STP problem with 6509

liuguiqing · ‎06-17-2009

Hi All,

i got in trouble with SPT with Cisco 6509 .

The four switchs are link with 802.1q trunk, the port cost is show on diagram .

I setup vlan 3808 on four switchs and router ,ip address as below.

s3:1.1.1.73

s4:1.1.1.74

s5:1.1.1.75

s6:1.1.1.76

router:209.205.86.77

when the fiber down between s5 and s6 .

router can ping s6, but s5 can't ping s6 .s5 know s6 mac address ,and the s6 know s5 mac address .

s5 can ping s3,s4.

s3,s4 and ping all devices

I don't know why the s5 can't ping s6 .

s3 config file:

interface TenGigabitEthernet5/1

description S3-To-S5

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree portfast disable

end

!

interface TenGigabitEthernet5/2

description S3-To-S4

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree portfast disable

end

s4 config file :

interface TenGigabitEthernet5/1

description S4-To-S3

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

end

interface GigabitEthernet2/12

description s4-to-S6

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

no ip address

speed nonegotiate

spanning-tree cost 50

end

s5 config file :

interface TenGigabitEthernet5/1

description S5-To-S3

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

end

interface TenGigabitEthernet5/2

description S5-To-S6

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-3807,3809-4094

switchport mode trunk

no ip address

end

s6 config file :

interface TenGigabitEthernet5/1

description S6--to-S5

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

end

interface GigabitEthernet2/1

description s6-to-S4

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

no ip address

speed nonegotiate

spanning-tree cost 50

end

Giuseppe Larosa · ‎06-18-2009

Hello,

be aware that vlan 3808 is not permitted on this port

*

o

+

Networking Professionals Connection

Network Infrastructure

* Profile

* My NetPro

* Subscriptions

* Top NetPros

* Webcasts & Podcasts

* Ask The Experts

Forum Topics > Conversations > Outline > Post a Message

Post a Message

In response to:

STP problem with 6509

liuguiqing

Jun 17, 2009, 8:59pm PST

Hi All,

i got in trouble with SPT with Cisco 6509 .

The four switchs are link with 802.1q trunk, the port cost is show on diagram .

I setup vlan 3808 on four switchs and router ,ip address as below.

s3:1.1.1.73

s4:1.1.1.74

s5:1.1.1.75

s6:1.1.1.76

router:209.205.86.77

when the fiber down between s5 and s6 .

router can ping s6, but s5 can't ping s6 .s5 know s6 mac address ,and the s6 know s5 mac address .

s5 can ping s3,s4.

s3,s4 and ping all devices

I don't know why the s5 can't ping s6 .

s3 config file:

interface TenGigabitEthernet5/1

description S3-To-S5

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree portfast disable

end

!

interface TenGigabitEthernet5/2

description S3-To-S4

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

spanning-tree portfast disable

end

s4 config file :

interface TenGigabitEthernet5/1

description S4-To-S3

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

end

interface GigabitEthernet2/12

description s4-to-S6

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

no ip address

speed nonegotiate

spanning-tree cost 50

end

s5 config file :

interface TenGigabitEthernet5/1

description S5-To-S3

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

end

interface TenGigabitEthernet5/2

description S5-To-S6

switchport

but it is permitted on the other side

interface TenGigabitEthernet5/1

description S6--to-S5

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

this has to be fixed both ends have to agree on the permitted vlan list

Hope to help

Giuseppe

liuguiqing · ‎06-18-2009

Hi,

Thaks for your reply .

i want to redundance the link ,it's a ring .when the link down between s5 and s6. the traffice will go s5-s3-s4-s6.

PS: the link between s6 and s4 was QinQ tunnel provide by ISP .

I setup a test LAB as the diagram with four switch ,direct connect with cable ,don't use QinQ tunnel ,it works fine , four switch can ping each other .

The problem is QinQ tunnel ?

Giuseppe Larosa · ‎06-18-2009

Hello Liuquinq,

sorry for the terrible mess I did in my first answer I thought I had pasted only part of your original post

I was meaning you have a mismatch on the list of permitted vlans on the two sides of link between s5,s6 and this is not good.

to emulate 802.1Q tunneling service you need to use two switches or at least two 802.1Q tunnel interfaces.

customer side site A -- tunnel -- SP net -- tunnel --- customer side site B

Hope to help

Giuseppe

liuguiqing · ‎06-18-2009

Hi Giuseppe,

spanning-tree mode is pvst .

When I using the follow LAB, all things works well .

s5--ethernet------s3

| |

ethernet ethernet

| |

s6----ethernet---s4

when i use follow LAB, s5 and s6 learn MAC address from each other,but s5 and s6 can't ping s6 ,when i setup a router

behind s5 , the router can ping s6 and the s6 can ping the router .

s5-----------ethernet----------s3

| |

ethernet ethernet

| |

s6---ISP----Svlan QinQ--ISP----s4

ilagovsky · ‎06-18-2009

Hi, liuguiqing,

I think, there could be the problem that you deleted VLAN 3808 only at one side. If you want to delete definite VLAN from trunk you should do that on both side. Do show output for ARP of S5 and S6 IP-addresses and look they learned those MAC-addresses which interfaces from. I won't be surprised if S6 sees S5 via its direct link, not via S4.

By the way, could you post some outputs for S5 and S6:

show spanning-tree vlan 3808

Best regards, Igor.

liuguiqing · ‎06-22-2009

Hi Ilaqovsky,

I deleted VLAN 3808 at two side ,force it through the QinQ .

I can sure no short-circuit or loop at all on vlan 3808 .

S5#sh spanning-tree vlan 3808

VLAN3808

Spanning tree enabled protocol ieee

Root ID Priority 36576

Address 0009.12ed.1700

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 36576 (priority 32768 sys-id-ext 3808)

Address 0009.12ed.1700

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi2/10 Desg FWD 4 128.138 P2p

Te5/1 Desg FWD 2 128.513 P2p

S3#sh spanning-tree vlan 3808

VLAN3808

Spanning tree enabled protocol ieee

Root ID Priority 36576

Address 0009.12ed.1700

Cost 2

Port 513 (TenGigabitEthernet5/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 36576 (priority 32768 sys-id-ext 3808)

Address 000b.bf8c.cf80

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Te5/1 Root FWD 2 128.513 P2p

Te5/2 Desg FWD 2 128.514 P2p

S4#sh spanning-tree vlan 3808

VLAN3808

Spanning tree enabled protocol ieee

Root ID Priority 36576

Address 0009.12ed.1700

Cost 4

Port 513 (TenGigabitEthernet5/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 36576 (priority 32768 sys-id-ext 3808)

Address 000b.bf8c.7380

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 15

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi2/12 Desg FWD 50 128.140 P2p

Te5/1 Root FWD 2 128.513 P2p

S6#sh spanning-tree vlan 3808

VLAN3808

Spanning tree enabled protocol ieee

Root ID Priority 36576

Address 0009.12ed.1700

Cost 54

Port 129 (GigabitEthernet2/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 36576 (priority 32768 sys-id-ext 3808)

Address 00d0.061f.2000

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi2/1 Root FWD 50 128.129 P2p

ilagovsky · ‎06-22-2009

Hi, liuguiqing,

I didn't see any misunderstandings in your posted outputs. Just, you probably cut off a part of the output for the S6; I don't see the port which is connected to the S5 in the blocked state.

My suggestion is to use some sniffer to resolve this problem.

liuguiqing · ‎06-22-2009

S5#sh arp | inc 3808

Internet x.x.x.74 7 000b.bf8c.7380 ARPA Vlan3808

Internet x.x.x.75 - 0009.12ed.1700 ARPA Vlan3808

Internet x.x.x.73 6 000b.bf8c.cf80 ARPA Vlan3808

Internet x.x.x.76 14 00d0.061f.2000 ARPA Vlan3808

S5#

S6#sh arp | inc 3808

Internet x.x.x.74 8 000b.bf8c.7380 ARPA Vlan3808

Internet x.x.x.75 8 0009.12ed.1700 ARPA Vlan3808

Internet x.x.x.73 7 000b.bf8c.cf80 ARPA Vlan3808

Internet x.x.x.76 - 00d0.061f.2000 ARPA Vlan3808

S5#ping x.x.x.73

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to x.x.x.73, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/20/84 ms

S5#ping x.x.x.74

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to x.x.x.74, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

S5#ping x.x.x.75

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to x.x.x.75, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

S5#ping x.x.x.76

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to x.x.x.76, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

liuguiqing · ‎06-22-2009

the s5 and s6 can learn mac address correct.

S5#sh mac-address-table vlan 3808

Legend: * - primary entry

age - seconds since last seen

n/a - not available

vlan mac address type learn age ports

------+----------------+--------+-----+----------+--------------------------

* 3808 3333.0000.000d static Yes - Gi2/6,Gi2/7,Gi2/8,Gi2/9

Gi2/10,Gi2/11,Gi2/12,Gi2/13

Gi2/14,Te5/1,Te5/2,Gi5/3

Router,Switch

* 3808 000b.bf8c.cf80 dynamic Yes 5 Te5/1

* 3808 3333.0000.0001 static Yes - Switch,Stby-Switch

* 3808 0009.12ed.1700 static No - Router

* 3808 3333.0000.0016 static Yes - Switch,Stby-Switch

* 3808 00d0.061f.2000 dynamic Yes 280 Te5/1

* 3808 000b.bf8c.7380 dynamic Yes 10 Te5/1

S6#sh mac-address-table vlan 3808

Legend: * - primary entry

age - seconds since last seen

n/a - not available

vlan mac address type learn age ports

------+----------------+--------+-----+----------+--------------------------

* 3808 3333.0000.000d static Yes - Gi2/1,Gi2/2,Gi2/11,Gi2/12

Gi2/13,Gi2/14,Gi2/15,Te5/1

Router,Switch

* 3808 000b.bf8c.cf80 dynamic Yes 15 Gi2/1

* 3808 3333.0000.0001 static Yes - Switch,Stby-Switch

* 3808 0009.12ed.1700 dynamic Yes 90 Gi2/1

* 3808 3333.0000.0016 static Yes - Switch,Stby-Switch

* 3808 00d0.061f.2000 static No - Router

* 3808 000b.bf8c.7380 dynamic Yes 15 Gi2/1