Spanning-tree and HSRP related query

Answered Question
Nov 20th, 2009
User Badges:

Hi Friends,


I am facing a different scenario now –


I have a network with 2x6509E switch at the core and 3560 switches at the Edge. All edge switches are connected to both the 2 6509 switch for high availability. PVST is enabled and i manually configure 6509-01 (Core Switch 01) as the Primary and the 6509-02 (Core Switch 02) as the secondary. All the VLANs are configured with HSRP and Core Switch01 expected to be the HSRP Master for all Vlans.

1) In edge switches I can see spanning tree port Gig 0/1 connects to Core switch 01 as Active forwarding and Gig 0/2 connects Core Switch 02 as Alt BLK. But I can see the Gig 0/2 is showing Green LED as the same as Gig 0/1 and can see activity on the port, it is blinking fast as same like Gig 0/1. Ideally if the Port is in Alternative blocking stage then how there is some activity on this port and the LED is blinking continues. Show interface gig 0/2 shows multicast and broadcast count also. Why it is happening like this???

2) On the core I have connected the 2 6509 Switch with an Ether-channel. The port-channel 1 is configured as a trunk and allowed to pass all traffic. When i do a show spanning-tree active command, I can see the port channel interface on the Core 01 is des fwd and the port-channel on the Core 02 is as the Root. All the other ports are designated in both the switches. what does it mean by that Root ?
Root Bridge is showing as the Core Switch 01 and I was expecting the Core Switch 01 should forward the traffic, why the Core Switch 02 Port-channel is showing as the ROOT ???


3) The HSRP configuration i have added Vlan 1 on core switch 01 with the priority of 110 and preempt also enabled, but whenever I put sh standby brief i can see for Vlan 1 the core switch 02 is showing as active, even after i configure the priority 120 to core switch 01. If I set HSRP priority higher value to the vlan interface on Core Switch 01 then ideally it should be the active, why it not happening in this case?

The Core switches has FWSM Module, and the core switch 01 hold the Active FWSM.

Everything in the network as of now is working fine, but i really feel some dot points here and there. Any STP issue is there or Any HSRP Issue is there?


Attaching the configfuration, kindly help me in this issue with your valuable input.


Regards

Correct Answer by Jon Marshall about 7 years 8 months ago

jacob.samuel wrote:


Hi Jon,


Thanks a lot for the reply.


Below is the configuration of Vlan 1 on both the core switches.


Core Switch-01
--------------
interface Vlan1
description *** Temp Vlan to Route-to-WAN ***
ip address 10.10.10.31 255.0.0.0
standby priority 110
standby preempt
standby 10 ip 10.10.10.37


Core Switch-02
--------------
interface Vlan1
description *** Temp Vlan to Route-to-WAN ***
ip address 10.10.10.33 255.0.0.0
standby 10 ip 10.10.10.37


ip route 0.0.0.0 0.0.0.0 10.10.10.47


Here  Vlan 1 on Core switch is having high priority and preempt enabled but still it was not the active router for vlan 1 from the beganning. I manually shut the vlan 1 interface on core switch 2 to make the core 1 as the active for Vlan 1. I restarted the Core swithc 01 once recently, but still since the preempt is enabled the core 1 should come back as the active when ever it is live right?


Also please notice the sh standby brief output, the priority value on vlan 1 is showing as 100 only, but in actual running config, the configured priority on vlan 1 is 110, it is not taking that priority value as 110, here i feel something wrong.


About the HSRP Group 10, i configured hsrp group 10 since the gateway routers for the customers existing network are using the HSRP at the Routers. when i put hsrp without any group it was giving me some warning message on the console saying that the HSRP group 0 is beeing used or some error messages like that, thats why i used group 10.


Little about the Customer exisitng network - there is 2 network in the customer LAN (a major network of 10.x.x.x and a smaller network if 201.x.x.x) all are in vlan 1 only and using the Router LAN interface as the gateway. From my Core temeprorly i am forwarding the traffic to 10.10.10.47 its again a single L3 switch which connects to the customer existing network, later i will change this with a L2 switch. Revers traffic is to 10.10.10.47 from the Routers.


