Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1009
Views
0
Helpful
2
Replies

STP Blocking state allowing the traffic

imrannmdc
Level 1
Level 1

‎10-03-2010 11:36 PM

I know it is a lengthy post and it’s bit difficult to read all but I would really appreciate your time and will really be thankful for helping me out.

SW 1 and SW2 are connected back to back through port channel trunk and having HSRP running between them. Both switches’ port no 22 (G0/22) are the members of Vlan 50 (switchport access vlan 50) and are connected to another two dump switches which are also connected back to back . So mean to say, SW1’s port 22 is connected to SW3 and SW2’s port 22 is connected to SW4. SW1 and SW2 are connected back to back having HSRP running between them (SW2 is a standby Switch) and SW3 and SW4 are connected back to back without running HSRP. SW3 and SW4 are layer 2 dump switches and are on network 192.168.50.0/24 and that is why they are individually connected to SW1 and SW2 respectively on their port 22 which is a member of vlan 50

The gateway of all machines which are connected to SW3 and SW 4 is 192.168.50.253 which is a virtual IP. The physical IP of int vlan 50 on SW1 is 192.168.50.251 and  192.168.50.252 on SW2. Ideally, machines should send traffic to SW1 or SW2 only when they need to communicate to the devices outside vlan 50 but that is not the case, I can see the local traffic of vlan 50 going through the trunk between SW1 and SW2 alongwith HSRP hello packets. What does that mean if I disconnect the trunk between SW1 and SW2, will it affect the traffic between SW3 and SW4 which is a local traffic?

Moreover, when I saw the status of STP in each switch (all switches are running default STP), I found that SW3 is a root bridge and both SW1 and SW2 port 22 is a RP port. SW2 port channel which is connected to SW1 is DP and therefore port channel of SW1 is in blocking state which means the trunk between SW1 and SW2 is in a blocking state

Now my question is  if trunk between SW2 and SW1 is in blocking state then how they are sending hello packets to eachother for HSRP and how the local traffic (that is source 192.168.50.x to destination 192.168.50.x) is going through the trunk (which at first place should not be happening) and what if I disconnect the trunk between SW1 and SW2? Will it affect the local traffic??

I would really be grateful If anyone can clarify me confusion.

SW1 Configuration

spanning-tree mode pvst

spanning-tree extend system-id

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet0/1

description WAN_Link

no switchport

ip address 2.2.2.2 255.255.255.252

interface GigabitEthernet0/22

switchport access vlan 50

switchport mode access

interface GigabitEthernet0/47

description Connection_A_To_SW2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet0/48

description Connection_B_To_SW2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

interface Vlan50

ip address 192.168.50.251 255.255.255.0

standby 1 ip 192.168.50.253

standby 1 priority 105

standby 1 preempt

standby 1 track GigabitEthernet0/1

SW 2 Configuration

spanning-tree mode pvst

spanning-tree extend system-id

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet0/1

description WAN_Link

no switchport

ip address 1.1.1.1 255.255.255.252

interface GigabitEthernet0/22

switchport access vlan 50

switchport mode access

interface GigabitEthernet0/47

description Connection_A_To_SW1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet0/48

description Connection_B_To_SW1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

interface Vlan50

ip address 192.168.50.252 255.255.255.0

standby 1 ip 192.168.50.253

standby 1 preempt

standby 1 track GigabitEthernet0/1

Labels:
Preview file
13 KB
0 Helpful
2 Replies 2

imrannmdc
Level 1
Level 1

‎10-03-2010 11:37 PM

please also see the attachment

Regards

imran

0 Helpful

David Hornstein
Level 7
Level 7

‎10-05-2010 11:35 AM

Hi Imran,

I ran a quick simulation just altering your config a little bit to better understand your question.

My HSRP configuration just monitored the port-channel 1 interface state, rather than a dummy interface that you created.  I realize that this interface may have been a routed gateway somewhere else. But in my simulation it went no-where.

