×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPC - Spanning Tree Loop

Unanswered Question
Jan 4th, 2012
User Badges:

Hello all,


We have a remote connection from our core 5k's to a 4506 at the remote building. Currently one connection is up and running fine in normal trunking mode. However, when we bring up the secondary connection we get a loop that brings down the connection. The exact error message from logs is:

Nexus 5548UP - %FWM-2-STM_LOOP_DETECT


I have read that if there is NIC bonding occurring at the remote site on some servers that this could be the issue. I understand that. However, my question is this:


Can I just create a VPC by bundling the the 2 connections from my two 5k's to the 4506 and eliminate spanning tree altogether? It seems that this would be a viable solution. VPC does, after all, eliminate spanning tree.


Assistance is greatly appreciated,

Bobby Grewal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rsimoni Wed, 01/04/2012 - 08:16
User Badges:
  • Cisco Employee,

Hi Bobby,


can you print the entire message you see? Are you sure that one link is disabled and not just dynamic learning?


the message usually goes:

%FWM-2-STM_LOOP_DETECT: Loops detected in the network among ports Po14 and Po12 vlan 204 - Disabling dynamic learn notificationsfor 180 seconds


Are you sure that you did not see something like that instead?


The error message means that the switch has disabled learning for a period of time, this happens because the MAC flaps more than a certain number of times in a set time period. When disabled no learning takes place, then it is re-enabled shortly after.


This flapping can be an indication of a L2 loop, or as you pointed out, from some kind of NIC teaming (dual-homed servers in active/active mode for instance) for which the same mac address is seen on 2 different ports (even which normally represents a l2 loop but not in this case).


What is connected, and how, to your 4506 exactly?


About your question, it is higly risk to disable STP and should not do that.

If we are facing a NIC teaming issue you should configure your server in active/standby mode.


Riccardo

bobby.grewal Wed, 01/04/2012 - 08:30
User Badges:

Riccardo,


Thanks for your quick reply. I've attached the log messages of when we brought up the secondary connection. I'll have to get with the customer on how the server(s) are connected to the 4506.


Thank you,

Bobby Grewal

rizwanr74 Wed, 01/04/2012 - 08:32
User Badges:
  • Gold, 750 points or more

Can you please copy and paste your VPC config on forum.

bobby.grewal Wed, 01/04/2012 - 11:15
User Badges:

On City Hall 4506:

interface Port-channel98

description Uplink to Nexus 5k-1 and 5k-2

switchport trunk encapsulation dot1q

switchport mode trunk


interface GigabitEthernet1/0/4

description Uplink to Nexus 5k-1 Ethernet1/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 99 mode active


interface GigabitEthernet1/0/6

description Uplink to Nexus 5k-2 Ethernet1/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 99 mode active


On Nexus 5k-1 and 5k-2:

interface port-channel99

description Connection to City Hall 4506

switchport mode trunk

vpc 99

switchport trunk allowed vlan 1-3,113,121-122,961-976,978,994-996,998-999

spanning-tree port type edge trunk

spanning-tree bpduguard enable

spanning-tree bpdufilter enable

speed 1000


interface Ethernet1/3

description Connection to City Hall 4506

switchport mode trunk

switchport trunk allowed vlan 1-3,113,121-122,961-976,978,994-996,998-999

channel-group 99 mode active


On Wed, Jan 4, 2012 at 11:33 AM, rizwanr74 <

rizwanr74 Wed, 01/04/2012 - 12:06
User Badges:
  • Gold, 750 points or more

Here is the bad news, VPC is supported on the Nexus platform but not over 4500 Catalyst platform.


Unless you use VSS on Catalyst and I believe VSS is supported on 6500 Catalyst platform not on 4500 Catalyst platform.


I hope this has been any help to understand the problem.

bobby.grewal Wed, 01/04/2012 - 12:12
User Badges:

Rizwan,


I'm not creating the VPC on the 4506, i'm creating it on the Nexus 5k's.


On Wed, Jan 4, 2012 at 3:06 PM, rizwanr74 <

rizwanr74 Wed, 01/04/2012 - 12:18
User Badges:
  • Gold, 750 points or more

That is correct and I understand that you are not configuring VPC on 4506.


however VPC redundancy works over Nexus platform alone, (not in between Nexus to 4506) otherwise it is just plan old etherChannel-ing.

rizwanr74 Wed, 01/04/2012 - 12:31
User Badges:
  • Gold, 750 points or more

Beside your port change interface mis match on On City Hall 4506:, should it be interace Port-Channel99 instead?


interface Port-channel98

rizwanr74 Thu, 01/05/2012 - 10:14
User Badges:
  • Gold, 750 points or more

Hi Bobby,


It is most likely issue with vpc peering and peer-link on primary and secondary on Nexus.

Also please make sure the vpc domain is identical on both Nexus and keep alive is configured properly.


Can you please copy your vpc configuration between two Nexus, the peer-link channel config, peer-keep-alive and vpc-domain name, and vrf context name from both Nexus.


The issue, might well be on the Nexus themselves.


Please make sure EtherChennel between two Nexus and 4506 are identical, as I see the port-channel mis-match.


Interface Port-Channel99


interface Port-channel98

rsimoni Wed, 01/04/2012 - 12:59
User Badges:
  • Cisco Employee,

Hey Bobby,


you already disabled SPT on your VPC towards the 4506.


spanning-tree port type edge trunk

  spanning-tree bpduguard enable

  spanning-tree bpdufilter enable


Why that?


Also, can you attach your vpc peer link config?


please also add

show vpc brief

and show vpc


PS: of course you can have a vpc between 2 Nexus' and a third switch which will see the 2 nexus as 1 single bridge. This is what multi chassis link aggregation (hence vpc) is all about...

Oleksandr Nesterov Tue, 01/10/2012 - 06:05
User Badges:
  • Cisco Employee,
  • Events Top Contributors,

    Cisco, 2014

Hi Bobby

What is connected to Po100, and how this port is configured? Can any part/device of your network be reached from n5k devices through both - po100 and po99?


Without knowing exact topology it's hard to say why we get message about STP_LOOP, but Riccardo is right - removing STP is very big risk,  because disaling it on of the affected links might lead you to a loop.

Regards,

Alex

Actions

This Discussion