Inconsistent peer vlan Problem in Switches

Unanswered Question
May 4th, 2009

Hello Experts,


I experienced below output in the Cisco Switches.


SW1#sh spanning-tree vl 126

----output suppressed----

---------------- ---- --- --------- -------- --------------------------------

Fa0/11 Desg FWD 19 128.11 P2p

Fa0/23 Desg BKN*19 128.23 P2p *PVID_Inc



After Enabling the "spanning-tree bpdufilter enable" on the Interface Fa0/23 the Interface is Unblocked.


Could/Can someone help in providing a detailed Technical Reasoning for this. Logs collected from the Switch:


IST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 371 on FastEthernet0/23 VLAN126.


IST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/23 on VLAN0126. Inconsistent local vlan.


IST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/23 on VLAN0126. Port consistency restored.


IST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 371 on FastEthernet0/23 VLAN126.


IST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/23 on VLAN0126. Inconsistent local vlan.


Post configuring the "spanning-tree bpdufilter enable" on the Interface, the logs is collected:


IST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/23 on VLAN0126. Port consistency restored.


Thanks in Advance.


Best Regards,


Guru Prasad R

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Mon, 05/04/2009 - 04:46

Guru:


This is normal behavior.


BPDU filtering is applied to ports that are configured for PortFast. A port with PortFast configured on it is assumed to be connected to ONLY an end-device that, if connected to the PortFast-enabled port, cannot create a parallel path for data nor the subsequent bridging loop.


So, when you configure PortFast BPDU Filtering on an interface, you are basically confirming that this is an access port that will not have another L2 bridge connected to it, so there is no need to process BPDUs.


Without BPDU filtering enabled, if a PortFast enabled port is accidentally connected to a switch, BPDUs will be received and sent on that port and PortFast will effectively be disabled. The port will then go through all the STP port states until it begins forwarding or gets blocked.


With BPDU filtering enabled on the interface, the BPDUs from the rogue switch will be IGNORED, thereby allowing it to establish a connection with our switch, whose port has now bypassed the STP Listening and Learning states and gone immediately into forwarding. This can create a layer 2 parallel path and loop.


So, you must be very discrimninating when you use BPDU filtering.


HTH


Victor

milan.kulik Mon, 05/04/2009 - 05:09

Hi Victor,


IMHO:

a) BPDU Filtering is independent on PortFast. It can be configured on any interface and simply ignores incoming BPDUs.


I agree it should be used very carefully.


b) The error message was received on a trunk port probably and caused by inconsistent native VLAN.


See Error Decoder output:

"%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id [dec] on [chars] [chars].


The listed interface received an SSTP BPDU that is tagged with a VLAN ID that does not match the VLAN ID on which the BPDU was received. This occurs when the native VLAN is not consistently configured on both ends of an IEEE 802.1Q trunk. [dec] is the VLAN ID, the first [chars] is the port, and the second [chars] is the VLAN.


Recommended Action: Verify that the configurations of the native VLAN ID is consistent on the interfaces on each end of the IEEE 802.1Q trunk connection. When the configurations are consistent, spanning tree automatically unblocks the interfaces."


BR,

Milan




guruprasadr Mon, 05/04/2009 - 05:13

HI Milan,


Yes, the ERROR message was received on the TRUNK port.


I have queried the Error message in the Decoder output already, but could not able to understand the Technical Explanation by Cisco.


Could you please explain more in detail about this. Thanks in Advance.


Best Regards,


Guru Prasad R

milan.kulik Mon, 05/04/2009 - 05:23

Hi Guru,


the explanation is easy:

You have to configure the same Native VLAN on both trunk sides!


If you issue

show int ... switchport

you should be able to detect which VLAN is configured as Native on the port.

And this has to be the same as Native VLAN on the opposite trunk side port.


See http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swvlan.html#wp1101186

and

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swvlan.html#wp1214387

for details.


BR,

Milan



lamav Mon, 05/04/2009 - 05:19

Milan:


"BPDU Filtering is independent on PortFast. It can be configured on any interface and simply ignores incoming BPDUs."


Yes, but in a practical sense, BPDU filtering would be configured in conjunction with PortFast.


Is there another situation -- other than one in which PortFast is enabled -- in which you want a L2 switch port to ignore BPDUs and bypass the Spanning Tree convergence process?


Guru:


If this is a trunk port, why would you want to use BPDU Filtering?


Victor

milan.kulik Mon, 05/04/2009 - 05:30

Hi Victor,


I can imagine only one situation when I'd dare using BPDU filtering:

L2 peering with somebody else when I'm absolutely sure there is no second physical connection between our LANs.

And I don't want his switch to become a root in my LAN.

In this case, I even can imagine BPDU filtering without PortFast.


IMHO, Guru didn't want to use BPDU filtering primarilly, he just noticed using that "fixed" his problem - as BPDUs were ignored, no native VLAN mismatch was noticed and the port was not disabled.


BR,

Milan

guruprasadr Mon, 05/04/2009 - 05:31

HI Victor,


It's a Service Provider Environment.


It's not a complete STP Network even. The Switches are cascased together for inter-communication.


The TRUNK port on Switch to which the Edge Router (PE) and Backbone will be connecting.


How only Trunk Port is effected ?


After enabling the "BPDU Filter" how the Port was Unblocked ?


What is Cisco trying to explain with this Error log: %SPANTREE-2-RECV_PVID_ERR: ?


Thanks in Advance for your responses.


Thanks & Regards,


Guru Prasad R

lamav Mon, 05/04/2009 - 05:56

Guru:


A couple of things...


1.) You should read this link regarding PortFast and how it interacts with BPDU Filtering. In short, let me tell you that PortFast is automatically disabled when the port receives BPDUs. This is a good thing, as it protects your network from a bridging loop by disabling PortFast and forcing the port to go through the STP convergence process and then, mostl likely, get blocked. IF, however, you have BPDU filtering enabled on a port that is set for PortFast, the BPDUs will be IGNORED, and PortFast will not be disabled and STP re-convergence and re-calculations will NOT take place, and the port will go into the Forwarding state. That is what happened with you.


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/stp_enha.html



2.) After entering the STP Forwarding state, a native vlan mismatch was mostl likely discovered on the trunk port, as Milan rightly pointed out. For consistency and to avoid receiving such errors, you should ensure that the native vlan is the SAME on both ends of the trunk.


HTH


Victor

shivlu jain Mon, 05/04/2009 - 07:11

hi guru


The reason for this problem is that the switch is receiving superior bpdu form the neighbor which forces it to put the port in block mode.

After enable the command spanning tree bpdu filter enable, the bpdu comes to the interfaces and interface drop it.


regards

shivlu jain

Actions

This Discussion