This document describes the technique for a Data Link Switching (DLSw) router sending Per VLAN Spanning Tree (PVST+) Bridge Protocol Data Unit (BPDU) frames to a non-trunk port of an Ethernet switch.
For more information on document conventions, see the Cisco Technical Tips Conventions.
There are no specific prerequisites for this document.
This document is not restricted to specific software and hardware versions.
In the above topology, ethernet 0 of Router A connects to port 2/1 on Switch C. Ethernet 0 of Router B connects to port 3/1 on Switch D. Interface ethernet 0 of both Router A and B is configured as a non-trunk port. DLSw is enabled on interface ethernet 0 of both Router A and B (transparent bridging is enabled on ethernet interface 0 of both Router A and B.) Router A and B form a DLSw peer connection.
If port 2/1 of Switch C is misconfigured as a trunk port, Switch C regularly sends out PVST+ BPDU frames to Router A. As Router A does not understand PVST+, Router A treats PVST+ BPDU frames as ordinary multicast frames. Thus, Router A sends the BPDU frames to Router B by DLSw. Similarly, Router B does not understand PVST+. When it receives PVST+ BPDU frames from Router A, it forwards the PVST+ BPDU frames to Switch D. When Switch D receives the PVST+ BPDU frames, it detects a problem (that is, Switch D receives PVST+ BPDU frames on a non-trunk port.) As a result, Switch D shuts down the port and logs %SPANTREE-2-RX_1QNONTRUNK: Rcved 1Q-BPDU error messages on non-trunk port VLANs.
A Catalyst Ethernet switch shuts down an ethernet switch port. The switch logs %SPANTREE-2-RX_1QNONTRUNK: Rcved 1Q-BPDU error messages on non-trunk port VLANs.
A router running DLSw connects to the port that is shut down by the switch. The router sends out PVST+ BPDUs. Because a non-trunk port should not receive a PVST+ BPDU, the switch shuts down the switch port.
Note: This problem only occurs on DLSw Ethernet to Ethernet topologies.
The solution is to locate the misconfigured switch. The solution(s) to this problem are explained in detail below.
Review the change control log. Find out if there are any switches recently installed, switches with configuration changes. Make sure that the configuration of the newly installed switch is correct.
Use the Simple Network Management Protocol (SNMP) tool to compare the configurations of all switches. Search for any newly created trunk port.
Perform the following steps:
Install an Ethernet hub on Switch D.
Connect a sniffer and Router B on the hub. Obtain a Sniffer trace.
Search for PVST+ BPDU frames whose destination MAC address is 0100.CCCC.CCCD. This can be easily achieved by a MAC address filter.
From the frame, determine the source MAC address.
Issue the show DLSw reachability mac ??? on Router B, where ??? is the address. The output of the show command will tell you the IP address of the DLSw peer.
Telnet to the remote DLSw router. Issue the show bridge H.H.H command. H.H.H is the source MAC address of the PVST+ BPDU frames without bitswapping, to find out how the router learns the MAC address.
Shut down the DLSw peers one at a time on Router B. This can be done by either removing the dlsw remote-peer statement, shutting down WAN interfaces, disabling DLSw on remote sites, or modifying the IP routing, which causes the remote DLSw peer unreachable.