I actually created a routed interface with the 2.2.2.0 network,  rather than put in dummy IP addresses 0f 1.1.1.1 and 2.2.2.2. ( not that I used this interface for anything), but it closely followed your simulation.

I altered my spanning tree cost on Switch_2 ,  the interface  port-channel 1 on switch 2 now has  a very high cost, so as to make sure it was going to block over the port-channel when the spanning tree algorithm ran.

I really have no idea why you would want to block the port-channel, but VLAN 50 and the default VLAN  are still propagated packets around the ring of switches. So both  HSRP hosts could 'talk' to each other, even though the packets took the long way round my test network.

All HSRP did was monitor a interface state, which in your case was Gig 0/1, it still propagated it's multicast packets around the ring

SWITCH 2 remains in standby mode, when I pulled both  port channel CAT5 cables out  the port-channel 1.

Traffic on my switch_1  which had the HSRP master didn't miss a beat and pinging from a PC in switch_1 on VLAN50 to the PC gateway address continued without interruption.  Hope that helped to answer your question.

Some debugs from switch 2


switch2#sh spann


VLAN0001

  Spanning tree enabled protocol ieee

  Root ID    Priority    32769

             Address     001e.79fe.9800

             Cost        57

             Port        25 (FastEthernet0/23)

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec


  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)

             Address     0023.347f.6000

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec


Interface           Role S

*Mar  1 00:28:39.748: %SYS-5-CONFIG_I: Configured from console by consolets Cost

      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------


Fa0/23              Root FWD 19        128.25   P2p

Po1                 Altn BLK 100000    128.56   P2p




switch2#sh standby all

Vlan50 - Group 1

  State is Standby

    3 state changes, last state change 00:05:28

  Virtual IP address is 192.168.50.253

  Active virtual MAC address is 0000.0c07.ac01

    Local virtual MAC address is 0000.0c07.ac01 (v1 default)

  Hello time 3 sec, hold time 10 sec

    Next hello sent in 2.144 secs

  Preemption enabled

  Active router is 192.168.50.251, priority 105 (expires in 9.536 sec)

  Standby router is local

  Priority 100 (default 100)

    Track interface Port-channel1 state Up decrement 10

  Group name is "hsrp-Vl50-1" (default)

switch2#


Configuration of my switch1

hostname switch1

!

track 1 interface Port-channel1 line-protocol

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

interface FastEthernet0/4

description Connection_A_To_SW2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

interface FastEthernet0/5

description Connection_B_To_SW2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

interface FastEthernet0/23

description Connection_2960_SW3

switchport trunk encapsulation dot1q

interface FastEthernet0/24

description WAN_Link

no switchport

ip address 2.2.2.2 255.255.255.252

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

interface Vlan1

no ip address

shutdown

interface Vlan50

ip address 192.168.50.251 255.255.255.0

standby 1 ip 192.168.50.253

standby 1 priority 105

standby 1 preempt

standby 1 track 1 decrement 10

Configuration of my switch 2

Hostname switch2

track 1 interface Port-channel1 line-protocol

spanning-tree mode pvst

spanning-tree extend system-id

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

spanning-tree cost 100000

!

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

interface FastEthernet0/4

description Connection_A_To_SW1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface FastEthernet0/5

description Connection_B_To_SW1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

interface FastEthernet0/23

description Connection_2960_SW4

switchport trunk encapsulation dot1q

interface FastEthernet0/24

description WAN_Link

no switchport

ip address 2.2.2.1 255.255.255.252

interface Vlan1

no ip address

shutdown

interface Vlan50

ip address 192.168.50.252 255.255.255.0

standby 1 ip 192.168.50.253

standby 1 preempt

standby 1 track 1 decrement 10

!

monitor session 1 source interface Fa0/4

monitor session 1 destination interface Fa0/6

end

0 Helpful
Customers Also Viewed These Support Documents