourcing a frame from the virtual MAC address if the both thought they are VRRP Master routers. This can occur if there is a transient outage in the network, such as STP (re)convergence. What kind of STP are you running in your network?

Best regards,

Peter

We run PVST on our switch . 

Hello Thomas,

Do you believe it would be possible to transition to RSTP / RPVST, and in addition, to configure the trunks towards routers using spanning-tree portfast trunk command?

It is a blind shot I admit, but considering the fact that STP is the one that actually causes blocking in networks, I would rather like to see that STP is not at the root of our problem.

Best regards,

Peter

Hello Peter .

I could do but :

- This is a live environment

- I would also have to make sure the client switches are also moving away from current SPT config to new RSTP config

Could you please tell me:

- where I can find the latest configuration best practices for RSTP ?

- I f the migration from PVST to RPVST "painful"

- Ideally , which SPT feature shall I enable on which part of the link , giving the PDF attached here .

If I summarise :

- Ensuring the spanning tree Root and default (HSRP)      gateway match for a set of VLANs.In my case the "primary" switch in the design

-  Configure the Rapid-PVST+ Cisco enhancements 

-  Portfast + bpduguard on all port connections end user workstation

- Else ?

thanks

Hi Thomas,

- where I can find the latest configuration best practices for RSTP ? 

While not exactly best practice documents, I have nevertheless found these documents to be extremely helpful in understanding the intricacies of RSTP:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00807b0670.shtml

- I f the migration from PVST to RPVST "painful"

It will cause outages for up to 30 seconds for each switch that is moved from STP to RSTP. This can be indeed considered painful. Other than that, though, there are no significant caveats I am aware of. It is suggested to migrate beginning with access layer switches and proceeding deeper into the topology.

- Ideally , which SPT feature shall I enable on which part of the link , giving the PDF attached here .

• PortFast on all access ports (global config: spanning-tree portfast default)
• BPDU Guard on all PortFast-enabled ports (global config: spanning-tree portfast bpduguard default)
• Loop Guard on all ports (global config: spanning-tree loopguard default)

Be especially careful if you are using access ports between switches - on these ports, you have to explicitly prohibit PortFast and BPDUGuard using interface-level commands spanning-tree portfast disable and spanning-tree bpduguard disable

Other than these, no specific features are called for.

- Ensuring the spanning tree Root and  default (HSRP)      gateway match for a set of VLANs.In my case the  "primary" switch in the design 

Correct.

-  Configure the Rapid-PVST+ Cisco enhancements  

Correct but depends on what you mean by Cisco enhancements. If you are thinking about UplinkFast and BackboneFast, these mechanisms are proprietary to STP and they are already implemented in RSTP. You should not activate these - RSTP has its own support to achieve the same results.

-  Portfast + bpduguard on all port connections end user workstation

Correct.

- Else ? 

On the ports towards routers, use spanning-tree portfast trunk command. In addition, verify in the show spanning-tree on each switch that each link is identified as P2p (point-to-point). If any link is identified as Shr (shared), RSTP will not be capable of converging rapidly on that link.

Best regards,

Peter

Thanks everyone for all the valuable inputs

Regards

T