01-31-2024 01:55 AM
Hello,
I have some problems on two Cisco Catalyst WS-C3650 (not configured by me so i'm trying to understand what was done and how to fix this problems). Basically i have this two switches directly connected with a layer2 in a trunk port, and every switch is connected to a different router, with a trunk port too, where is running vrrp protocol. So it's like routerA->switchA->switchB->routerB.
I have 3 main vlan (2,3,7) on those router. Vlan 2 and 7 are running fine, but i can't communicate from one router to the other one on vlan3. While I was looking into the switches, I found out that both switches are elected as root port for vlan 3.
How can i solve this issue?
Here the switches configuration ( I ommited some description and other unrelated configuration for company policy)
Switch A
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
vlan 2
name MPLS
!
vlan 3
name MPLS2
!
vlan 7
name MGMT
!
vlan 10
name INTERNET
!
vlan 20
name INTERNET2
!
vlan 21
name MNGT
!
vlan 22
name BACKUP
!
vlan 23
name LAN
!
vlan 24
name EXTRA
!
vlan 30
name HA_FIREWALL
!
interface GigabitEthernet1/0/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/19 <----- CONNECTION TO SWITCH B
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 2,3
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
speed 1000
!
interface GigabitEthernet1/0/24 <----- CONNECTION TO ROUTER A
switchport trunk allowed vlan 2,3,7
switchport mode trunk
speed 1000
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
no ip address
!
interface Vlan3
no ip address
--------------
Switch B:
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
!
vlan 2
name MPLS
!
vlan 3
name MPLS2
!
vlan 7
name MGMT
!
vlan 10
name INTERNET
!
vlan 20
name INTERNET2
!
vlan 21
name MNGT
!
vlan 22
name BACKUP
!
vlan 23
name LAN
!
vlan 24
name EXTRA
!
vlan 30
name HA_FIREWALL
!
interface Port-channel1
switchport access vlan 22
switchport mode access
!
interface Port-channel2
switchport access vlan 22
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/10
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/11
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/12
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/13
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/14
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/15
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/16
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/18 <----- CONNECTION TO SWITCH A
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport access vlan 2
switchport trunk native vlan 21
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 2,3
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 20
switchport mode access
speed 1000
!
interface GigabitEthernet1/0/24 <----- CONNECTION TO ROUTER B
switchport trunk allowed vlan 2,3,7
switchport mode trunk
speed 1000
Here some show commands for SWITCH A
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4
2 MPLS active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/20
3 MPLS2 active
7 MGMT active
10 INTERNET active Gi1/0/21, Gi1/0/23
20 INTERNET2 active Gi1/0/2
21 MNGT active Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
22 BACKUP active
23 LAN active
24 EXTRA active
30 HA_FIREWALL active Gi1/0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
------------------------------
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0035.1ae4.da80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0035.1ae4.da80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/19 Desg BKN*4 128.19 P2p *PVID_Inc
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 0035.1ae4.da80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0035.1ae4.da80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/19 Desg FWD 4 128.19 P2p
Gi1/0/22 Desg FWD 4 128.22 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 0035.1ae4.da80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 0035.1ae4.da80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/19 Desg FWD 4 128.19 P2p
Gi1/0/22 Desg FWD 4 128.22 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
VLAN0007
Spanning tree enabled protocol ieee
Root ID Priority 32775
Address 0035.1ae4.da80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32775 (priority 32768 sys-id-ext 7)
Address 0035.1ae4.da80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/19 Desg FWD 4 128.19 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
VLAN0021
Spanning tree enabled protocol ieee
Root ID Priority 32789
Address 0035.1ae4.da80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32789 (priority 32768 sys-id-ext 21)
Address 0035.1ae4.da80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/19 Desg BKN*4 128.19 P2p *PVID_Inc
Show commands SWITCHB
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4
2 MPLS active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/17, Gi1/0/19, Gi1/0/20
3 MPLS2 active
7 MGMT active
10 INTERNET active Gi1/0/2
20 INTERNET2 active Gi1/0/21, Gi1/0/23
21 MNGT active
22 BACKUP active Po1, Po2
23 LAN active
24 EXTRA active
30 HA_FIREWALL active Gi1/0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 005d.732f.8280
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 005d.732f.8280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/18 Desg BKN*4 128.18 P2p *PVID_Inc
VLAN0002
Spanning tree enabled protocol ieee
Root ID Priority 32770
Address 0035.1ae4.da80
Cost 21004
Port 18 (GigabitEthernet1/0/18)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 005d.732f.8280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/3 Desg FWD 4 128.3 P2p
Gi1/0/4 Desg FWD 4 128.4 P2p
Gi1/0/5 Desg FWD 4 128.5 P2p
Gi1/0/6 Desg FWD 4 128.6 P2p
Gi1/0/7 Desg FWD 4 128.7 P2p
Gi1/0/18 Root FWD 4 128.18 P2p
Gi1/0/19 Desg FWD 4 128.19 P2p
Gi1/0/20 Desg FWD 4 128.20 P2p
Gi1/0/22 Desg FWD 4 128.22 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 32771
Address 005d.732f.8280
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32771 (priority 32768 sys-id-ext 3)
Address 005d.732f.8280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/18 Desg FWD 4 128.18 P2p
Gi1/0/22 Desg FWD 4 128.22 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
VLAN0007
Spanning tree enabled protocol ieee
Root ID Priority 32775
Address 0035.1ae4.da80
Cost 21004
Port 18 (GigabitEthernet1/0/18)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32775 (priority 32768 sys-id-ext 7)
Address 005d.732f.8280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/18 Root FWD 4 128.18 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
VLAN0021
Spanning tree enabled protocol ieee
Root ID Priority 32789
Address 005d.732f.8280
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32789 (priority 32768 sys-id-ext 21)
Address 005d.732f.8280
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/18 Desg BKN*4 128.18 P2p *PVID_Inc
So, as you can see there are 3 main problems, for vlan3 both switches are root and for vlan1 and 21 port are in broken state.
The vlan1 and vlan21 problem is caused becasue they both are declared as native vlan right?
so i should declare a native vlan under the trunk configuration?
and what about the vlan3 problem?
Thanks in advice!
02-07-2024 01:25 PM
From initial looks the config looks fine. I would try 2 things. Deleting and re-creating VLAN 3. If that doesn't work try to replace the trunk connection with another cable.
Only reason I can think that 2 switches claim root is the other is not receiving the superior BPDUs from the other switch. But as you have multiple other VLANS traversing the same trunk just fine I am not as sure.
-David
02-07-2024 03:06 PM
Addition to @David Ruess
Cisco Catalyst WS-C3650 - what IOS code running here ?
Are you sure there is no other Loop in the network ?
can you post show cdp neigh (from all devices ?)
best practice one of the switch you make them as root for all vlans (which is good practice) - so it has consistency .
spanning-tree vlan 2,3,7 priority 0 (4096)
02-12-2024 02:02 AM - edited 02-12-2024 02:10 AM
Hi and tks. I was oof this days so I wasn't able to replay. Here what you asked:
IOS on both switches:
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 28 WS-C3650-24PS 03.03.05.SE cat3k_caa-universalk9 BUNDLE
show cdp neigh switch A:
Device ID Local Intrfce Holdtme Capability Platform Port ID
SwitchA Gig 1/0/18 147 S I WS-C3650- Gig 1/0/19
show cdp neigh switch B:
Device ID Local Intrfce Holdtme Capability Platform Port ID
SwitchB Gig 1/0/19 173 S I WS-C3650- Gig 1/0/18
I also tried to change stp priority, reconfigure vlans and add a new vlan as a test and I have the same issue
02-12-2024 02:40 AM
Make sure there is no VTP configured ?
I also tried to change stp priority, reconfigure vlans and add a new vlan as a test and I have the same issue
post complete output again after changing the config.
also post below information on all devices :
show vlan
show vtp status
show spann brief
show spann root
if there is not VLAN mentioned default is VLAN 1 in cisco environment.
02-12-2024 03:06 AM
As you asked. Also, what do you mean with this command: "show spann brief"
SWITCH A
show vlan:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1/4
2 MPLS active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/17, Gi1/0/19, Gi1/0/20
3 MPLS2 active
4 Test active <---- new vlan
7 MGMT active
10 INTERNET active Gi1/0/2, Gi1/1/2
20 INTERNET2 active Gi1/0/21, Gi1/0/23, Gi1/1/3
21 MNGT active
22 BACKUP active Po1, Po2
23 LAN active
24 EXTRA active
30 HA_FIREWALL active Gi1/0/1, Gi1/1/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
21 enet 100021 1500 - - - - - 0 0
22 enet 100022 1500 - - - - - 0 0
23 enet 100023 1500 - - - - - 0 0
24 enet 100024 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
-------------------------------------
show vtp status:
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 005d.732f.8280
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 16
Configuration Revision : 0
---------------------------
show spann root:
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 005d.732f.8280 0 2 20 15
VLAN0002 32770 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0003 32771 005d.732f.8280 0 2 20 15
VLAN0004 32772 005d.732f.8280 0 2 20 15
VLAN0007 32775 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0010 32778 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0020 32788 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0021 32789 005d.732f.8280 0 2 20 15
VLAN0022 32790 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0023 32791 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0024 32792 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
VLAN0030 32798 0035.1ae4.da80 21004 2 20 15 Gi1/0/18
SWITCH B
show vlan:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1/4
2 MPLS active Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/20
3 MPLS2 active
4 test active <---- new vlan
7 MGMT active
10 INTERNET active Gi1/0/21, Gi1/0/23, Gi1/1/2
20 INTERNET2 active Gi1/0/2, Gi1/1/3
21 MNGT active Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18
22 BACKUP active
23 LAN active
24 EXTRA active
30 HA_FIREWALL active Gi1/0/1, Gi1/1/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
21 enet 100021 1500 - - - - - 0 0
22 enet 100022 1500 - - - - - 0 0
23 enet 100023 1500 - - - - - 0 0
24 enet 100024 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
---------------------------------
show vtp status:
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0035.1ae4.da80
Configuration last modified by 7.1.86.252 at 0-0-00 00:00:00
Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 16
Configuration Revision : 0
--------------------------
show spann root:
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 0035.1ae4.da80 0 2 20 15
VLAN0002 32770 0035.1ae4.da80 0 2 20 15
VLAN0003 32771 0035.1ae4.da80 0 2 20 15
VLAN0004 24580 0035.1ae4.da80 0 2 20 15
VLAN0007 32775 0035.1ae4.da80 0 2 20 15
VLAN0010 32778 0035.1ae4.da80 0 2 20 15
VLAN0020 32788 0035.1ae4.da80 0 2 20 15
VLAN0021 32789 0035.1ae4.da80 0 2 20 15
VLAN0022 32790 0035.1ae4.da80 0 2 20 15
VLAN0023 32791 0035.1ae4.da80 0 2 20 15
VLAN0024 32792 0035.1ae4.da80 0 2 20 15
VLAN0030 32798 0035.1ae4.da80 0 2 20 15
02-12-2024 03:18 AM
Hello,
I am little late to this thread, but can you post the full running configs (sh run) of both routers ? Spanning tree might not be the problem...
02-12-2024 03:50 AM
Hello,
as you asked. I ommitted some descriptions/configurations like radius or snmp for company policy. Also I noticed that, while I was out, my colleagues removed the stp priority command (spanning-tree vlan 2,3,7 priority 0 (4096)) to make some tests so there isn't right now. I highlighted the interfaces that are currently up.
SWITCH A:
Building configuration...
Current configuration : 12427 bytes
!
! Last configuration change at 12:01:03 MET Mon Feb 12 2024 by original
!
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service compress-config
!
hostname SWITCH A
!
boot-start-marker
boot system switch all flash:cat3k_caa-universalk9.SPA.03.03.05.SE.150-1.EZ5.bin
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret XXXXXX
!
username original secret XXXXXX
aaa new-model
!
!
aaa authentication login default group radius local
!
aaa session-id common
clock timezone MET 1 0
clock summer-time MET recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c3650-24ps
!
no ip domain-lookup
ip device tracking
!
!
vtp mode transparent
!
errdisable recovery cause udld
errdisable recovery cause link-flap
errdisable recovery interval 900
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
!
vlan 2
name MPLS
!
vlan 3
name MPLS2
!
vlan 4
name Test
!
vlan 7
name MGMT
!
vlan 10
name INTERNET
!
vlan 20
name INTERNET2
!
vlan 21
name MNGT
!
vlan 22
name BACKUP
!
vlan 23
name LAN
!
vlan 24
name EXTRA
!
vlan 30
name HA_FIREWALL
!
interface Loopback7
no ip address
!
interface Port-channel1
switchport access vlan 22
switchport mode access
!
