Hello,

We're in the middle of a WMware install. The engineers have requested that I enable spanning tree portfast on the trunk links from my kit to their WMware servers. I'm a little hesitant to do this. I'm already running RSTP. Do I need to enable STPportfast? Is there any risk of loops? I'll admit that WM isn't my area, so I don't really understand how it all works.

I spotted spanning tree portfast trunk command but I'd like confirmation.....

Cheers.

go ahead and enable it. perfectly safe.

...Unless one of the virtual machines originates a BPDU (possible, but unlikely). The only casualty in that situation will be the ESX host responsible for the BPDU. It's kind of like sawing of the branch that you're sitting on

portfast trunk and bpduguard should do it, thats whats recommended when deploying the N1K.

_________________
som om sinnet hade svartnat för evigt.

Thank you very much

I was reading up on this about 2 weeks ago. VMWare doesn't do STP so portfast trunk is a good way to go while also protecting yourself by enabling bpduguard

You just better hope that the guest VMs don't do STP either: http://blog.ioshints.info/2011/11/virtu ... guard.html

Oh wow... That's very interesting. Thanks for sharing Chris.

Cheers for the pointers..... I am a little concerned as there seem to be contradicting answers to this question.

I enabled the above config today on our pre-production setup.


A little of topic but I ran into a few issues with my etherchannels between my stack of 3750x switches and 2 x 4900Ms.

I built LACP trunks over our 10gb links between the 3750 stack and the 2 4900M. One channel group comes up as well as one pair from the other channel. The other pair fails to establish and I get the following message on the connecting 4900....

%EC-5-L3DONTBNDL2: Te1/4 suspended: LACP currently not enabled on the remote port.

I can't understand the problem. Both ends of the Echannel are configured for LACP mode active both sides. They are also L2 trunks.....


Any ideas?

Can you show configs of all ports involved and of the etherchannel interfaces? Also, the output of "show etherchannel summary" might be helpful to see.

3750 x

interface TenGigabitEthernet1/1/1
description VM-CHAN-GRP-8
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 8 mode active
!
interface TenGigabitEthernet1/1/2
description VM-CHAN-GRP-9
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 9 mode active

interface TenGigabitEthernet2/1/1
description VM-CHAN-GRP-8
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 8 mode active
!
interface TenGigabitEthernet2/1/2
description VM-CHAN-GRP-9
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 9 mode active

I spread the channels across the switch stack.....


sh etherchannel summary

Number of channel-groups in use: 2
Number of aggregators: 2

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
8 Po8(SU) LACP Te1/1/1(P) Te2/1/1(P)
9 Po9(SD) LACP Te1/1/2(D) Te2/1/2(D)


4900-1

interface TenGigabitEthernet1/4
description VM-CHAN-GRP-8-20Gb
switchport mode trunk
mtu 9000
channel-group 8 mode active
!
interface TenGigabitEthernet1/6
description VM-CHAN-GRP-8-20Gb
switchport mode trunk
mtu 9000
channel-group 8 mode active


sh etherchannel 8 summary

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
8 Po8(SU) LACP Te1/4(P) Te1/6(P)



4900-2

interface TenGigabitEthernet1/4
description VM-CHAN-GRP-9-20Gb
switchport mode trunk
mtu 9000
channel-group 9 mode active
!
interface TenGigabitEthernet1/6
description VM-CHAN-GRP-9-20Gb
switchport mode trunk
mtu 9000
channel-group 9 mode active


sh etherchannel 9 summary

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
9 Po9(SD) LACP Te1/4(D) Te1/6(D)


I've removed some of the other etherchannels on the 4900 for simplicity. I also unplugged the channel 9 as I left work for the day. It was port TenGigabitEthernet1/1/2 on the 3750 that failed to come online. Funny enough all four link lights were on at the 4900s.

What are the configurations for the port-channel interfaces? (ie "show run int po8").

Here you go!

3750x

interface Port-channel8
description VM-CHAN-GRP-8
switchport trunk encapsulation dot1q
switchport mode trunk


interface Port-channel9
description VM-CHAN-GRP-9
switchport trunk encapsulation dot1q
switchport mode trunk


4900-1

interface Port-channel8
description VM-CHAN-GRP-8
switchport
switchport mode trunk
mtu 9000


4900-2

interface Port-channel9
description VM-CHAN-GRP-9
switchport
switchport mode trunk
mtu 9000


BTW, I've set the system MTU to 9000 on the 3750x.

I did wonder whether I had an IOS bug somewhere? I had to upgrade the 3750x IOS just to get it to see the 10Gb card modules!!

I might try reseating them although I'm sure this won't solve the problem....


p.s. I also see the port is in a suspended state!


sh int t1/1/2 switchport
Name: Te1/1/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down (suspended member of bundle Po9)
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

I dont see anything visibly wrong with your config. Can you try shut/no shut on the port channel interfaces on each switch?

EDIT

I'm thinking maybe you configured LACP on one end before configuring on the other and the switch disabled the port to prevent any issues. Just a thought.

Thanks for the advice, I'll give it a go tomorrow. I have to say this is driving me mad.....

I think this. It's ideal to shut one side when configuring LACP and then when both sides are configured, no shut the shut ports.

_________________
www.mellowd.co.uk/ccie/

I had a tinker this morning and it's still not playing ball.

I shut and un-shut the interface port-channel in the order suggested but it's still not working. I even swapped the 10Gb cards over but I still have the same issue on switch 1. I even get a port flap on the other interface on that card now and it puts the port in error disable mode!! Do you think I could have an issue with switch 1 rather than the card?

I've tried rolling back code to a slightly older version then the 10Gb modules error and don't initialize.

On the plus side, I have a working switch but not with the 20Gb etherchannels I wanted....

Going back to basics... does your etherchannel meet all of the minimum requirements in order to establish? Is there a debug you can run?

_________________
Regards,

Steven King
San Diego Cisco User Group - http://www.sdcug.com
"The only time something is impossible is when you think it is." - Kevin Corbin, CCIE #11577

A show etherchannel detail should tell you why it's suspended.

_________________
http://blog.alwaysthenetwork.com

You know it's not really 20Gb Etherchannels.... unless the load distribution works out perfectly. Anyways, this article lists the minimum reqs and goes over the same kind of problem:

http://www.infraworld.eu/etherchannel-suspended-port-state

Hope it helps.

_________________
Regards,

Steven King
San Diego Cisco User Group - http://www.sdcug.com
"The only time something is impossible is when you think it is." - Kevin Corbin, CCIE #11577