10-13-2008 05:14 AM - edited 03-06-2019 01:53 AM
We use 4 IBM-Blades with internal Cisco CIGESM-Switches in our LAN.
Our 2 Core-Switches (c6513) are connected via Gigabit Etherchannel (8 ports) and every Core ist connected to one of the internal Blade-Switches via one Gigabit uplink.
The internal switches are connected to each other via 2 internal management ports (Gi0/15 and Gi0/16).
Here is where our problem starts:
1. Those Ports can not be disabled:
(config-if)#shut
% Shutdown not allowed on this interface.
2. VLAN 1 can not be removed:
User prevented from modifying mode for Gi0/16
Command rejected: not allowed on this interface.
! oh, how nice :-(
The crazy thing is, that those ports act like "hard-coded" spanning-tree bpdufilter. That means:
Internal switch A:
#show spanning-tree int gi0/16 detail
...
BPDU: sent 1177157, received 0
Internal switch B:
#show spanning-tree int gi0/16 detail
...
BPDU: sent 1177220, received 0
-> they do not recognize BPDUs from their neighbor but -because in fwd state- sent traffic (e.g. broadcasts) across those interfaces.
Unfortunately we use VLAN 1 as our management-VLAN and here is where the loop occurs.
Of cause we could remove VLAN 1 from the uplink-trunks and use a different VLAN for managing this switches but I'd prefer find a solution with VLAN 1 for management. I don't understand why the interfaces Gi0/15 and 0/16 act like this - it seems to be imposible to prevent loops when using VLAN1 ?!
We'd be thankful for any help.
Rolf Fischer
Solved! Go to Solution.
10-13-2008 04:08 PM
It depends on how things are setup . I believe we only use 1 port to manage the switch . This is managed thru the management module and does not travel up thru the etherchannel . This is a separate connection that is not part of the etherchannel . Vlan 1 in G0/15 and 16 can be connected to any vlan you want on the other end as long as you don't try to trunk them , STP should then take care of any built in loop for whatever vlan you decide to manage it with and you should see either 15 or 16 as a blocked port if there is truly a loop in your design , if not then both ports will show forwarding . How do you know you have aloop ?
Not knowing how your blades are setup we can only speculate . We use only 1 port to manage the switch with for each management module. Vlan 1 on g0/15 is for management only I think which connected thru a separate connection thru the bladeserver management module not the switch module itself. Your etherchannels then should run on ports 17-20 only .
10-13-2008 04:08 PM
It depends on how things are setup . I believe we only use 1 port to manage the switch . This is managed thru the management module and does not travel up thru the etherchannel . This is a separate connection that is not part of the etherchannel . Vlan 1 in G0/15 and 16 can be connected to any vlan you want on the other end as long as you don't try to trunk them , STP should then take care of any built in loop for whatever vlan you decide to manage it with and you should see either 15 or 16 as a blocked port if there is truly a loop in your design , if not then both ports will show forwarding . How do you know you have aloop ?
Not knowing how your blades are setup we can only speculate . We use only 1 port to manage the switch with for each management module. Vlan 1 on g0/15 is for management only I think which connected thru a separate connection thru the bladeserver management module not the switch module itself. Your etherchannels then should run on ports 17-20 only .
10-14-2008 07:19 AM
Thanks for the reply.
I should have mentioned that we only administrate the switches - we don't have access to the blade management.
To be honest, I don't understand the purpose of the ports 0/15 and 0/16.
We provide redundancy by connecting each switch to the core and we don't need the internal connection via this ports.
But, like mentioned, I cannot shut them down or remove VLAN 1 from this ports.
We realized the loop after an IOS-Update; the cpu utilization went to 80% and we disconnected the backup-links to the core.
Maybe I can ask one of our server-admins to show me the blade-management GUI, I think I read in documentation that there are some options for using the internal management-ports.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: