Hi Stainar
On Edge Ports, I usually have admin-edge and bpdu-guard enabled. Tcn-guard does in combination with bpdu-guard not make much sense as a TCN would be sent as a BPDU. Moreover, I would better avoid the (excessive) generation of TCNs instead of guarding against them by setting up edge ports properly (e.g. configure them as admin-edge). Loop-protect is an additional protection which makes sense in most cases.
On links to STP-enabled networking components (uplinks / downlinks / crosslinks), you may enable loop-guard but need to be careful that this only makes sense on links where you expect BPDUs to be arriving. Otherwise, you may encounter the problems you described earlier. On root-bridges I also would not activate loop-guard but only root-guard. Root-guard is meaningful on links where STP priority of the peer is worse (e.g. higher number).
Regards,
Thomas
Original Message:
Sent: 12/15/2023 3:08:00 AM
From: Steinar Grande
Subject: RE: 8365 VSX; CX 10.13 and spanning tree; not passing data
Would you agree on this?, for a general setting, in mixed edge switch,
connecting to endpoints, clients like servers/PC, and trunked switches (with multiple VLANs)?
Client/servers/access-ports: bpdu-guard; tcn-guard, loop protect
Uplink/switches/trunked[vlan]: loop-guard
------------------------------
Steinar
------------------------------
Original Message:
Sent: Dec 08, 2023 06:32 AM
From: thomasbnc
Subject: 8365 VSX; CX 10.13 and spanning tree; not passing data
Well, if my theory is correct that it was loop-guard, this requires that at least one BPDU arrived at the port/lag and then stopped arriving. That's exactly what triggers this function: Receiving BPDUs and then suddenly not anymore. So if you killed the lag, recreated it and so far no BPDU arrived, this will continue working. If ever BPDUs arrive and later on not anymore, you will most likely end up in the same situation. So better think about why you have loop-guard configured and whether this is meaningful.
Regards,
Thomas
Original Message:
Sent: 12/8/2023 5:38:00 AM
From: Steinar Grande
Subject: RE: 8365 VSX; CX 10.13 and spanning tree; not passing data
I had to delete the lag, before spanning tree blocking gave way,
i recreated the lag, and then it didn't come back, can't be right
------------------------------
Steinar
Original Message:
Sent: Nov 27, 2023 07:21 AM
From: thomasbnc
Subject: 8365 VSX; CX 10.13 and spanning tree; not passing data
I would say, although I found no evidence in any documentation, "loop-inc" means that you triggered the loop-guard in STP (Loop-Inc --> loop inconsistency). If loop-guard is active and BPDUs used to be received but are not received anymore, it triggers. This is to to avoid possible loops if suddenly, for whatever reason, BPDUs are not generated anymore on the other switch connected to this port.
Could you please share your topology to discuss about the best settings for STP?
Original Message:
Sent: Nov 27, 2023 06:16 AM
From: Steinar Grande
Subject: 8365 VSX; CX 10.13 and spanning tree; not passing data
Thanks, i try
but do you mean on both sides ?
and back to the core question:
What is : "Loop-Inc" ??
------------------------------
Steinar
Original Message:
Sent: Nov 27, 2023 06:05 AM
From: thomasbnc
Subject: 8365 VSX; CX 10.13 and spanning tree; not passing data
Thanks.
Why are you using loop-guard on the root-bridge? This seems to be the root cause of this behavior. Loop-guard is only meaningful on switches where you may have non-designated ports. On a root-bridge this is not the case by definition.
Try removing the config and see what happens.
If it still blocks, please share "show loop-protect" output.
Regards,
Thomas
Original Message:
Sent: 11/27/2023 5:34:00 AM
From: Steinar Grande
Subject: RE: 8365 VSX; CX 10.13 and spanning tree; not passing data
interface lag 42 multi-chassis
description MC Lag
no shutdown
no routing
vlan trunk native 11
vlan trunk allowed 11-12
lacp mode active
hash l4-src-dst
lacp rate fast
loop-protect
loop-protect vlan 11-12
spanning-tree loop-guard
spanning-tree root-guard
interface lag 25
description trunk to 8365
no shutdown
no routing
vlan trunk native 11
vlan trunk allowed 11-12
lacp mode active
hash l4-src-dst
loop-protect
loop-protect vlan 11-12
I see I have omitted the two last line:
spanning-tree loop-guard
spanning-tree root-guard
??
But that has been the general LAG setting there
------------------------------
Steinar
Original Message:
Sent: Nov 27, 2023 05:10 AM
From: thomasbnc
Subject: 8365 VSX; CX 10.13 and spanning tree; not passing data
Can you share the interface config of lag42, please? Is there a Spanning-Tree speakter (e.g. switch) behind lag42?
Regards,
Thomas
Original Message:
Sent: 11/27/2023 4:57:00 AM
From: Steinar Grande
Subject: 8365 VSX; CX 10.13 and spanning tree; not passing data
I cannot pass data in lag42,
What is : "Loop-Inc" ??
Core# sh spanning-tree vlan 11
VLAN11
Spanning tree status : Enabled Protocol: RPVST
Root ID Priority : 32768
MAC-Address: 02:01:00:00:01:00
This bridge is the root
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Bridge ID Priority : 32768
MAC-Address: 02:01:00:00:01:00
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
------------ -------------- ---------- -------------- ---------- ---------- ---------- ---------- ---------- ----------
lag42 Disabled Loop-Inc 400 64 P2P 8 4 0 2
lag256 Designated Forwarding 1 64 P2P 421868 421866 4 2
Number of topology changes : 3
Last topology change occurred : 246644 seconds ago
anyone ?
------------------------------
Steinar
------------------------------