Can I disable spanning-tree in a vpc domain ?

Similar Messages

• Portfast vs disabling spanning-tree

  hi,
  could someone give me an indepth explanation why enabling portfast is not the same as disabling spanning tree with regards to detecting loops?
  thanks 

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  With STP disabled, there's no loop detection.
  With Portfast enabled, there's a chance of loop detection.  The reason for "chance", a L2 loop could crush the net before a Portfast port's STP reacts.  This is why STP listen and learns before it opens the port to normal traffic.

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

• Spanning tree in VPC

  Hi All,
  I have a topology like two vpc peer connected to down catalyst switch 3750 with VPC 51. My left switch is primary in VPC and other is secondary.
  So acc. to Theory only primary switch would generate BPDU not secondary switch. But if down catalyst or Secondary switch will be root switch in Spanning tree.
  Will primary switch still generate the BPDU's? 

  Hi Garg,
  In VPC environment , In simple term regardless of the Spanning-tree root, VPC primay always generate BPDU and seconday device only rely that bpdu and never generate itself.
  For vPC ports only the vPC primary switch runs the STP topology for those vPC ports. In other words, Spanning Tree Protocol for vPCs is controlled by the vPC primary peer device, and only this device generates then sends out Bridge Protocol Data Units (BPDUs) on Spanning Tree Protocol designated ports. This happens irrespectively of where the designated Spanning Tree Protocol root is located. STP on the secondary vPC switch must be enabled but it doesn’t dictate vPC member port state. vPC secondary peer device proxies any received Spanning Tree Protocol BPDU messages from access switches toward the primary vPC peer device . Both vPC member ports on both peer devices always share the same STP port state (FWD state in a steady network).
  HTH
  Regards,
  VS.Suresh.
  *Plz rate the usefull posts *

• When is it appropriate to use "spanning-tree bpdufilter enable"

  What exactly does enabling bpdu filter do?  I see some examples where bpdu filtering is enabled on access ports?  Is this correct or are there dangers in this approach? 

  Hi John,
  Simple way of saying would that it would disable the STP on that port.
  BPDU filter filters the BPDU's coming in both directions. which means it effectively disable the STP on the port.
  Detailed explanation:
  ===============
  BPDUfilter on the other hand just filters BPDUs in both directions, which effectively disables STP on the port.Bpdu filter will prevent inbound and outbound bpdu but will remove portfast state on a port if a bpdu is received.Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops.
  Following are the method to configure BPDU Filter in switches
  Interface mode:
  spanning-tree bpdufilter enable                        (Results port to not participate in STP, loops may occur).
  Global mode:                                                
  spanning-tree portfast bpdufilter default             (It enables bpdufiltering on ports that have port-fast configuration, so it sends a few bpdu while enabling port then it filters bdpu unless receives a bpdu, after that itchanges from port-fast mode and disables filtering for port to operate like a normal port cause it has received bpdu).
  You always should allow STP to run on a switch to prevent loops. However, in special cases when you need to prevent BPDUs from being sent or processed on one or more switch ports, you can use BPDU filtering to effectively disable STP on those ports.you would use bpdufilter when you want a switch plugged into your network but you don't want it participating in spanning tree.
  An example:  In an office environment where someone needs  another network drop under their desk but you don't have time/budget to  run a new line for now.  you are been given a small switch but don't want it to break spanning tree.The switch  you have lying around for this task is a simple unmanaged switch and  will only have one uplink into your network. so you put bpdufilter on your  switch port.
  Ref:https://supportforums.cisco.com/docs/DOC-11825
  HTH
  Regards
  Inayath
  *Plz rate if this info is helpfull and mark as answered if this resolved your query.

• Spanning tree bpdu

  Hi all, can anyone tell me 2 things, firstly do only the uplinks on a switch send out bpdu's ? secondly if I disabled spanning tree on the uplink ports would the switch not send any bpdu's out thus the switch not participating in spanning tree to the rest of the network ?

  Concept says, by default all switchports are in trunk mode. So if any switch is connectd to a port, it tries to negotiate the trunk & once established, send BPDUs. Thus, all access ports have portfast turned on which denies any BPDUs received on port.
  Coming to your point, Yes uplinks will share BPDUs. If ur topology has redundant connections, then you are prone to loops if stp is turned off. However, if ur only concern is to limit the diameter of stp, prefer using "vlan allowed" comand on trunks for stp to limit to specific vlans & thus not flooding entire network.

• Flat Network & no Spanning tree?

  I have a large network with 8 2950 powered by 2821, with 30 vlans. The network has no loops or redundancy. Question 1 do I need to have spanning tree running and why?
  If not how do I disable it?

  I am sure you have heard the line "run the spanning-tree even when you do not have any loops in the network" and generally our recommendation is to leave it on which is default even if you have no redundancy but have etherchannels ( etherchannels with ON mode can cause transient spanning-tree loops ) .
  Traditionally the problem that people have had with spanning-tree has large convergence times ( of the order of 30 - 50 seconds ) and some one coming from SONET , optcal background ( the folks who are used to the convergence times of 50 msec ) dont genrally like that. So the bottom line is you can turn it off so long as you make sure you have absolutely no redundancy and no etherchannels.
  the command is as simple as
  no spanning-tree
  on all IOS based switches.
  Hope this helps.
  thanks
  Salman Z.

• View spanning tree configuraton for all the switches in ciscoworks

  Hi All,
  Is there any way I can see spanning tree configuration for all the switches we have on our networks in Ciscoworks.
  Waiting for your kind reply.
  Thanks in advance
  samir

  This can be done from within Campus Manager's Topology Services.  Open up the LAN Edge View map, and you should seesome switch clouds on the map.  If you drill into one of the clouds, you should see a Spanning Tree option in the right-hand tree.  If you expand this, you can visualize the spanning tree for MISTP or even for each VLAN.

• Spanning tree root ports in back to back VPC

  Ok so I have a question about back to back VPC configuration.
  I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
  However I am seeing an issue on the agg layer.  Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
  Po1 is my uplink from the agg
  Po4 is my vpc peerlink on the Agg
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  Eth2/6           Altn BLK 2000      128.262  P2p

  a little more info.
  Po1 is my uplink to the core
  Po4 is my agg vpc peer.
  I see 2 paths to root on one swith.  it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4099 (port-channel4)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.d2c1
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4096 (port-channel1)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.ce41
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po3              Desg FWD 200       128.4098 (vPC) P2p
  Po4              Desg FWD 330       128.4099 (vPC peer-link) Network P2p

• Why does the command "spanning-tree mst simulate pvst disable" exist

  That's all really. Why would you turn it off? What is the advantage. If you're not receiving PVST BPDUs, you don't need it, but why turn it off?

  When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
  OK, that's what it does, but why? the only effect it has is blocking your ports. 

• Spanning Tree and Admin mac address issues srw2048

  Ok, I have a somewhat complex problem and hopefully someone may shed some light or have an idea as to whats wrong.
  First the scenario:
  I have two Cisco Cat 6509's etherchanneled to each other via two fiber cables.  One of these is the STP/RSTP root.  I have two SRW2048's.. one trunked to each of these 6509 switches.  There is also a trunk between the SRW2048's.  All this is to create a redundant topology so that if one of the switches fail's the others can still forward packets to each other.  Of course the scenario described is in fact a loop that should be handled by STP/RSTP.  I have RSTP enabled on all the switches in the scenario (PV RSTP on the cisco switches as they only do Cisco's brand of per vlan spanning tree).  There are 3 vlan's configured on each of the srw2048's (2,55,96).  There are corresponding vlan's also on the 6509's.  I have put the srw2048's management interface into vlan 2.
  The problem:
  I need to forward packets between the srw2048's primarily and only use the 6509 that is not the root when a failure happens.  I have configured the non-root 6509's spanning tree cost on the etherchannel to be higher then the alternate path through the srw's to the root.  I can hook everything up and view the spanning tree and see that the srw2048's interface that goes to the non-root 6509 is blocked, and all other interfaces on the other switches are forwarding.  I can in fact ping and get to the admin interface on all the switches.  Then for some strange reason the admin interface of the srw2048 plugged into the non-root 6509 stops responding.  If I disable either the interface its plugged into on the 6509 or the other srw2048 everything starts working again.  Sometimes it responds after many failures for no apparent reason.  I looked into the mac-address table on the 6509's and they are conflicting, pointing to each other for the mac-address of the broken srw2048.  When I clear the mac-table the admin port comes back for about 5 seconds then again goes dark.  When reviewing mac-table on the 6509's they are back to pointing to each other.  The odd thing (although I haven't confirmed this completely) is that hosts placed into vlan 2 on that same srw2048 seem to work fine.  If there was an STP loop or something misconfigured, I would expect it to effect any host in vlan 2 or the other vlan's for that matter on the srw2048 that stops responding.  Alas, I am stuck because I need to manage this switch remotely.  My only thought is that for some reason even when the STP status is blocked the broken srw2048 is still sending out arp's of its admin interface and bypassing the STP protocol.  I have no way to confirm this, but maybe someone has an idea as to what I'm doing wrong, or otherwise offer a solution.  For now, I simply removed vlan 2 from the 6509 that the broken srw2048 is plugged into and everything seems fine.
  My apologies for such a long post, but this is somewhat complicated.  Thanks in advance for any info.
  -Geoff
  Message Edited by gmyers on 08-19-2008 10:35 PM

  To follow up, I had a ticket open with Linksys about this for about 3 months with no resolution.  I submitted packet captures, stp outputs, etc and no luck.  I gave up and basically had to revert to a manual failover for redundancy.  It's no perfect or fast, but it works every time.
  Unless linksys issues a firmware upgrade with this as a fix, I doubt we will be able to ever resolve this on our own.

• Disable Bridge Assurance breaks the vPC on NEXUS 5500?

  I`m trying to figure out a way to disable Bridge Assurance "spanning-tree port type normal" withowt breaking the vPC connection between two datacentres.
  Considering the diagram attached, I`m hoping to configure vPC 10 without any disruption.
  I was thinking on the following procedure:
  "shutdown" switchports for vPC 10 (on the left link)
  configure switches on the left of both domains with "spanning-tree port type normal"
  "no shutdown" switchports for vPC 10 (at this point one link will have BA enabled and the other will have BA disabled...is this a problem??)
  repeat process on the other 2 switches
  I realy need to be sure of a non-disruptive way to do this because, if vPC 10 breaks both firewall will be active at the same time and that`s not going to be pretty :)

  First Reload
  CORE-B# 2009 Mar  5 12:53:37 CORE-B %$ VDC-1 %$ %VPC-2-VPC_SUSP_ALL_VPC: Peer-link going down, suspending all vPCs on secondary
  2009 Mar  5 12:53:43 CORE-B %$ VDC-1 %$ %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 10, VPC peer keep-alive receive has failed
  Second Reload
  CORE-B# 2009 Mar  5 13:02:59 CORE-B %$ VDC-1 %$ %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 10, VPC peer keep-alive receive has failed
  I’m consoled in to CORE-B, ssh’d to CORE-A and reloading CORE-A (The primary). No changes at all between the two reloads.
  During the first one, it seems to lose the VPC peer link before it loses the keepalives, so it suspends all the VPC’s on B and I lose everything for a while.
  During the second one, it loses the peer keepalive first and all is good.

• Multiple Spanning Tree in a Hub and Spoke topology?

  My company is planning to implement Multiple Spanning tree into our hub and spoke topology. Is that possible?
  Should I divide up the vlans into instances based on assigned switch or assigned department?
  Thank You.

  hi, everyone,
  i have search a internet draft to describe this situation, "Using an LSA Options Bit to Prevent Looping in BGP/MPLS IP VPNs", from "http://www.ietf.org/internet-drafts/draft-ietf-ospf-2547-dnbit-03.txt"
  does anyone can tell me how can disable this function and clear the "DN" bit on a cisco router? thanks very much.

• Nexus spanning tree pseudo configuration

  Hi
  I am trying to understand the pseudo configuration commands in a Nexus hybrid topology.
  I have vlans a, b and c only in the vPC side of the topology.  I have peer switch configured and the same stp priority on both switches.
  In the standard Spaning-tree topology I have completely seperate vlans x, y and z.
  What should I be configuring in the pseudo config section ?  Do I define a pseudo root priority for all vlans a, b, c and x, y, z or just for the standard spanning tree vlans x, y and z.  I need to avoid and, even short, spanning tree outages if I take one Nexus out of service for a short time.
  My thinking is that if one Nexus is out of service the physical mac will be used and potentially reduce the root priority of the vPC vlans causing a TCN and STP recalculation in vlans a, b and c.  This can be avoided by configuring a pseudo root priority for all Vlans lower than the current spanning tree priority shared by the vPC peers.  Is this correct ?  However, since I have a shared priority of 8192 on current vPC vlans will configuring, for example, a pseudo root priority of 4096 on those vPC vlans won't this also cause the TCN and recalculation I am trying to avoid ?  Is the benefit of the pseudo root config only obtained if it is configured at the start when the vPC is formed and prior to the peer switch command being issued ?
  Thanks, Stuart.

  Hi Ajay,
  It is recommended that switch-to-switch links are configured with the spanning-tree port type normalcommand. The one exception is the vPC peer-link which is recommended to configure with the spanning-tree port type network command.
  Take a read of the Best Practices for Spanning Tree Protocol Interoperability from page 56 of the vPC Best Practice Design Guide for further information on this.
  Regards

• Spanning Tree Topology Changes notifications

  Hello All,
  I've configured RSTP in one of our branch divisions because we decided to add a backup wireless bridge in case one of our fibers gets cut out. Everything is working great , i am getting the desired result, however, i wanted to also syslog the trap msg when a topology change occurs and send it by email. The problem is, i cannot get the root switch to log such an event. 
  The root switch is a Catalyst 6509, i have tried every level of logging possible, to no avail. I know the trap msg is a notice so i have set my logging to informational, but no change.
  I know on c3560's and 3750 i can define to log spanning-tree events, and on my lab setup i do get the trap msgs to my syslog server and email.
  What am i missing?! How can i have my Root switch send me that syslog msg?
  I do appreciate your help
  Thanks in advance!

  Hi Sarbjit-2014 
  Thank you for your response, i dont get any traps msg's at all, doing a sh log on the catalyst will not show me those events.
  Below is the output of my sh log ,for obvious reasons i have masked the logging host
  Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes,
   0 overruns)
      Console logging: level debugging, 608 messages logged
      Monitor logging: level debugging, 23 messages logged
      Buffer logging: level debugging, 608 messages logged
      Exception Logging: size (4096 bytes)
      Count and timestamp logging messages: disabled
      Trap logging: level notifications, 649 message lines logged
          Logging to x.x.x.x, 560 message lines logged
  I also tried to enter the command spanning-tree logging, but it doesnt seem to be available
  Thanks