Error/Fault Data for VLANs
When troubleshooting VLANs, the most common and most difficult issue to deal with is the constant changing of the spanning tree topology for each VLAN. Each VLAN has its own instance of spanning tree running. In this section, we'll identify how to monitor and keep track of the spanning tree topology changes in each VLAN.
MIBs to Monitor for Spanning Tree Topology Changes
The following MIBs, from BRIDGE-MIB, keep track of the spanning tree topology in the network:
A unique aspect of VLANs is that each one has its own instance of spanning tree. So, how can you tell which VLAN is changing spanning tree topology? Well, this is where VLAN and community string indexing come into play. For example, the Catalyst switch includes one instance of the standard BRIDGE-MIB for each VLAN in the switch. If the read-only community string is "public" and the read-write community string is "private," you could use public@25 to read the BRIDGE-MIB for VLAN 25 and use private@33 to read and write the BRIDGE-MIB for VLAN 33. Only using the community string public or private will result in always accessing the BRIDGE-MIB for VLAN 1 (default behavior).
A trap sent from a MIB that is indexed by a community string also indicates the instance of the MIB to which it corresponds by using community string indexing. For example, an STP newRoot trap from the BRIDGE-MIB for VLAN 25 would have a community string of public@25 in the trap community field, assuming the read-only community string is public.
For fault management, you will rely more on the SNMP trap messages than on these particular MIBs. But based on the receipt of an SNMP spanning tree trap, you can actively poll for these objects to determine where the difference lies.
CLI Commands Relating to the Spanning Tree
Several CLI commands are associated with the MIBs just discussed. We will cover show spantree and show spantree summary in the following sections.
Using the show spantree Command
The show spantree command shows details of the spanning tree characteristics associated with each VLAN. By default, without the VLAN number at the end of the command, VLAN 1 spanning tree characteristics will be seen. You'd have to execute this command for every VLAN defined on the switch that has spanning tree enabled.
The key components of this output are the designated root bridge address, the ports assigned to the VLAN, the port state, and whether or not the fast start feature is enabled on the port.
Ideally, when spanning tree is enabled, you'll want to statically configure the root bridge up in the distribution portion of the network, versus letting it be dynamically elected somewhere in the access switches, so you can control the data path for certain VLANs.
With respect to the fast start feature or portfast feature, it is recommended that you enable portfast on file server ports and on end user ports so spanning tree does not inadvertently change state based on a user port or "end host" port going down. When portfast is enabled, when the port comes up, the port goes right to forwarding state until it hears a BPDU packet on that port; if it does, it goes to the listening, learning states. Portfast allows for users to come online faster.
Example 15-4 shows a sample output from show spantree.
Example 15-4 Using show spantree to determine spanning tree topology for the VLAN.
Switch> show spantree 1005 VLAN 1005 Spanning tree enabled A Designated Root 00-40-0b-8f-8b-ec B Designated Root Priority 32768 Designated Root Cost 0 Designated Root Port 1/0 Root Max Age 6 sec Hello Time 2 sec Forward Delay 4 sec Bridge ID MAC ADDR 00-40-0b-8f-8b-ec Bridge ID Priority 32768 Bridge Max Age 6 sec Hello Time 2 sec Forward Delay 4 sec Port,Vlan Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 3/1 C 1005 forwarding D 80 32 disabled E
Highlighted information from Example 15-4 is as follows:
Using the show spantree summary Command
The output from show spantree summary is a consolidated spanning tree status of all VLANs as it relates to the port states for each VLAN.
From this one command, you can get a summary of how many ports are in which state for each VLAN. This information is especially important when trying to load share VLANs over distribution switches or over the core switches in the network.
Example 15-5 shows sample output for show spantree summary.
Example 15-5 Using show spantree summary to get a summary of number of ports in each state for each VLAN.
Switch> show spantree summary Summary of connected spanning tree ports by vlan Uplinkfast disabled for bridge. Backbonefast enabled for bridge. Vlan Blocking Listening Learning Forwarding STP Active ----- -------- --------- -------- ---------- ---------- 1 A 0 B 0 B 0 B 1 B 1 C Vlan Blocking Listening Learning Forwarding STP Active ----- -------- --------- -------- ---------- ---------- Total 0 D 0 D 0 D 1 D 1 D BackboneFast statistics ----------------------- Number of inferior BPDUs received (all VLANs) : 0 Number of RLQ req PDUs received (all VLANs) : 0 Number of RLQ res PDUs received (all VLANs) : 0 Number of RLQ req PDUs transmitted (all VLANs) : 0 Number of RLQ res PDUs transmitted (all VLANs) : 0
The highlighted information from Example 15-5 is as follows:
SNMP Traps Relating to Spanning Tree
Two SNMP traps from the BRIDGE MIB relate to spanning tree:
syslog Messages Relating to Spanning Tree
A number of syslog messages are useful for spanning tree and apply directly to the MIB objects and CLI commands previously discussed. They are collected in Table 15-2. These syslog messages will be displayed if spanning tree topology changes for ports on the switch. Upon receipt of these messages, a network manager can address the problem by polling for certain spanning tree MIB objects from the Bridge MIB, or by Telnetting to the device. This troubleshooting technique, however, is beyond the scope of this book.