We have about 20 vlans on a L2 network running Rapid PVST+ where the root bridge is a stack of Cisco's 3750 switches. I am a bit puzzled by the number of TCN notifications I receive on the switch..
The 3750 stack is the root for all VLANs and it receives TCN notifications on a daily basis (sometimes more, sometimes a little less). It receives the TCNs at the same time and on the same port for all VLANs. When I trace back where these TCNs come from with show spanning-tree detail | inc ieee|occurr|from|is exec, I end up on a switch (switch-b) with only 5 trunks configured and no access ports.
I cannot match an event like a link on this switch going up or down on the same time the TCNs are received. When I issue the above command on this switch the results tells me that the last topology change was much longer ago.
My conclusions:
The TCN sent must be trigged by an event on a trunk link or an entire switch because all VLANs received the topology change notification. It must be something local on switch-b.
What can be the reason for originating these TCNs? The 5 trunk links didn't change their state. It cannot come further downstream because the last topology change on switch-b doesn't match the last topology change on the core. The last topology change on switch-b is much longer ago.
Any thoughts?
Best Answer
You should be able to simply debug the TCNs. In my case I recently debugged them using
debug spann mstp tc(as I run MSTP), but also usingdebug spanning-tree eventsyou will see them: