Spanning tree question

Similar Messages

• Rapid Spanning Tree Question

  All,
  I have a question about Rapid Spanning Tree reconfiguration. I have to following situation:
  As you can see 3 switches with RSTP, and 2 switches without RSTP (or any other spanning tree, just unmanaged).
  The 2 switch will form a loop in my network. Switch 1 will block one of the ports and the other port will forward the traffic.
  If I break the link "Just Forwarding", my second switch won't be able to cumminucate for around 40 seconds. It will take some time before the backup link will be up again.
  Cisco has the Fastforwarding  mechanism. Will this help in this situation? I would like to shorten the 40 seconds time.
  Thans in advance.

  I'd guess the unmanaged devices run legacy spanning tree, and rapid
  pvst switches will run rapid according the "heard" protocol. So if it hears
  the legacy bpdu, it will run regular spanning tree, hence the 40 second delay.
  chris

• Spanning Tree questions ...

  Hi,
  There are four 6500 switches configured as below:
  PortChannel
  & Trunk & STP
  SW1 --------- SW2 ----PC1
  NO PortChannel | |No
  & No TRunk | |PortChannel
  & NO STP | |& No Trunk
  | |& No STP &
  PC2--------SW3 ---------- SW4
  PortChannel &
  Trunk & NO STP
  Between SW1 & SW2, there is a STP enabled on each PVST. For other connections, there is NO STP enabled.
  THe configuration as below:
  SW1-SW2 : PortChannel, Trunk & STP enabled
  SW1-SW3 : No PortChannel, Trunk & STP disabled
  SW2-SW4 : No PortChannel, Trunk & STP disabled
  SW3-SW4 : PortChannel & Trunk enanabled, STP disabled
  In this configuraiton, the SW2 will block the connection between SW1 & SW2 to prevent loop.
  Also, there is only ~20 seconds network interruption on particular connection if any one of connections broken.
  I would like to know whether above configuration is supported. Is there any impact or unpredicatble issue?
  In addition, I would like to know whether we can enable BackBone Fast feature if SW1 & SW2 are third party switches.
  Thanks in advance.
  Rgds,
  Iavn Cheng

  Hi Iavn,
  I guess that in your diagram SW1 and SW2 are running STP but SW3 and SW4 are not.
  First, especially if you use third party devices, I want to warn you that there is no standard defining what "disabling STP" means, so interpretation may vary. In Cisco's PVST, we flood BPDUs, which allow you indeed to break the loop between SW1 & SW2 (SW1 and SW2 just see redundant point to point links between them).
  Your configuration will however -1- be less efficient that running STP everywhere, plus -2- it breaks one of the basic asumption of STP.
  -1- When a link fails between two hosts that don't run STP, the reconvergence can only be based on timer. In your example, if the link between SW3 and SW4 breaks, you will need max_age + 2xforward_delay to recover with STP. Even with RSTP your convergence time will depend on timer, which is not efficient.
  -2- But the real problem, which is related to the same scenario is that when the network has converged after the failure of the link SW3-SW4, bringing back up this link will result in a temporary bridging loop. This is because SW3 and SW4 are not running STP and will put their ports directly to forwarding. Even temporary, loops are bad in a L2 network:-(
  At last, backbonefast is absolutely helpless if you don't run STP on each switch. Backbonefast is supposed to save you waiting max_age when a bridge that does not have any alternate port loses its root port. In the case where you only have two bridges running STP (SW1 and SW2), you will never get into this situation anyway. If you run STP on all 4 switches, then it makes sense. As already mentioned by Georg, Backbonefast is a proprietary feature.
  I highly recommend running RSTP (whether Rapid-PVST or MST) on all switches if possible.
  Regards,
  Francois

• Spanning Tree Config Question

  What is the difference between using the following 2 command to gaurentee a certain switch as the root switch? Can I use either one? Is one way more beneficial than the other?
  1) spanning-tree vlan 2 priority 8192
  2) spanning-tree vlan 2 root primary

  There is more to the "root primary" command that just setting the priority. The root command is in fact a macro that configures the priority but also the spanning-tree timers (by macro I mean that this command is in fact expanded into several different configuration lines, one of them being the stp priority. The macro is not showing up in the configuration). This is particularly interesting if you want to adjust your timers based on the diameter of your network in PVST mode.
  If it's just a matter of configuring the root bridge, I don't really get the point of using this macro. Configuring a bridge as root can be done in a trivial way with the priority command.
  Personally, I don't like the switch to pick up a priority for me and I prefer choosing the value myself with the priority command. At least, I know what is happening... but that's a matter of taste at that stage.
  Just be aware that if you use the "root primary" command, you will have your timers also set to their default values.
  Regards,
  Francois

• Switching Best Practice - Spanning Tree andEtherchannel

  Dear All,
  Regarding best practice related to Spanning Tree and Etherchannel, we have decided to configure following.
  1. Manually configure STP Root Bridge.
  2. On end ports, enable portfast and bpduguard.
  3. On ports connecting to other switches enable root guard.
  In etherchannel config, we have kept mode on on both side, need to change to Active and desirable as I have read that mode on may create loops? Please let me know if this is OK and suggest if something missing.
  Thank You,
  Abhisar.

  Hi Abhisar,
  Regarding your individual decisions: Manually configuring the Root Bridge is a natural thing to do. You should never leave your network just pick up a root switch based on default switch settings.
  On end ports, using PortFast and BPDU Guard is a must especially if you are running Rapid PVST+ or MSTP.
  Regarding the Root Guard on ports to other switches - this is something I do not recommend. The Root Guard is a protective mechanism in situations when your network and the network of your customer need to form a single STP domain, yet you want to have the STP Root Bridge in your network part and you do not want your customer to take over this root switch selection. In these cases, you would put the Root Guard on ports toward the customer. However, inside your own network, using Root Guard is a questionable practice. Your network can be considered trustworthy and there is no rogue root switch to protect against. Using Root Guard in your own network could cause your network to be unable to converge on a new workable spanning tree if any of the primary links failed, and it would also prevent your network from converging to a secondary root switch if the primary root switch failed entirely. Therefore, I personally see no reason to use Root Guard inside your own network - on the contrary, I am concerned that it would basically remove the possibility of your network to actually utilize the redundant links and switches.
  Regarding EtherChannels - yes, you are right, using the on mode can, under circumstances, lead to permanent switching loops. EtherChannel is one of few technologies in which I wholeheartedly recommend on relying on a signalling protocol to set it up, as opposed to configuring it manually. The active mode is my preferred mode, as it utilizes the open LACP to signal the creation of an EtherChannel, and setting both ends of a link to active helps to bring up the EtherChannel somewhat faster.
  If you are using fiber links between switches, I recommend running UDLD on them to be protected against issues caused by uni-directional links. UDLD is not helpful on copper ports and is not recommended to be run on them. However, I strongly recommend running Loop Guard configured globally with the spanning-tree loopguard default. Loop Guard can, and should, be run regardless of UDLD, and they can be used both as they nicely complement each other.
  My $0.02...
  Best regards,
  Peter

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

• Setting up ML cards in 454 so that Spanning Tree one side blocks

  Currently we have two ML 1000 cards in our Main ONS 454. We have spanning tree set up on a 3560G switch that brings the IP portion of the SONET to all the other 310's in our network. Now when I do a sh spanning tree on the both ports on the switch that go up to ports 1 on the ML 1000 cards it shows me that both are in forwarding mode. How do I set this up so that one of the is blocking?
  Thanks

  Hi,
  if you remove "encryption mode ciphers aes-ccm tkip" from the radio interface does it help?
  it should remain like this:
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm tkip
  ssid WLAN_Corporate
  ssid WLAN_HartKitGuest
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Spanning tree - balanced without use vlan ?

  Hi, i´m sorry if this is a classic question.
   i have implemented rapid pvst like show in the image. The dotted lines are the alternative links. (image 1)
  SwitchA# spanning-tree vlan 1 root primary
  SwitchB# spanning-tree vlan 1 root secondary
  I want to make a kind of balancing like image 2. But the problem is that i have vlan 100 (and other vlans) in side A and Side B.
    So, if i make 
  SwitchB: spanning-tree vlan 100 root primary
  SwitchA: spanning-tree vlan 100 root secondary
    The SwB it change to primary for vlan 100. 
    But i want to the switchB be the primary for side A and secondary for side A. No matter the vlan. Is possible?
  Thanks a lot!
  IMAGE 1
  IMAGE 2
  PS: Later i will implement HSRP.

    Hi, i know that is possible, but doing this the result is unbalanced for mi network. For example vlan 20 reside in all switches and vlan 21 reside in only one switch. 
    i want to the switchA be the primary for side A and secondary for side B. No matter the vlan. Like image 2.
    I hope to be clear.
  Thanks.

• Rapid spanning tree / portfast

  hello together,
  i have a question about rapid spanning tree.
  If I enable per vlan rapid spanning tree do i have to configure portfast on the access ports or is this nativly done in rstp?
  best regards
  lars

  Hi Lars,
  In RSTP, the access ports are known as "edge" ports. To configure a port as an "edge port" you use the same command to enable portfast to do this.
  "Edge ports—If you configure a port as an edge port on an RSTP switch by using the spanning-tree portfast interface configuration command, the edge port immediately transitions to the forwarding state. An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station."
  http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg/swmstp.htm
  HTH,
  Bobby
  *Please rate helpful posts.

• Flat Network & no Spanning tree?

  I have a large network with 8 2950 powered by 2821, with 30 vlans. The network has no loops or redundancy. Question 1 do I need to have spanning tree running and why?
  If not how do I disable it?

  I am sure you have heard the line "run the spanning-tree even when you do not have any loops in the network" and generally our recommendation is to leave it on which is default even if you have no redundancy but have etherchannels ( etherchannels with ON mode can cause transient spanning-tree loops ) .
  Traditionally the problem that people have had with spanning-tree has large convergence times ( of the order of 30 - 50 seconds ) and some one coming from SONET , optcal background ( the folks who are used to the convergence times of 50 msec ) dont genrally like that. So the bottom line is you can turn it off so long as you make sure you have absolutely no redundancy and no etherchannels.
  the command is as simple as
  no spanning-tree
  on all IOS based switches.
  Hope this helps.
  thanks
  Salman Z.

• Method-long Spanning-Tree Cost - Nexus and VSS

  Hi,
  I'have a DC topology with 2x6509 VSS, 2 NX7K, 10xNX5548 and NX2K dual-homed.
  My question is about spanning-tree cost in method-long
  Between VSS(L2/L3) and NX7Ks(L2) i have 8x10giga links on a crossed VPC, from NX7K point of view, the pathcost to the root (wich is the VSS), is 200.
  is this correct ?
  what is the cost for 2 and 4x10g links  ?
  thanks for your replies
  Franck

  Yes one of the interfaces will be in blocking.

• Spanning tree root ports in back to back VPC

  Ok so I have a question about back to back VPC configuration.
  I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.
  However I am seeing an issue on the agg layer.  Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.
  Po1 is my uplink from the agg
  Po4 is my vpc peerlink on the Agg
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  Eth2/6           Altn BLK 2000      128.262  P2p

  a little more info.
  Po1 is my uplink to the core
  Po4 is my agg vpc peer.
  I see 2 paths to root on one swith.  it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4099 (port-channel4)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.d2c1
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po4              Root FWD 330       128.4099 (vPC peer-link) Network P2p
  MST0000
    Spanning tree enabled protocol mstp
    Root ID    Priority    4096
               Address     0023.04ee.be01
               Cost        0
               Port        4096 (port-channel1)
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
    Bridge ID  Priority    8192   (priority 8192 sys-id-ext 0)
               Address     547f.eea6.ce41
               Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec
  Interface        Role Sts Cost      Prio.Nbr Type
  Po1              Root FWD 200       128.4096 (vPC) P2p
  Po2              Desg FWD 200       128.4097 (vPC) P2p
  Po3              Desg FWD 200       128.4098 (vPC) P2p
  Po4              Desg FWD 330       128.4099 (vPC peer-link) Network P2p

• Why did we really need this "spanning-tree extend system-id" command?

  Folks,
  On the Spanning tree protocol I understood how does this spanning-tree extend system-id command work.
  But I have not understood why it is in place? or why do we really need it?
  Regards,
  Nikhil Kulkarni.

