cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2631
Views
0
Helpful
7
Replies

Spanning tree issue

dbuckley77
Level 1
Level 1

I am experiencing an issue where when I plug in a port which is set as an access port to vlan 114 it becomes the root port for another vlan on the switch vlan 9.  I have posted the config below.  to be very specific gi1/0/6 is access vlan 114 and gi1/0/11 is access vlan 9 (management for the switch).  With gi1/011 plugged in it is the root port for vlan 9.  When I plug i n gi1/0/6 it becomes the root port for vlan 9 even though it's not a member of vlan 9.  We are running pvst. 

 

CMAQ-3750G-1#sh run
Building configuration...

Current configuration : 7969 bytes
!
! Last configuration change at 09:23:51 EDT Fri Oct 13 2017 by *********
! NVRAM config last updated at 13:49:39 EDT Thu Oct 12 2017 by *********
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname CMAQ-3750G-1
!
boot-start-marker
boot-end-marker
!
!
username ********** password 7 055A054E3555405A0D12470000
!
!
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication login CONSOLE local
aaa authentication enable default none
aaa authorization exec default if-authenticated
!
!
!
aaa session-id common
clock timezone Eastern -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-12s
system mtu routing 1500
vtp domain **********
vtp mode transparent
ip routing
ip domain-name ************
ip name-server 10.100.5.11
ip name-server 10.100.6.4
ip dhcp excluded-address 10.100.113.1 10.100.113.5
ip dhcp excluded-address 10.100.113.9 10.100.113.254
ip dhcp excluded-address 10.100.114.1 10.100.114.5
ip dhcp excluded-address 10.100.114.9 10.100.114.254
ip dhcp excluded-address 10.100.112.1 10.100.112.5
ip dhcp excluded-address 10.100.112.9 10.100.112.254
!
ip dhcp pool vlan112
   network 10.100.112.0 255.255.255.0
   default-router 10.100.112.1
   dns-server 10.100.5.2 10.100.5.3
   domain-name nashua.city
!
ip dhcp pool vlan113
   network 10.100.113.0 255.255.255.0
   default-router 10.100.113.1
   dns-server 10.100.5.2 10.100.5.3
   domain-name nashua.city
!
ip dhcp pool vlan114
   network 10.100.114.0 255.255.255.0
   default-router 10.100.114.1
   dns-server 10.100.5.2 10.100.5.2
   domain-name nashua.city
!
!
login on-failure
login on-success
!
!
crypto pki trustpoint TP-self-signed-2415001216
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2415001216
 revocation-check none
 rsakeypair TP-self-signed-2415001216
!
!
crypto pki certificate chain TP-self-signed-2415001216
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32343135 30303132 3136301E 170D3933 30333031 30303031
  34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34313530
  30313231 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100D77E 568A4C6E 9C6EBC21 2A127083 D133AB16 B9BF741D 3487F382 7E980185
  0F505E13 DB3EE4A6 68FAAE56 5F711C50 4D435812 4670ED84 895D9367 9C4FCB66
  CF7B2B80 1DBFE7F4 A63C3C4D 2A4E72C0 9FA2F1D6 C8DCE88E 396F1137 C7DEB2F4
  CF6B2D64 AB2AFAA0 3D9991AB 0B127D06 EC523A40 799746A2 6C074285 25B87655
  230F0203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
  551D1104 1C301A82 18434D41 512D3337 3530472D 312E6E61 73687561 2E636974
  79301F06 03551D23 04183016 801424A2 95EBB4F1 68F2E8EC 1391FA0A A5415DB7
  5F35301D 0603551D 0E041604 1424A295 EBB4F168 F2E8EC13 91FA0AA5 415DB75F
  35300D06 092A8648 86F70D01 01040500 03818100 A7821A61 0E0A43D8 A8B86983
  5BA37197 2171C1C3 83DAC90B 9BE0EF21 45B3A8E8 8B50150A 6304EC35 31A9A222
  C1E7F95D F56FEDBB 46D952A4 C4A6792A D3263C7A 97ABAFC2 68545047 132B28FB
  D5CB814C DAC6A97B EE865B20 006A12C9 E306E2DD A6959CFA F23187E2 F883623C
  39126B5C 1B956C76 8DFDB45C 7910D5FC DB0AEABC
  quit
!
!
!
!
spanning-tree mode pvst
spanning-tree logging
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 112-114 priority 8192
spanning-tree vlan 112-113 max-age 35
!         
vlan internal allocation policy ascending
!
vlan 9
 name Interconnect
!
vlan 112-114
!
!
!
interface GigabitEthernet1/0/1
 description Corridor 4
 switchport access vlan 113
!
interface GigabitEthernet1/0/2
