Wired Intelligent Edge

Hello alltogether,

I have a strange problem in our network. We have 3 STP root bridges in our network.

Below you can find the show spanning-tree output. What I want is, that switch3 will be the only root bridge. We had the problem that the network never has been designed and switch1 was the elected root bridged since the beginning (old switch). Now that switch2 oder switch3 came to the network.

I tried to use the command spanning-tree root priority 15 on Switch1 and switch2 and priority 15 on switch3, in order to tell them who is the root bridge, but this did no work. It feels like the older switch keeps root, because it has an much older mac address and ignores the priorities...

We have some more switches with such old mac address and if I disable STP on switch1, these other old switches with a mac-address of 001cXXXXXX becomes root bridge...

I hope somebody can tell me what to do. Do I need to work with pathcosts? Or root guard?

I also attached a simple topology of the affected devices.

Best Regards

MarBen

Switch1 (old switch):

  STP Enabled   : Yes
  Force Version : MSTP-operation
  IST Mapped VLANs : 1-4094
  Switch MAC Address : 001c2e-bebb00
  Switch Priority    : 61440
  Max Age  : 20
  Max Hops : 20
  Forward Delay : 15

  Topology Change Count  : 1
  Time Since Last Change : 16 hours

  CST Root MAC Address : 001c2e-bebb00
  CST Root Priority    : 61440
  CST Root Path Cost   : 0
  CST Root Port        : This switch is root

  IST Regional Root MAC Address : 001c2e-bebb00
  IST Regional Root Priority    : 61440
  IST Regional Root Path Cost   : 0
  IST Remaining Hops            : 20

Switch2 (new switch):

STP Enabled   : Yes
  Force Version : MSTP-operation
  IST Mapped VLANs : 1-4094
  Switch MAC Address : 308d99-4e8500
  Switch Priority    : 32768
  Max Age  : 20
  Max Hops : 20
  Forward Delay : 15

  Topology Change Count  : 4
  Time Since Last Change : 51 days

  CST Root MAC Address : 308d99-4e8500
  CST Root Priority    : 32768
  CST Root Path Cost   : 0
  CST Root Port        : This switch is root

  IST Regional Root MAC Address : 308d99-4e8500
  IST Regional Root Priority    : 32768
  IST Regional Root Path Cost   : 0
  IST Remaining Hops            : 20

Switch3 (new switch):

 STP Enabled   : Yes
  Force Version : MSTP-operation
  IST Mapped VLANs : 1-4094
  Switch MAC Address : 308d99-432200
  Switch Priority    : 61440
  Max Age  : 20
  Max Hops : 20
  Forward Delay : 15

  Topology Change Count  : 73
  Time Since Last Change : 16 hours

  CST Root MAC Address : 308d99-432200
  CST Root Priority    : 61440
  CST Root Path Cost   : 0
  CST Root Port        : This switch is root

  IST Regional Root MAC Address : 308d99-432200
  IST Regional Root Priority    : 61440
  IST Regional Root Path Cost   : 0

If these switches are in single L2 broadcast domain, it seems like there's no connectivity (or ports are blocked , admin edge / bdpu guard)

If these switches are coupled using L3 links (i.e. routing) multiple spanning tree domains are generated by design.

Hello.  It would appear that the two other switches in the topology you attached (Room1/Distri & Room2/Core) are not forwarding STP BPDUs.  When a switch running STP sees no other BPDUs it elects itself the root bridge.  Depending on what you're trying to do you could enable STP on those switches as well then you should get one bridge elected root.

The switch with the lowest configured priority should be elected root.  Lowest mac-address is the tie breaker.  You can lower the priority multiplier (8 is default) to prefer a bridge be the root. 

You shouldn't need to configure anything else.

Hello,

thanks for your answers :)

I think this one was a good hint: I checked the running-config of the switch that should be the root bridge and saw, that bpdu-filter is active on the following trunks:

spanning-tree
spanning-tree Trk1 priority 4 bpdu-filter -> Unnamed switch in Room2, STP enabled and no bpdu-filter)
spanning-tree Trk2 priority 4 bpdu-filter -> other switch where also another unwanted STP domain exists
spanning-tree Trk3 priority 4 bpdu-filter -> Unnamed switch in Room1, STP enbled and no bpdu-filter)
spanning-tree Trk4 priority 4 bpdu-filter -> other switch where also antoher unwanted STP domain exists
spanning-tree Trk5 priority 4 bpdu-filter -> Distributed-Trunk partner
spanning-tree Trk8 priority 4
spanning-tree Trk17 priority 4
spanning-tree priority 0

Unfortunately I can not deactivate the BPDU-Filter because distributed trunking is active on these ports, which makes sense, cause otherwise loops may occur?

I just uploaded a new topology map, because I know think it is important in order to solve the problem.

We planned to implement two switches (5406) to be our core and set them um with distributed trunking.

I'm not an networking expert and mostly followed such configuration tips: http://community.hpe.com/t5/ProCurve-ProVision-Based/Setting-up-ISC-and-distibuted-trunking/m-p/6692929

Here is the main of the configuration code:

Switch 3 (should be the root bridge)
trunk A1 trk1 dt-lacp
trunk A2 trk2 dt-lacp
trunk A3 trk3 dt-lacp
trunk A4 trk4 dt-lacp
trunk A5 trk5 dt-lacp
trunk A8 trk8 lacp
trunk B7 trk17 lacp
switch-interconnect trk8
interface Trk1
 unknown-vlans disable
 exit
interface Trk2
 unknown-vlans disable
 exit
interface Trk3
 unknown-vlans disable
 exit
interface Trk4
 unknown-vlans disable
 exit
interface Trk5
 unknown-vlans disable
exit
vlan 1024
name "Keepalive Switch 4"
untagged B8
ip address 10.100.1.6 255.255.255.0
exit
spanning-tree
spanning-tree Trk1 priority 4 bpdu-filter
spanning-tree Trk2 priority 4 bpdu-filter
spanning-tree Trk3 priority 4 bpdu-filter
spanning-tree Trk4 priority 4 bpdu-filter
spanning-tree Trk5 priority 4 bpdu-filter
spanning-tree Trk8 priority 4
spanning-tree Trk17 priority 4
spanning-tree priority 0
no tftp server
tftp server listen data
distributed-trunking peer-keepalive vlan 1024
distributed-trunking peer-keepalive destination 10.100.1.5



Switch 3# show switch-interconnect
Port : Trk8
Status : Up
Active VLANs : 1,110,120,130,404,666

Switch 4

trunk A1 trk1 dt-lacp
trunk A2 trk2 dt-lacp
trunk A3 trk3 dt-lacp
trunk A4 trk4 dt-lacp
trunk A5 trk5 dt-lacp
trunk A8 trk8 lacp
trunk B7 trk17 lacp
switch-interconnect trk8
interface Trk1
 unknown-vlans disable
 exit
interface Trk2
 unknown-vlans disable
 exit
interface Trk3
 unknown-vlans disable
 exit
interface Trk4
 unknown-vlans disable
 exit
interface Trk5
 unknown-vlans disable
exit
vlan 1024
name "Keepalive Switch 3"
untagged B8
ip address 10.100.1.5 255.255.255.0
exit
spanning-tree
spanning-tree Trk1 priority 4 bpdu-filter
spanning-tree Trk2 priority 4 bpdu-filter
spanning-tree Trk3 priority 4 bpdu-filter
spanning-tree Trk4 priority 4 bpdu-filter
spanning-tree Trk5 priority 4 bpdu-filter
spanning-tree Trk8 priority 4
spanning-tree Trk17 priority 4
spanning-tree priority 15
no tftp server
tftp server listen data
distributed-trunking peer-keepalive vlan 1024
distributed-trunking peer-keepalive destination 10.100.1.6

Thanks for your time and tipps. I really appreciate this.

Best

Marben

Hi,

I just solved it. The solution: I first used dt-lacp in order to create redundant switch pathes, but I did not read, to use this for servers to switches only. So I changed the uplinks to lacp and disabled the bpdu-filter on them. Now the priority 0 switch is our only root bridge. Thanks again for the hint.

Best

Marben