06-10-2009 03:55 PM - edited 03-06-2019 06:11 AM
Today we had a problem on a trunk port within a HP Blade Center 7000 configured with Cisco 3020 switches. The port that was connected to a blade was sending BPDU packets on one of our main production vlans causing constant topology changes. The server infrastructure folks claim that while a blade was installed there was no OS on it yet.
On access ports we have BPDU guard enabled to prevent this type of problem. What can we use on trunk ports that are connected to servers to keep this problem from occurring in the future?
Thanks,
-John
06-10-2009 04:08 PM
You should be able to use " spanning-tree portfast trunk" on your trunks to your servers . Putting portfast on will elimnate any topology changes on the vlan . Why a blade would bounce like that I don't know , can't say I have seen that. BPDU's aren't the problem , for some it sounds like the blade connection was flapping.
06-11-2009 08:26 AM
Thanks for your reply Glen.
The ports are already set for portfast.
Here is the results of #show spanning-tree vlan 2 det
VLAN0002 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 2, address 0022.0db1.0b80
Configured hello time 2, max age 20, forward delay 15
Current root has priority 4096, address 000c.3108.c002
Root port is 64 (Port-channel2), cost of root path is 6
Topology change flag not set, detected flag not set
Number of topology changes 11577 last change occurred 00:49:49 ago
from GigabitEthernet0/9
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
You can see that G0/9 (a blade) is constentaly causing a topo change and I cannot figure out why this keeps happening (the blade is an ESX server).
Thanks for your help.
-John
06-12-2009 07:12 AM
Hi John,
Yes, but are they set for spanning-tree portfast trunk? IF you "only" have spanning-tree portfast, then it is not functioning for trunk ports.
The 3020 is as fas as I know a Cisco-made blade switch, which means that you should be able to go to the console port of the switch and configure it in a proper manner.
An ESX server should, again as far as I know, not be doing Spanning Tree.
Perhaps if you get to the 3020 and configure it with spanning-tree bpdu-guard, it will help. Or you *might* even instead put in spanning-tree bpdu-filter on g0/9. This will eliminate spannig tree altogether on that port.
HTH.
06-12-2009 03:52 PM
Thanks for your response.
I do have the 3020 configured. It functions pretty much like any other 3500 series switch.
I think spanning-tree portfast trunk (didn't know about this command) plus the bpdu-filter will do what I'm looking for.
Time will tell for sure but since adding it to the interface I've yet to register a topo change originating from that interface.
I'm still a little freaked out by how this server was able to cripple a vlan, but it this works I'll be a happy camper. Thanks for the help. I'll post a follow up next week letting your guys know how it is coming.
06-12-2009 07:39 AM
Is Root Guard what your looking for?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: