Spanning-Tree Port Type Edge & Router
I am wondering if a switch trunk port that is facing a router that is connected with subinterface can be classified as an edge port in the eyes of Spanning-Tree.
Thanks.
Ricardo
You should configure the switchport as "spanning-tree portfast trunk"
As Glen says that is assuming you are not connecting to a switch module on the router.
Jon
Similar Messages
-
Do I configure spanning-tree port type ed trunk on LACP port-channels
Hello,
Can't seem to see a clear answer and wondering if something could offer some advice please?
We are using LACP aggregation across all our 10 gig attached servers and also trunking them. We're running a VPC pair of 5596 Nexus.
For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
However I think I should be adding this to the overiding port-channel config. At present a colleague has configured the VPC below omitting the spanning-tree port type config.
interface port-channel100
description a-server
switchport mode trunk
switchport trunk allowed vlan 100
vpc 100
The port member configs are these which do contain the spanning tree port type:
interface Ethernet1/1
description a-server(1)
switchport mode trunk
switchport trunk allowed vlan 100
spanning-tree port type edge trunk
channel-group 100 mode active
I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
However I have this issue with STP:
Switch1# show spanning-tree interface po100
Vlan Role Sts Cost Prio.Nbr Type
VLAN0100 Desg BKN*200 128.4996 (vPC) Network P2p *BA_Inc
Is this due to the inconsistency with my port channel to member configs?
Any advice would be gratefully accepted.
Thanks!Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
Evren -
Spanning-tree link-type shared
Hi,
i 've this problem.
My PC must boot OS (windows) from network (Server sends Operating System by PC's mac-address)
PC needs a ip-address within 5-10 seconds.
I try it using hub and PC loads correctly OS and works properly.
I try on my network (without hub) using Catalyst Switch in 2 ways:
IOS and CatOS
For the IOS i find this solution:
i use the follows CLI:
spanning-tree portfast
spanning-tree link-type shared
in this case i resolved my problem.
FOR catOS , this command not work properly
i use the follows CLI:
set spantree portfast mod/port enable
set spantree link-type mod/port shared
After, if i see the configuration , i find the CLI
"set spantree mst link-type mod/port shared"
Can you help me?
Thanks
FCostalungaConfiguring a ports STP link type to shared is sort of invalid if the port is also configured as an STP portfast port. 'Shared' effectively means this is a half-duplex connection to a hub that may also be connected to another switch (hence it can't be a point-to-point link). Normal STP operation should operate over 'shared' links and you won't get the rapid start a P2P link has.
If the port is connected directly to a host then simply configuring the port as a portfast port will be enough (it will also make it a P2P link by default).
HTH
Andy -
hi all
can anyone tell me why on my new switches, 3560's, the ports that are being blocked still light up ?Hi Eric,
Your statement "LED is green when port is up even if a port is BLOCKING" is not correct. If the ports are merely an access port then the blocking port will show an amber LED.
BUT yes if the port is a trunk port and there are some vlans which are in fwding state on that trunk and some vlans are in fwding state on that trunk then the trunk port will show a GREEN LED.
Regards,
Ankur -
Nexus spanning tree pseudo configuration
Hi
I am trying to understand the pseudo configuration commands in a Nexus hybrid topology.
I have vlans a, b and c only in the vPC side of the topology. I have peer switch configured and the same stp priority on both switches.
In the standard Spaning-tree topology I have completely seperate vlans x, y and z.
What should I be configuring in the pseudo config section ? Do I define a pseudo root priority for all vlans a, b, c and x, y, z or just for the standard spanning tree vlans x, y and z. I need to avoid and, even short, spanning tree outages if I take one Nexus out of service for a short time.
My thinking is that if one Nexus is out of service the physical mac will be used and potentially reduce the root priority of the vPC vlans causing a TCN and STP recalculation in vlans a, b and c. This can be avoided by configuring a pseudo root priority for all Vlans lower than the current spanning tree priority shared by the vPC peers. Is this correct ? However, since I have a shared priority of 8192 on current vPC vlans will configuring, for example, a pseudo root priority of 4096 on those vPC vlans won't this also cause the TCN and recalculation I am trying to avoid ? Is the benefit of the pseudo root config only obtained if it is configured at the start when the vPC is formed and prior to the peer switch command being issued ?
Thanks, Stuart.Hi Ajay,
It is recommended that switch-to-switch links are configured with the spanning-tree port type normalcommand. The one exception is the vPC peer-link which is recommended to configure with the spanning-tree port type network command.
Take a read of the Best Practices for Spanning Tree Protocol Interoperability from page 56 of the vPC Best Practice Design Guide for further information on this.
Regards -
Hi All,
I have a topology like two vpc peer connected to down catalyst switch 3750 with VPC 51. My left switch is primary in VPC and other is secondary.
if i enable spanning tree port type Network on VPC member ports and peer link. Then Secondary peer device start generating BPDU's and advertise its own bridge ID to Down host swich.
Then Can you explain how down switch react to that because in this scenario down switch recieve two different Bridge ID's one from Primary and other from Secondary on same port channel which is logical one port.
How it gonna handle this?
I read regardless of the Spanning-tree root, VPC primay always generate BPDU and seconday device only rely that bpdu and never generate itself.
what if somebody enable spanning tree port type Network towards down host switch on VPC member ports. Type network would generate BPDU's.Hie Bhanu,
The STP is working as expected in your design. For a gig port port cost is 4. So for 1st 2950 cost to root is 8 thr 3550a. For 2nd 2950 cost to root is 12 thr 3550a and 16 thr 3550b so first one in preferred and later one is blocked. But for 3rd 2950 cost to root is 16 thr 3550a but thr 3550 b it is 12. Hence 3rd 2950 forwards traffic thr 3550b-6513b-6513a. This operation seems to be ok unless you have some specific requirements to change.
Changing port channel cost is not a good idea. both the 6500s are using this channel for communication between them. If you block this link, the 6500s will have to communicate thr all the access switches which is not a good design. -
Hi All,
We tried to create a redudancy link between 3 building. When we connect the 3rd link (Red Line) and keep receiving the following error message.
*Nov 3 19:27:44.932: %SW_MATM-4-MACFLAP_NOTIF: Host 6c41.6a13.3580 in vlan 17 is flapping between port Gi4/0/44 and port Gi1/1/1
*Nov 3 19:27:44.957: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.0b66.8561 in vlan 19 is flapping between port Gi4/0/44 and port Gi1/1/1
*Nov 3 19:27:44.965: %SW_MATM-4-MACFLAP_NOTIF: Host 88ae.1dad.2fd3 in vlan 19 is flapping between port Gi1/0/4 and port Gi1/1/1
*Nov 3 19:27:45.032: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.2304.49f6 in vlan 25 is flapping between port Gi1/1/1 and port Gi4/0/44
*Nov 3 19:27:45.074: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.2304.4a1b in vlan 25 is flapping between port Gi1/1/1 and port Gi4/0/44
*Nov 3 19:27:45.091: %SW_MATM-4-MACFLAP_NOTIF: Host a01d.48b7.dcdb in vlan 19 is flapping between port Gi4/0/44 and port Gi3/0/28
*Nov 3 19:27:45.166: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.569e.6d67 in vlan 2 is flapping between port Gi4/0/44 and port Gi1/1/1
*Nov 3 19:27:45.234: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.2307.764a in vlan 25 is flapping between port Gi1/1/1 and port Gi4/0/44
*Nov 3 19:27:45.275: %SW_MATM-4-MACFLAP_NOTIF: Host 28d2.4476.172f in vlan 17 is flapping between port Gi4/0/44 and port Gi1/1/1
I cannot figure out what is wrong with the setting. Any advise?Hey,
I suggest locating the original location of any of these machines from SW85 and then start looking the STP port states in other direction.
Say originally users are reachable over link G3/1/1 so ideally as per STP link G4/0/44 needs to be blocking for these user/vlans. Keep tracing the spanning tree port states over the other link and i am sure you will find something useful.
HTH.
Regards,
RS. -
Hello,
I have an Spanning tree problem when i conect 2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy, with one IP of management)
In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
I dont know but do you like this solutions i want to try on sunday?:
Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
¿could you help me to control the root? ¿Do you think its better another solution? thanks!
