cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3191
Views
0
Helpful
14
Replies

STP loop with LACP channel between Cisco switches

w.kuhn
Level 1
Level 1

need some help here...

Trying to setup 4 ports lacp channeled between 6500 (CATOS) and 3560 but ports keep going into errdisable.

Here's config with some show output attatched...

Switch_6509

set port lacp-channel 9/26-29 839

set port lacp-channel 9/26-29 mode active

9/26 Switch_3560 gig0/25 errdisable 19 full 1000 10/100/1000

9/27 Switch_3560 gig0/26 errdisable 19 full 1000 10/100/1000

9/28 Switch_3560 gig0/27 errdisable 19 full 1000 10/100/1000

9/29 Switch_3560 gig0/28 errdisable 19 full 1000 10/100/1000

Switch_3560

interface Port-channel1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,19

switchport mode trunk

interface GigabitEthernet0/25

description Uplink to 6509 9/26

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,19

switchport mode trunk

speed 1000

duplex full

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet0/26

description Uplink to 6509 9/27

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,19

switchport mode trunk

speed 1000

duplex full

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet0/27

description Uplink to 6509 9/28

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,19

switchport mode trunk

speed 1000

duplex full

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet0/28

description Uplink to 6509 9/29

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,19

switchport mode trunk

speed 1000

duplex full

channel-protocol lacp

channel-group 1 mode active

14 Replies 14

Diego Vargas
Cisco Employee
Cisco Employee

Can you provide the configuration of each one of the ports on the 6509 CATOS?

Everything looks fine on the output but I would need to check that.

Port Name Status Vlan Duplex Speed Type

----- -------------------- ---------- ---------- ------ ----------- ------------

9/26 Switch_3560 gig0/25 errdisable 19 full 1000 10/100/1000

Port AuxiliaryVlan AuxVlan-Status

----- ------------- --------------

9/26 none none

Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex

----- -------- --------- ------------- -------- -------- -------- -------

9/26 disabled shutdown 0 0 1 disabled 288

Port Flooding on Address Limit Last-Src-Addr Vlan

----- ------------------------- ----------------- ----

9/26 Enabled - -

Port Num-Addr Secure-Src-Addr Vlan Age-Left Shutdown/Time-Left

----- -------- ----------------- ---- -------- ------------------

9/26 0 - - - - -

Port 802.1X Auth-State 802.1X Port-Status

----- ------------------ ------------------

9/26 - -

Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

----- -------- -------- --------- --------- ---------- ----------

9/26 desired off off off 0 0

Port Admin Channel LACP Port Ch Partner Oper Partner

key Mode Priority id Sys ID Port

------ ----- ------- --------- ---- -------------------------------- -------

9/26 839 active 128 1678 32768:00-23-ea-3f-56-00 25

9/27 839 active 128 1678 32768:00-23-ea-3f-56-00 26

9/28 839 active 128 1678 32768:00-23-ea-3f-56-00 27

9/29 839 active 128 1678 32768:00-23-ea-3f-56-00 28

------ ----- ------- --------- ---- -------------------------------- -------

Port Status ErrDisable Reason Port ErrDisableTimeout Action on Timeout

---- ---------- ------------------- ---------------------- -----------------

9/26 errdisable channel-misconfig Enable No Change

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize

----- ---------- ---------- ---------- ---------- ---------

9/26 0 0 0 0 0

Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants

----- ---------- ---------- ---------- ---------- --------- --------- ---------

9/26 0 0 0 0 0 0 0

Port Last-Time-Cleared

----- --------------------------

9/26 Mon Dec 15 2008, 09:39:03

The other 3 ports show same output.....

set port lacp-channel 9/26-29 839

set port speed 9/26-29 1000

clear trunk 9/26 1-9,11-18,20-4094

set trunk 9/26 nonegotiate dot1q 10,19

clear trunk 9/27 1-9,11-18,20-4094

set trunk 9/27 nonegotiate dot1q 10,19

clear trunk 9/28 1-9,11-18,20-4094

set trunk 9/28 nonegotiate dot1q 10,19

clear trunk 9/29 1-9,11-18,20-4094

set trunk 9/29 nonegotiate dot1q 10,19

set port lacp-channel 9/26-29 mode active

9/26 Switch_3560 gig0/25 errdisable 19 full 1000 10/100/1000

9/27 Switch_3560 gig0/26 errdisable 19 full 1000 10/100/1000

9/28 Switch_3560 gig0/27 errdisable 19 full 1000 10/100/1000

9/29 Switch_3560 gig0/28 errdisable 19 full 1000 10/100/1000

Might try changing the trunk parameter you have nonegotiate on the 6509 side but not on the 3560 side , you would need to add "switchport nonegotiate on the 3560 interfaces. It checks all these parameters . Something to try.

Glen... added switchport nonegotiate to gig0/25-28 on 3560.... enable ports but still same problem.

Cheers

Will

Check your native vlan on both sides looks like it might be 1 on the 3560 side but 19 on the 6500 side. To match them on the 6500 side do a set vlan 1 9/26-29 , then reenable the ports and see what happens.

Thanks Glen...

Having it setup as trunk ports I'd overlooked the need for it to be in same vlan...

Interesting that Trunks are first to be established and no indication of VLAN mismatch (which would have been helpfull).

Thanks for your help...

Cheers

Will

Switch_6509> (enable) set port enable 9/26-29

Ports 9/26-29 enabled.

