cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
750
Views
0
Helpful
2
Replies

STP-Problem with CIGESM (Blade) Mgmt-Ports

rolf.fischer_2
Level 1
Level 1

We use 4 IBM-Blades with internal Cisco CIGESM-Switches in our LAN.

Our 2 Core-Switches (c6513) are connected via Gigabit Etherchannel (8 ports) and every Core ist connected to one of the internal Blade-Switches via one Gigabit uplink.

The internal switches are connected to each other via 2 internal management ports (Gi0/15 and Gi0/16).

Here is where our problem starts:

1. Those Ports can not be disabled:

(config-if)#shut

% Shutdown not allowed on this interface.

2. VLAN 1 can not be removed:

User prevented from modifying mode for Gi0/16

Command rejected: not allowed on this interface.

! oh, how nice :-(

The crazy thing is, that those ports act like "hard-coded" spanning-tree bpdufilter. That means:

Internal switch A:

#show spanning-tree int gi0/16 detail

...

BPDU: sent 1177157, received 0

Internal switch B:

#show spanning-tree int gi0/16 detail

...

BPDU: sent 1177220, received 0

-> they do not recognize BPDUs from their neighbor but -because in fwd state- sent traffic (e.g. broadcasts) across those interfaces.

Unfortunately we use VLAN 1 as our management-VLAN and here is where the loop occurs.

Of cause we could remove VLAN 1 from the uplink-trunks and use a different VLAN for managing this switches but I'd prefer find a solution with VLAN 1 for management. I don't understand why the interfaces Gi0/15 and 0/16 act like this - it seems to be imposible to prevent loops when using VLAN1 ?!

We'd be thankful for any help.

Rolf Fischer

1 Accepted Solution

Accepted Solutions

glen.grant
VIP Alumni
VIP Alumni

It depends on how things are setup . I believe we only use 1 port to manage the switch . This is managed thru the management module and does not travel up thru the etherchannel . This is a separate connection that is not part of the etherchannel . Vlan 1 in G0/15 and 16 can be connected to any vlan you want on the other end as long as you don't try to trunk them , STP should then take care of any built in loop for whatever vlan you decide to manage it with and you should see either 15 or 16 as a blocked port if there is truly a loop in your design , if not then both ports will show forwarding . How do you know you have aloop ?

Not knowing how your blades are setup we can only speculate . We use only 1 port to manage the switch with for each management module. Vlan 1 on g0/15 is for management only I think which connected thru a separate connection thru the bladeserver management module not the switch module itself. Your etherchannels then should run on ports 17-20 only .

View solution in original post

2 Replies 2

glen.grant
VIP Alumni
VIP Alumni

It depends on how things are setup . I believe we only use 1 port to manage the switch . This is managed thru the management module and does not travel up thru the etherchannel . This is a separate connection that is not part of the etherchannel . Vlan 1 in G0/15 and 16 can be connected to any vlan you want on the other end as long as you don't try to trunk them , STP should then take care of any built in loop for whatever vlan you decide to manage it with and you should see either 15 or 16 as a blocked port if there is truly a loop in your design , if not then both ports will show forwarding . How do you know you have aloop ?

Not knowing how your blades are setup we can only speculate . We use only 1 port to manage the switch with for each management module. Vlan 1 on g0/15 is for management only I think which connected thru a separate connection thru the bladeserver management module not the switch module itself. Your etherchannels then should run on ports 17-20 only .

Thanks for the reply.

I should have mentioned that we only administrate the switches - we don't have access to the blade management.

To be honest, I don't understand the purpose of the ports 0/15 and 0/16.

We provide redundancy by connecting each switch to the core and we don't need the internal connection via this ports.

But, like mentioned, I cannot shut them down or remove VLAN 1 from this ports.

We realized the loop after an IOS-Update; the cpu utilization went to 80% and we disconnected the backup-links to the core.

Maybe I can ask one of our server-admins to show me the blade-management GUI, I think I read in documentation that there are some options for using the internal management-ports.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: