Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Error-Disable Propagation

Status
Not open for further replies.

JDaggett

Technical User
Sep 19, 2008
6
US
We have a mixed-vendor environment with Cisco on the edge and Nortel in the core. We are experiencing issues with an Error-Disable link shutdown on one Cisco edge switch being propagated through to every-single Cisco edge switch in the shop. More details, diagrams and a theory are in the attached link. Any suggestions or hints would be appreciated.

Thanks
 
To honest I have never heard of that and would be surprised you are getting the error you are getting if you forced the channel on like you have. Without seeing the config it would be hard to speculate . So you have 50 port channels defined on your cisco core ? Perhaps you could post the config minus any important stuff.
 
Just to update my own question;

I have found a decent document from Cisco that discusses some of this. That document is here;


According to this document, “Etherchannel Misconfiguration” is a proprietary Cisco thing related to spanning-tree and BPDU processing (not CDP).

I have not yet digested the whole enchilada, but I think that the bottom-line is that I will need to explicitly turn off spanning-tee on the Etherchannel uplink trunks on all of my Cisco edge switches. I do not believe that this should be a Big Deal, because a) spanning-tree sucks the wazoo anyway; b) My Nortel core switch using SMLT disables STP on itself also, so it is no great loss; c) Nortel has its own proprietary (non-STP) loop detection system they call Simple Loop Prevention Protocol (SLPP) which I should be able to use to protect these uplink trunks. The Nortel SLPP system is based in the core, and doesn't require edge processing, so it should work much better anyway.

BTW, I have previously discovered that Cisco's VLAN-tagged BPDU are not processed by the Nortel 8600 core switch properly at the best of times (even on a single link with STP active), which is probably why these Cisco BPDU end up spanning my universe and screwing up unrelated Cisco edge switches.

IMHO the world would be a much better place today if the person who invented spanning-tree had been strangled as a baby.
 
haha, I love spanning tree! I can see how different vendors it could be weird setting up, but it's a great insurance policy. If some new tech plugs something in wrong one time, you'll find out why STP is used by everyone. :)

Have you tried using cst not pvst on the ciscos? Also, are those etherchannel links trunks? How many vlans are on those etherchannel links?
 
I agree I wouldn't turn off spanning tree , one person plugging in a wrong wire and down goes your whole network.
 
Just as a conclusion to this;

After much study though many manuals I have determined that this catastrophic effect is, in fact, caused by a fundamental incompatibility between Cisco proprietary features (PVST+ and EtherChannel Guard) and the IEEE 802.1q VLAN trunking standard.

Because 802.1q only supports 1 STP instance, Cisco’s per-VLAN BPDU are (in effect) “tunneled” through the 802.1q STP instance on the “Native VLAN”. This means that all Cisco devices running PVST end up being logically adjacent to each other. Because EtherChannel Guard examines BPDU to determine if the EC is healthy, a loop-type failure in one Cisco edge device is transferred through the network cloud to all the other Cisco edge devices because of the per-VLAN BPDU “tunneling” and logical adjacency.

In our case, we MUST use 802.1q because our core devices are Nortel, but this problem is with the 802.1q standard, not Nortel, and even all-Cisco equipment running the IEEE standard for VLAN trunks would see the same issue. On the other hand, ISL trunking does support per-VLAN BPDU, so "Good Boys" won't see this.

The answer is, in fact, to explicitly disable STP on all Cisco devices for all VLANS. In our case we do not view this as a problem because there is a proprietary Nortel feature called Simple Loop Prevention Protocol (SLPP) that provides the same function as Cisco’s EtherChannel Guard, but a) it does not use the STP-BPDU and b) it is core-based, not edge-based.

So, in addition to turning off STP everywhere, we have turned on this SLPP protection, and life should be good (until Next Time).
 
Did you try running CST on the ciscos? It's an incredibly reckless idea to have stp disabled on your edge switches.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top