TShoot 300-135 (Layer2)

Leave a Comment / By /

Port security 

SW#show port-security
SW#show port-security address
SW#show port-security interface Gi1/0/2
SW#show errdisable detect

### Auto recovery
SW(config)#errdisable recovery cause psecure-violation
SW#show errdisable recovery
SW(config)#errdisable recovery interval 30

Vlan

SW#show int status
SW#show arp
SW#show int gi1/0/13 switchport

Trunking

SW#show int trunk
SW#show spanning-tree vlan 192
SW#show int pruning
SW#show int gi1/0/5 trunk
SW(config-if)#switchport trunk allowed vlan add xyz

Spanning Tree

################################################
Ensure that 
VLAN 100 traffic travers only Gi0/1 link, while 
VLAN 200 traffic traverses only the G2/1
################################################
SW#show spanning-tree vlan 100
SW#show int trunk

#####################
Trouble shooting plan
1. Allow VLAN 100 on SW1 Gi0/1 and Gi2/1
2. Reconfigure STP to forward VLAN 100 traffic only over Gi0/1
#####################
SW1(config)#int range gi0/1,gi2/1
SW1(config-if-range)# switchport trunk allowed vlan add 100
SW1#show int trunk
SW1#show span vlan 100
SW2#show span vlan 100
SW2#int gi0/1
SW2(config-if)#spanning-tree vlan 100 cost 1

Before and after

Before
After
SW2(config)#int gi2/1
SW2(config-if)#spanning-tree vlan 200 cost 1
SW2#show span vlan 200
to verify
show spanning-tree vlan 200

EtherChannels 

####################################
Ensure Spanning Tree places this EtherChannel into the forwarding state for all VLANs configured on SW3
####################################
SW3#show etherchannel summary
SW3#show spanning-tree interface po1
SW3#show spanning-tree inconsistentports
Bridge Assurance Inconsistent (BA_Inc) happens when BPDU is not received from root bridge
### On the Root Bridge ###
SW5(config)#int range gi1/3, gi2/3
SW5(config-if)#no shut
SW5#show int status
SW5#show etherchannel summary
####################
Discovered that SW5 does not have EtherChannel with SW3 ###
Create new EtherChannel
####################
SW5(config)#int range gi1/3, gi2/3
SW5(config-if-range)#channel-group 2 mode on
SW5#show etherchannel summary
SW5#show spanning-tree int po2
SW5#show spanning-tree vlan 1 int po2 detail
SW5 is sending BPDU but why SW3 is not receiving them?
SW3#show spanning-tree int po2
SW3#show running int po2
Trunk port should never have BPDU filtered
### Remove the BPDU filter on the receiving SW3
SW3(config)#int po2
SW3(config-if)# no spanning-tree bpdufilter enable

EtherChannel (Spanning tree network type should always match)

Shr Network on SW3
Shr on SW5
SW5(config)# int po2
SW5(config-if)#spanning-tree portfast network
SW5#show spanning-tree int po2

Sometimes BPDU is not generated due to missing VLAN

SW5#show spanning vlan 2 int po2 detail
SW5(config)# vlan 2,300

Leave a Comment

Your email address will not be published. Required fields are marked *