CONFIG WITH PROBLEM
======================
3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
interface GigabitEthernet2/0/28
description VIRTUAL SNMP2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
logging event trunk-status
shutdown
interface GigabitEthernet1/0/43
description VIRTUAL SNMP1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 4,13,88,250
switchport mode trunk
switchport nonegotiate
shutdown
DELL M6220: (its only one swith)
interface Gi3/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exit
interface Gi4/0/19
switchport mode trunk
switchport trunk allowed vlan 4,13,88,250
exitF.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
In this example:
VLANS - Voice on 188, data on 57, management on 56.
conf t
hostname XXX-VOICE-SWXX
no passwords complexity enable
username xxxx priv 15 password XXXXX
enable password xxxxxx
ip ssh server
ip telnet server
crypto key generate rsa
macro auto disabled
voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
vlan 56,57,188
voice vlan id 188
int vlan 56
ip address 10.230.56.12 255.255.255.0
int vlan1
no ip add dhcp
ip default-gateway 10.230.56.1
interface range GE1 - 2
switchport mode trunk
channel-group 1 mode auto
int range fa1 - 24
switchport mode trunk
switchport trunk allowed vlan add 188
switchport trunk native vlan 57
qos advanced
qos advanced ports-trusted
exit
int Po1
switchport trunk allowed vlan add 56,57,188
switchport trunk native vlan 1
do sh interfaces switchport po1
!CATYLYST SIDE
!Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,56,57,189
switchport mode trunk -
Cisco Noob - Layer 3 Routing / VLAN / Spanning Tree
Hi All ...
I need some pointers on which commands / settings and where, I know what I want to achieve but the things I am trying seem to be 'mutually exclusive' - either that or i'm missing something - I am not a Cisco IOS expert but I know my way around a network.
Take 3 3560 switches in Layer 3 mode, there is a 'local' fibre spanning tree ring serving mulriple switches on each, each ring is it's own IP segment / VLAN. There is then a trunk between each switch on which I want to establish a load sharing / spanning tree circuit i.e.
SW1 hosts VLAN 2 via copper on fa0/1 -12, ip address 10.10.2.254
SW1 hosts VLAN 3 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.3.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW1 hosts VLAN 10, ip address 10.10.10.1 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW2 hosts VLAN 4 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.4.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW2 hosts VLAN 10, ip address 10.10.10.2 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW3 hosts VLAN 5 via a fibre spanning tree circuit on G0/1 & G0/2, dhcp 10.10.5.0/24, trunk 1 on G0/3 and trunk 2 on G0/4
SW3 hosts VLAN 10, ip address 10.10.10.3 (trunks 1 and 2 have no IP address but are members of VLAN 10)
SW1 G0/3 is a SMF trunk to SW2 G0/3
SW1 G0/4 is a SMF trunk to SW3 G0/3
SW2 G0/4 is a SMF trunk to SW3 G0/4
The trunks are configured as "trunk encapsulation dot1q", ip routing is enabled.
I can get the trunks working OK - but I can't seem to get routing to work across them - if I define an interface on SW1 with an IP set in SW3 the switch complains so it can clearly see it so which command have I missed.
All VLAN's are part of the same domain, each VLAN has it's own DHCP hosted on it's hosting switch. The VLAN ip address is excluded from DHCP and is the default gateway for each VLAN.
All VLAN's must be able to reach VLAN2 (contains SQL servers and DNS, Time etc etc), the VLAN's are working, DHCP etc is all working - but I can't get anything other than VLAN 10 IP's to talk across the trunks - I've tried adding spanning-tree vlan 2,3,4,5,10 but this hasn't worked, the ip route-map shows nothing, if you show spanning-tree the trunk ports do show up as an interface for all VLAN's - and yet no traffic passes across them - show route displays nothing. I tried adding ip route 10.10.*.0 255.255.255.0 10.10.2.254 (where 10.10.2.254 is the ip address of VLAN 2) but that's done nothing.
I have tried various combinations - unsuccessful so far - I need the trunks to be not only fault tolerant but load sharing which kind of negates fixing IP's on them - or does it ?? - what am I missing ?
(switches are all running IP services IOS)Hi John ,, here is the sh ip route and sh ip eigrp from all three.
The ip address I'm trying to reach from SW1, SW2 is 10.10.2.253 - the DNS server - the server is available and connected to a copper port designated and assigned to VLAN 2 (which has the root ip of 10.10.2.254) dhcp is not enabled for VLAN 2.
I can ping the DNS box from VLAN 5 (same switch as VLAN 2).
The copper ports on the SW1 and SW2 boxes refuse to 'come up' - they remain shutdown no matter what. I haven't yet configured VLAN 10 ....
