cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3830
Views
5
Helpful
11
Replies

VPC - Spanning Tree Loop

shamg1974
Level 1
Level 1

Hello all,

We have a remote connection from our core 5k's to a 4506 at the remote building. Currently one connection is up and running fine in normal trunking mode. However, when we bring up the secondary connection we get a loop that brings down the connection. The exact error message from logs is:

Nexus 5548UP - %FWM-2-STM_LOOP_DETECT

I have read that if there is NIC bonding occurring at the remote site on some servers that this could be the issue. I understand that. However, my question is this:

Can I just create a VPC by bundling the the 2 connections from my two 5k's to the 4506 and eliminate spanning tree altogether? It seems that this would be a viable solution. VPC does, after all, eliminate spanning tree.

Assistance is greatly appreciated,

Bobby Grewal

11 Replies 11

rsimoni
Cisco Employee
Cisco Employee

Hi Bobby,

can you print the entire message you see? Are you sure that one link is disabled and not just dynamic learning?

the message usually goes:

%FWM-2-STM_LOOP_DETECT: Loops detected in the network among ports Po14 and Po12 vlan 204 - Disabling dynamic learn notificationsfor 180 seconds

Are you sure that you did not see something like that instead?

The error message means that the switch has disabled learning for a period of time, this happens because the MAC flaps more than a certain number of times in a set time period. When disabled no learning takes place, then it is re-enabled shortly after.

This flapping can be an indication of a L2 loop, or as you pointed out, from some kind of NIC teaming (dual-homed servers in active/active mode for instance) for which the same mac address is seen on 2 different ports (even which normally represents a l2 loop but not in this case).

What is connected, and how, to your 4506 exactly?

About your question, it is higly risk to disable STP and should not do that.

If we are facing a NIC teaming issue you should configure your server in active/standby mode.

Riccardo

Riccardo,

Thanks for your quick reply. I've attached the log messages of when we brought up the secondary connection. I'll have to get with the customer on how the server(s) are connected to the 4506.

Thank you,

Bobby Grewal

Can you please copy and paste your VPC config on forum.

On City Hall 4506:

interface Port-channel98

description Uplink to Nexus 5k-1 and 5k-2

switchport trunk encapsulation dot1q

switchport mode trunk

interface GigabitEthernet1/0/4

description Uplink to Nexus 5k-1 Ethernet1/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 99 mode active

interface GigabitEthernet1/0/6

description Uplink to Nexus 5k-2 Ethernet1/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 99 mode active

On Nexus 5k-1 and 5k-2:

interface port-channel99

description Connection to City Hall 4506

switchport mode trunk

vpc 99

switchport trunk allowed vlan 1-3,113,121-122,961-976,978,994-996,998-999

spanning-tree port type edge trunk

spanning-tree bpduguard enable

spanning-tree bpdufilter enable

speed 1000

interface Ethernet1/3

description Connection to City Hall 4506

switchport mode trunk

switchport trunk allowed vlan 1-3,113,121-122,961-976,978,994-996,998-999

channel-group 99 mode active

On Wed, Jan 4, 2012 at 11:33 AM, rizwanr74 <

Here is the bad news, VPC is supported on the Nexus platform but not over 4500 Catalyst platform.

Unless you use VSS on Catalyst and I believe VSS is supported on 6500 Catalyst platform not on 4500 Catalyst platform.

I hope this has been any help to understand the problem.

Rizwan,

I'm not creating the VPC on the 4506, i'm creating it on the Nexus 5k's.

On Wed, Jan 4, 2012 at 3:06 PM, rizwanr74 <

That is correct and I understand that you are not configuring VPC on 4506.

however VPC redundancy works over Nexus platform alone, (not in between Nexus to 4506) otherwise it is just plan old etherChannel-ing.

Beside your port change interface mis match on On City Hall 4506:, should it be interace Port-Channel99 instead?

interface Port-channel98

Hi Bobby,

It is most likely issue with vpc peering and peer-link on primary and secondary on Nexus.

Also please make sure the vpc domain is identical on both Nexus and keep alive is configured properly.

Can you please copy your vpc configuration between two Nexus, the peer-link channel config, peer-keep-alive and vpc-domain name, and vrf context name from both Nexus.

The issue, might well be on the Nexus themselves.

Please make sure EtherChennel between two Nexus and 4506 are identical, as I see the port-channel mis-match.

Interface Port-Channel99

interface Port-channel98

Hey Bobby,

you already disabled SPT on your VPC towards the 4506.

spanning-tree port type edge trunk

  spanning-tree bpduguard enable

  spanning-tree bpdufilter enable

Why that?

Also, can you attach your vpc peer link config?

please also add

show vpc brief

and show vpc

PS: of course you can have a vpc between 2 Nexus' and a third switch which will see the 2 nexus as 1 single bridge. This is what multi chassis link aggregation (hence vpc) is all about...

Hi Bobby

What is connected to Po100, and how this port is configured? Can any part/device of your network be reached from n5k devices through both - po100 and po99?

Without knowing exact topology it's hard to say why we get message about STP_LOOP, but Riccardo is right - removing STP is very big risk,  because disaling it on of the affected links might lead you to a loop.

Regards,

Alex

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: