We are now on to VLAN 44 which will show just how useful making a spanning tree map in dia can be.
Just like on the previous posts, here is the original physical layer map:
And once again, let's start with the 'show spanning-tree vlan 44' command on DS1:
Next, the 'show spanning-tree vlan 44' command on DS2:
On DS2, we can see that all six trunks are forwarding VLAN 44 and that DS2 is the root switch. The updated dia map is:
Forwarding on to AS1 and the 'show spanning-tree vlan 44' command:
Here, we can see that only two of the four links are being used for VLAN 44. Fa0/13 is the root port back to DS2 and Fa0/14 is blocking to prevent a loop. Of course, we document this on the map adding the circled-x on the end of the blocking port:
Last, we head over to AS2 and run the 'show spanning-tree vlan 44' command:
Now, we have some interesting information shown here. Notice, AS2 believes it is the root switch for VLAN 44. But we documented that DS2 is the root switch. How is possible?
It is possible because AS2 doesn't have a connected neighbor using VLAN 44, but AS2 does have an active port on VLAN 44 (Fa0/21 and Fa0/22). Since AS2 does not have a neighbor using VLAN 44 on their trunks (and AS2 is not using Fa0/23 or Fa0/24 on its trunk links up to DS2), AS2 believes it is the root switch for the VLAN.
Once we document this misconfiguration on the dia map, it becomes very clear. Remember, I use the blue links to indicate that the VLAN is not on one end of the trunk link and the circled-x is used to indicate with end of the link the VLAN is not available on.
Because there are zero green links coming from AS2, it is clear that AS2 is cut off from the rest of the network on VLAN 44.
Now that Layer 2 is documented, let's verify where the HSRP Active router for the VLAN is located. First, the 'show standby vlan 44' on DS1:
DS1 appears to the Standby router indicated by the 'State is Standby' and the 'Standby router is local' lines. Let's verify that DS2 is indeed the Active HSRP router.
And DS2 is the Active router. So, the finished map shows as:
---
Let's take a look at the finalized maps for each VLAN:
VLAN 1
VLAN 44
So, now that we have our finalized maps, what would be some options to repair and optimize the current configurations?
At the beginning, I wrote that the odd numbered VLANs (1, 11 and 33) were going to use DS1 as the root switch for spanning tree and use DS1 as the HSRP Active Router and that the even numbered VLANs (22 and 44) were going to use DS2 as the root switch for spanning tree and use DS2 as the HSRP Active Router. Additionally, when there are dual uplinks, I think it makes much more sense to utilize EtherChannels (logically combining two or more connections into a single connection). EtherChannels optimize bandwidth (more connections toward the root switch) and simplifies the spanning tree instance (no blocking ports towards the root switch).
First off, this might be an opportune time to change the spanning tree protocol to rapid-pvst (rapid per VLAN spanning tree).
So, let's start there. On each switch, we run the command 'spanning-tree mode rapid-pvst' in configuration mode:
When we change the spanning tree mode type, the spanning tree instance will need to reconverge and since the other switches are still in Per VLAN Spanning Tree (pvst), we will have to wait through the Listening and Learning stages before moving along to each switch.
We can see that the HSRP sessions break down as well. Once spanning tree has reconverged, the HSRP sessions reconnect and routing is back online. Once all four switches are running rapid-pvst, the following configuration changes will update the spanning tree much quicker.
Secondly, we will need to configure the trunk links to be identical (all the VLANs will need to be allowed on all the trunks).
The easiest way to do this is to use a range command on each switch that adds the line 'switchport trunk allowed vlan 1,11,22,33,44'
We can use the dia map to find out which ports can be added to the 'interface range' command instead of having to go through each port individually. Remember, when a trunking command is added or changed, spanning tree will reconverge. Obviously, this type of work needs to be done off-hours since the convergence will temporarily take down each VLAN.
Once each switch has identical allowed VLANs, it's time to plan our EtherChannels. Again, dia can be used to help with this planning as well.
Under the SDL group of icons in dia, there is a circle that can be used to indicate an EtherChannel.
We can add the circles and change the shape into an oval and add a label to plan out the EtherChannel port numbers so the numbers don't overlap on the same switch.
There are a few different ways to configure EtherChannels (which will be a topic for another series). So, for this article, let's just choose a quick configuration and move along. Also, remember that when you change the configuration on one end of the links, the ports will go down until the other end is configured. So, it is best to start with the remote end first so that you don't "cut your own arm off".
One of the many goofy things about spanning tree is that the 'priority' setting is backwards (at least in my way of thinking). The switch with the LOWEST priority is the root switch (which is the opposite in the HSRP configuration).
Spanning Tree = lowest priority is the root switch
HSRP = highest priority is the root switch
So, when I set up a spanning-tree priority, I like to set the root switch with a priority of 4096, the secondary switch with a priority of 8192 and the other switches with a priority of 40960.
For DS1:
We can verify that spanning tree and HSRP are working as planned with the 'show spanning-tree summary' and 'show standby brief' commands:
We can see that DS1 is the Root bridge (root switch) for VLANs 1, 11 and 33 and is also the Active router for VLANs 1, 11 and 33.
DS2 confirms that it is the Root bridge (root switch) for VLANs 22 and 44 and is also the Active router for VLANs 22 and 44.
Now that we have the rapid-pvst running, the trunks configured, EtherChannels set up and the spanning tree priorities configured, our final maps look like this:
Odd numbered VLANs (1, 11, 33):
---
I sincerely hope that you download and become comfortable with using dia and that this series has been helpful to you in learning, configuring and troubleshooting trunks and spanning-tree instances.
Thank you for reading!
