Cisco cannot work on MSTP due to PVST packets block ports

Topology: 

Configuration SWCORE-PRONABEC

!Software Version V200R008C00SPC500

#

sysname CORE-PRONABEC

#

vlan batch 2 to 10 190 193 200

#

stp instance 0 root primary

#

stp region-configuration

 region-name RG1

 active region-configuration

#

interface Vlanif2

 description VLAN-DATA

 ip address 10.70.2.1 255.255.254.0

#

interface Vlanif5

 description VLAN-WIFI

 ip address 10.70.5.1 255.255.255.0

#

interface Vlanif6

 description VLAN-VOIP

 ip address 10.70.6.1 255.255.255.0

#

interface Vlanif7

 description VLAN-USI

 ip address 10.70.7.1 255.255.255.0

#

interface Vlanif8

 description VLAN-NOC

 ip address 10.70.8.1 255.255.255.0

#

interface Vlanif10

 description VLAN-DMZ

 ip address 10.70.1.1 255.255.255.0

#

interface Vlanif200

 ip address 10.70.200.1 255.255.255.0

#

interface Eth-Trunk1

 description Al_DC_1

 port link-type trunk

 port trunk pvid vlan 8

 port trunk allow-pass vlan 2 to 4094

 mode lacp

 load-balance src-dst-mac

#

interface Eth-Trunk2

 description Al_DC_2

 port link-type trunk

 port trunk pvid vlan 8

 port trunk allow-pass vlan 2 to 4094

 mode lacp

 load-balance src-dst-mac

#

interface GigabitEthernet0/0/16

 description VL190-FortigateInternet

 port link-type access

 port default vlan 190

#

interface GigabitEthernet0/0/20

 description UPLINK-CA-C3560P48

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 stp config-digest-snoop

#

interface GigabitEthernet0/0/21

 description UPLINK-T1P4-USI-AP9

 port link-type trunk

 port trunk pvid vlan 8

 port trunk allow-pass vlan 2 to 4094

 stp config-digest-snoop

#

interface GigabitEthernet0/0/22

 description UPLINK-G3T1P4-C3560G24

 port link-type trunk

 port trunk allow-pass vlan 2 to 4094

 stp config-digest-snoop

#

interface GigabitEthernet0/0/18

 description Conexion_Master_al_DC_1

 eth-trunk 1

#

interface GigabitEthernet0/0/19

 description Conexion_Master_al_DC_2

 eth-trunk 2

#

interface GigabitEthernet1/0/18

 description Conexion_Slave_al_DC_1

 eth-trunk 1

#

interface GigabitEthernet1/0/19

 description Conexion_Slave_al_DC_2

 eth-trunk 2

#

Configuration SW-HUAWEI-DC-1

!Software Version V200R008C00SPC500

#

sysname SW-HUAWEI-DC-1

#

vlan batch 2 to 6 8 to 20 190 193 200

#

stp bpdu-protection

#

stp region-configuration

 region-name RG1

 active region-configuration

#

interface Vlanif8

 ip address 10.70.8.51 255.255.255.0

#

interface Eth-Trunk1

 port link-type trunk

 port trunk pvid vlan 8

 port trunk allow-pass vlan 2 to 4094

 mode lacp

 load-balance src-dst-mac

#

interface GigabitEthernet0/0/1

 description CONEXION_HACIA_CORE_MASTER

 eth-trunk 1

#

interface GigabitEthernet0/0/2

 description CONEXION_HACIA_CORE_SLAVE

 eth-trunk 1

#

Configuration SW-HUAWEI-DC-2

!Software Version V200R008C00SPC500

#

sysname SW-HUAWEI-DC-2

#

vlan batch 2 to 6 8 to 20 190 193 200

#

stp bpdu-protection

#

stp region-configuration

 region-name RG1

 active region-configuration

#

interface Vlanif8

 ip address 10.70.8.52 255.255.255.0

#

interface Eth-Trunk1

 port link-type trunk

 port trunk pvid vlan 8

 port trunk allow-pass vlan 2 to 4094

 mode lacp

 load-balance src-dst-mac

#

interface GigabitEthernet0/0/1

 description CONEXION_HACIA_CORE_MASTER

 eth-trunk 1

#

interface GigabitEthernet0/0/2

 description CONEXION_HACIA_CORE_SLAVE

 eth-trunk 1

#

Configuration SW-HUAWEI-DC-2

Cisco(config)#spanning-tree mst configuration

Cisco(config-mst)#name RG1 

Cisco(config-mst)#instance 0 vlan 2-4094

Cisco(config-mst)#exit

Cisco(config)#spanning-tree mode mst

Symptom:

After to enable MSTP on CISCO (Gi 0/47 )connected on to Huawei (GE0/0/20), all packets sent from Cisco to Huawei are blocked on any VLAN.

PING from Cisco to Huawei

CORE-BACKUP#ping 10.70.5.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.70.5.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

CORE-BACKUP#ping ping 10.70.8.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.70.8.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

1. Verify the status on physical interfaces on Huawei device.
2. Interfaces on Huawei Ge0/0/20 and Cisco Gi0/47 were configured like access port defining just one VLAN, with success results. Ping was reachable.
3. Verify the STP on Huawei
4. Verify the STP on Cisco

STP on Cisco shows that interface Gi0/47 still receiving PVST packets.

Huawei transparently transmit PVST packets, so Cisco receive and process them

Due to PVST packets announce that another Cisco is ‘Root’, it block the interface Gi0/47 and traffic cannot be forward.

ORE-BACKUP(config-if)#do show spanning-tree

MST0

  Spanning tree enabled protocol mstp

  Root ID    Priority    0

             Address     ac61.7521.e360

             Cost        0

             Port        47 (GigabitEthernet0/47)

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 0)

             Address     4403.a7f0.bc80

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg LRN 20000     128.1    P2p

Gi0/47              Root BKN*20000     128.47   P2p *PVST_Inc

Configure all Cisco that are connected with SW-CORE in MSTP mode, in order to avoid PVST packets.

Cisco(config)#spanning-tree mode mst