Spanning Tree Issues on Powerconnect 7048P

Also, I do not see portfast in the CLI, but when I log in to the web GUI it shows portfast is enabled on these uplink interfaces. It was my understanding as well that portfast should only be enabled on ports conencting to end devices, not uplinks. I'm not sure if maybe simply disabling portfast in the Web GUI on these two interfaces would help. Maybe I need to configure RSTP or some kind of cost or priority, I have been reading up on it but need some guidance. I know we can enable RSTP on these switches globally but I'm not sure if it would interrupt production network and if it is even what we need or not.

I tried unchecking the portfast option in the WebGui and connecting both interfaces and still get the same issue. Once I connect the second interface I loose connection to the switch and cannot ping it.

Thank you Daniel. I tried setting a higher / lower priority. On these switches it takes priority from 0 to 240 in increments of 16.

SW1(config-if-Te1/1/2)#spanning-tree port-priority ?

Change an interface's spanning tree priority (in
steps of 16) in the range 0-240

I configured the interfaces as follows:

interface Te1/1/2

mtu 9216

switchport mode trunk

switchport access vlan 2

switchport trunk native vlan 2

spanning-tree port-priority 0

exit

interface Te2/1/2

mtu 9216

switchport mode trunk

switchport access vlan 2

switchport trunk native vlan 2

spanning-tree port-priority 240

exit

I am still getting the same result. Once I plug the second interface in, I am getting an up and down connection. Should I try implementing cost instead of priority? Maybe try setting one to a higher cost than the other? I'm not sure the difference between cost and priority. Here are the interface commands I have available for spanning-tree:

SW1(config-if-Te1/1/2)#spanning-tree ?

auto-portfast            Allow to move to the forwarding state when BPDU

                        timeout occurs

cost                     Change an interface's spanning tree path cost.

disable                  Disable spanning-tree on an interface.

guard                    Configure a guard for the port.

mst                      Configure a multiple spanning tree instance.

port-priority            Change an interface's spanning tree priority (in

                        steps of 16)

portfast                 Allow to move directly to the forwarding state when

                        linkup occurs

tcnguard                 Configure a port for tcn guard.

Daniel, I tried that configuration with the same result.

This is a switch stack, two 7048P's. It connects directly to the router / firewall via the two interfaces above. There are two M8024K switches connected to this switch stack as well.

Forgot to add the firewall is a Meraki MX400 and the current firmware on the switches is 5.1.7.5

Ok I tried that as well. Now I get a little better response, I am getting about 20 ping replies and then 2 request timeouts, versus before it was about 4 responses and 4 timeouts. I did not try the second command

"Console(config)# spanning-tree priority 4096" should I give that a shot?

I'm not sure how to determine if this is the root switch but I believe it is:

SW-1#show spanning-tree

Spanning tree :Enabled - BPDU Flooding :Disabled - Portfast BPDU filtering :Disabled - mode :rstp

CST Regional Root:        xx:xx:xx:xx:xx:xx:xx:xx

Regional Root Path Cost:  0

ROOT ID

             Priority        32768

             Address         xxxx.xxxx.xxxx

             Path Cost       21000

             Root Port       Te1/1/2

             Hello Time 2 Sec Max Age 6 sec Forward Delay 4 sec TxHoldCount 6 sec

             Bridge Max Hops 20

Bridge ID

             Priority        32768

             Address         xxxx.xxxx.xxxx

             Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec

Interfaces

Name     State    Prio.Nbr  Cost      Sts  Role  Restricted

Te1/1/2  Enabled  112.54    1000      FWD  Root  No

Te2/1/2  Enabled  128.110   2000      DIS  Disb  No

**Note currently 2/1/2 is disconnected. Also, let me know if you need to see any other interfaces**

Ok I will do so, can I do this in production without interrupting network traffic?

Hi Daniel, I configured the switch stack as the root last night.

IAAS-SW-1#show spanning-tree

Spanning tree :Enabled - BPDU Flooding :Disabled - Portfast BPDU filtering :Disabled - mode :rstp

CST Regional Root:        10:00:5C:26:0A:C9:C1:1F

Regional Root Path Cost:  0

ROOT ID

             Priority        4096

             Address         5C26.0AC9.C11F

             This Switch is the Root.

             Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec

             Bridge Max Hops 20

I was still having the same issue with many dropped pings. Even if I ping directly from the firewall to switch stack IP, I still lose pings. Right now I have the second uplink to firewall shutdown, and still I get occasional drop of a ping. There are other switches stemming off this switch stack that I do not have an issue with. For example, this switch stack management IP is 10.0.0.5, which has an M8024K switch 10.0.0.10 connected via 10GB fiber as well, and I can ping both IPs side by side and get a consistent response below 3ms from the 10.0.0.10 IP but from the 10.0.0.5 IP I am getting average response time of 4ms, and it jumps up to 100ms+ and will drop occasionally.

So, I'm not sure what the issue is. There are also ESXi hosts and many VM servers on different VLANs that come off of this switch stack, and none of them are having the response issues that the management IP of this switch stack is having.

Hi Daniel, sorry to take so long to get back to you, this issue dropped off the face of the earth for me! We still have not had a maintenance window approved until now. So, I have a window next week where I will be taking the network down and updating firmware on the 7048P stack from 5.1.7.5 to 5.1.9.4. In addition, there are also two M8024-K switches in the M1000E blade enclosure that uplink to the 7048P stack, that I will be upgrading firmware from version 5.0.0.4 to 5.1.9.4 (This is a big jump, do you see any issues with this?).

In regards to the last notes from you, yes only pinging the management IP drops packets. Pinging the firewall IP does not drop packets.

I have since found out that spanning tree will not work with two uplinks from the Powerconnect switches connecting to two interfaces on the Cisco Meraki firewall, since the Firewall does not support STP. So, I will just be leaving one active 10Gb uplink, and the other disabled. In the case there is an issue we will manually enable the secondary 10Gb uplink interface.

That being said, this is a workaround. I have made many configuration changes to STP cost and priority during this troubleshooting. Is there a way to 'reset' STP on all 4 switches? (two M8024-Ks and the two 7048Ps). I would like all STP to re-establish root bridge and what not by itself. If I have to I will try to go through each interface and find where I made changes, but if there were a 'reset' button, so to speak, that would be ideal. Thanks again!