cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
681
Views
10
Helpful
11
Replies

Spanning-tree blocks

william.briere
Level 1
Level 1

Hello,

I have attached a picture of the way it is plugged, and wonder why I see no port blocks on one of the 6500's, but three of the 4 ports on the other one are blocked?

If I shut down interfaces on the 6500 that has blocked ports it does failover, but takes about 5-7 seconds. I have two questions...

Should I be seeing any blocked ports when I run "show spanning-tree blocked-ports" on either of the two 6500's?

Will I need to manually configure additionally anything with spanning-tree or is this normal?

11 Replies 11

Jon Marshall
Hall of Fame
Hall of Fame

Hi William

Which switch is the root switch and which switch is the secondary root.

Could you choose one vlan and do a 'sh spanning-tree vlan "number"' on all the switches.

Presumably the uplinks from the 4948's are L2 trunks ?

Jon

SiteA6500#sh spanning-tree vlan 2

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 001c.b12c.e682

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address 001c.b12c.e682

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi5/1 Desg FWD 4 128.513 P2p

Gi5/2 Desg FWD 4 128.514 P2p

Po1 Desg FWD 3 128.1665 P2p

Po2 Desg FWD 3 128.1666 P2p

SiteB6500#sh spanning-tree vlan 2

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 001c.b12c.e682

Cost 7

Port 1666 (Port-channel2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address 001c.b19c.78c2

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi5/1 Altn BLK 4 128.513 P2p

Gi5/2 Altn BLK 4 128.514 P2p

Po1 Altn BLK 3 128.1665 P2p

Po2 Root FWD 3 128.1666 P2p

I am using GLBP between the two 6500's and all connections between the 4948's and 6500's are layer 2 trunks. I have used the preempt on the SiteB 6500 as I wouldn't really want traffic for the vlan2 to be handled by the SiteA 6500 unless the SiteB one failed.

I know it is a bit unrelated but here is the vlan2 config for each device...

SiteA6500

interface Vlan2

ip address 10.75.0.3 255.255.0.0

no ip redirects

glbp 2 ip 10.75.0.1

SiteB6500

interface Vlan2

ip address 10.75.0.2 255.255.0.0

no ip redirects

glbp 2 ip 10.75.0.1

glbp 2 priority 110

glbp 2 preempt

You will notice I don't specify the load-balance type for GLBP... Not sure if that is a good idea or not. :)

Thanks for your help.

SiteB4948#1#sh spanning-tree vlan 2

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 001c.b12c.e682

Cost 4

Port 48 (GigabitEthernet1/48)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)

Address 001c.5875.5180

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/48 Root FWD 4 128.48 P2p

Po1 Desg FWD 3 128.641 P2p

SiteB4948#2#sh spanning-tree vlan 2

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 001c.b12c.e682

Cost 4

Port 48 (GigabitEthernet1/48)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)

Address 001c.5875.4640

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/48 Root FWD 4 128.48 P2p

Po2 Desg FWD 3 128.642 P2p

SiteA4948#1#sh spanning-tree vlan 2

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 001c.b12c.e682

Cost 3

Port 641 (Port-channel1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)

Address 001d.a2e5.1780

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/48 Desg FWD 4 128.48 P2p

Po1 Root FWD 3 128.641 P2p

SiteA4948#2#sh spanning-tree vlan 2

VLAN0002

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 001c.b12c.e682

Cost 3

Port 642 (Port-channel2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)

Address 001d.a2e5.7040

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/48 Desg FWD 4 128.48 P2p

Po2 Root FWD 3 128.642 P2p

Sorry Jon... I guess you wanted it from all 6... :)

William

Have to nip into a long meeting so i'l be quick.

1) Is there any reason why you do not have a L2 trunk between your 6500 switches ? You are running GLBP across the access-layer switches - is this intended ?

2) From each 4948 you have an etherchannel to one switch and a single connection to the other. If you do not want the 6500 blocking then you need to maniipulate the spanning-tree costs on the 4948 switches either per port or per vlan.

3) You should also explicity set where your spanning-tree root and secondaryt are rather than leave it to chance.

HTH

Jon

Jon

Hi,

Thanks for your post...

1) I have only 4 pair of fiber between SiteA and SiteB and thought it prudent to connect them the way you see it. Is this not recommended?