Switch_6509> (enable) 2009 Jan 15 15:28:27 %DTP-5-TRUNKPORTON:Port 9/26 has become dot1q trunk

2009 Jan 15 15:28:27 %DTP-5-TRUNKPORTON:Port 9/27 has become dot1q trunk

2009 Jan 15 15:28:27 %DTP-5-TRUNKPORTON:Port 9/28 has become dot1q trunk

2009 Jan 15 15:28:27 %DTP-5-TRUNKPORTON:Port 9/29 has become dot1q trunk

2009 Jan 15 15:28:30 %SPANTREE-6-PORTLISTEN: Port 9/26-29 (agPort 14/14) state in VLAN 10 changed to listening

2009 Jan 15 15:28:30 %SPANTREE-6-PORTLISTEN: Port 9/26-29 (agPort 14/14) state in VLAN 19 changed to listening

2009 Jan 15 15:28:44 %SPANTREE-6-PORTLEARN: Port 9/26-29 (agPort 14/14) state in VLAN 10 changed to learning

2009 Jan 15 15:28:44 %SPANTREE-6-PORTLEARN: Port 9/26-29 (agPort 14/14) state in VLAN 19 changed to learning

2009 Jan 15 15:28:59 %SPANTREE-6-PORTFWD: Port 9/26-29 (agPort 14/14) state in VLAN 10 changed to forwarding

2009 Jan 15 15:28:59 %SPANTREE-6-PORTFWD: Port 9/26-29 (agPort 14/14) state in VLAN 19 changed to forwarding

9/26 Switch_3560 gig0/25 connected trunk full 1000 10/100/1000

9/27 Switch_3560 gig0/26 connected trunk full 1000 10/100/1000

9/28 Switch_3560 gig0/27 connected trunk full 1000 10/100/1000

9/29 Switch_3560 gig0/28 connected trunk full 1000 10/100/1000

Might try changing the trunk parameter you have nonegotiate on the 6509 side but not on the 3560 side , you would need to add "switchport nonegotiate on the 3560 interfaces. It checks all these parameters . Something to try.

glen.grant
VIP Alumni
VIP Alumni

Try bringing down all the ports at once on the 6509 set port disable 9/26-29 and then bring them all up at once set port enable 9/26-29 and see what happens , sometimes if you don't bring up both sides close together on a negotiated etherchannel the switch protects itself by tearing down the channel.

Thanks Glen...

Tried that before... channels only stay up for 60sec then disables due the STP..

2009 Jan 15 10:44:47 %SPANTREE-6-PORTFWD: Port 9/26-29 (agPort 14/14) state in VLAN 10 changed to forwarding

2009 Jan 15 10:44:47 %SPANTREE-6-PORTFWD: Port 9/26-29 (agPort 14/14) state in VLAN 19 changed to forwarding

2009 Jan 15 10:45:34 %SPANTREE-2-CHNMISCFG: STP loop - channel 9/26-29 is disabled in vlan/instance 19

2009 Jan 15 10:45:34 %SPANTREE-2-CHNMISCFG2: BPDU source mac addresses: 00-16-c7-ff-ad-25, 00-23-ea-3f-56-19

What this message tells you is that you are receiving BPDUs from two different source mac address. That's generally an indication that the remote site is not bundled properly. Could you check what STP is saying (with a simple show span vlan 10 for example) on the other switch? You should have enough time to capture this information before the port goes down.

Could you also do a show cdp nei? Of course, please, check your cabling and make sure that your ports are connected to the neighbor you expected... but I guess you've done that already 20 times;-)

Regards,

Francois

Francois...

looking at the BPDU packets the source 00-23-ea-3f-56-1b is coming from the 3560. As for the other source 00-16-c7-ff-ad-25, I don't know where it originates from... is it possibly a virtual assigned MAC as it does not appear to be either at remote end or at 6509 end...

2009 Jan 15 12:12:41 %SPANTREE-2-CHNMISCFG2: BPDU source mac addresses: 00-16-c7-ff-ad-25, 00-23-ea-3f-56-1b

Switch_3560(config)#do sh int gig0/27

GigabitEthernet0/27 is down, line protocol is down (notconnect)

Hardware is Gigabit Ethernet, address is 0023.ea3f.561b (bia 0023.ea3f.561b)

Description: Uplink to Switch_6509 9/28

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Switch_3560#sh spanning vlan 10

VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address 0002.1610.1b40

Cost 22

Port 56 (Port-channel1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Address 0023.ea3f.5600

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1 Root FWD 3 128.56 P2p

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Switch_6509> (enable) sh spantree 10

VLAN 10

Spanning tree mode RAPID-PVST+

Spanning tree type ieee

Spanning tree enabled

Designated Root 00-02-16-10-1b-40

Designated Root Priority 32768

Designated Root Cost 19

Designated Root Port 8/1

Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge ID MAC ADDR 00-d0-01-74-50-09

Bridge ID Priority 32768

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Did the native vlan change help your situation then ?

Yes it did... changed the 6500 side to native vlan.

Cheers

00-16-c7-ff-ad-25 might be on the catos bridge itself. The mac-address shown in the message are port mac-address (not the mac-address used for bridge ID). So one must be the address of the 3560 and the other is probably the address of the cat6k.

This channel consistency mechanism is a little bit different in CatOS and IOS. In IOS, you check that the BPDUs received on a port are consistently coming from the same mac address. With CatOS, it checks that BPDU received and BPDU transmitted have a common source mac address. The idea is that, in a stable state, you should only be sending or receiving BPDUs. So the CatOS behavior is a little bit more strict in the way that it can detect if there is a kind of unidirectional link failure on the channel. That's what seems to be happening here. The 3560 is receiving the cat6k BPDUs, but the cat6k is not receiving the 3560's.

Honestly, I don't like those mechanisms because they make some assumptions on source mac-address of the BPDUs, which is completely unreliable (actually, it will break with some of the latest IEEE standards). At least, here, it seems to highlight a problem in your channel config.

Regards,

Francois

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: