We start with the original dia map (no colored links) to show the physical topology:
Let's start with the 'show spanning-tree vlan 11' command:
DS1:
We can see that under the Root ID section that this switch is the root and that all the ports are in the Designated - Forwarding state.
However, notice that neither of the Gigabit ports are listed. Only the FastEthernet ports are forwarding. So, here is the first time we are seeing an issue with the current configuration.
Documented on dia as such:
Over to DS2 now. Again, we start with the 'show spanning-tree vlan 11' command:
DS2:
On this switch, we can see that Fa0/13 is being used as the connection back to the root switch (DS1 in this case, now labeled on the dia map). Fa0/14 is blocking to prevent a loop between DS2 and AS1. Both connections from DS2 to AS2 are forwarding traffic. Since VLAN 11 is not on the Gigabit connection between DS1 and DS2, I have left the links black to show that they are physically connected but not involved in the spanning tree instance.
Next, AS1 and the 'show spanning-tree vlan 11' command:
AS1:
AS1 is behaving as expected. Interface Fa0/11 back to DS1 is the root port, Fa0/12 is blocking and Fa0/13 and Fa0/14 are designated ports back to DS2.
Last, let's head over to AS2 and run the 'show spanning-tree vlan 11' command:
On AS2, we see that only Fa0/23 and Fa0/24 are involved in the spanning tree instance for VLAN11. Here is the final map:
So, with the help of our dia map, we can see that traffic on VLAN 11 originating from AS2 has to go through two switches to get back to the root switch (AS2 to DS2 to AS1 to DS1). This is also confirmed by the Cost listed under the Root ID section of the 'show spanning-tree vlan 11' command on AS2. The cost of a FastEthernet link is 19 and there are 3 FastEthernet links back to the root, so 19 times 3 equals 57.
So, what is the cause of the problem? I would start with checking out the trunk configurations on each switch, but especially the trunk configuration on AS2.
Let's run the 'show interfaces trunk' command on each switch.
DS1
Here we can see that under the 'Vlans allowed on trunk' section that VLAN 11 is not allowed on Gi0/1 and Gi0/2 (which we documented on the map).
DS2
Same configuration on DS2. Under the 'Vlans allowed on trunk' section, VLAN 11 is not listed.
AS1
On AS1, VLAN 11 is allowed on all ports and that is also documented on the map (two designated ports, two blocking ports).
AS2
And here we can see that VLAN 11 is allowed on Fa0/23 and Fa0/24 (root port and blocking port), but that VLAN 11 is pruned from Fa0/21 and Fa0/22 (which are the direct links back to DS1).
Now, what about HSRP (aka the default gateway) out of VLAN 11?
Let's run the 'show standby vlan 11' command on DS1 and DS2:
DS1
Right away, we can see that DS1 is the 'Active' router for VLAN 11.
So for any traffic originating from AS2 on VLAN 11 and would need to leave the VLAN, the frames would be forwarded from AS2 to DS2 to AS1 to DS1. Not efficient at all!
So, what would be the best way to fix these problems?
VLAN 11 should be added to all the trunk links especially the Gigabit links between DS1 to DS2 and also the links between DS1 and AS2 so that AS2 as a direct link to the HSRP router (aka the default gateway).
VLAN 11 should match VLAN1 in this instance.
I hope you can see how using dia and a few IOS commands can show you how spanning tree is running and how looking at the trunk configuration is fundamental at fixing spanning tree configurations.
VLAN22 is up next.
Thank you for reading!
No comments:
Post a Comment