Re: Multiple Root Bridges for VLAN1

jflahert · ‎05-15-2006

Greetings,

I have an interesting problem with my switch environment. I have (2) 3550s acting as my distribution layer (labeled d1 and d2) and (3) 3548s acting at my access layer (labeled a1, a2 and a3). Each access switch has a single dot1q trunk link to 1 of the distribution switches (a1 and a3 link via gig-E to d1; a2 links via gig-E to d2). d1 and d2 have a single dot1q trunk link and a single routed link between them.

Currently, I am having an issue with VLAN1 on a few different levels.

Interface VLAN 1 is configured for HSRP on d1 and d2, with d2 being primary for HSRP and also it should be the root bridge for VLAN 1 (spanning-tree vlan 1 pri 4096).

First and most obvious to me when I first started looking at this problem (I recently started working at this company) is the the layer3 interface for VLAN 1 on d1 is showing down/down, even though there are trunk ports carrying VLAN 1 ok. I cannot see a reason the VLAN interface should be down/down. I have tried shutting and no shutting the interface with no luck.

The second problem is there are 4 switches (d1, d2, a1 and a3, recall both a1 and a3 have single dot1q trunks to d1) that all think they are the root bridge for VLAN1 even though I have the spanning-tree priority on d1 set lower to be root bridge. According to d1 spanning-tree, all the ports are in "DWN" status:

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi0/7 Desg DWN 4 128.7 P2p

Gi0/9 Desg DWN 4 128.9 P2p

Gi0/10 Desg DWN 4 128.10 P2p

Gi0/12 Desg DWN 4 128.12 P2p

The weird part to me is that I have ~25 VLANs configured over these trunks and the rest of them don't have a problem with finding the correct root bridge.

Has anyone seen such oddness when it comes to root bridge election or the problem with VLAN 1 being down? Perhaps some advice on what else to look for in the configs?

Thanks for any information.

-jflaherty

glen.grant · ‎05-15-2006

For your trunk links check to make sure Vlan 1 is allowed across the links on both ends of the link . It sounds like dist switch thinks it has no active links in vlan 1 so the dist. switches will put it in a down/down state. Could also account for spanning tree root problem. The dist switches need to see at least 1 active port in vlan 1 (switchport or a trunk link with vlan 1 allowed.)

jflahert · ‎05-15-2006

Thanks for the reply. I see VLAN 1 being trunked and allowed from both sides on multiple links, d1 to d2 and d1 to a3, so I would think the autostate would see this and have VLAN 1 on d1 UP/UP.

d1 - g0/12 (link to d2)

Port Vlans in spanning tree forwarding state and not pruned

Gi0/12 1,10-11,13-15,19-23,26,40-41,43-50,52-57,100-101

d2 - g0/12 (link to d1)

Port Vlans in spanning tree forwarding state and not pruned

Gi0/12 1,10-11,13-15,19-23,26,40-41,43-50,52-57,100-101

And finally, a3 - g0/1 (link to d1):

Trunking VLANs Active: 1,2,5-8,20,26,44-46,48,53

jflahert · ‎05-15-2006

Here are a few other oddities to throw into the mix:

1. I cannot access a1 via it's VLAN 1 IP address, as a1 cannot ping it's gateway (HSRP address of VLAN 1currently residing on d2). It cannot get an ARP for the gateway.

HOWEVER, I CAN access a3 via its VLAN 1 IP address and it has the same gateway as a1 and it can get an ARP entry for its gateway (obviously).

2. From d1, I cannot see a1 as a CDP neighbor, but sitting on a1 (via console as that is the only way into it) I CAN see d1 via CDP neighbor. I don't have CDP disabled anywhere, BTW.

-jflaherty

glen.grant · ‎05-15-2006

I would say possibly you might have a 1 sided link between d1 and a1 . You can still see cdp if you have one side and would account for not getting to to the switch. You could run cdp debug on both sides , you should see cdp packets going out and coming in in the debug , if not then more than likely it is one sided. Have seen this many times.

pciaccio · ‎05-15-2006

The reason your Int vlan 1 is down/down is that you are probably not using vlan 1 as your management vlan. If vlan 1 is not being used for the management then it will automatically shut itself down, you cannot bring it back up unless you specify it as the the management vlan again.Also to attempt to help you with your spanning tree issue. Are you actually running spnning tree on all your switches? Possibly the other switches are not negoitiating root bridge because stp is disabled on them or the ports facing the other switches...Some things to think about...

jflahert · ‎05-16-2006

Thanks for the replies all, Turns out the switch needed a reboot. Last night after modifying the VLAN database and VTP domain, the switch decided to reload it self with an "Unassigned Exception" and when it came back up all was fine. VLAN 1 was up/up, the root bridge priority was all sorted out and CDP was fine. Traffic passing normally.

-jflaherty