 description Corridor 5
 switchport access vlan 113
!
interface GigabitEthernet1/0/3
 description Corridor 11
 switchport access vlan 113
!
interface GigabitEthernet1/0/4
 description Corridor 9
 switchport access vlan 113
!
interface GigabitEthernet1/0/5
 description Corridor 1
 switchport access vlan 114
!
interface GigabitEthernet1/0/6
 description Corridor 2
 switchport access vlan 114
!
interface GigabitEthernet1/0/7
 description Corridor 3
 switchport access vlan 114
!
interface GigabitEthernet1/0/8
 description Corridor 8
 switchport access vlan 114
!
interface GigabitEthernet1/0/9
 description ***********
 switchport trunk native vlan 112
!
interface GigabitEthernet1/0/10
 switchport access vlan 113
 switchport mode access
!
interface GigabitEthernet1/0/11
 description CH-CORE-4506-01
 switchport access vlan 9
 speed 1000
!
interface GigabitEthernet1/0/12
 description Traffic-Main-2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 9
 switchport trunk allowed vlan 9,112-114
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan9
 ip address 10.100.9.5 255.255.255.0
 ip access-group 110 in
!
interface Vlan112
 ip address 10.100.112.2 255.255.255.0
 no ip redirects
 standby 1 ip 10.100.112.1
 standby 1 priority 150
 standby 1 preempt delay minimum 3
!
interface Vlan113
 ip address 10.100.113.2 255.255.255.0
 no ip redirects
 standby 1 ip 10.100.113.1
 standby 1 priority 150
 standby 1 preempt delay minimum 3
!
interface Vlan114
 ip address 10.100.114.2 255.255.255.0
 no ip redirects
 standby 1 ip 10.100.114.1
 standby 1 priority 150
 standby 1 preempt delay minimum 3
!
router ospf 1
 router-id 10.100.9.5
 log-adjacency-changes
 passive-interface default
 no passive-interface Vlan9
 no passive-interface GigabitEthernet1/0/11
 network 10.100.9.0 0.0.0.255 area 0
 network 10.100.112.0 0.0.0.255 area 0
 network 10.100.113.0 0.0.0.255 area 0
 network 10.100.114.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.9.1
no ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
!
ip radius source-interface Vlan9
logging origin-id hostname
logging source-interface GigabitEthernet1/0/11
logging 10.100.6.23
logging 10.100.6.20
logging 10.100.6.56
access-list 5 permit 10.100.5.114
access-list 5 permit 10.100.5.40
access-list 5 permit 10.100.5.34
access-list 5 permit 10.100.6.11
access-list 5 permit 10.100.6.30
access-list 5 permit 10.100.6.23
access-list 5 permit 10.100.2.0 0.0.0.255
access-list 5 permit 10.100.95.0 0.0.0.63
access-list 99 deny   any
access-list 99 remark Drop OSPF routes
access-list 110 permit ip 10.100.95.0 0.0.0.63 any
access-list 110 permit ip host 10.100.5.34 any
access-list 110 permit ip 10.100.107.0 0.0.0.255 any
access-list 110 permit udp host 10.100.2.253 any eq ntp
access-list 110 permit ip host 10.100.6.19 any
access-list 110 permit ip host 10.100.6.23 any
access-list 110 permit icmp host 10.100.6.110 any
access-list 110 permit ip 10.100.9.0 0.0.0.255 host 10.100.9.5
access-list 110 permit ip host 10.100.6.45 any
access-list 110 permit ospf any host 224.0.0.5
access-list 110 permit ospf any host 224.0.0.6
access-list 110 permit udp host 10.100.5.11 any
access-list 110 permit ip host 10.100.5.114 any
access-list 110 permit udp host 10.100.6.4 any
access-list 110 permit udp host 10.100.5.5 any
access-list 110 permit ip host 10.100.5.17 any
access-list 110 permit ip host 10.100.6.21 any
access-list 110 permit icmp host 10.100.6.17 any
access-list dynamic-extended
snmp-server community cw2000anyone RO
snmp-server location "City Hall - 2nd Floor Equipment Room, left"
radius-server host 10.100.5.5 auth-port 1812 acct-port 1813 key 7 0208244803132F134D4A000C16
radius-server timeout 6
!
banner login ^C
*************** Property - Authorized Users Only
Un-authorized tampering with this equipment is punishable by law
Do not attempt to login if you are not authorized
.
'^C
!
line con 0
 login authentication CONSOLE
line vty 0 4
 session-timeout 30
 access-class 5 in
 privilege level 15
 transport input ssh
line vty 5 15
!
ntp clock-period 36029413
ntp server 10.100.5.11
end

