I have the question about LocalDirector (LD).
I understand LocalDirector had already got EOL, however my customer has plan to migrate LocalDirector to CSS and I have to explain technical thing of current (with LD) environment and future (with CSS) environment.
So I posted this question to this forum.
My question is as follows.
Catalyst ---- Catalyst
Catalyst ---- Catalyst
LD1 and LD2 are LocalDirector 430 Version 4.2.3.
STP runs on all Catalyst switches.
All ports on all Catalyst connecting LD are not configured as "portfast".
In this environment "no secure" is configured for all interfaces on LD.
I personally think "no secure" means that BPDU is passed through LD and result in getting one port to be BLOCKING port on any Catalyst switch.
However all ports on four Catalyst switches connecting LD are working as FORWARDING and not BLOCKING.
I am confusing why no exist BLOCKING port in spite of "no secure" configured on LD.
Documentation on CCO below said "LocalDirector automatically detects a bridge loop and tries to recover."
I do not understand what "LocalDirector automatically detects a bridge loop and tries to recover. " mean, but it seems LD detects bridge loop and corresponds it automatically by, for example, stopping BPDU from passing through even if "no secure" configured.
Does anyone have similar experience ?
When I migrate LD to CSS on same environment, I will disable STP on CSS to prevent bridge loop.
Your information would be appreciated.
In terms of bpdu on the LD. You are correct in terms of the secure mode. Switch BPDU packets pass right through the LocalDirector unless interfaces are secured. BPDU's are only forwarded across the LD when the same VLAN exists on both sides of the Local Director. While this will work so long as either of the interfaces connecting to the switches contains the same VLAN, it is not a recommended configuration in dual LocalDirector situations. The VLANs may not reconverge in the case of LocalDirector failover, as the port identified for passing BPDU's is also changed at the time of failover.
In regards to the CSS and spanning tree. You will not disable spanning tree on the CSS but we do have many customers set the bridge priority quite high so as to not have the CSS be the root bridge. In general, the LD is a bridge and the CSS is a switch with some routing capabilities.
Thank you very much for your reply and sorry for my late response.
Your said that "While this will work so long as either of the interfaces connecting to the switches contains the same VLAN, it is not a recommended configuration in dual LocalDirector situations".
I understand this configuration, that is "bridge loop exists and no secure configured", is not recommended.
However I understand any traffic on this environment even if "no secure" configured are not get looped due to "LocalDirector automatically detects a bridge loop and tries to recover.".
I have an additional question.
You also said "In regards to the CSS and spanning tree. You will not disable spanning tree on the CSS".
I do not clear what does it means, because CSS supports bridge spanning-tree [disable|enable] command.
Do you mean that bridge spanning-tree [disable|enable] command should be configured on CSS router mode , not on bridge mode ?
Or due to the following concerns ? quoted from other post below.
if you use the 'show bridge status' on the css after disabling spanning tree, it will always say it is the root bridge since without STP all ports are forwarding.
You need to check the status of STP outside the CSS and normally the CSS shouldn't be the root.
Finally, a good advise when using STP is to manually select the STP by setting a weight on the device you want to be the root.