  Hi Nikhil,
  The STP and RSTP standard specifications mandate that each switch running STP/RSTP must have a unique Bridge ID (BID). Because Cisco runs STP or RSTP in each VLAN separately (called PVST and RPVST or PVRST), in each VLAN, the switch behaves like a standalone (albeit virtual) switch and thus, each STP/RSTP instance is required to have a unique BID to comply with the standard. Simply, having X VLANs means having X separate STP/RSTP instances and X unique BIDs.
  The question now is how to make sure the BIDs of STP/RSTP instances run on the same switch in different VLANs are truly unique. Older switches actually had a large reserve of MAC addresses. As new VLANs were created, these switches allocated a new MAC address for each new STP/RSTP instance in a new VLAN (recall that the BID originally consisted of the priority and the MAC address), making the BIDs unique.
  However, the consumption of MAC addresses this way was simply too large and ineffective. At the same time, having 65536 different values for priority in the BID was largely useless. So IEEE came with the idea of Extended System ID in which they reused a part of the priority field for a unique instance identifier. In Cisco's implementation, this field is populated with the VLAN number the STP/RSTP instance runs in. This easily and effectively makes the BID unique - even with the same priority for all VLANs on a single switch, and a single switch MAC address, multiple STP/RSTP instances running on this same switch with the same priority have different BIDs thanks to different VLAN numbers embedded into the BID.
  Some switch platforms actually allowed you to deactivate the Extended System ID and revert to the older style of assigning unique MAC addresses to individual STP/RSTP instance BIDs. That is why the command spanning-tree extend system-id exists in the first place. However, removing this command is only possible on those switching platforms which are equipped with 1024 MAC addresses for their disposal. Most new switching platforms have only 64 MAC addresses for their internal use, and while the spanning-tree extend system-id command is present in their configuration, you can not remove it. It is simply there to inform you that the Extended System ID is being used but you can not really deactivate it.
  Read more here:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/spantree.html#wp1096536
  Best regards,
  Peter

• How to implement uplink redundancy and spanning tree in SFP-300 switches

  We have several Small Business 300 Series Managed Switches, the 10/100 ones with PoE, the first generation ones.
  We've been advised to implement uplink redundancy and spanning tree on these switches.
  I'm sure spanning tree is a checkbox somewhere in the web interface.
  How does one implement uplink redundancy besides interconnecting the switches plus turning on spanning tree (RSTP)??
  Thank you, Tom
  P.S. I also tried to file a service request but it does not work, I get: "Error 500: Request processing failed; nested exception is java.lang.NullPointerException"

  Hello Thomas,
  Thanks for using the Cisco Small Business eSupport Community. I've looked through the articles that are available in our Knowledge Base and found a few that I hope will be able to assist you in setting up spanning tree and link redundancy on your SFP300s:
  In regards to link redundancy, the following article on LAG can hopefully provide some guidance:
  Link Aggregate Group (LAG) Configuration on 200/300 Series Managed Switches
  And for your question on setting up STP, here are a few articles with additional information:
  Configure Spanning Tree Protocol (STP) Status and Global Settings on 200/300 Series Managed Switches
  Setup Spanning Tree Protocol (STP) on a Interface on the 300 Series Managed Switches
  I hope that this information helps! Please remember to mark your question as answered and rate if this solves your problem.
  Best,
  Gunner

• Cisco Switches and HP Interoperability with Spanning-Tree (RSTP)

  Hello All.
  I read a lot of information from this forum about Spaning-Tree interoperability between HP Switches and Cisco Switches.
  Rather than having questions I would like to post that I manage to configure successfully HP and Cisco using RSTP (802.1w).
  SWPADRAO]display stp root
  MSTID  Root Bridge ID        ExtPathCost IntPathCost Root Port
    0    32768.cc3e-5f3a-2939  0           0
  [SWPADRAO]display stp brief
  MSTID      Port                         Role  STP State     Protection
    0        GigabitEthernet1/0/47        DESI  FORWARDING    NONE
    0        GigabitEthernet1/0/48        DESI  FORWARDING    NONE
  [SWPADRAO]display stp instance 0
  -------[CIST Global Info][Mode RSTP]-------
  CIST Bridge         :32768.cc3e-5f3a-2939
  Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
  CIST Root/ERPC      :32768.cc3e-5f3a-2939 / 0
  CIST RegRoot/IRPC   :32768.cc3e-5f3a-2939 / 0
  CIST RootPortId     :0.0
  BPDU-Protection     :enabled
  Bridge Config-
  Digest-Snooping     :disabled
  TC or TCN received  :17
  Time since last TC  :0 days 0h:1m:52s
  SWNHAM17#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.54db.7200
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Altn BLK 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p
  SWNHAM18#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.0cbc.4300
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Desg FWD 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p

  Hello, David.
  Your command doesn't work because it's made only for tha ports that has command "spanning-tree portfast" in them. Try change spanning tree mode at the HP switch to MSTP if this is possible.