[c-nsp] Disabling PVST+ in mixed vendor network

Phil Mayers p.mayers at imperial.ac.uk
Thu Jun 24 12:09:27 EDT 2010


On 24/06/10 16:53, j.vaningenschenau at utwente.nl wrote:

>> Any idea what the trigger is?
>
> Last two times, it happened after a reload of one of the Cat6k's. First
> was planned reload, second time was a crash (reason unknown). After the
> device came back up, the 10 GE port to a core HP 5400 in the second
> datacenter came online and went PVST Inconsistent immediately after
> that. Source / trigger is unknown. The weird part is: that HP 5400 has
> an egress multicast filter enabled on the port, which should block all
> PVST+ traffic by dropping frames with destination 01000c-cccccd.
>
> I still don't know what device might have sourced the frames; also I
> have no idea why the multicast filter seems to let it through (at least
> immediately after the port comes up). My theory was that the multicast
> filter is programmed in hardware after the i/f comes up, but I haven't
> been able to verify that.
>
> By the way, the first time this happened it wasn't following a reload or
> crash of the Cat6k. If I remember correctly, it coincided with someone
> connecting a Cisco 3020 blade switch, which we expected to be the cause.
> I think that incident led to us blocking 01000c-cccccd wherever we can.
> Still, I don't understand why it happens and how we can completely avoid
> it.

We don't use MST, so take this with a pinch of salt...

During my reading, I seem to recall that Cisco devices perform some kind 
of PVST->MST integration at ports at the "edge" of an MST cloud:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/spantree.html#wp1098679

Is this your issue?

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/stp_enha.html#wp1054786



The problem is that if you've got non-Cisco switches downstream which 
are a) MST enabled but b) still pass PVST PDUs, then you're going to see 
"PVST peer inconsistent" on the port on the Cisco, not at the edge of 
the network.


More information about the cisco-nsp mailing list