Trying to understand this Spanning-tree behavior

Unanswered Question
Dec 11th, 2009

Hi folks, please let me know if you can explain the following behavior:

I have functional switches configured as:

2950A(vlan7)------------f3/1[4507]f3/2--------2950B(vlan22)

My goal is to change 2950B and make it all switchports run assigned to vlan 7 as well as it is 2950A.

Then I go 4507 and change "interface f3/2" from 'switchport allow trunk vlan 22' to 'switchport trunk allow vlan 7'.

I change all switchports on 2950B from 'switchport access vlan 22' to 'switchport access vlan 7'. At that point the 'vlan 7' is created on 2950B.

I changed the ip default-gateway on 2950B to the respective Vlan 7 ip address specified on the 4507 int vlan 7 interface.

I go to the 2950B and do 'no int vlan 22'. No 'vlan 22'.

I made sure that I make the 'int vlan 7' on 2950B as up/up  - OK.

Then I confirm that from my workstation on the network, I can ping int 2950B vlan 7 IP address - OK.

Then 20 minutes later someone comes and complain that all servers connected to 2950A are no longer working.

Question:
Do you see any obvious problem with the procedure above?

It seems I introduced a SPT loop here.


If the explanation above is not enough I can paste config.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 12/11/2009 - 13:26

news2010a wrote:

Hi folks, please let me know if you can explain the following behavior:

I have functional switches configured as:

2950A(vlan7)------------f3/1[4507]f3/2--------2950B(vlan22)

My goal is to change 2950B and make it all switchports run assigned to vlan 7 as well as it is 2950A.

Then I go 4507 and change "interface f3/2" from 'switchport allow trunk vlan 22' to 'switchport trunk allow vlan 7'.

I change all switchports on 2950B from 'switchport access vlan 22' to 'switchport access vlan 7'. At that point the 'vlan 7' is created on 2950B.

I changed the ip default-gateway on 2950B to the respective Vlan 7 ip address specified on the 4507 int vlan 7 interface.

I go to the 2950B and do 'no int vlan 22'. No 'vlan 22'.

I made sure that I make the 'int vlan 7' on 2950B as up/up  - OK.

Then I confirm that from my workstation on the network, I can ping int 2950B vlan 7 IP address - OK.

Then 20 minutes later someone comes and complain that all servers connected to 2950A are no longer working.

Question:
Do you see any obvious problem with the procedure above?

It seems I introduced a SPT loop here.


If the explanation above is not enough I can paste config.

Marlon

I can't see a loop from the topology you have posted above. By adding the 2950B to vlan 7 that will cause an STP recalculation for that vlan but that should only cause at most a 50 second outage depending on what version of STP you are running.

So how long were the servers down ? How was it determined they were down. Were they all down. Is there anything in any of the switch logs ?

Jon

news2010a Fri, 12/11/2009 - 13:51

It was determined that traffic for servers on 2950A got interrupted using monitoring tools, Spectrum. So as soon as I rolled back the change on 2950B, the traffic returned to a normal pattern.

Then someone brought up that the issue was caused because I did not shut down the interface (in this case on 4507 f3/2) before making the 4507 f3/2 trunk change (to vlan 7). So according to the colleague, 2950B remained momentarily as vlan 22 and the 4507 f3/2 remained as vlan 7. Well, I can't understand that explanation though.


So I will try to do the change again and I will let you know if I find more details.

Thanks!!

Giuseppe Larosa Sat, 12/12/2009 - 09:59

Hello Marlon,

as Glen has pointed out there should be other unknown links between the two C2950 this can be an explanation of the problem.

By changing all ports from vlan 22 to vlan7 you may have caused a join of  two broadcast domains if the unwanted link is an access link.

(on an access link the 802.1D version of BDU is sent and not the proprietary BPDU used on trunk links that carries vlan-id in an internal field)

if unfortunately that link has become the exit point for servers on C2950A they could be trying to send traffic to default gateway via that link.

(if STP system extension is running on the C4500 the Bridge id for vlan 7 is lower and better then that for vlan 22 and the MAC address used by all SVIs on the C4500 is the same).

in a case like this you need to check what is happening with

show spanning-tree vlan 7

show spanning-tree vlan 22

on all three switches.

Mine is only a wild guess.

I agree that you should the configurations of the three switches.

Also look for  output of show spanning-tree vlan X. It may be wise to post them too.

check if the root port and the root bridge ID matches on each 2950 and on the C4500.

Hope to help

Giuseppe

glen.grant Fri, 12/11/2009 - 18:23

    I can see no reason why that would affect 2950A  in the drawing , if 2950A and B are somehow tied together then possibly something could have happened.  I would check to see how the trunking is setup , is it transparent or server/client . See where the root for vlan 7 is actually located and see if it seems correct , the 4500 should be the root .  My guess is there are more connections or ones you do not know about in this setup . Can you post the port configs for the 2950's and the 4500's ?

amrelec Sat, 12/12/2009 - 01:09

I think you have some issues with the STP. yes please post your configurations....that will help.

regards,

Amro

Actions

This Discussion