Problem
The topology is arranged in a star, a links terminate at a pair of Cisco 4503-E switches, problem occurred that some switches could not reach the Cisco 4503-E switches after the 4503 switches became primary and secondary root.
Solution
A-4503-E#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 24577
Address 6073.5c5c.2400
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 6073.5c5c.2400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi3/1 Desg BKN*4 128.257 P2p *TYPE_Inc
Gi3/3 Desg BKN*4 128.259 P2p *TYPE_Inc
Gi3/4 Desg BKN*4 128.260 P2p *TYPE_Inc
Gi3/6 Desg FWD 4 128.262 P2p Peer(STP)
Gi3/7 Desg BKN*4 128.263 P2p *TYPE_Inc
Gi3/8 Desg FWD 4 128.264 P2p
A-4503-E#
Desg BKN*4 the port is blocked although it should be forwarding. The blocking is due to port inconsistent state as indicated by P2p *TYPE_Inc
To verify if the ports are inconsistent use this command:
A-4503-E#sh spanning-tree inconsistentports Name Interface Inconsistency -------------------- ------------------------ ------------------ VLAN0001 GigabitEthernet3/1 Port Type Inconsistent VLAN0001 GigabitEthernet3/3 Port Type Inconsistent VLAN0001 GigabitEthernet3/4 Port Type Inconsistent VLAN0001 GigabitEthernet3/7 Port Type Inconsistent Number of inconsistent ports (segments) in the system : 4
The downstream switches have turned off DTP, the 4503-E downlink ports however are not trunk when issuing show interfaces trunk, no trunk was displayed.
The solution to this problem is to hard code the trunk link and turn off DTP on all trunk links.
The results:
A-4503-E#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 24577
Address 6073.5c5c.2400
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 6073.5c5c.2400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi3/1 Desg FWD 4 128.257 P2p
Gi3/3 Desg FWD 4 128.259 P2p
Gi3/4 Desg FWD 4 128.260 P2p
Gi3/6 Desg FWD 4 128.262 P2p Peer(STP)
Gi3/7 Desg FWD 4 128.263 P2p
Gi3/8 Desg FWD 4 128.264 P2p
A-4503-E#
Another example
Gi3/2 is in inconsistent state, the port that should be forwarding is blocking now.
B-4503-E#sh spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 24577
Address 6073.5c5c.2400
Cost 8
Port 263 (GigabitEthernet3/7)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address 6073.5c5c.2380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi3/2 Desg BKN*4 128.258 P2p *TYPE_Inc
Gi3/3 Altn BLK 4 128.259 P2p
Gi3/4 Altn BLK 4 128.260 P2p
Gi3/5 Desg FWD 4 128.261 P2p Peer(STP)
Gi3/6 Desg FWD 4 128.262 P2p Peer(STP)
Gi3/7 Root FWD 4 128.263 P2p
Gi3/8 Altn BLK 4 128.264 P2p
B-4503-E#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi3/3 on 802.1q trunking 1
Gi3/4 on 802.1q trunking 1
Gi3/5 on 802.1q trunking 1
Gi3/6 on 802.1q trunking 1
Gi3/7 on 802.1q trunking 1
Gi3/8 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi3/3 1-4094
Gi3/4 1-4094
Gi3/5 1-4094
Gi3/6 1-4094
Gi3/7 1-4094
Gi3/8 1-4094
Port Vlans allowed and active in management domain
Gi3/3 1
Gi3/4 1
Gi3/5 1
Gi3/6 1
Gi3/7 1
B-4503-E#
Gi3/2 is not a trunk, while other interfaces are trunk and turned off DTP. Because there is no DTP negotiation the gi3/2 cannot negotiate as a trunk.
B-4503-E#sh int trunk Port Mode Encapsulation Status Native vlan Gi3/3 on 802.1q trunking 1 Gi3/4 on 802.1q trunking 1 Gi3/5 on 802.1q trunking 1 Gi3/6 on 802.1q trunking 1 Gi3/7 on 802.1q trunking 1 Gi3/8 on 802.1q trunking 1 Port Vlans allowed on trunk Gi3/3 1-4094 Gi3/4 1-4094 Gi3/5 1-4094 Gi3/6 1-4094 Gi3/7 1-4094 Gi3/8 1-4094 Port Vlans allowed and active in management domain Gi3/3 1 Gi3/4 1 Gi3/5 1 Gi3/6 1 Gi3/7 1 B-4503-E#show int trunk Port Mode Encapsulation Status Native vlan Gi3/3 on 802.1q trunking 1 Gi3/4 on 802.1q trunking 1 Gi3/5 on 802.1q trunking 1 Gi3/6 on 802.1q trunking 1 Gi3/7 on 802.1q trunking 1 Gi3/8 on 802.1q trunking 1 Port Vlans allowed on trunk Gi3/3 1-4094 Gi3/4 1-4094 Gi3/5 1-4094 Gi3/6 1-4094 Gi3/7 1-4094 Gi3/8 1-4094 Port Vlans allowed and active in management domain Gi3/3 1 Gi3/4 1 Gi3/5 1 Gi3/6 1 Gi3/7 1 Port Vlans allowed and active in management domain Gi3/8 1 Port Vlans in spanning tree forwarding state and not pruned Gi3/3 none Gi3/4 none Gi3/5 1 Gi3/6 1 Gi3/7 1 Gi3/8 none B-4503-E#
The gi3/2 is indeed in inconsistent state.
B-4503-E#show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ------------------------ ------------------ VLAN0001 GigabitEthernet3/2 Port Type Inconsistent Number of inconsistent ports (segments) in the system : 1 B-4503-E#
Hard code the trunk and turn off DTP negotiation
B-4503-E(config)#int gi3/2
B-4503-E(config-if)#switchport mode trunk
B-4503-E(config-if)#switchport nonegotiate
B-4503-E(config-if)#do sh spanning vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 24577
Address 6073.5c5c.2400
Cost 8
Port 263 (GigabitEthernet3/7)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address 6073.5c5c.2380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi3/2 Desg FWD 4 128.258 P2p
Gi3/3 Altn BLK 4 128.259 P2p
Gi3/4 Altn BLK 4 128.260 P2p
Gi3/5 Desg FWD 4 128.261 P2p Peer(STP)
Gi3/6 Desg FWD 4 128.262 P2p Peer(STP)
Gi3/7 Root FWD 4 128.263 P2p
Gi3/8 Altn BLK 4 128.264 P2p
B-4503-E(config-if)#
When BPDU is received from a non-trunk port, the port will go into inconsistent state.
cyruslab 
Hi,
happy new year all. Great post. I ran into this problem many times. The solution for this I believe is actually in the logs.
Do a “show log” and you should see something indicating that a per-vlan BPDU has been received on an access port (something like that).
Great tip! Thanks for sharing! 🙂