Spanning Tree Config Question

What is the difference between using the following 2 command to gaurentee a certain switch as the root switch? Can I use either one? Is one way more beneficial than the other?
1) spanning-tree vlan 2 priority 8192
2) spanning-tree vlan 2 root primary

There is more to the "root primary" command that just setting the priority. The root command is in fact a macro that configures the priority but also the spanning-tree timers (by macro I mean that this command is in fact expanded into several different configuration lines, one of them being the stp priority. The macro is not showing up in the configuration). This is particularly interesting if you want to adjust your timers based on the diameter of your network in PVST mode.
If it's just a matter of configuring the root bridge, I don't really get the point of using this macro. Configuring a bridge as root can be done in a trivial way with the priority command.
Personally, I don't like the switch to pick up a priority for me and I prefer choosing the value myself with the priority command. At least, I know what is happening... but that's a matter of taste at that stage.
Just be aware that if you use the "root primary" command, you will have your timers also set to their default values.
Regards,
Francois

Similar Messages

  • Spanning-Tree config for a looped cable LAN

    Hi,
    Hopoing someone could help clarify if the below config could work,  or if it is just a no no.
    I am dealing with 2 DC's operating with a stretcheld LAN configuration using plain dot1q. 
    We have a 1GB LAN link between the 2 of them and an older 100MB LAN link.
    Can this configuration work:
    DC1-CORE-1 - 1GB LAN Link - DC2-CORE-1
    DC1-CORE-1 - 1GB - DC1-CORE-2
    DC1-CORE2 - 100MB LAN Link - DC2-CORE2
    DC2-CORE1 - 1GB - DC2-CORE2
    It truly is a looped LAN configuration but we want to the 100MB to just act as a secondary path in the event a 1GB goes down.
    Let me know your thoughts.
    Thanks

    David
    I'm sure you haven't so please don't take offence but the ports don't have portfast on them do they ?
    Also, have you changed any port costs or have you left them at the default ?
    STP should block on one of the 100Mbps ports. Which one depends on which switch is the root bridge for the vlans.
    Are these trunk links or access port links. If trunks can you confirm the native vlan is the same on both ends of the trunk ? Even if they are not it should not cause a loop as STP shoul shut one of the ports down but worth checking.
    What was the sequence of events ie. the minute you brought the interfaces up did it crash the network or was it up and running for a while ?
    Which version of STP are you running ?
    I appreciate it is difficult with it disconnected but to the best of your knowledge is the 100Mbps link working properly in terms of bidirectional traffic ?
    It's difficult to be more precise because as you say any STP outputs now wouid not be that helpful.
    Jon

  • Spanning Tree MST per Vlan, best practice

    Hi Community.
    I did the following MST Spanning Tree Config
    spanning-tree mst configuration
      name xxxxxxx
      revision1
      instance 1 vlan 1, 10-20, 25, 30
    So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
    I see lots of MAC Flaps on ports with two Server links and the outage is for some seconds.
    Is it a better practice to add all possible Vlans to the config. So I do the config like that:
      instance 1 vlan 1-4096
    What you think.
    Best Regards patrick

    Hi,
    So I added every Vlan to the config which we use. But every time when I add one more vlan to the config the whole network get a little outage.
    Correct, that is normal behavior with MST.
    I would just add "instance 1 vlan 1-4094" this way there is no outage when you bring up a new vlan.
    HTH

  • Do I configure spanning-tree port type ed trunk on LACP port-channels

    Hello,
    Can't seem to see a clear answer and wondering if something could offer some advice please?
    We are using LACP aggregation across all our 10 gig attached servers and also trunking them.  We're running a VPC pair of 5596 Nexus.
    For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
    However I think I should be adding this to the overiding port-channel config.  At present a colleague has configured the VPC below omitting the spanning-tree port type config.
    interface port-channel100
      description a-server
      switchport mode trunk
      switchport trunk allowed vlan 100
      vpc 100
    The port member configs are these which do contain the spanning tree port type:
    interface Ethernet1/1
      description a-server(1)
      switchport mode trunk
      switchport trunk allowed vlan 100
      spanning-tree port type edge trunk
      channel-group 100 mode active
    I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
    However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
    However I have this issue with STP:
    Switch1# show spanning-tree interface po100
    Vlan             Role Sts Cost      Prio.Nbr Type
    VLAN0100         Desg BKN*200       128.4996 (vPC) Network P2p *BA_Inc
    Is this due to the inconsistency with my port channel to member configs?
    Any advice would be gratefully accepted.
    Thanks!

    Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
    There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
    Evren

  • Rapid Spanning Tree Question

    All,
    I have a question about Rapid Spanning Tree reconfiguration. I have to following situation:
    As you can see 3 switches with RSTP, and 2 switches without RSTP (or any other spanning tree, just unmanaged).
    The 2 switch will form a loop in my network. Switch 1 will block one of the ports and the other port will forward the traffic.
    If I break the link "Just Forwarding", my second switch won't be able to cumminucate for around 40 seconds. It will take some time before the backup link will be up again.
    Cisco has the Fastforwarding  mechanism. Will this help in this situation? I would like to shorten the 40 seconds time.
    Thans in advance.

    I'd guess the unmanaged devices run legacy spanning tree, and rapid
    pvst switches will run rapid according the "heard" protocol. So if it hears
    the legacy bpdu, it will run regular spanning tree, hence the 40 second delay.
    chris

  • Spanning tree question

    I want to change the spanning tree root on several vlans on my network. My question is, will this cause STP to recalculate for the entire network, which can cause the network to slow down or will it only affect the vlans that I am changing? I want to make sure I am not going to impact anything on the network.

    When executed properly, this will only affect the vlans that you wish to change. Use the folllowing command to change spanning tree prio on a vlan:
    spanning-tree vlan xx priority 4096 (or a multiple of 4096 for less priority)
    Be aware that there is always a risk of unexpected disruptions when you do this. The vlans that you change may still carry user traffic altough there are no users on it. If your topology and traffic flow are not exactly as you assume they are, more vlans may be affected. It is therefore not advisable to alter this setting during peak-hours.
    Regards,
    Leo

  • Switching Best Practice - Spanning Tree andEtherchannel

    Dear All,
    Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
    1. Manually configure STP Root Bridge.
    2. On end ports, enable portfast and bpduguard.
    3. On ports connecting to other switches enable root guard.
    In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
    Thank You,
    Abhisar.

    Hi Abhisar,
    Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
    On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
    Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
    Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
    If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
    My $0.02...
    Best regards,
    Peter

  • Cisco Switches and HP Interoperability with Spanning-Tree (RSTP)

    Hello All.
    I read a lot of information from this forum about Spaning-Tree interoperability between HP Switches and Cisco Switches.
    Rather than having questions I would like to post that I manage to configure successfully HP and Cisco using RSTP (802.1w).
    SWPADRAO]display stp root
    MSTID  Root Bridge ID        ExtPathCost IntPathCost Root Port
      0    32768.cc3e-5f3a-2939  0           0
    [SWPADRAO]display stp brief
    MSTID      Port                         Role  STP State     Protection
      0        GigabitEthernet1/0/47        DESI  FORWARDING    NONE
      0        GigabitEthernet1/0/48        DESI  FORWARDING    NONE
    [SWPADRAO]display stp instance 0
    -------[CIST Global Info][Mode RSTP]-------
    CIST Bridge         :32768.cc3e-5f3a-2939
    Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
    CIST Root/ERPC      :32768.cc3e-5f3a-2939 / 0
    CIST RegRoot/IRPC   :32768.cc3e-5f3a-2939 / 0
    CIST RootPortId     :0.0
    BPDU-Protection     :enabled
    Bridge Config-
    Digest-Snooping     :disabled
    TC or TCN received  :17
    Time since last TC  :0 days 0h:1m:52s
    SWNHAM17#show spanning-tree VLAN0001
     Spanning tree enabled protocol rstp
     Root ID    Priority    32768
                Address     cc3e.5f3a.2939
                Cost        4
                Port        26 (GigabitEthernet0/2)
                Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
                Address     001b.54db.7200
                Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
                Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
    Gi0/1            Altn BLK 4         128.25   P2p
    Gi0/2            Root FWD 4         128.26   P2p
    SWNHAM18#show spanning-tree VLAN0001
     Spanning tree enabled protocol rstp
     Root ID    Priority    32768
                Address     cc3e.5f3a.2939
                Cost        4
                Port        26 (GigabitEthernet0/2)
                Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
                Address     001b.0cbc.4300
                Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
                Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
    Gi0/1            Desg FWD 4         128.25   P2p
    Gi0/2            Root FWD 4         128.26   P2p

    Hello, David.
    Your command doesn't work because it's made only for tha ports that has command "spanning-tree portfast" in them. Try change spanning tree mode at the HP switch to MSTP if this is possible.

  • ISE - 802.1X - Loop not detected by spanning-tree

    Hello,
    I have recently implemented the 802.1X on switchs 3750-X running 15.0(2)SE IOS version.
    The spanning-tree bpdufilter and bpduguard are globally enabled on the switchs.
    A user has created a loop on the network by connecting its Cisco IP-Phone twice on the network : one wire connected normally from switch to the RJ-45 phone connector and the second wire that should be connected to the PC had also been connected to the switch !
    The loop created has not been detected by the switch !
    I have made several tests and re-created the problem 3 times on 4 (only one time, the loop has been detected by bpduguard  20 seconds after the port up).
    Notice that without 802.1X configured on the same switch port, the loop is quickly detected and ports are err-disabled shutdown.
    Switch port with 802.1X is following :
    interface GigabitEthernet1/0/9
    switchport access vlan 950
    switchport mode access
    switchport nonegotiate
    switchport voice vlan 955
    no logging event link-status
    authentication control-direction in
    authentication event fail action next-method
    authentication event server dead action reinitialize vlan 950
    authentication event server dead action authorize voice
    authentication event server alive action reinitialize
    authentication host-mode multi-auth
    authentication order dot1x mab
    authentication priority dot1x mab
    authentication port-control auto
    authentication periodic
    authentication timer reauthenticate server
    mab
    dot1x pae authenticator
    dot1x timeout tx-period 10
    storm-control broadcast level 10.00
    storm-control multicast level 10.00
    spanning-tree portfast
    If I change the host-mode to multi-domain, a MAC violation restriction occurs and shutdown the port. But this is not the config I need.
    Is there any reason for spanning-tree not works properly with 802.1X ?
    Thanks,
    Olivier

    Hello Olivier
    When using bpdufilter, bpduguard and portfast all at the same time there are many things going on which are not well documented. Now when you add 802.1x to the mix then you really have no documentation. I had to do many labs on my own to finally have my configuration, and also discovered some bugs. According to my experience you shouldn't use bpdufilter and you should use bpduguard on the switchport not in the global config.
    Please read the following links about the differences between global and port bpdufilter, differences between global and port bpduguard, configuring bpduguard along with portfast , configuring bpdufilter along with portfast, and configuring bpduguard along with bpdufilter.
    http://aitaseller.wordpress.com/2010/01/17/bpdu-filter-vs-bpdu-guard-what-is-the-difference/
    http://costiser.wordpress.com/2011/05/23/subtle-difference-for-portfast-bpdufilter-used-together-globally-or-at-interface-level/
    https://learningnetwork.cisco.com/thread/21103
    http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/
    Please rate if this helps

  • "Peer-switch" command on vPC domain and spanning-tree priority interaction

    Hi guy,
    We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
    I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
    However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
    Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
    >>sh spanning-tree vlan 10 detail
    Port 65 (Port-channel1) of VLAN10 is root forwarding
    Port path cost 3, Port priority 128, Port Identifier 128.65.
    Designated root has priority 4106, address 0013.05ee.bac8
    Designated bridge has priority 4106, address 0013.05ee.bac8
    Designated port id is 144.2999, designated path cost 0
    Timers: message age 15, forward delay 0, hold 0
    Number of transitions to forwarding state: 1
    Link type is point-to-point by default
    BPDU: sent 5, received 603
    one sec later.
    >>sh spanning-tree vlan 10 detail
    Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
    Configuration:
    N7KA
    spanning-tree vlan 1-10 priority 4096
    vpc domain 200
    peer-switch
    N7KB
    spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
    vpc domain 200
    peer-switch

    We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
    The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

  • Setting up ML cards in 454 so that Spanning Tree one side blocks

    Currently we have two ML 1000 cards in our Main ONS 454. We have spanning tree set up on a 3560G switch that brings the IP portion of the SONET to all the other 310's in our network. Now when I do a sh spanning tree on the both ports on the switch that go up to ports 1 on the ML 1000 cards it shows me that both are in forwarding mode. How do I set this up so that one of the is blocking?
    Thanks

    Hi,
    if you remove "encryption mode ciphers aes-ccm tkip" from the radio interface does it help?
    it should remain like this:
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 1 mode ciphers aes-ccm tkip
    ssid WLAN_Corporate
    ssid WLAN_HartKitGuest
    HTH,
    Tiago
    If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

  • Nexus spanning tree pseudo configuration

    Hi
    I am trying to understand the pseudo configuration commands in a Nexus hybrid topology.
    I have vlans a, b and c only in the vPC side of the topology.  I have peer switch configured and the same stp priority on both switches.
    In the standard Spaning-tree topology I have completely seperate vlans x, y and z.
    What should I be configuring in the pseudo config section ?  Do I define a pseudo root priority for all vlans a, b, c and x, y, z or just for the standard spanning tree vlans x, y and z.  I need to avoid and, even short, spanning tree outages if I take one Nexus out of service for a short time.
    My thinking is that if one Nexus is out of service the physical mac will be used and potentially reduce the root priority of the vPC vlans causing a TCN and STP recalculation in vlans a, b and c.  This can be avoided by configuring a pseudo root priority for all Vlans lower than the current spanning tree priority shared by the vPC peers.  Is this correct ?  However, since I have a shared priority of 8192 on current vPC vlans will configuring, for example, a pseudo root priority of 4096 on those vPC vlans won't this also cause the TCN and recalculation I am trying to avoid ?  Is the benefit of the pseudo root config only obtained if it is configured at the start when the vPC is formed and prior to the peer switch command being issued ?
    Thanks, Stuart.

    Hi Ajay,
    It is recommended that switch-to-switch links are configured with the spanning-tree port type normalcommand. The one exception is the vPC peer-link which is recommended to configure with the spanning-tree port type network command.
    Take a read of the Best Practices for Spanning Tree Protocol Interoperability from page 56 of the vPC Best Practice Design Guide for further information on this.
    Regards

  • Spanning tree for VLANS

    Hi,
    I need an answer to this puzzling scenerio i have been asked to work with.I have two vlans with about 10 switches on each end and there is a link switch that has a connection to both sides of the VLAN. I have been asked to create a singular spanning tree for the entire scenerio. how can i go about this.
    please i am awaiting the opinions of anyone knowledgable in this line. thanks.

    Hi, I agree you can config MST on your router to reduce the number of spanning tree instances runing on the switch from one per vlan. You will have to map your vlan range to the MST, useful CLI commands are
    spanning-tree mode mst
    spanning-tree mst configuration
    name (name)
    revision( revision number)
    instance (number) vlan (vlan range)
    check your config using
    show spanning-tree mst configuration.
    Hope thsi will hlep you get started.
    DW

  • Spanning tree - balanced without use vlan ?

    Hi, i´m sorry if this is a classic question.
     i have implemented rapid pvst like show in the image. The dotted lines are the alternative links. (image 1)
    SwitchA# spanning-tree vlan 1 root primary
    SwitchB# spanning-tree vlan 1 root secondary
    I want to make a kind of balancing like image 2. But the problem is that i have vlan 100 (and other vlans) in side A and Side B.
      So, if i make 
    SwitchB: spanning-tree vlan 100 root primary
    SwitchA: spanning-tree vlan 100 root secondary
      The SwB it change to primary for vlan 100. 
      But i want to the switchB be the primary for side A and secondary for side A. No matter the vlan. Is possible?
    Thanks a lot!
    IMAGE 1
    IMAGE 2
    PS: Later i will implement HSRP.

      Hi, i know that is possible, but doing this the result is unbalanced for mi network. For example vlan 20 reside in all switches and vlan 21 reside in only one switch. 
      i want to the switchA be the primary for side A and secondary for side B. No matter the vlan. Like image 2.
      I hope to be clear.
    Thanks.

  • Rapid spanning tree / portfast

    hello together,
    i have a question about rapid spanning tree.
    If I enable per vlan rapid spanning tree do i have to configure portfast on the access ports or is this nativly done in rstp?
    best regards
    lars

    Hi Lars,
    In RSTP, the access ports are known as "edge" ports. To configure a port as an "edge port" you use the same command to enable portfast to do this.
    "Edge ports—If you configure a port as an edge port on an RSTP switch by using the spanning-tree portfast interface configuration command, the edge port immediately transitions to the forwarding state. An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station."
    http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swmstp.htm
    HTH,
    Bobby
    *Please rate helpful posts.

Maybe you are looking for

  • Macbook Air running extremely slow

    I purchased my Macbook Air roughly 15 months ago and it's performance has constantly been impressive since I purchased it - until roughly a fortnight ago. I came home from work one afternoon and it was running at a snails pace. I had recently upgrade

  • Best Practice for VPC Domain failover with One M2 per N7K switch and 2 sups

    I Have been testing some failover scenarios with 4 nexus 7000 switches with an M2 and an F2 card in each. Each Nexus has two supervisor modules. I have 3 VDC's Admin, F2 and M2 all ports in the M2 are in the M2 VDC and all ports on the F2 are in the

  • In Flex Mobile Release Build arguments.callee cause crash

    This is my code in a simpler way: In my main MXML: private var applicationData:AppData = AppData.getInstance(); My AppData Class package {     public class AppData {         private static var instance:AppData;         public function AppData(caller:

  • Captivate File Sizing

    Has anyone run into this one? I make an exact copy of a Captivate project file in My Documents. Both file sizes are the same. I open the copy in Captivate and delete three slides. I also go into the library and delete unused objects. I save the proje

  • Can't open Captivate 6

    I cannot get my Captivate 6 to load/open on my computer any more.  It just stalls out and I have to use the tast manager to get out of it.  This program was previously working.  Can anyone help?  Attempts have been made to uninstall and reinstall the