Question re: VLANs 1000+ and STP Extend System-ID

dbroder · ‎04-08-2008

Hello all! I have a question re: the 'spanning-tree extend system-id' command.

I want to use VLANs above 2000... I'm currently building the framework for a fully L3 environment and I've provisioned nearly all VLANs from 1-1000 already. I'd like to stick with my current numbering/naming convention and that forces me to use VLANs above 1000.

OK, with all that being said, I (foolishly) ran the 'spanning-tree extend system-id' command on my core switch... BLAM. STP busted, network down. Thankfully, after-hours. Fixed that...

My environment is as follows... 2 6509 core switches, 2 6509 Server Farm switches. Each running a recent IOS version. I have L3 links (and L2 trunks for GLBP) between my core and server farm. I'm running Rapid PVST.

I currently have L2 trunks between my core switches and distribution (3508Gs). My distribution connect to a variety of access switches (3500XL and 2900XL plus some CatOS 2948Gs).

So... can I actually use the extended system-id command without blowing up my network? My old 2900XL and 3500XLs don't support 'spanning-tree extend system-id'.

Am I stuck?

Thanks everyone.

Cheers

Darren.

Istvan_Rabai · ‎04-08-2008

Hi Darren,

I think your network may have been down because with the "spanning-tree extend system-id" command you may have changed the priority conditions in the spanning-tree topology.

Let's say all your switches have the default priority of 32768, the core switch is the root thanks to its lowest mac-address and everything works fine.

When you apply the "spanning-tree extend system-id" command on the core switch, the priorities of the switch for the different vlans will change like this:

for vlan 1:

32768+1 = 32769

for vlan 2:

32768 + 2: 32770

.

for vlan 1000

32768 + 1000: 32868

All these priorities are higher than the priorities of other switches having default priority values.

The core lost its root port status for all vlans and the STP reconverged to a new root switch for all vlans.

The solution to this is to change the priority of the core switch to a lower value first, let's say 4096 (this + vlan number should be lower than any other switch priority) and then apply the "spanning-tree extend system-id" command.

Cheers:

Istvan

dbroder · ‎04-08-2008

Hi Istvan. I thought about that ... I've set my cores to priority 4096 for all VLANs during the installation of these 6509s. My distribution and access switches' priorities are at 32768.

Darren.

jgreenwoodii · ‎04-08-2008

I wouldn't use "spanning-tree extend system-id" to try and enable extended vlans. That's not what the command is used for.

If you want to use extended vlan's you need to set you VTP mode to transparent under global exec, ie "vtp mode transparent"

Be aware that extended vlans created are only stored in nvram ie running config and if you were to reload or loose power to your switch those vlans would disappear.

dbroder · ‎04-08-2008

Hi.. Are you sure about that? Everything I've read says that I have to do this to create VLANs above 1024(-ish).

And, I am using transparent mode for VTP on all switches on my network.

I'm more confused now! :)

Darren.

jgreenwoodii · ‎04-08-2008

Darren if your VTP domain is already in transparent mode then you shouldn't have a problem creating lets say vlan 2000. Just create it. Understand that extended vlans are local only to the switch so you need create them on each switch that you want to participate in that vlan's particular instance of STP.

dbroder · ‎04-08-2008

That doesn't work for me... :(

The test and my VTP Status is below.

Thanks!

Darren.

Ce007sw1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Ce007sw1(config)#vlan 2000

Ce007sw1(config-vlan)#name test

Ce007sw1(config-vlan)#end

% Failed to create VLANs 2000

Spanning-tree extend system-id need to be enabled.

Ce007sw1#show vtp status

VTP Version : 2

Configuration Revision : 0

Maximum VLANs supported locally : 1005

Number of existing VLANs : 92

VTP Operating Mode : Transparent

VTP Domain Name : NULL

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Enabled

MD5 digest : 0xE1 0x73 0x04 0x8C 0x50 0x70 0xEF 0x98

Configuration last modified by 172.19.253.1 at 0-0-00 00:00:00

Ce007sw1#

dbroder · ‎04-08-2008

Here's my show ver...

Ce007sw1#show ver

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-VM), Version 12.2(18)SXF8, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Compiled Sat 03-Mar-07 01:21 by tinhuang

Image text-base: 0x01020150, data-base: 0x01021000

ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)

BOOTLDR:

Ce007sw1 uptime is 3 days, 2 hours, 4 minutes

Time since Ce007sw1 switched to active is 3 days, 2 hours, 4 minutes

System returned to ROM by power cycle at 18:01:40 PST Sun Jan 13 2008 (SP by power on)

System image file is "disk0:/sys/s72033/base/s72033-adventerprisek9_wan-vm"

[snip]

cisco WS-C6509-E (R7000) processor (revision 1.3) with 491520K/32768K bytes of memory.

Processor board ID SMC1047007Q

SR71000 CPU at 600Mhz, Implementation 1284, Rev 1.2, 512KB L2 Cache

Last reset from s/w reset

Bridging software.

X.25 software, Version 3.0.0.

TN3270 Emulation software.

75 Virtual Ethernet/IEEE 802.3 interfaces

28 Gigabit Ethernet/IEEE 802.3 interfaces

4 Ten Gigabit Ethernet/IEEE 802.3 interfaces

1917K bytes of non-volatile configuration memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

System is currently running from installed software

For further information use "show install running"

Ce007sw1#