l00k3r_53179
Apr 23, 2013Nimbostratus
MSTP issue with Cisco switch
Good morning everybody,
After months of passive reading, the time has come for my first forum post.
Hope this is the right section for this topic.To simplify my topology, I have an F5 3600 equipped with TMOS 10.2.4-build577, connected to a Cisco 2960 switch with two dot1q links: the former (VLAN 603) communicates with the public firewall, the latter (VLAN 600) with the private firewall.
I need Spanning tree because, actually, there are two LTM appliances in Active/Passive mode connected to the same switch stack.
Both F5's suffer the very same condition.
I previously tried with RSTP, but switched to MSTP hoping that separated instances would help.
On the surface, the second cable is blocking.
Some data might help:
- F5:
root@F5(Standby)(tmos) list net stp-globals
net stp-globals {
config-name MSTP-PFQ-PUB
config-revision 1
mode mstp
}
root@F5(Standby)(tmos) show running-config net stp
net stp 0 {
priority 49152
}
net stp 1 {
interfaces {
1.5 {
external-path-cost 20000
internal-path-cost 20000
}
}
priority 49152
vlans {
600
}
}
net stp 2 {
interfaces {
1.7 {
external-path-cost 20000
internal-path-cost 20000
}
}
priority 49152
vlans {
603
}
}
[root@F5:Standby] config bigpipe stp
STP MODE mstp
| Forward delay 15 Hello time 2 Max age 20 Transmit hold 6
| Max hops 20 Revision 1 ID MSTP-PFQ-PUB
+-> STP INSTANCE 0 priority 49152 root bridge 04:DA:D2:CC:B0:00
| | regional root bridge 00:01:D7:BE:E5:40
| | No topology changes
none+-> STP INSTANCE 1 priority 49152 regional root bridge 00:01:D7:BE:E5:40
| | No topology changes
| +-> STP VLAN 1/Int_Interco_Pub
| +-> STP INTERFACE 1/1.5
| | path cost 20000 priority 128 role master
| | state forward (forward) link p2p not edge - auto
+-> STP INSTANCE 2 priority 49152 regional root bridge 00:01:D7:BE:E5:40
| No topology changes
+-> STP VLAN 2/Ext_Interco_Pub3
+-> STP INTERFACE 2/1.7
| path cost 20000 priority 128 role alternate
| state block (block) link p2p not edge - auto
- Cisco:
Switchshow version
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
Switchshow spanning-tree mst configuration
Name [MSTP-PFQ-PUB]
Revision 1 Instances configured 3
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-400,402-510,512-599,601-602,604-4094
1 401,511,600
2 603
-------------------------------------------------------------------------------
Switchshow spanning-tree vlan 600
MST1
Spanning tree enabled protocol mstp
Root ID Priority 1
Address 04da.d2cc.b000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address 04da.d2cc.b000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 20000 128.1 P2p
Po3 Desg FWD 20000 128.240 P2p
Gi2/0/2 Desg FWD 20000 128.56 P2p
Note: g1/0/1 is connected to F5 n.1, g2/0/2 to F5 n. 2 and po3 to the private firewall
Switchshow spanning-tree vlan 603
MST2
Spanning tree enabled protocol mstp
Root ID Priority 2
Address 04da.d2cc.b000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 2 (priority 0 sys-id-ext 2)
Address 04da.d2cc.b000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/7 Desg FWD 20000 128.7 P2p
Po5 Desg FWD 20000 128.256 P2p
Po6 Desg FWD 20000 128.264 P2p
Gi2/0/8 Desg FWD 20000 128.62 P2p
Note: g1/0/7 is connected to F5 n. 1, g2/0/8 to F5 n. 2 and po5-6 to the public firewall.
The thing that really confuses me is that it seems to me that both devices think to be root bridge, but the switch has the lowest priority.
The same does not happen in an almost identical topology with Juniper switch.
Maybe I misconfigured anything?
Did anybody ever face a similar issue? Thanks in advance.