I guess I didn't see an alternative to running it across the access layer given the fact that I can only terminate the fiber on the 720-3b's and wanted to physically connect each access layer switch to each 6500. I am all ears for alternatives though :)

2) Each 4948 is connected to each 6500 you are correct. Is it recommended to configure spanning-tree "port by port" or "vlan by vlan"? It sure seems easier if I was to do "vlan by vlan"

3) I read a previous post on here where they were talking about using GLBP and STP and found there seemed to be a differing opinon on whether or not to let spanning-tree figure it out on its own or to specify spanning-tree? What is the correct way to do it? Is it indeed to not "leave it to chance"

I appreciate your help...

Hey Jon,

You back yet?

William

1) No it's fine if that the fibre you have. Can a single link carry all the traffic that the etherchannel does ?

As for alternatives, it comes back to the question above. If a single link will carry all the traffic from the 4948 to the 6500 i would be tempted to remove the etherchannels and leave only a single link in it's place and use some of the spare fibres to create a L2 trunk between your 6500 switches.

2) It is recommended to configure your root and secondary switch explicitly rather than leave to chance. If you connect up your 6500's with a trunk link i would set your 6500's to be root and secondary. Explicity setting port costs/vlan costs is only necessary if you are not happy with the topology STP has worked out.

3) The thing about GLBP is it will use both gateways one per 6500. So with HSRP what people often do is to have one 6500 (switch1) be the spanning-tree root for odd vlans and also have the active HSRP gateway for odd vlans on the same switch and then on the other switch (switch2) have that as root for the even vlans and the HSRP active gateway for even vlans. Each 6500 would then be spanning tree seondary and standby HSRP gateway for the other set of vlans.

With this setup you can load-balance your vlans from the 4948's ie. the uplink to switch1 is used for odd vlans and blocking on even vlans and the uplink to switch2 is active for even vlans and blocking for odds.

But as said GLBP will use both gateways. But you still don't necessarily want to leave STP to chance because you may later connect an older 3500 switch for example with the lowest mac-address and suddenly that has become root for all vlans.

I would suggest making your layer 3 gateway switches (the 6500's) the root and secondary for the vlans. No need to do odds and evens for reasons already stated.

Overall there is nothing wrong with your design and there are always more than one way to get the job done. Just wanted to give an alternative option.

Apologies for the delay in getting back, it was a very long and boring meeting !

Jon

Hello Jon,

I really appreciate your insight...

I guess its time to say what I would ideally want to happen... Then you can suggest the best way for that to occur.

1)I was kind of hoping that the links from SiteA to SiteB and the reverse would only be used if the traffic is destined for a vlan that is preempted on the other side... Does that make sense?

I guess I ether-channeled thinking the link would be faster from the "local" 4948 to it's "local" preempted vlan. Is that how it works? Will the preempted vlan handle the traffic as long as it is alive? (Cause that's what I want)

Pretty much all of my vlans currently exist on SiteA or SiteB, meaning SiteA vlans are only currently on SiteA etc... From a traffic perspective that is sort of how I want it to work.

2)So I guess you are saying that the spanning-tree config is only needed on the 6500's and not on the 4948's. Right?

3)I would ideally like to turn off the load-balancing from what I hear you say. Is that something that is a bad idea?

As stated, I appreciate your insight :)

William

1) It does make sense but if you want to keep site A vlans traffic within site A unless you have a hardware failure then you don't want to use GLBP because that will use both 6500's equally.

You need to know how much traffic is moved across your uplinks to know whether a single link could cover the traffic that normally goes over the etherchannel link.

2) As long as you are happy with the ports that STP ends up blocking. Because your paths are via the access-layer for all traffic you may well find some of the ports on your 6500's blocking.

3) Refer to above.

Okay, lets assume a single fibre uplink can handle the traffic from a 4948.

If you were to go with my previous suggestion and connect your 6500's, then you could use HSRP instead of GLBP, set the site A 6500 to be spanning-tree root for site A vlans and also make the site A 6500 the active HSRP gateway for the odd vlans and then vice-versa in site B.

This would achieve what you want but it does depend on how much traffic is moving from the 4948's to the 6500 switches.

Jon

Hello Jon,

If I use the "load-balancing none" command on each vlan would I not achieve the same thing (HSRP) as you describe? (And not have to redo my configuration!)

Also what is the purpose of the preempt command if not to direct to a specfic device?

The spanning-tree idea makes sense to me thanks... :)

1) To be honest i don't know as i have never set it up this way. You could try and see what happens.

2) preempt command allows one router to take over from another. If the primary router fails even without preempt on the standby router it will stiil takeover. preempt is useful where you have active router with 110, standy router of 100. Active router is tracking an interface which goes down and you lower the priority from 110 to 90. The standby router now has a higher priority and will take over but only if it has preempt on.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco