We recently migrated from another vendor to Cisco in our core (yay!) The migration seems to have gone on with out a hitch but one things seems to really bother me. We are now running PVST everwhere in the campus building up from MSt in the old setup. Vlan 1 has been disabled and Vlan 999 has been set as the native VLAN for all uplink and interswitch trunks everywhere.
Which kinda brings me to the problem. While Cores 1 and 2 are configured to be primary and secondary root switches (in that order) for all vlans (including 999), the command "show spanning-tree root" shows each device in the campus believes it is the root s/w for the spanning tree vlan 999.So for instance if an access switch on some floor has vlans 20,55 passing through the uplink trunks and vlan 999 is set as native, the "show spanning-tree root" command on this access switch will show that it has root ports for vlans 20 and 55 with the relevant cost (4 in this case since we are using 1gigs) but 0 cost with the message "This switch is root" for vlan 999. And since every switch believes it is root .... presto no blocking ports anywhere for vlan 999.
I'm not really passing anything untagged in my campus... so nothing seems to have gone awry so far but we all know theres a loop in there somewhere ... lurking ... waiting for the opportune time to strike ... bringing the entire campus down in the process ....
So any ideas anyone ? Suggestions ? I can post relevant parts of the configuration if required ...
Thanks a mill.
>> If you remove vlan 999 from each trunk link then each switch will think it is root for vlan 999
I have seen this in our campuses
if there will be no port in vlan 999, and we are speaking of PVST, STP instance for vlan 999 would be not running.
Vlan 999 will be listed as vlan if we use VTP but no STP running for it.
if an STP instance for vlan 999 exist ( in PVST I mean ) then at least one port is in vlan 999 and that ports are likely the uplink L2 trunks or other trunks defined on the access layer switches.
As soon as we remove from trunk(s) the vlan 999 the PVST instance is removed.
This is why the trunk allowed vlan has to be used on both sides of each trunk as you have noted many times about STP scalability.
Hope to help