Hi

Are you sure that STP is not blocking on any of your switches. Could you post

"sh spanning-tree vlan 99" (IOS)

or

"sh spantree 99" (CatOS)

from all 3 switches.

Edit - In answer to your question if you if do not allow a vlan across a trunk link then it will stop STP from running across that trunk link for that vlan. But STP should be blocking on one it's ports for vlan 99.

Jon

Just to add to what Jon said, you can disallow the native VLAN. But beware a nasty bug in all CatOS and early versions of IOS. In those versions, if you disallow the native VLAN on the trunk, then it also blocks Spanning-Tree BPDUs on VLAN 1. That can cause a network meltdown on VLAN 1, depending on your topology. Believe me ... it happens!

But I agree with Jon: it is very strange if all your switches are forwarding VLAN 99 on all trunks. That itself would normally lead to a meltdown. Just to confirm, are you using PVST+?

Please also check you do not have bdpufilter on your trunks. bpdufilter is one of the most dangerous and most abused commands I know. It should be used only when absolutely necessary.

Kevin Dorrell

Luxembourg

Thanks Jon and kevin.

I didn't limit native vlan specifically. the configuration is as below：

one side is an IOS Switch:

interface GigabitEthernet0/52

description ---To JC-6506-5/2---

switchport trunk encapsulation dot1q

switchport trunk native vlan 900

switchport trunk allowed vlan 12,22,28

switchport mode trunk

switchport nonegotiate

KS-3560-P# sh spanning-tree vl 900

VLAN0900

Spanning tree enabled protocol ieee

Root ID Priority 33668

Address 001b.5440.3480

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33668 (priority 32768 sys-id-ext 900)

Address 001b.5440.3480

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi0/47 Desg FWD 4 128.47 P2p

Gi0/48 Desg FWD 4 128.48 P2p

Gi0/49 Desg FWD 4 128.49 P2p

Gi0/50 Desg FWD 4 128.50 P2p

Gi0/51 Desg FWD 4 128.51 P2p

------------------

another side is a catOS

------------------

Cat6509> (enable) sh trunk 5/2

* - indicates vtp domain mismatch

Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------

5/2 on dot1q trunking 900

Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------

5/2 12,22,28

Port Vlans allowed and active in management domain

-------- ---------------------------------------------------------------------

5/2 12,22,28

Port Vlans in spanning tree forwarding state and not pruned

-------- ---------------------------------------------------------------------

5/2 12,22,28

Cat6509> (enable) sh spantree 5/2

Port Vlan Port-State Cost Prio Portfast Channel_id

------------------------ ---- ------------- --------- ---- -------- ----------

5/2 12 forwarding 4 32 disabled 0

5/2 22 forwarding 4 32 disabled 0

5/2 28 forwarding 4 32 disabled 0

---------------------

Does it mean IOS switch can't block native vlan forwarding, but CatOS switch block native vlan forwarding

Since native vlan is not used in real world, maybe it didn't produce bad effort.