(NOTE - these switches are on the bench right now - I intend to ge tthe config sorted / tested and verified before they go into production)
SWITCH 1 - Host for VLAN 3 and 10
SW1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 10.10.2.0/24 [90/3072] via 10.10.10.6, 01:19:29, GigabitEthernet0/2
C 10.10.10.0/30 is directly connected, GigabitEthernet0/1
C 10.10.10.4/30 is directly connected, GigabitEthernet0/2
SW1#sh ip eigrp interfaces
EIGRP-IPv4:(10) interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 1 0/0 1 0/1 0 0
Vl3 0 0/0 0 0/1 0 0
SW1#
SWITCH 2 - Host for VLAN 4 and 10
SW2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
C 10.10.10.8 is directly connected, GigabitEthernet0/1
C 10.10.10.0 is directly connected, GigabitEthernet0/2
SW2#sh ip eigrp interfaces
EIGRP-IPv4:(10) interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 0 0/0 0 0/1 0 0
Gi0/1 0 0/0 0 0/1 0 0
Vl4 0 0/0 0 0/1 0 0
SW2#
SWITCH 3 - Host for VLAN 2, 5 and 10
SW3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.10.8/30 is directly connected, GigabitEthernet0/1
C 10.10.2.0/24 is directly connected, Vlan2
C 10.10.10.4/30 is directly connected, GigabitEthernet0/2
SW3#sh ip eigrp interfaces
EIGRP-IPv4:(5) interfaces for process 5
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Vl2 0 0/0 0 0/1 0 0
Vl5 0 0/0 0 0/1 0 0
EIGRP-IPv4(0)(0) interfaces for process 0
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
EIGRP-IPv4:(10) interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 1 0/0 1 0/1 50 0
Vl5 0 0/0 0 0/1 0 0
Vl2 0 0/0 0 0/1 0 0
SW3#
SW3#show vlan
VLAN Name Status Ports
1 default active
2 SERVERS active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
4 DB5-LAN active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Gi0/1, Gi/2
10 MANAGER active Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
Primary Secondary Type Ports
PPS : I'm using ports Gi0/1 and Gi0/2 for now - I removed these from DB5-LAN and can now 'ping' from SW1 but not from SW2 - but the local copper is still dead on SW1 and SW2
Copper channels not dead - faulty patch lead ... the simplest things .... -
Spanning tree root ports in back to back VPC
Ok so I have a question about back to back VPC configuration.
I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
However I am seeing an issue on the agg layer. Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
Po1 is my uplink from the agg
Po4 is my vpc peerlink on the Agg
Po1 Root FWD 200 128.4096 (vPC) P2p
Po2 Desg FWD 200 128.4097 (vPC) P2p
Po4 Root FWD 330 128.4099 (vPC peer-link) Network P2p
Eth2/6 Altn BLK 2000 128.262 P2pa little more info.
Po1 is my uplink to the core
Po4 is my agg vpc peer.
I see 2 paths to root on one swith. it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
MST0000
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0023.04ee.be01
Cost 0
Port 4099 (port-channel4)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)
Address 547f.eea6.d2c1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po1 Root FWD 200 128.4096 (vPC) P2p
Po2 Desg FWD 200 128.4097 (vPC) P2p
Po4 Root FWD 330 128.4099 (vPC peer-link) Network P2p
MST0000
Spanning tree enabled protocol mstp
Root ID Priority 4096
Address 0023.04ee.be01
Cost 0
Port 4096 (port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)
Address 547f.eea6.ce41
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po1 Root FWD 200 128.4096 (vPC) P2p
Po2 Desg FWD 200 128.4097 (vPC) P2p
Po3 Desg FWD 200 128.4098 (vPC) P2p
Po4 Desg FWD 330 128.4099 (vPC peer-link) Network P2p -
Enable BPDUGuard on Spanning-tree Portfast Trunk Port: Yes or No?
Hello to all the Cisco Experts,
I have been searching around to get a confirmed answer as per my subject, but yet unable to come into any conclusion that could help me.
This is all started when I configured the switchport configuration for my ESXi Server which is a dot1q trunk port. The reference will be as below URL:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006628
The configuration of the switchport will be as below:
interface GigabitEthernet1/0/1
description ESXi
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 11,15
switchport mode trunk
spanning-tree portfast trunk
end
The catch is, I had the bpduguard enabled on the global level in my switch = spanning-tree portfast bpduguard default.
This will enable the bpduguard on the trunk port above due to the switchport is in portfast (the command: spanning-tree portfast trunk).
Some of the guys in this forum mentioned that it is not recommended to have bpduguard on trunk port and some mentioned it is okay to have this.
So, what do you all think on this? Any real life experience dealing with this kind of situtation that can be shared to us over here?
Thank you in advance.Hi Leo,
First of all, I would never, ever, consider any comment of yours as being offensive so don't worry, none taken. :)
Enabling portfast on a trunk is so "yesterday", in my opinion. If a trunk port(s) or an etherchannel is configured correctly, there's a significant chance portfast is irrelevant. The speed to get the ports to go from down to passing traffic is really boils down to one or two seconds.
Perhaps this is at the core of our different views. To my best knowledge, without the PortFast, a trunk - be it a single port or an EtherChannel - will become forwarding 30 seconds after entering the up/up state, not less. This is valid for STP, RSTP, and MSTP. In addition, if a new VLAN is created or added to the list of enabled VLANs on the trunk, it may take additional 30 seconds for that VLAN to become operational (forwarding) on that trunk. There is nothing besides PortFast and Proposal/Agreement that can cut down this time: the STP must go over the Listening-Learning-Forwarding sequence, and RSTP/MSTP must go through the Discarding-Learning-Forwarding sequence. The "one or two seconds" you have mentioned is perhaps the combined delay incurred by autonegotiation, LACP/PAgP, and DTP, but STP will take its own time and will not be deterred by any of these mechanisms.
I see no benefit but mischief when you enable BPDU Guard on an inter-switch link.
Absolutely agree. That is why it doesn't make any sense to put a BPDU Guard on an inter-switch link, and I have never suggested doing that. The original post, however, deals with enabling PortFast on a trunk link that does not go to another switch but rather connects to an ESXi server on which, obviously, different virtual machines are bridged onto different VLANs.
So what is the reaction of the port if you do happen to enable portfast and BPDU guard on an inter-switch link? Wouldn't the two be a "Jekyll & Hyde", wouldn't it?
It would be just the same as enabling PortFast and BPDU Guard on an access port that happens to be connected to another switch. Upon link-up, the port would become forwarding immediately, and after receiving a BPDU, it would be shot down to err-disabled. The fact the port is an access port or a trunk port makes no difference here. Just as before, I stress that this kind of configuration simply isn't meant to be used on inter-switch links. However, on trunks connected directly to routers, servers, autonomous APs supporting several SSIDs mapped to different VLANs, even to IP phones (remember the mini-trunk config used on old switches on which the switchport voice vlan command only instructed CDP to advertise the voice VLAN but did not cause the port to accept tagged frames in the voice VLAN so it had to be configured as a trunk?) - in all these situations, the PortFast can be beneficial. The BPDU Guard is a natural protective companion to the PortFast - wherever PortFast is eligible to be configured, the BPDU Guard is a natural additional protection to be activated as well.
But given the complexity of interconnection of different switches to various stuff going around, we're happy with leaving portfast on a trunk port disabled.
No argument here - but again, this is about trunks between switches on which I would never suggest using the PortFast or the BPDU Guard. The original post is talking about trunks to end hosts (i.e. edge trunk ports if we extend the terminology a little).
Best regards,
Peter -
Why the host ports are also seen in the spanning-tree output ?
Why the host ports are also seen in the spanning-tree output ?
Switch1#show spann
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0CA2.138B
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0000.0CA2.138B
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/15 Desg FWD 19 128.15 P2p
interface FastEthernet0/15
description PC0 Interface
switchport mode access
spanning-tree portfast
interface FastEthernet0/16
I read somewhere that all the ports of a switch will participate in STP by default. Is there any way to remove the STP operation on host ports ?
Regards,
ChanduAll ports participate in Spanning Tree by default.
Spanning tree is there to block redundant L2 paths in order to prevent loops. All ports are capable of causing a loop so you would not want to turn spanning tree off, in fact I don't think you can switch it off on a per port basis. You can switch it off on a per vlan basis.
You are already using portfast which allows host ports to transition into a forwarding state without going through the listening and learning states of STP. If you switch off STP on a port, you risk the chance of a L2 loop.
https://supportforums.cisco.com/docs/DOC-5180 -
SGE2010 switches, VLAN's and a blocked port in spanning-tree
Folks,
I have 2 switch groups.
2 SGE2010's with VLAN's defined as 10,20 and 30
Vlan 10 is the management VLAN, and it uplinks to our border router.
Vlan 20 is the workstation VLAN, and all workstations point to the switch as their default GW
Vlan 30 is the ip phone VLAN, and all phones use this as their gateway.
I would like to put a LAG between said switches, we have some servers on the ip phone switch that need to be accessed by the workstation clients, and the single 100mb link through the router is probably not going to be enough.
As I understand it, because the switches have different networks on them, a simple lag will not work. I did create a lag, and assign ip addresses to each side, however in that mode, it doesn't appear I can block vlan 10 from transiting the LAG, and with out that block I will end up with a logical loop, and spanning-tree will block one of the uplinks, or the LAG itself.
I have attached an image with a diagram of our current set up.
Any help/advice would be much appreciated.Tom,
I remember our conversation a few weeks ago. I did not get a chance to have a go at MSTP, mainly because I have no expierence with it, and looking at the configuration properities, it looks a little daunting.
It has also been a very busy few weeks with the deployment of 200+ phones across several sites, and the system is functioning great with out the LAG trunk, I am just trying to plan for the future.
I made a few postings a few weeks ago, one here and one on the Cisco forums on reddit, and a user there gave me some advice I have been unable to make work (I think it's just wrong), but I would love to go this route if it is in fact possible.
Here is the thread : http://www.reddit.com/r/Cisco/comments/x91tc/vlan_trunks_spanning_tree_and_a_port_blocked/c5kskch
This user implies it's possible to block a VLAN across the LAG which would end the logical loop problems.
It looks like his advice is to make the LAG into a trunk, and then block specific VLAN's from transiting it, but in trunk mode, I can't assign it an IP, so I am sorta wondering how exactly you transport packets across it.
Can you confirm that his advice is in fact incorrect?
If MSTP is my only route, then I suppose it's time to dig into the docs and see If I cant get it up and running. -
Is anyone aware of a bug in version 15.0(2)EX5 for 2960X Switches that would cause a switch in the master role to stop linking in new ports in green (and passing traffic). I have 2 2960X-48FPD-L Switches in a stack and whichever switch I designate master will only link new connections in orange and not pass traffic. All ports linked in show up/up and can be seen in a show cdp neighbor but won't pass any other traffic.
If I unplug the Stacking cables both switches become masters and ports linked in green on the previous member switch stay green, but after it switches to master any new connections plugged in only link in orange.
If I switch priorities and reboot the problem switches to the new master switch and the problem goes away on the member switch.
Also, a switch in the master role does not show any spanning tree instances for ports in the orange link state.
Has anyone seen this issue and do you know of a solution?
JimA quick update for those with this same problem.
1. 15.2(3)E turned out to be very unstable causing my switch stack to randomly lockup/reboot one of the switches about once a week.
2. I downgraded back to 15.0(2)EX5 but found a workaround. It turns out the switch stack with the 15.0 versions does not like the switchport voice vlan command on any of the interfaces on the master switch. I simply removed the voice vlan configuration on the interfaces and all the switch ports linked in just fine. I would prefer to run the phones on a voice vlan, but it still works without, just the PC's and phones are on the same vlan.
Jim -
I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port 2 SW2 and port 2 SW1 to port 1 SW2) ring.
At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine).
I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree.
Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below). When I was at the site, I sometimes had connectivity, sometimes not. A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so.
Has anyone else run into these issues, and have you found a solution?
I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack. It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.
What do you think?
Jim
_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.Jim,
We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
We have upgraded to 15.0(2a).EX5 and still have the same issue.
We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
HTH
Maybe you are looking for
-
New MacBook Pro. Trying to do a fresh install of CS6. Wont Work
I put in my valid CS6 serial number and it asks to put in a serial number from a qualifying product. So I enter in my CS 5.5 serial. No success. What can I do to get past this? No phone number for tech support.
-
Help with CS 6 on a second computer
My daughter has Photoshop CS 6 installed on her 64 bit Windows 7 Pro computer. She now has a new computer (also 64 bit Windows 7 Pro) and would like to get CS 6 on it too. I have been led to believe that she can have the program on two computers a
-
How to import zip file in Netweaver?
Hi Experts When I download any code in zip file from Web Dynpro Sample Applications and Tutorials. then how can view it and run it. what I do is unzip it put it in my workplace of netweaver. but this give me comilation error like <b>com.sap.tc.w
-
Problems installing Oracle9i Developer Suite on Red Hat 8.0
Can anyone help me out what does this error mean? I am trying to install the Developer Suite but it wont continue because of this error message keeps popping up. Error in invoking target install of makefile /opt/oracle2/plsql/lib/ins_plsql.mk Please
-
PI characteristics in Master Recipe
Hi, I would like to update the Process Instruction characteristics in a Master Recipe using Change Master (CC01) via BDC.Now when there is a change in one of the PI characteristics, my program updates the PI characteristics in the Master Recipe via B