Search this Blog

Tuesday, January 17, 2012

Troubleshooting %STANDBY-3-DUPADDR in a big L2 network

We are trying to find what is root cause of %STANDBY-3-DUPADDR.

The network is as following:

Access layer: 100 switches (mix of 3560,2950,2960,3534XL,3548XL,2970,3550,3512XL) connected to each core switch.10 swith have singe connection to one of the core switch
Distribution core: 2 WS-C6509-E running 12.2(18)SXF11 with 3 modules WS-X6748-SFP and SUP: WS-SUP720-3B
Spanning-tree: PVSTP+
VLAN are filtered manual with Trunk allowed
Number of VLANs: 75

Issue: %STANDBY-3-DUPADDR in log of both core reported from several VLANs at diferent time of the day and it is not the same time from day to day.

We think this is a STP issue so we made a complete drawing of the network to get an overview of which VLANs where allowed on with switch.

Our goal is to to filter the VLANs to a minimum on each trunk to reduce the number of STP instance as we guess some of these access switches cannot support that much.

We know a C3560 with 412 instances of STP and MAX is 128. What would be the consequence of going over the MAX allowed? Actually it looks like the switch is declaring itself root for all the VLANS apart from 2 or 3. Can it be a consequence of exceeding the number of STP instance?

You are most likely correct that it is a STP issue. I think the switch will run out of memory- or CPU resources.

A 3560 has 48 access ports at maximum so why would one need more than this number of vlans? I would say that 128 is more than enough. If not, you probably have a design problem. From what I read about your network, this is even more likely. Examples: running an old IOS on the core, many different models of switches, no uniform redundancy model, just to name the first three I noticed.

You should determine where you want the root of all vlans to reside; probably this is on the 6500 core. Then check on all switches to see if they agree on the root and correct those who have a different one.
Please note that you can also introduce STP problems by configuring which vlans are allowed on a trunk. Not allowing a vlan will also prevent bpdu's being sent over that link. In this way you can break the STP topology.

Please click here for more information on "Spanning Tree Protocol Problems and Related Design Considerations".

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */