STP-Problem with CIGESM (Blade) Mgmt-Ports

Answered Question
Oct 13th, 2008

We use 4 IBM-Blades with internal Cisco CIGESM-Switches in our LAN.

Our 2 Core-Switches (c6513) are connected via Gigabit Etherchannel (8 ports) and every Core ist connected to one of the internal Blade-Switches via one Gigabit uplink.

The internal switches are connected to each other via 2 internal management ports (Gi0/15 and Gi0/16).

Here is where our problem starts:

1. Those Ports can not be disabled:

(config-if)#shut

% Shutdown not allowed on this interface.

2. VLAN 1 can not be removed:

User prevented from modifying mode for Gi0/16

Command rejected: not allowed on this interface.

! oh, how nice :-(

The crazy thing is, that those ports act like "hard-coded" spanning-tree bpdufilter. That means:

Internal switch A:

#show spanning-tree int gi0/16 detail

...

BPDU: sent 1177157, received 0

Internal switch B:

#show spanning-tree int gi0/16 detail

...

BPDU: sent 1177220, received 0

-> they do not recognize BPDUs from their neighbor but -because in fwd state- sent traffic (e.g. broadcasts) across those interfaces.

Unfortunately we use VLAN 1 as our management-VLAN and here is where the loop occurs.

Of cause we could remove VLAN 1 from the uplink-trunks and use a different VLAN for managing this switches but I'd prefer find a solution with VLAN 1 for management. I don't understand why the interfaces Gi0/15 and 0/16 act like this - it seems to be imposible to prevent loops when using VLAN1 ?!

We'd be thankful for any help.

Rolf Fischer

I have this problem too.
0 votes
Correct Answer by glen.grant about 8 years 1 month ago

It depends on how things are setup . I believe we only use 1 port to manage the switch . This is managed thru the management module and does not travel up thru the etherchannel . This is a separate connection that is not part of the etherchannel . Vlan 1 in G0/15 and 16 can be connected to any vlan you want on the other end as long as you don't try to trunk them , STP should then take care of any built in loop for whatever vlan you decide to manage it with and you should see either 15 or 16 as a blocked port if there is truly a loop in your design , if not then both ports will show forwarding . How do you know you have aloop ?

Not knowing how your blades are setup we can only speculate . We use only 1 port to manage the switch with for each management module. Vlan 1 on g0/15 is for management only I think which connected thru a separate connection thru the bladeserver management module not the switch module itself. Your etherchannels then should run on ports 17-20 only .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Correct Answer
glen.grant Mon, 10/13/2008 - 16:08

It depends on how things are setup . I believe we only use 1 port to manage the switch . This is managed thru the management module and does not travel up thru the etherchannel . This is a separate connection that is not part of the etherchannel . Vlan 1 in G0/15 and 16 can be connected to any vlan you want on the other end as long as you don't try to trunk them , STP should then take care of any built in loop for whatever vlan you decide to manage it with and you should see either 15 or 16 as a blocked port if there is truly a loop in your design , if not then both ports will show forwarding . How do you know you have aloop ?

Not knowing how your blades are setup we can only speculate . We use only 1 port to manage the switch with for each management module. Vlan 1 on g0/15 is for management only I think which connected thru a separate connection thru the bladeserver management module not the switch module itself. Your etherchannels then should run on ports 17-20 only .

Rolf Fischer Tue, 10/14/2008 - 07:19

Thanks for the reply.

I should have mentioned that we only administrate the switches - we don't have access to the blade management.

To be honest, I don't understand the purpose of the ports 0/15 and 0/16.

We provide redundancy by connecting each switch to the core and we don't need the internal connection via this ports.

But, like mentioned, I cannot shut them down or remove VLAN 1 from this ports.

We realized the loop after an IOS-Update; the cpu utilization went to 80% and we disconnected the backup-links to the core.

Maybe I can ask one of our server-admins to show me the blade-management GUI, I think I read in documentation that there are some options for using the internal management-ports.

Actions

This Discussion