Sunny


Think the problem is with your HSRP config on core switch 1. You have -


int vlan 1

standby priority 110

standby preempt

standby 10 ip 10.10.10.37


ie. you haven't included the group number for your first 2 standby lines. So can you update the config to read -


int vlan 1

standby 10 priority 110

standby 10 preempt

standby 10 ip 10.10.10.37


and then have a look at "sh standby all" and  "sh standby brief" on core switch 1.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jon Marshall Sat, 11/21/2009 - 03:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Can you post


1) From one of the 3560 switches -


   sh int gi0/1

   sh int gi0/2


2) "sh spanning-tree vlan 1" from both core switches


3)  "sh standby brief"  from both core switches


Jon

Jacob Samuel Sun, 11/22/2009 - 00:47
User Badges:

Hi Jon,


please find the details, incase of any more information required from my side please let me know.


There is a 3560 switch that has the uplink from Core Switches and  connecting to the customers existing network / router, am attaching the running config of the same also (sh run edge sw temp.TXT).


regards

Sunny

Jon Marshall Mon, 11/23/2009 - 14:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

jacob.samuel wrote:


Hi Jon,


please find the details, incase of any more information required from my side please let me know.


There is a 3560 switch that has the uplink from Core Switches and  connecting to the customers existing network / router, am attaching the running config of the same also (sh run edge sw temp.TXT).


regards

Sunny


Sunny


Firstly, apologies for the delay in getting back, your attachments were queued for ages so i couldn't access them.


Okay, the reason why you don't see any issues with your network is because there aren't any. We'll deal with the issues the order you listed them -


1) int gi0/2 is indeed blocking from the edge switch. Bear in mind however that this does mean the port connecting to the edge switch on core switch 2 is blocking as well so that port will forward certain traffic such as CDP/STP etc. This accounts for the multicasts you are seeing. It would be worth doing a "clear counters" on the edge switches and then monitoring int gi0/1 and gi0/2 - you should see a lot more traffic through gi0/1 because this is the path for user traffic.


2) Your spanning tree outputs from the core switches show that core switch 1 is the root for all vlans or at least vlan 1 and 100 which is what you included. Have a look at the output on core switch 1, notice that for both vlan 1 and vlan 100 it is saying under the Root ID section "This bridge is the root". Notice also that the Root ID section and the Bridge ID section on core switch both use the same mac-address of the switch.


Now look at core switch 2 output and notice that the Root ID mac is that of core switch 1 but the Bridge ID is that of core switch 2.


3) This is a bit weird. If you look at the output of "sh standby brief" on both core switches you can see that actually vlan 1 is active on core switch 1 and standby on core switch 2 which is correct. Notice also that the HSRP group for vlan 1 in this output is vlan 10.


You have 2 other HSRP entries for vlan 1 however. Not in the output of "sh standby brief" but in the output from the "sh standby all" so i'm not sure what these other 2 are. Perhaps it is normal as to be honest i only ever usually use "sh standby brief". I will check the command references. Perhaps you could post the vlan 1 config from the 2 core switches ?


But in short there is nothing wrong with your network, at least from the config you have supplied.


Jon

Jacob Samuel Tue, 11/24/2009 - 00:01
User Badges:

Hi Jon,


Thanks a lot for the reply.


Below is the configuration of Vlan 1 on both the core switches.


Core Switch-01
--------------
interface Vlan1
description *** Temp Vlan to Route-to-WAN ***
ip address 10.10.10.31 255.0.0.0
standby priority 110
standby preempt
standby 10 ip 10.10.10.37


Core Switch-02
--------------
interface Vlan1
description *** Temp Vlan to Route-to-WAN ***
ip address 10.10.10.33 255.0.0.0
standby 10 ip 10.10.10.37


ip route 0.0.0.0 0.0.0.0 10.10.10.47


Here  Vlan 1 on Core switch is having high priority and preempt enabled but still it was not the active router for vlan 1 from the beganning. I manually shut the vlan 1 interface on core switch 2 to make the core 1 as the active for Vlan 1. I restarted the Core swithc 01 once recently, but still since the preempt is enabled the core 1 should come back as the active when ever it is live right?


Also please notice the sh standby brief output, the priority value on vlan 1 is showing as 100 only, but in actual running config, the configured priority on vlan 1 is 110, it is not taking that priority value as 110, here i feel something wrong.


About the HSRP Group 10, i configured hsrp group 10 since the gateway routers for the customers existing network are using the HSRP at the Routers. when i put hsrp without any group it was giving me some warning message on the console saying that the HSRP group 0 is beeing used or some error messages like that, thats why i used group 10.


Little about the Customer exisitng network - there is 2 network in the customer LAN (a major network of 10.x.x.x and a smaller network if 201.x.x.x) all are in vlan 1 only and using the Router LAN interface as the gateway. From my Core temeprorly i am forwarding the traffic to 10.10.10.47 its again a single L3 switch which connects to the customer existing network, later i will change this with a L2 switch. Revers traffic is to 10.10.10.47 from the Routers.

Correct Answer
Jon Marshall Tue, 11/24/2009 - 04:04
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

jacob.samuel wrote:


Hi Jon,


Thanks a lot for the reply.


Below is the configuration of Vlan 1 on both the core switches.


Core Switch-01
--------------
interface Vlan1
description *** Temp Vlan to Route-to-WAN ***
ip address 10.10.10.31 255.0.0.0
standby priority 110
standby preempt
standby 10 ip 10.10.10.37


Core Switch-02
--------------
interface Vlan1
description *** Temp Vlan to Route-to-WAN ***
ip address 10.10.10.33 255.0.0.0
standby 10 ip 10.10.10.37


ip route 0.0.0.0 0.0.0.0 10.10.10.47


Here  Vlan 1 on Core switch is having high priority and preempt enabled but still it was not the active router for vlan 1 from the beganning. I manually shut the vlan 1 interface on core switch 2 to make the core 1 as the active for Vlan 1. I restarted the Core swithc 01 once recently, but still since the preempt is enabled the core 1 should come back as the active when ever it is live right?


Also please notice the sh standby brief output, the priority value on vlan 1 is showing as 100 only, but in actual running config, the configured priority on vlan 1 is 110, it is not taking that priority value as 110, here i feel something wrong.


About the HSRP Group 10, i configured hsrp group 10 since the gateway routers for the customers existing network are using the HSRP at the Routers. when i put hsrp without any group it was giving me some warning message on the console saying that the HSRP group 0 is beeing used or some error messages like that, thats why i used group 10.


Little about the Customer exisitng network - there is 2 network in the customer LAN (a major network of 10.x.x.x and a smaller network if 201.x.x.x) all are in vlan 1 only and using the Router LAN interface as the gateway. From my Core temeprorly i am forwarding the traffic to 10.10.10.47 its again a single L3 switch which connects to the customer existing network, later i will change this with a L2 switch. Revers traffic is to 10.10.10.47 from the Routers.


Sunny


Think the problem is with your HSRP config on core switch 1. You have -


int vlan 1

standby priority 110

standby preempt

standby 10 ip 10.10.10.37


ie. you haven't included the group number for your first 2 standby lines. So can you update the config to read -


int vlan 1

standby 10 priority 110

standby 10 preempt

standby 10 ip 10.10.10.37


and then have a look at "sh standby all" and  "sh standby brief" on core switch 1.


Jon

Jacob Samuel Tue, 12/01/2009 - 02:22
User Badges:

Hi Jon,


Sorry for the delay it was off during the last few days due to Eid here. I tried to do the changes what you have suggested before holidays and its started working fine. I can see it is taking the correct prioroty value on the sh standby brief output. 


Thanks a ton for the help Jon.


regards


Jacob

Mohammed Khair ... Mon, 11/23/2009 - 23:31
User Badges:

Hi there,


Your configuration seems fine, and as the above post said core switch 1 is the root bridge for your environment.


Now when you see on the core switch 2 that one port is the root port, that means its the port connecting to root bridge (this is the way STP works).


If you have fiber cables connecting your switches together (edge to core), then I would recommend you to use the interface command udld enable, this command will prevent unidirectional link problem associated with fiber cables (it will notify the switch about fiber problem in case the 2 pairs of fiber cables starts recieving or sending simultaniously).


I would recommend also if you look at your switch process utilization (show process cpu sorted), if you have high cpu untilizatin then make the 2nd core switch primary and root bridge for other VLANs.



HTH


Mohd Khair

Jacob Samuel Tue, 11/24/2009 - 01:00
User Badges:

Hi Mohd,


Thanks a lot for clearing that point. I have only very few Vlans created on the switches. I see the sh process cpu gives around 3 % utilisation only. As of now all the users are is not migrated to the new network and it is still not taken in to production. I should check the same once it is go live.


Kindly update also if you have points on the hsrp side.

Actions

This Discussion