Question about STP Root changes

[champagnierle]

Hi,
I have one switch changing the root on some days hourly.
Our spanning tree is RSTP per Vlan .

On the switch I see root port changes but I do not see from which port to which port.... ?

IMHO I'm searching for a network device propagating a route to a root port with lower cost than the actual route to our core switch... The core switch is directly attached with 1 Gbit/s via fibre.
I would estimate to find in the switch log some information about the port numbers. But there is nothing. I now increased the swlog level for STP to debug1, but I do not see anything clearer... ?

As the root port is migrated to some port different than the core switch the users of the switch are offline...
Do you have any tricks on how to find the disturbing device?

TIA
Marc

[Gleylancer]

Well, the spanning tree information clearly shows which the root port is. If it switches, you will also see who became the root port.

My usual approach for this is to look for the mac moves. If you do see a lot of mac moves, you've got a loop somewhere. Having a port that knows more mac addresses than it should is also an indication for a loop.

Check if a VLAN has mac addresses it shouldn't have, this indicates that different vlans are bridged somewhere.

There are many ways to troubleshoot this, unfortunately no easy ones.

[Cristek]

You can use root-guard on ports that should not be uplinks. That's a good first step anyway.

If you want to take it up a step, you can use BPDU filter with shutdown, and then check the logs to see which ports are being brought down when those events happen. This involves more config than just root-guard...

With the information you posted, this might be a good place to start.