Troubleshooting Spanning Tree
How to troubleshoot STP problems

Reference a Network Diagram
Collect the following network information before troubleshooting a bridging loop. Knowledge of the following items in your environment is critical:

  • The physical and logical topology of the bridged network
  • Where the root bridge is located. (For all VLANs if PVST is in use)
  • Where the redundant links and blocked ports are to be located

Identify Issues
This knowledge is essential at least for the following two reasons:

  • To identify a problem, you need to know how the STP network should be laid out when it is operating correctly.
  • The STP troubleshooting steps use show commands to display error conditions. Knowledge of the network helps focus your attention on the critical portions of these displays.

Identify a Bridge Loop
The best way to identify a bridge loop is to capture the traffic on a saturated link and check whether identical frames are traversing multiple links. Bridge loops often result in high port utilization due to excessive frames. Check the port utilization on your devices and look for abnormal values.

You can monitor STP operations using debug spanning-tree command. This command is helpful in verifying correct bridging operation as well as identifying loops.

Restore Connectivity vs. Resolve Issues
Bridge loops have severe consequences in a switched network. When one occurs, administrators generally do not have time to identify the reason for the loop during working hours and will often take temporary measures to stabilize the network but never resolve the actual problem that occurred. It is important to recreate and correct the original problem at a planned network down time.

Break the Loop Disabling Ports
A simple troubleshooting approach is to manually disable ports providing Layer 2 redundancy. Begin by disabling ports that should be blocking. Each time you disable a port, check to see if connectivity is restored in the network. If you know which port stopped the loop after being disabled, it is a good indication that the failure was located on a redundant path where this port was located.

Log STP Events on Devices Hosting Blocked Ports
If you cannot identify precisely the source of an STP problem, or if the problem is only transient, enable logging of STP events on the bridges and the switches of the network which are experiencing the failure. At a minimum, enable logging on devices hosting blocked ports, because it is typically the transition of a blocked port to forwarding that creates a loop.

Use the command debug spanning-tree events to enable STP debugging. Use the command logging buffered from global configuration mode to capture this debug information into the buffers of the device.

Check Ports
The ports to be investigated first are the blocking ports. Here is a list of what to check for on the various ports, with a brief description of the commands to enter.

Check That Blocked Ports Receive BPDUs
Check that BPDUs are being received periodically, especially on blocked and root ports.

If you are running Cisco IOS Release 12.0 or later release, the command show spanning-tree <bridge-group #> displays a field named BPDU, which displays the number of BPDUs received on each interface. Issuing the command several times will indicate if the device is receiving BPDUs.

Check for Duplex Mismatch
To look for a duplex mismatch, check each side of a point-to-point link. Use the show interface command to check the speed and duplex status of the specified ports.

Check Port Utilization
An overloaded interface can fail to transmit vital BPDUs. An overloaded link is also an indication of a possible bridging loop.

Use the command show interface to determine interface utilization. Check the output for load and packet input and output.

Check Frame Corruption
Look for increases in the input errors field of the show interface command.

Look for Resource Errors
A high CPU utilization can be dangerous for a system running the STA. Use the show processes cpu command to check whether the CPU utilization is approaching 100 percent.

Disable Unneeded Features
Disabling as many features as possible helps simplify the network structure and eases the troubleshooting process. EtherChannel, for example, is an advanced feature that needs STP to logically bundle several different links into a single logical port. It can be helpful to disable this feature during troubleshooting. In general, simplifying the network configuration reduces the troubleshooting effort.

The STP debug Command
The command debug spanning-tree is very useful for troubleshooting STP issues. It accepts a variety of arguments to limit output to events that are specific to a certain STP feature. This example shows output regarding all events while interface GigabitEthernet 0/1 went down.

CAUTION:

As with all debug commands, be very careful with debug spanning-tree. This command is extremely resource-intensive and will interfere with normal network traffic processing.

General Recommendations
In general, it is difficult to troubleshoot spanning tree problems in a very large, flat, switched network. If the network is being restructured, it is advisable to implement a hierarchical network structure that is designed around the Campus Infrastructure module. This would create manageable failure domains and reduce the overall network complexity.


Web Links