interface Port-channel2
switchport access vlan 22
switchport mode access
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/10
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/11
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/12
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 1 mode active
!
interface GigabitEthernet1/0/13
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/14
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/15
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/16
switchport access vlan 22
switchport mode access
load-interval 30
channel-group 2 mode active
!
interface GigabitEthernet1/0/17
switchport access vlan 2
switchport trunk native vlan 21
switchport mode trunk
!
interface GigabitEthernet1/0/18 <---- CONNECTION TO SWITCH B
switchport trunk allowed vlan 1-4,7,10,20-24,30
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport access vlan 2
switchport trunk native vlan 21
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 2,3
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 20
switchport mode access
speed 1000
!
interface GigabitEthernet1/0/24 <---- CONNECTION TO ROUTER A
switchport trunk allowed vlan 2-4,7
switchport mode trunk
speed 1000
!
interface GigabitEthernet1/1/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/1/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/1/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/1/4
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
no ip address
!
interface Vlan7
description MGMT
ip address X.X.X.X X.X.X.X
----------------------------------------------------------
SWITCH B:
Building configuration...
Current configuration : 7935 bytes
!
! Last configuration change at 18:26:05 MET Wed Feb 7 2024 by original
!
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service compress-config
!
hostname SWITCH B
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret XXXXX
!
username original secret XXXXX
aaa new-model
!
!
aaa authentication login default group radius local
!
aaa session-id common
clock timezone MET 1 0
clock summer-time MET recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c3650-24ps
!
no ip domain-lookup
!
!
qos queue-softmax-multiplier 100
vtp mode transparent
!
!
errdisable recovery cause udld
errdisable recovery cause link-flap
errdisable recovery interval 900
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 4 priority 24576
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
vlan 2
name MPLS
!
vlan 3
name MPLS2
!
vlan 4
name test
!
vlan 7
name MGMT
!
vlan 10
name INTERNET
!
vlan 20
name INTERNET2
!
vlan 21
name MNGT
!
vlan 22
name BACKUP
!
vlan 23
name LAN
!
vlan 24
name EXTRA
!
vlan 30
name HA_FIREWALL
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet1/0/19 <---- CONNECTION TO SWITCH A
switchport mode trunk
!
interface GigabitEthernet1/0/20
switchport access vlan 2
switchport trunk native vlan 21
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 2,3
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
speed 1000
!
interface GigabitEthernet1/0/24 <---- CONNECTION TO ROUTER B
switchport trunk allowed vlan 2-4,7
switchport mode trunk
speed 1000
!
interface GigabitEthernet1/1/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/1/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/1/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/1/4
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan7
description MGMT
ip address X.X.X.X X.X.X.X
02-12-2024 03:58 AM
Hello,
these are the switches, right ? I meant the router configs (Router A and Router B)...sorry for the misunderstanding.
02-12-2024 04:37 AM
Oh, my bad!
Both routers are Huawei with layer3 sub-interfaces, so no vlans. I can't put all the configurations. Here the lan interfaces configuration and some show commands.
ROUTER A:
interface GigabitEthernet0/0/2
description **LAN_Management_bk_to_bk**
ip address X.X.X.X X.X.X.X
undo negotiation auto
speed 1000
#
interface GigabitEthernet0/0/2.2
dot1q termination vid 2
ip binding vpn-instance mpls
ip address 192.168.10.251 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
vrrp vrid 10 priority 254
vrrp vrid 10 preempt-mode timer delay 40
