PVST+ Trunk Ports Blocking - No layer 3 connectivty

Unanswered Question
Dec 18th, 2008
User Badges:

I have a small network with 4 access level switches and a core switch . These are in a star topology with the core in the centre and each switch connected to the core via a single Gig trunk Ethernet link. On the 3560 switches we run PVST on each of the 4 VLAN's in use. I find however

that two of the links between edge and core are not working at layer 3 level. CDP is ok and when I do a 'sho int' at either end of the link line, protocol etc is up, Speed and Duplex settings show 1000/full. I think it relates to the PVST as I found that the two trunk ports on the Core (which is the root primary on each vlan)

that don't have layer 3 connectity both appear in blocking state when I do 'sho spanning-tree summary'? It does not affect all the vlans as the other two sho learning etc etc then fwding after I do a 'shutdown' on the trunk ports. The two ports in blocking mode remain in blocking no change - I also noticed that when I do 'sho spanning tree detail' the tx and rx BPDU count is identical on those two ports. All the trunk ports are configured identically. Does anyone have any ideas on troubleshootin gthis.....

I have tried the usual playing with 'portfast trunk', shutting down ports etc to try to get them working but to no success. Any help would be appreciated...........

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

SpanningTree is a layer 2 technology, and does not directly have any interaction with layer 3 interfaces.

It sounds to me that you have some loops in your topology, and you have connections to switches other than the gig trunks, that is why you are seeing ports in a blocking state.

I suggest you perform a physical inspection of the connections from the access layer switches to the core.

OR just jump onto all switches and use the "show cdp nei" to see what devices are directly connected.


glen.grant Thu, 12/18/2008 - 04:57
User Badges:
  • Purple, 4500 points or more

Andrew is correct , if a port shows blocking then you have a built in loop somewhere and you need to take a close look at your topology. If it was in a true star topology with no redundant links then no ports should be blocking .

mattwilliams01 Thu, 12/18/2008 - 08:54
User Badges:

Yep I know, I have checked cdp n d - it does not show any duplication of links between the core and edge devices.

Here is the spanning tree config...

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-4 priority 24576


vlan internal allocation policy ascending


vlan 2-3



Here is one of the problem ports (the other is identical)....

interface GigabitEthernet0/3

description EdgeSwitch Gig Trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 3

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

auto qos voip trust


mattwilliams01 Thu, 12/18/2008 - 18:18
User Badges:

I am telnetting in to the core so can't really save & paste results but I have checked each of the switches individually to see if I can find a duplicate instance of a device and there is not one. The two ports on the core device remain in blocking state even though the Core is the root bridge1

OK here is the thing, IF the core switch is the root bridge for any or all VLANs, it will have any ports that are connected to any switches in a forwarding state regardless. In Spanningtree it is not the job of the ROOT switch to block or prevent loops, it forwards outwards into the LAN - as it's the ROOT. How can there be a loop to it's self???

You need to check ALL switches - as you now it sounds like you could have a mis-configuration somewhere.

Just one more thing - the ports in the locking state are they up/up and connected to a device?


mattwilliams01 Fri, 12/19/2008 - 01:00
User Badges:

Yep, when I do sho interface the ports are up, up. Earlier I said the ports were blocking and that is correct when I do 'sho blocked ports' on the core these ports come up BUT when I do a sho spanning tree summary -they show the letters DWN (Down) as opposed to Block. Regardless the effect is the same....

passioncas Mon, 12/22/2008 - 02:07
User Badges:

Just amke sure that the core Swicth is the root bridge for all VLANs on all access Swicthes by using the command " show spanning-tree ".I would like to know whether the STP Bridge prioirity has been set for all VLANs on the Core Swicth or not .If no do cofigure the same.


This Discussion