Back to All Scenarios
PASSEDnetwork / vlan_trunk_misconfig
VLAN Trunk Misconfiguration — Spanning Tree Reconvergence
A junior admin accidentally changes a trunk port to access mode on a distribution switch, pruning all VLANs except the native VLAN. The spanning tree topology reconverges, causing a 30-second outage across multiple VLANs and triggering TCN flooding.
Pattern
STP_LOOP
Severity
CRITICAL
Confidence
87%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | STP_LOOP | STP_LOOP | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 47 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Distribution switch with 12 trunk uplinks. Admin changed trunk to access mode during business hours. Spanning tree reconvergence across 8 VLANs. 200+ devices temporarily lose connectivity. TCN storm during reconvergence.
Injected Error Messages (3)
Spanning tree topology change detected on Dist-SW1 — trunk port Gi0/1 transitioned to access mode, all VLANs except native VLAN pruned, spanning tree reconvergence in progress across 8 VLANs, TCN count: 340 in 30 seconds
Spanning tree reconvergence causing server VLAN outage — VLAN 100 STP root port lost, all server traffic interrupted during reconvergence, 50 servers lost upstream connectivity
Voice VLAN 200 down due to spanning tree loop prevention — STP blocking port to prevent loop, all VoIP phones on floor 2-4 lost registration, call drops reported
Neural Engine Root Cause Analysis
The distribution switch Dist-SW1 has experienced a spanning tree topology change that caused trunk port Gi0/1 to transition from trunk mode to access mode, resulting in VLAN pruning and network segmentation. The high TCN count (340 in 30 seconds) and 16 correlated incidents strongly indicate a spanning tree loop condition, likely caused by a physical layer issue, configuration error, or introduction of a network loop. This has triggered spanning tree reconvergence across 8 VLANs, causing widespread connectivity disruption.
Remediation Plan
1. Immediately identify and isolate the source of the spanning tree loop by checking recent physical connections and configuration changes. 2. Examine spanning tree topology and identify blocked/forwarding port states across all switches. 3. Disable suspect ports that may be causing the loop until root cause is confirmed. 4. Verify trunk port Gi0/1 configuration and restore trunk mode with proper VLAN assignments. 5. Monitor spanning tree reconvergence and validate network connectivity across all affected VLANs. 6. Implement spanning tree protection features like BPDU guard and root guard to prevent recurrence.
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmncjoqu803axobqepdpk8hw7