vrrp vrid 10 track ip route X.X.X.X X.X.X.X vpn-instance itp reduced 40
#
interface GigabitEthernet0/0/2.3
dot1q termination vid 3
ip binding vpn-instance mpls2
ip address 172.17.0.251 255.255.255.0
vrrp vrid 11 virtual-ip 172.17.0.250
vrrp vrid 11 priority 254
vrrp vrid 11 preempt-mode timer delay 40
vrrp vrid 11 track ip route X.X.X.X X.X.X.X vpn-instance itp_mobile reduced 40
#
interface GigabitEthernet0/0/2.4
description VLAN_TEST
dot1q termination vid 4
ip address 192.168.104.2 255.255.255.0
vrrp vrid 44 virtual-ip 192.168.104.1
vrrp vrid 44 priority 254
vrrp vrid 44 preempt-mode timer delay 40
vrrp vrid 44 track ip route X.X.X.X X.X.X.X
#
interface GigabitEthernet0/0/2.7
dot1q termination vid 7
ip address X.X.X.X X.X.X.X
vrrp vrid 77 virtual-ip X.X.X.X
vrrp vrid 77 priority 254
vrrp vrid 77 preempt-mode timer delay 10
vrrp vrid 77 timer advertise 3
vrrp vrid 77 track ip route X.X.X.X X.X.X.X reduced 40
--------------------------
vrrp status:
Total:4 Master:4 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master GE0/0/2.2 Normal 192.168.10.250
11 Master GE0/0/2.3 Normal 172.17.0.250
44 Master GE0/0/2.4 Normal 192.168.104.1 <---- TEST
77 Master GE0/0/2.7 Normal X.X.X.X
ROUTER B:
interface GigabitEthernet0/0/2
description **_LAN_Management_bk_to_bk**
ip address X.X.X.X X.X.X.X
undo negotiation auto
speed 1000
#
interface GigabitEthernet0/0/2.2
dot1q termination vid 2
ip binding vpn-instance mpls
ip address 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.250
vrrp vrid 10 priority 230
vrrp vrid 10 preempt-mode timer delay 40
#
interface GigabitEthernet0/0/2.3 <---- right now is in shut so the customer can work
description
shutdown
dot1q termination vid 3
ip binding vpn-instance mpls2
ip address 172.17.0.252 255.255.255.0
vrrp vrid 11 virtual-ip 172.17.0.250
vrrp vrid 11 priority 230
vrrp vrid 11 preempt-mode timer delay 40
#
interface GigabitEthernet0/0/2.4
description - VLAN TEST -
dot1q termination vid 4
ip address 192.168.104.3 255.255.255.0
vrrp vrid 44 virtual-ip 192.168.104.1
vrrp vrid 44 priority 230
vrrp vrid 44 preempt-mode timer delay 40
#
interface GigabitEthernet0/0/2.7
description MGMT
dot1q termination vid 7
ip address X.X.X.X X.X.X.X
vrrp vrid 77 virtual-ip X.X.X.X
vrrp vrid 77 priority 230
vrrp vrid 77 timer advertise 3
----------------------------
vrrp status:
Total:4 Master:1 Backup:2 Non-active:1
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup GE0/0/2.2 Normal 192.168.10.250
11 Initialize GE0/0/2.3 Normal 172.17.0.250
44 Master GE0/0/2.4 Normal 192.168.104.1 <---- TEST
77 Backup GE0/0/2.7 Normal X.X.X.X
So as you can see, subif 10 and 77 are working fine (those are vlan 2 and 7 on switch side). While test 44 and 11 (vlan 4 and 3) are not working.
02-12-2024 04:50 AM
interface GigabitEthernet1/0/20
switchport access vlan 2
switchport trunk native vlan 21
switchport mode trunk
!
This wrong'
1- switchport mode trunk will make switchport access vlan 2 not work' I think here you want to tag with vlan 2 the traffic toward router?
If Yes then you need
Switchport trunk allow vlan 2
And since vlan 2 is not native vlan the frame will tag with vlan 2.
2- the native vlan must match in all three SW. You can not use different native vlan for each SW
MHM
02-12-2024 05:04 AM
Hi,
this port is not used, I have highligthed the port currently in use. I know I wrote a lot, so I will try to make a recap. I have 2 routers and 2 switches with 3 vlans (2,3 and 7) all directly connected with trunk ports. So the topology is like RouterA-->Switch A-->SwitchB-->RouterB.
Vlan 2 and 7 are working fine, but vlan 3 is not. As you can see above, both switches declare themself as root for this vlan. We tried to add a new vlan (vlan 4) as a test and we are facing the same issue.
02-12-2024 06:12 AM
The trunk to SW is config without specifying native vlan' again you need to match native vlan in three SW.
When you add vlan did you add it in all three SW's?
MHM
02-12-2024 04:38 AM - edited 02-12-2024 04:48 AM
"show spann brief" - this should be "show spann bridge" and show span summary
Looks like the switches now ok after you added priority - now what is the issue ? they still have communication issue ?