7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Right now, gi1/0/11is the STP root? For all vlans or just vlan 9?
As per the description of this port, it seems normal because you should have a core switch connected?

Is this switch the core switch?
You need to manage the priority stp for each vlans on each switches. If not set then the default 32768 value gonna be the priority.
If you want this switch to stay root STP for this vlan, you need to configure it using stp priority commands as you did use for other vlans.

On all ports facing clients (trunk or access as soon as it's a client port), you can configure the spanning-tree root guard to make sure the device that'll be connected to that port will never become root STP.
They're also other commands that you can implement to control your STP like bpdufilter and bpduguard

What are connecting to port Gig1/0/9?
Is it a switch?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

gi1/0/11 is only the root port for vlan 9,  not the other vlans

 

This is not a core switch.  The core switch is what's on the other end of gi1/0/11.

 

gi1/0/9 is connected to another switch.

The core switch is the one connected to g1/0/11. This is what I bet when reading the description.

How the STP is configured there?

Is it normal that this switch is root for some vlans?

 

On port g1/0/9, have you applied the STP config root guard and/or bpdufilter?

Not bpduguard as it will block the port as soon as it receives BPDU. Root guard will also block the port is the received priority is higher than the actual switch.

 

You have to configure your priority on this switch to ensure no one is gonna be the root. What priority is set on the new switch you're trying to connect?

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

int gi1/0/9 is not an issue, int gi1/0/6 is .   when gi1/0/6 is plugged in it takes over the role of root port for vlan 9 which was previously int gi1/0/11

 

pvstp is setup

So sorry, Yes same questions apply for g1/0/6. What's connected to it? how it is setup? ... Same questions as previous post

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

There is a good chance that g1/0/6 is coming up as a trunk port which is causing the issue. Try adding "switchport mode access" to the interface configuration and make sure the connecting device will not also try to negotiate as a trunk.

Also, if it is indeed connecting to another switch, make sure you don't have a loop in the network.

 

Hope this helps

johnd2310
Level 8
Level 8

Hi,

 

Your ports are probably in trunk mode. If you need to configure access ports, you need to explicitly  specify "switchport mode access" on all access ports.

what is the output of the following command on gi1/0/6:

"show interfaces gi1/0/6 switchport"

look for the "Administrative Mode: and Operational Mode:" 

 

Thanks

John

**Please rate posts you find helpful**
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: