Saturday, September 14, 2013

Hey, wait. There's a tree missing here!

Yesterday, while planning a network switch replacement, I noticed a little problem that could have been a big problem if that switch was moved up one spot in the network.

I'm recreating the problem on my home lab and walking through how it was found and how to fix it:

First, here is the lab topology using dia (http://dia-installer.de/):


Straight forward physical topology.

So, I started my planning session with a quick 'show vlan brief' to verify which VLANs were running on each switch.  For this lab, we'll have VLANs 1, 11, 22, 33 and 44.

AS2

AS3

All five VLANs are configured on both switches.

The next command I issued was 'show spanning-tree summary' to verify the path back to the root switch.

AS2

Using this command we see that AS2 is the root switch for all the spanning-tree instances.

AS3

Do you see the problem?

VLAN0022 is missing from spanning-tree!

As you can see from the 'show vlan brief' command, VLAN 22 is configured on the switch, but it doesn't have a spanning-tree instance.

To verify this, you can run a 'show spanning-tree vlan 22' command:


This was the first time I've ever ran into a VLAN not running spanning-tree.

So, what is causing the problem?

I first starting by looking at the trunks.  If a VLAN does not have at least one port using the VLAN on the switch, then the VLAN is shutdown to prevent a black hole.  So, I ran a 'show interfaces trunk' command on each switch to verify each VLAN was allowed on the trunk:

AS2

No problem on AS2.  All five VLANs are allowed on the trunk.

AS3

Same deal here.  All five VLANs are allowed on the trunk.

Again, what is causing the problem?

Next, I ran a simple 'show running-config' on the problem switch (AS3 in this lab).  I'm not gonna lie, I had to run through the running-config a few times before I noticed it:


Why this command was running on a production switch, I'll never know.  But we were relieved that this configuration was on a 'spoke' switch and not on a 'hub' switch and that there was only one uplink.  If this switch was a 'hub' switch or had a redundant trunk, a broadcast storm surely would have happened.

So, the simple solution:


Ran a 'show spanning-tree summary' to confirm there is now a spanning-tree instance for VLAN 22:


If you have any questions, please leave a comment.

Thank you for reading!