Hope now both the switches now not root.
if the routers are having communication issue where the Layer 3 configure, you need to post that information
reconfigure vlans and add a new vlan as a test and I have the same issue
you only have VLAN 3 and 7 SVI configured on the switches ? - ok with your latest post i can see your router configuration)
dot1q termination vid 4 ( VID should match the VLAN)
refer documentation - make necessary changes and check :
02-12-2024 04:48 AM
Hi,
vlan 3 is still not working, both switches are still declaring themself as root for this vlan. We added vlan4 as a test on our routers and on both switches and we have the same issue. I posted the router configuration up.
Here the show spann bridge and summary:
SWITCH A
spann bridge:
Hello Max Fwd
Vlan Bridge ID Time Age Dly Protocol
---------------- --------------------------------- ----- --- --- --------
VLAN0001 32769 (32768, 1) 005d.732f.8280 2 20 15 ieee
VLAN0002 32770 (32768, 2) 005d.732f.8280 2 20 15 ieee
VLAN0003 32771 (32768, 3) 005d.732f.8280 2 20 15 ieee
VLAN0004 32772 (32768, 4) 005d.732f.8280 2 20 15 ieee
VLAN0007 32775 (32768, 7) 005d.732f.8280 2 20 15 ieee
VLAN0010 32778 (32768, 10) 005d.732f.8280 2 20 15 ieee
VLAN0020 32788 (32768, 20) 005d.732f.8280 2 20 15 ieee
VLAN0021 32789 (32768, 21) 005d.732f.8280 2 20 15 ieee
VLAN0022 32790 (32768, 22) 005d.732f.8280 2 20 15 ieee
VLAN0023 32791 (32768, 23) 005d.732f.8280 2 20 15 ieee
VLAN0024 32792 (32768, 24) 005d.732f.8280 2 20 15 ieee
VLAN0030 32798 (32768, 30) 005d.732f.8280 2 20 15 ieee
------------------
summary:
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN0003-VLAN0004, VLAN0021
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 0 1
VLAN0002 0 0 0 10 10
VLAN0003 0 0 0 3 3
VLAN0004 0 0 0 2 2
VLAN0007 0 0 0 2 2
VLAN0010 0 0 0 2 2
VLAN0020 0 0 0 3 3
VLAN0021 1 0 0 0 1
VLAN0022 0 0 0 3 3
VLAN0023 0 0 0 1 1
VLAN0024 0 0 0 1 1
VLAN0030 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
12 vlans 2 0 0 28 30
SWITCH B:
spann bridge:
Hello Max Fwd
Vlan Bridge ID Time Age Dly Protocol
---------------- --------------------------------- ----- --- --- --------
VLAN0001 32769 (32768, 1) 0035.1ae4.da80 2 20 15 ieee
VLAN0002 32770 (32768, 2) 0035.1ae4.da80 2 20 15 ieee
VLAN0003 32771 (32768, 3) 0035.1ae4.da80 2 20 15 ieee
VLAN0004 24580 (24576, 4) 0035.1ae4.da80 2 20 15 ieee
VLAN0007 32775 (32768, 7) 0035.1ae4.da80 2 20 15 ieee
VLAN0010 32778 (32768, 10) 0035.1ae4.da80 2 20 15 ieee
VLAN0020 32788 (32768, 20) 0035.1ae4.da80 2 20 15 ieee
VLAN0021 32789 (32768, 21) 0035.1ae4.da80 2 20 15 ieee
VLAN0022 32790 (32768, 22) 0035.1ae4.da80 2 20 15 ieee
VLAN0023 32791 (32768, 23) 0035.1ae4.da80 2 20 15 ieee
VLAN0024 32792 (32768, 24) 0035.1ae4.da80 2 20 15 ieee
VLAN0030 32798 (32768, 30) 0035.1ae4.da80 2 20 15 ieee
------------------------
summary:
Switch is in pvst mode
Root bridge for: VLAN0001-VLAN0004, VLAN0007, VLAN0010, VLAN0020-VLAN0024
VLAN0030
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0002 0 0 0 3 3
VLAN0003 0 0 0 3 3
VLAN0004 0 0 0 2 2
VLAN0007 0 0 0 2 2
VLAN0010 0 0 0 3 3
VLAN0020 0 0 0 2 2
VLAN0021 0 0 0 1 1
VLAN0022 0 0 0 1 1
VLAN0023 0 0 0 1 1
VLAN0024 0 0 0 1 1
VLAN0030 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
12 vlans 0 0 0 21 21
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide