Spanning Tree MST per Vlan, best practice

Similar Messages

• Spanning-Tree MST

  Hi,
  we have the following configuration on our switches
  spanning-tree mode mst
  spanning-tree extend system-id
  spanning-tree mst configuration
   name test
  spanning-tree mst forward-time 4
  when we have a failover convergence time was about 8-10 seconds outage is there anything on the above config that suggest's this could be causing the delay? i thought MST was fast convergence times?
  Thanks

  i will try and you this later on. Not sure it was already in place what are the difference's between them both i thought MST can have multiple vlans per region so better design. Is RSTP not the same as PVST? not done much spanning tree as of yet. so not had chance to look at the differences?
  Thanks

• Why does the command "spanning-tree mst simulate pvst disable" exist

  That's all really. Why would you turn it off? What is the advantage. If you're not receiving PVST BPDUs, you don't need it, but why turn it off?

  When you use the spanning-tree mst simulate pvst disable command, specified MST interfaces that receive a Rapid PVST+ (SSTP) bridge protocol data unit (BPDU) move into the STP blocking state. Those interfaces remain in the inconsistent state until the port stops receiving Rapid PVST+ BPDUs, and then the port resumes the normal STP transition process.
  OK, that's what it does, but why? the only effect it has is blocking your ports. 

• VLAN spanning-tree root and VLAN L3 SVI

  I have a traditional core/access switches connected, Catalyst 4506 with 802.1Q uplink trunks to two core 6504-E switches. Spanning-tree roots for VLAN's were on core switch with the active HSRP/SVI. Shutdown HSRP/SVI on the cores and moved the SVI to the L3 access switches, but we left the spanning-tree root on the cores... Is this causing the clients/ports in the VLAN on the access switches to do a double/triple hop over the uplink for ingress/egress?  Gig1/1 is the trunkport/uplink to the core, wanted to move L3 functions to the access switch to reduce spanning VLANs across the core network.              
  Current configuration : 253 bytes
  interface Vlan196
  description Tower I - 8th Floor VLAN
  ip address 10.200.196.1 255.255.255.0
  ip access-group 115 in
  ip helper-address 164.103.160.150
  ip helper-address 172.20.135.201
  no ip redirects
  no ip unreachables
  ip pim sparse-mode
  end
  I0504506A8#sh spann          
  I0504506A8#sh spanning-tree vlan 196
  VLAN0196
    Spanning tree enabled protocol ieee
    Root ID    Priority    196
               Address     6400.f1ee.c140
               Cost        4
               Port        1 (GigabitEthernet1/1)
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    49348  (priority 49152 sys-id-ext 196)
               Address     0015.f960.9ac0
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time 300
  Interface        Role Sts Cost      Prio.Nbr Type
  Gi1/1            Root FWD 4         128.1    P2p
  Gi1/2            Altn BLK 4         128.2    P2p

  Hi Tojackson, I guess this depends on how stuff is interconnecting. It's obvious gi1/1 is forwarding and gi1/2 is blocking. So from the furthest access switch, what path must it take to reach gi1/1? That is the number of hops involved for normal traffic.
  Now, if you're concerned about a specific VLAN and you need gi1/2 forwarding to reduce travel time for other traffic, you may employ RPVST to have that specific VLAN and cost to go to gi1/2.
  In some part of the network I support we have a pair of Cisco 7606 which feeds in to a 4507R and off the 4507R we have a ring of 2955 with even 10-12 L2 switches on the ring. The consequence of multiple layer 2 hops is not of much concern and our spanning tree stops with the 4507 since we're not concerned about broadcast storm on the routed interfaces on the 7600.
  -Tom
  Please mark answered for helpful posts

• Vlan best practice?

  Hello
  I have two 3560's that I have to monitor but wont physically be on my network. I vlan'd these switches so that one port would be seperated strictly so I could uplink them with my physical network for SMTP and monitoring.
  My question is what port settings are best for this one port that goes back to my network? I would assume that technically being a trunk the port should be switchport mode trunk? and not access.
  Funny thing is that when I set it as trunk and plug it in i see a topo change propogate out. Whereas when its set for switchport mode access I do not. STP is running in PVST
  port stats are as follows
  switchport access vlan 2
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast
  i'm confused as to why this mode would cause the topo changes.
  thanks
  Eric

  Hi,
  you have configured a port to access vlan2. Also the same port as trunk port.
  Note:Trunk ports are supposed to carry all VLans but not a single vlan.
  If you using only a single vlan means trunk port can be used to connect between a switch & a router. In that case you can use switch's uplink port as the trunk port.
  eg: int faeth 0/24
  switchport trunk encapsulation dot1q
  switchport mode trunk
  spanning-tree portfast
  Also in router the same:
  #encapsulation dot1q
  Portfast: If a port with portfast enabled means you should connect a device into it eg:switch/router/bridge but not a system becoz port with portfast enabled will make the port to comeup immediately even if goesdown ie., it skips the initial/listen state during the process and directly comes to forwarding state.
  If a system is connected to a port with portfast enabled means STP loop may form and network congestion may occur.
  Hope this will help you a lot!!!!
  Plz rate if this help you!!!!
  Regards,
  Guru Prasad.R

• VLAN Best Practices

  We've just upgraded our wireless infrastructure and streamlined our SSIDs from five (5) to three (3) - Corporate, Guest and Voice. In regards to VLANs, should all Coporate devices (Notebooks, Tablets, Smartphones) be included in one (1) VLAN or should we create three (3) separate VLANs one per device type. What are the best practices? My concern with having one VLAN with all Corporate devices is the amount of devices in the same VLAN and the impact of having Tablets (iPads, Androids) and Smartphones on the same VLAN in terms of network traffic (broadcast, bonjour, etc...) Any comments or suggestion would be greatly appreciated.

  Thanks for the quick reply Stephen! This is somewhat how we have our environment setup. We have an 802.1x SSID and depending on your AD credentials and device type you're dynamically pushed to a VLAN. What I'm questioning are how many VLANS I should have. We are a Community College and have corporate or college own notebooks, tablets and smartphone and we also have student own notebooks, tablets and smartphones. Not sure if I should create 6 VLANs and then apply ACL base on the VLAN or is this overkill. Or have 3 VLANs one per device type, therefore corporate and student notebooks would be in the same VLAN and the corporate and student tablets would be in the same VLAN and finally corporate and student smartphones would be in the same VLAN and then use dACL to differentiate access. Or finally, create two VLANS, one for corporate devices and one for students devices and again use dACL to differentiate access. Not sure what are the pros and cons are for these different scenarios.
  Sent from Cisco Technical Support iPhone App

• Voice VLANs - Best practices

  Hello --
  We're starting an IPT project that will involve multiple access VLANs for different organizational groups. That said, should we also create multiple voice VLANs per group/building or will one flat VLAN work for voice? The backbone is GigE, so we aren't too concerned about bandwidth.
  What are the pros and cons, and best practices that the community has seen?
  Please let me know.
  Thanks,
  OOU

  I have some documents explaining about understanding and configuring voice vlans. I believe these documents will be helpful for you.
  http://www.cisco.com/en/US/products/hw/switches/ps5213/products_configuration_guide_chapter09186a00801ce02c.html
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801cde84.html
  http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf35.html

• VLAN Best Practice For IT Computers

  In an environment with basic VLANs (Servers, network infrastructure, workstations, IoT devices, wireless), is it commonly perceived as better to place IT workstations (around 6 or so) in their own VLAN?
  I suppose I am debating whether to create access control rules for a single IT VLAN or to stick them elsewhere and possibly have to create the same rules for each separate machine if the VLAN they're in does not share the same rules.  Initially all our VLANs will be without access control rules but will be dialed down incrementally, with testing.  Maybe that doesn't make sense...
  Where do others find IT workstations fit best, in their own VLAN or tucked away elsewhere (and with what)?
  This topic first appeared in the Spiceworks Community

  Whether you have multiple sites or not, it's good practice to put your APs in a separate and dedicated VLAN. 
  If your sites are routed sites, then you can re-use the same VLAN numbers but make sure they are on separate subnets and/or VRF instance.

• Spanning tree for VLANS

  Hi,
  I need an answer to this puzzling scenerio i have been asked to work with.I have two vlans with about 10 switches on each end and there is a link switch that has a connection to both sides of the VLAN. I have been asked to create a singular spanning tree for the entire scenerio. how can i go about this.
  please i am awaiting the opinions of anyone knowledgable in this line. thanks.

  Hi, I agree you can config MST on your router to reduce the number of spanning tree instances runing on the switch from one per vlan. You will have to map your vlan range to the MST, useful CLI commands are
  spanning-tree mode mst
  spanning-tree mst configuration
  name (name)
  revision( revision number)
  instance (number) vlan (vlan range)
  check your config using
  show spanning-tree mst configuration.
  Hope thsi will hlep you get started.
  DW

• Best practices for 1000v CTRL/PKT/MGT VLANs

  We are getting ready to start testing the 1000v in a lab environment, but have a question about VLAN best practices. In the current Cisco 1000v guides it indicates the control/packet/management interfaces should all be on the same VLAN. But elsewhere I've seen references to each network type getting its own VLAN. Given the latest release of the 1000v VSM/VEM, what is the real world best pracices for these three interfaces? Would you typically put all three on the same management VLAN used for physical switches?

  You can safely put them on the same vlan. The call to put them on different vlans was in the initial 1.1 release. We changed that view with the 1.2 release and fully support and recommend putting them all on the same vlan. The only requirement now is that we need no more than 100ms latency on the control network.
  louis

• Sg-300 - 3750 stack with SPANNING-TREE root problem.

  Morning. I think ive configured a few hundred switches, maybe a thousand in my time, but never have a faced such horribleness that is the SG-300. After this week, I think ill refuse to touch them.
  Got 2 voice vlans and running a few vrf's on a 3750 stack. but this discussion is about layer 2.
  2 x 3750 stacked
  1 x voice switch sg-300 company A voice vlan 18 - Po1 up to 3750 distributed etherchannel Po1 (LACP active both sides) 2 ports in channel
  1 x voice switch sg-300 company B voice vlan 19 - Po1 up to 3750 distributed etherchannel Po2 (LACP active both sides) 2 ports in channel
  Allowed vlans on both sides (command on Port-channel) are data A, Voice A, Mgt A to switch A
  Allowed vlans on both sides (command on Port-channel) are data B, Voice B, Mgt B to switch B
  It seems that these switches are limited to one voice vlan....
  and that spanning tree BPDU's are ignored (or not recevied- havnt released the shark yet).  let me explain.
  originally when using "smart port" the switch with the lowest mac address, whatever Voice vlan was configured would take over the other switche's voice vlan, argh what a nightmare.
  I gave up on the GUI as its far to complcated and have Almost got this working.
  I am now using auto voice vlan, but have disabled smart macro. I hope that disabling smart macro stop other switches from learning the switch with the lowest mac address's voice vlan.  So far so good - in the LAB. No where was it documented in the cli guide how do disable this stupid feature.
  DHCP is working from scope on core, can mange the switches etc etc, access vlan voice vlan all good (after a monster battle).
  Now I have an issue with spanning tree.
  spanning tree priority for vlans 1-4094 on the 3750 is 4096.
  spanning tree priority for vlans 1-4094 on the SG-300's is 6xxxx.
  ALL switches think that they are the root. (well the "logical" 3 of them) The 3750's for all vlans, and the SG-300 for the one instance as it doesnt support per vlan.  (I am not interested in trying MST here..this is not a datacentre)
  On the 3750's Ive tried ieee, pvst, rpvst, while matching the non per-vlan equivalent on the SG series.
  What is the difference between a General port and Trunk Port on a SG-300 specific to spanning tree, native vlans (when you can just configure an untagged vlan anyway!!) and what is the relevance to the way the bpdu's are carried?
  And why the need for a PVID, when you can tell a port what is tagged and what isnt.
  Does the trunk need Vlan1 to be explicitly allowed, and untagged? Does the Po trunk need to be a general port with PVID configured? in vlan 1?
  I need to sort this, as cannot put an access switch into production that thinks it is the root of the tree.  I wish I had a 2960.... a 3500XL..anything
  Does anyone have CLI commands that can help here?

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Mono spanning-tree and PVST

  Refering to these two links
  http://www.cisco.com/en/US/tech/tk389/tk390/technologies_tech_note09186a0080094665.shtml
  http://www.experts-exchange.com/Hardware/Routers/Q_21349385.html
  IEEE 802.1Q defines a single instance of spanning tree running on the native VLAN for all the VLANs in the network which is called Mono Spanning Tree (MST). This lacks the flexibility and load balancing capability of PVST available with ISL. However, PVST+ offers the capability to retain multiple Spanning Tree topologies with 802.1Q trunking.
  IEEE 802.1Q defines a single instance of spanning tree running on the native VLAN for all the VLANs in the network which is called Mono Spanning Tree (MST). This lacks the flexibility and load balancing capability of PVST available with ISL. However, PVST+ offers the capability to retain multiple Spanning Tree topologies with 802.1Q trunking.
  http://networking.ringofsaturn.com/Certifications/BCMSN.php
  Per-VLAN Spanning Tree (PVST) ? A Cisco proprietary method of connecting through 802.1Q VLAN trunks, the switches maintain one instance of the spanning tree for each VLAN allowed on the trunk, versus non-Cisco 802.1Q switches which maintain one instance for ALL VLANs. This is the default STP used on ISL trunks.
  http://www.informit.com/content/images/1587051427/samplechapter/1587051427content.pdf
  The 802.1Q standard defines one unique Spanning Tree instance to be used by all VLANs in the network. STP runs on the Native VLAN so that it can communicate with both 802.1Q and non-802.1Q compatible switches. This single instance of STP is often referred to as 802.1Q Mono Spanning Tree or Common Spanning Tree (CST). A single spanning tree
  lacks flexibility in how the links are used in the network topology. Cisco implements a protocol known as Per-VLAN Spanning Tree Plus (PVST+) that is compatible with 802.1Q CST but allows a separate spanning tree to be constructed for each VLAN. There is only one active path for each spanning tree; however, in a Cisco network, the active path can be
  I could not get exactly what these Terminology (PVST, instance, PVST+, MST, etc) trying to achieve ?
  Any URL and online resource help me to do some extar reading to clarify these terminology

  Hi,
  The URLs that you have provided all explains the same technical details in different fashion.
  I will summarise them here for better clarity.
  There are two separate technologies that needs clarity.
  1) Method of Trunking many vlans across a link
  2) Spanning tree
  Now for point 1, we have the IEEE standard 802.1q, which mentions how multiple vlans can be carried across a link. As per this standard a 4 byte tag will be inserted in the ethernet packet, ( inserted between the Destination mac address field and the ethertype field)
  This tag will contain the vlan identifier info and some other details ( available in the urls that you have highlighted)
  Cisco has a proprietary technology called ISL which effectively does the same job in a different fashion but can only be used in cisco devices.
  Now for point 2, again we have IEEE standards like 802.1d ( common/mono spanning tree), 802.1w/RSTP ( Rapid spanning tree) and 802.1s/MSTP.
  In 802.1d, there will be only one spanning tree process/instance running for the whole network, irrespective of how many vlans are involved in the network. Hence the whole network is treated as one common domain by the STP protocol.
  So, there can be only one root bridge in the network and other bridges will intelligently block the redundant links, we wont have much control to effectively utilise the redundant links.
  IEEE 802.1w/RSTP also works in the same fashion, but the convergence time is very fast in this protocol.
  Here also there is only one spanning tree instance involved.
  In both the above STP protocols, there is only one instance/process of the protocol running in the network, which is common for all vlans. Hence these protocols consume only very less CPU utilisation.
  In 802.1s/ MSTP ( multiple spanning tree), extends the 802.1w Rapid Spanning Tree Protocol (RSTP) to have multiple STP instances. In this protocol, we can group the desired vlans in to one Instance of the protocol.
  Say for example, lets assume a typical campus network with multiple access switches, 2 distribution/core switches.
  Access switches having dual connectivity to the distribution/core switches.
  In this topology if we deploy 802.1d or 802.1w, the redundant links from the access switches to the distribution/core switches will be blocked. Only one uplink from the access switch to the distribution layer will be working at any point.
  In this network, only one distribution/core switch will be root bridge for the entire network.
  But if we deploy 802.1s for this network, we can design it as follows.
  We can split the vlans in to two groups,
  Group1 => vlan 1 to 50
  Group2 => vlan 51 to 100
  We can create two instance of MSTP protocol with the following mappings
  Instance 1 => for Group 1, with one distribution/core switch as the root bridge
  Instance 2 => for Group 2, with another distribution switch as the root bridge
  --Continued

• Spaning Tree MST P2p Dispute

  hi
  i have a pair of C3750X running IOS 15.2(1)E
  they are connected over througt a WAN (Layer2 VPLS 802.1Q) connection.
  the port on the Root Bridge is in a block state because there is a P2p Dispute. anyone got a clue to why this i happening
  below is the port configuration, spanning tree configuration i have attached debug output from the Root Switch
  Root Switch
  spanning-tree mode mst
  spanning-tree logging
  spanning-tree extend system-id
  spanning-tree mst 0 priority 4096
  interface GigabitEthernet1/0/1
   description ** xxxxxxx **
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 276-281
   switchport mode trunk
   storm-control broadcast level 2.00
  2nd switch
  spanning-tree mode mst
  spanning-tree logging
  spanning-tree extend system-id
  spanning-tree mst 0 priority 28672
  interface GigabitEthernet1/0/1
   description ** xxxxx **
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 276-281
   switchport mode trunk

  Hi,
  The problem can be caused by  STP or EtherChannel misconfiguration, or by an uni-directional link.
  1- You can check the bi-directional functionality of the link or MST configuration? 
  2- if you configured  "vlan dot1q tag native" , remove it.
  Houtan

• Best Practice for Tranport request Naming

  Hi,
  We are using SolMan 4.0 during implementation of ECC 6.0.
  We have placed the blueprint and we are in configuration phase.
  We have a IMG project created in the DEV system and was assinged in Solution Manager project under  System Landscape->IMG Projects.
  Now that consultants are going to dev system and customizing they are creating their transport requests.
  Is there any best practice for the naming convention or the transport requests..
  By creating one IMG project for entire implementation is that going to create any problem..!!
  Please sgugest.
  Thanks & Regards
  Mrutyunjay

  As per MSFT best practices(Mentioned by Scott) keep it short as much as possible. You can use SP for SharePoint-SUBSite
  also check this blog for best practices.
  http://www.networkworld.com/community/blog/simple-naming-conventions-improve-end-user-experience-sharepoint-sites
  also one more thing you should consider, never use the reserved words into the SharePoint URLs. you will able to create the site/lis/library/folder but when you browse get the 404 errors.
  check this blog:
  http://www.sharepointblog.cz/2012/04/reserved-words-in-sharepoint-url.html
  http://techtrainingnotes.blogspot.com/2012/03/names-you-cant-use-for-sharepoint.html
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Best Practice on Creating Queries in Production

  We are a fairly new BI installation. I'm interested in the approach other installations take to creation of queries in the production environment. Is it standard to create most queries directly into the production system? Or is it standard to develop the queries in the development system and transport them through to production?

  Hi,
  Best practices applied to all developments whether it is R/3, BI modelling or Reporting and as per the best practice we do development in Development system, testing in testing box and finally deploy successful development to production. yes for user analysis purpose, user can do adhoc analysis or in some scenario they create user specific custom queries (sometimes reffere as X-query created by super user).
  So it is always to do all yr developement in Development Box and then transport to Production after successful QA testing.
  Dev