cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2591
Views
0
Helpful
17
Replies

Problem in STP?

Dear All,


stp.JPG

In this connectivity,I configured,HSRP For, VLAN 23 & VLAN-24  in  Edge Router 7604 PE1,

1.If i am configuring like this, i will be  getting flopping in PE2.

2.Then i changed the  connectivity,

PE1--VLAN24---> DLinkswitch2

PE2--VLAN24---> Dlink Switch1

That time my both the routers CPU utilization will be very high(100%)

3.If i am removing the cable between D-Link,

That time i cant able to reach the Servers which is connected to Switch.

In this case, what i have to do?

Thanks in Advance

Tks&Rgds

Senthil

17 Replies 17

Dear All,

I dont why that attachment is missed..Any how i am attached the connectivity diagram for your information.

Tks&Rgs

Senthil

Dear All,

I dont why that attachment is missed..Any how i am attached the connectivity diagram for your information.

Tks&Rgs

Senthil

Hi Senthil,

Can you remove the cable between PE1 and PE2 and see how is the connectivity for servers and HSRP groups.

Hope to Help !!

Ganesh.H

Dear Ganesh,

Whether i have to remove both connectivity from PE1 and PE2.

Other than that, Whether i have to change any physical connectivity?

If it is,Please tell me..

Tks&Rgds

SEnthil

Dear Ganesh,

Whether i have to remove both connectivity from PE1 and PE2.

Other than that, Whether i have to change any physical connectivity?

If it is,Please tell me..

Tks&Rgds

SEnthil

Hi Senthil,

For troubleshooting purpose just disable the connectivity between PE1 and PE2 let the hsrp packets to communicate via DSL1 and DSL2 switches.

Note:-If it is test setup then i would suggest you can go on fly if it is production take piror approval for any changes.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Dear Ganesh,

Edge router 1 , which in live..So we cant able to remove the cable..Other than that, what about the physical connectivity?

whether it is ok ?

Otherwise i have to change any physical connectivity?

Tks&Rgds

Senthil

Are those D link switches manageable, if yes are they running STP..??

The links between PE1 and PE2 are those Trunk links or access ports for specific Vlans else are they routed ports..?

Please post the Sh spanning tree of PE1 and PE2  and show standby of both the routers

Regards

Hitesh Vinzoda

Please rate helpful posts.

Dear Vinzoda,

FYI

PE1#sh spanning-tree
MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    20556
             Address     0012.4387.a3c0
             Cost        220023
             Port        794 (GigabitEthernet4/26)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)
             Address     0024.c4c0.5a40
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi4/32              Desg FWD 20000     128.800  P2p Bound(STP)
Po41                Desg FWD 10000     128.3329 P2p


Vlan23 - Group 127
  State is Active
    31 state changes, last state change 19:27:19
  Virtual IP address is 10.237.16.1
  Active virtual MAC address is 0000.0c07.ac7f
    Local virtual MAC address is 0000.0c07.ac7f (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.256 secs
  Preemption enabled
  Active router is local
  Standby router is unknown
  Priority 100 (default 100)
  Group name is "hsrp-Vl23-127" (default)
Vlan24 - Group 227
  State is Init (interface down)
    58 state changes, last state change 1d20h
  Virtual IP address is 10.237.16.65
  Active virtual MAC address is unknown
    Local virtual MAC address is 0000.0c07.ace3 (v1 default)
  Hello time 3 sec, hold time 10 sec
  Preemption enabled
  Active router is unknown
  Standby router is unknown
  Priority 100 (default 100)
  Group name is "hsrp-Vl24-227" (default)

PE2#sh spanning-tree

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    20556
             Address     0012.4387.a3c0
             Cost        220023
             Port        3329 (Port-channel41)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)
             Address     0025.8429.7c80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------

Gi4/33              Desg FWD 20000     128.801  P2p
Po41                Root FWD 128       128.3329 P2p


Vlan23 - Group 127
  State is Init (interface down)
    39 state changes, last state change 19:28:40
  Virtual IP address is 10.237.16.1
  Active virtual MAC address is unknown
    Local virtual MAC address is 0000.0c07.ac7f (v1 default)
  Hello time 3 sec, hold time 10 sec
  Preemption enabled
  Active router is unknown
  Standby router is unknown
  Priority 100 (default 100)
  Group name is "hsrp-Vl23-127" (default)
Vlan24 - Group 227
  State is Active
    24 state changes, last state change 1d21h
  Virtual IP address is 10.237.16.65
  Active virtual MAC address is 0000.0c07.ace3
    Local virtual MAC address is 0000.0c07.ace3 (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.384 secs
  Preemption enabled
  Active router is local
  Standby router is unknown
  Priority 100 (default 100)
  Group name is "hsrp-Vl24-227" (default)

Both the D-Link switches were Manageble..What cost value to be assigned to the individual port?..Bu default it will be 20000.

Tks&Rgds

Senthil

chris.rae07
Level 1
Level 1

Hi Senthil,

Can you confirm what line cards you have in each of the 7604?

Can you confirm whether the ports you are using are routed or switched ports?

Generally for HSRP you would configure two routed interfaces facing the CE (in this case the dlink switches)

and configure one of the two PE as the HSRP active routers. This will allow the customer to point his default gateway to the

HSRP virtual address and the HSRP Active router will respond to any ARP requests to that address.

In your case you would configure a routed interface on each PE facing the dlinks, and create two subinterfaces, one for each VLAN.

Each sub-interface would run a seperate instance of HSRP, allowing you to "load balancing" the traffic. ie. HSRP Active for VLAN 23 = PE1

HSRP Active for VLAN 24 = PE2.

The second issue you will have with this moving forward is do the dlinks support 802.1q trunking?

If they don't you will have to replace them with switches that can. ie. Cisco switches.

The other design choice is to do what you have already done, which looks like configuring switch trunk ports between the two PE's and

then trunk to the two dlinks.

If the dlinks don't support STP.....and at least CST (Common Spanning Tree) then your topology is causing a loop and will generate a broadcast storm.

This might be why you are seeing 100% CPU Utilization.

Honestly from a PE point of view you would most probably want to break up the broadcast domain by using routed interfaces as mentioned above.

Then run something lilke iBGP between the two PE's so they both have the same routing information and can update each other when there is a change in  he routing topology. The also you can offer the CE the ability to dynamically route via the PE's.

I hope this helps.

Chris

Dear Chris,

I have configured that two ports were switch port oly.. also i configured STP between D-Link switches.

Right Now,

For VLAN 23, PE1 is in up and active.

For VLAN 24, PE2 is in up and active.
PE1#sh run int vlan 23
interface Vlan23
ip vrf forwarding SMSc
ip address 10.237.16.61 255.255.255.192
standby 127 ip 10.237.16.1
standby 127 preempt
end

PE1#sh run int vlan 24
interface Vlan24
ip vrf forwarding SMSc
ip address 10.237.16.125 255.255.255.192
shutdown
standby 227 ip 10.237.16.65
standby 227 preempt
end

PE1#sh run int gi4/32
interface GigabitEthernet4/32
switchport
switchport access vlan 23
switchport mode access
end

PE1#sh run int gi4/33
interface GigabitEthernet4/33
switchport
switchport access vlan 24
switchport mode access
shutdown
end

PE2#sh run int vlan 23
interface Vlan23
ip vrf forwarding SMSc
ip address 10.237.16.62 255.255.255.192
shutdown
standby 127 ip 10.237.16.1
standby 127 preempt
end

PE2#sh run int vlan 24
interface Vlan24
ip vrf forwarding SMSc
ip address 10.237.16.126 255.255.255.192
standby 227 ip 10.237.16.65
standby 227 preempt
end

PE2#sh run int gi4/32

interface GigabitEthernet4/32
  switchport
switchport access vlan 23
switchport mode access
shutdown
end

PE2#sh run int gi4/33
interface GigabitEthernet4/33
switchport
switchport access vlan 24
switchport mode access
end

Other than that ,whether i have to configure anything in the edge router..

Tks&Rgds

Senthil

Hi Senthil,

Why the Interface vlans on routers are made shut..?? any reason..

So the switches are connected to the access ports with PE routers if i m not mistaken.

also what is the link between switches is formed of .. is it a trunk or access.

Regards

Hitesh Vinzoda

Dear Hitesh,

If i am enabling that VLAN, My PE2 will get flapping (up and down)..So that oly i gave shut cmd to PE1 for VLAN24 and VLAN23 in PE2.

I have configured trunk port between two D-Link Switches.

I have configured Etherchannel not only for this connectivity...configured for all the trunk links.

Now what i have to do?//

Tks&Rgs

Senthil

What is the model of your D-link switches?

Are you able to enable the CDP on PEs and issue sh cdp neigh in order to paste it to us?

How are exactly the interfaces configured for each link?

All interfaces are layer 2, including the connection between the PEs?

Configuration for the interfaces connecting PE1 to PE2

Configuration for the interfaces connecting PE1 to Dlink1

Configuration for the interfaces connecting PE2 to Dlink2

Configuration for the interfaces connecting Dlink1 to Dlink 2

Vlan interface configurations.

Output of show spanning-tree on both PEs

I could see that your drawing has two connections.. is it representing the logical connection or you have two physical interfaces for each vlan connecting the PEs and Dlinks?

Regards,

Can you run the command on both pe1 and pe2.  Might be hard to do if your running at 100% cpu.

show spanning-tree vlan 23

show spanning-tree vlan 24

This is an example from one of my devices.  The design is sort of simular, although I am all Cisco.  You should see that on one of the interfaces that spanning tree is blocking.  Otherwise you have a loop.  Your port configurations should not have "spanning-tree portfast".  I set spanning-tree root manually on the same device as my gateway with the command "spanning-tree vlan **** root primary.

6506-1#show spanning-tree vlan 120

VLAN00120
  Spanning tree enabled protocol rstp
  Root ID    Priority    8192
             Address     001a.30fb.700c
             Cost        6
             Port        1666 (Port-channel2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32780  (priority 32768 sys-id-ext 12)
             Address     0014.1b7d.1800
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------

Gi3/17              Desg FWD 4         128.273  P2p
Po1                 Altn BLK 3         128.1665 P2p
Po2                 Root FWD 3         128.1666 P2p

Commonly used commands

show spanning-tree vlan *****

show spanning-tree sum

Also I saw that you probably are using port-channel.... is so, it might be a loop between the uplinks if there is a misconfig between the D-link and the Cisco.

Shut down the uplink between the D-links. If the problem keeps, it might the the portchannels so try to shut all path that have multiple interfaces within a poretchannel. Leave only one interface per uplink.

Example:

DLINK1====PE1

Shut one of the link:

DLINK1-----PE1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco