Wired Intelligent Edge

 View Only
  • 1.  spanning-tree ignore-pvid-inconsistency

    Posted Nov 06, 2024 12:32 AM

    I inherited a network that have vlan inconsistency like the simplified diagram.

    There are basically two networks, A and B. They are separated by two firewalls, one goes to the internet and one goes between the two networks.

    The two networks connects to 4 data switches (HPE M Series) that basically where all servers and storage connects.  Core A vlan 10 maps to vlan 1 on Data switches.  Core B vlan 10 maps to vlan 2 on Data switches.  All switches run RPVST.

    We have been having issues between CoreB to Data3 and Data4 switches disconnects.  If I unplug and plug in those cables to Data3, it will show interface up for brief moment and then goes down.  Spanning tree shows port disabled and down.  It does not say blocking. Those ports are not interface disabled.  In the log, it doesn't say why those ports are down.

    Any ideas what may be causing this? Should spanning-tree ignore-pvid-inconsistency be turned on in this case?

    Also, previously we were having issue with 'hpe-pvstd crashed due to signal:6', and that has been fixed somewhat with firmware upgrades.



  • 2.  RE: spanning-tree ignore-pvid-inconsistency

    Posted Nov 06, 2024 07:11 AM

    Hello, IMHO such network topology - as it appears to me considering the attached image - is basically loop-free by design.

    The only device that could eventually close a loop between the two cores networks (Core A|B) is the Firewall 2 but, being a Firewall/Router, it is supposed that its downlinks to both core networks (Core A|B) are deployed through routed interfaces and no switching happens between them inside the Firewall (so no network loop could form through it).

    The VLAN ID mismatch you're observing between VLAN IDs defined on various HPE M switches and their corresponding Aruba CX 6400 Core (exactly the mismatch between pairs of peering ports PVIDs = Port Vlan IDs) - considering that the involved peer ports are all and only untagged on both ends so they are only Native(ly) untagged on a particular VLAN ID, their PVID <- and you exactly specified that by writing the "Access" mode of operation of those ports (otherwise, I add, no traffic will pass through that peer ports if they were tagged with different - non matching - VLAN IDs) - should not create issues to STP but only warnings (mismatches) which could be silenced, if necessary.

    That's to say that, in my opinion, the STP should not considered to be the root cause of the issue you're observing right now.

    Are you sure that the network topology is exactly that and there aren't hidden/undesired/unnoticed loops between, say, HPE M Series switches? as long as the topology is a real chain (Core A = Data Switches = Core B) there is no loop.




  • 3.  RE: spanning-tree ignore-pvid-inconsistency

    Posted Nov 07, 2024 01:56 PM

    Thank you for the quick response!

    I am in the process of verifying all the interface configurations.  What is a good way to find hidden/undesired/unnoticed loops?

    There are actually two more switches in the middle that are Cisco that we are trying to migrate from.  They are both running PVST. Are Cisco PVST compatible with Aruba and M-Series RPVST?

    Today I disabled and renabled spanning tree on Data-3 and Data-4 switches and the connection between Data-3 and Core B stayed on.  Sometime it will just go down and comes back up.  But Data-4 core Core B remained down.

    What are the CLI commands to see why ports went down for both Aruba switches and M-series switches?  If spanning tree was blocking, those interfaces will show "blocking' when I do "show span", but this is not the case.