cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

298
Views
0
Helpful
8
Replies
zachartl
Beginner

Can a Nexus Spanning-tree Port Type Normal Connect to a Nexus Spanning-tree Port Type Network?

I've a vPC between two Nexus 9396s and two Nexus 5548s. The connecting port-channels are currently using spanning-tree port type Network. I've a requirement to configure the 9396 port-channels to spanning-tree port type Normal. The Nexus 5548s don't appear to support that port type. All I have to choose from is Network and Edge. Will the vPCs remain intact and operate normally if the 9396 sides are spanning-tree port type Normal and the downstream Nexus 5548s remain as spanning-tree port type Network?

Thank you in advance.

Terry

2 ACCEPTED SOLUTIONS

Accepted Solutions
Sergiu.Daniluk
VIP Advocate

Hi @zachartl 

The default configuration of a port is stp type normal. That's why you don't have the config option on N5k.

On newer platforms and software, developers added the "normal" option, but again, that is the default config. (you can verify the configuration by using "show run interface [ethX/Y | port-channel Z] all" command

In other words, to answer your question, in order for the vpc to operate normally, you will need to leave the default configuration.

If you will configure type network on N5K, the interface will actively send BPDUs and expect to receive BPDUs from remote switch. If it doesn't receive, the port will go in BA_Inc (Bridge Assurance inconsistency) state.

 

Stay safe,

Sergiu

View solution in original post

Hi @zachartl 

I just read again my previous post and I need to add something, just to avoid confusion.

I mentioned: "in order for the vpc to operate normally, you will need to leave the default configuration".

That's the correct answer if you already have the "type normal" on the N9K switchport.

The second option, as you correctly mentioned, is to configure port type network on both sides, N5K and N9K, and this is indeed a configuration only for inter-switch connection.

What this port-type network does, it actually activates bridge assurance on the port, meaning it will try to detect and block unidirectional links, by sending and expecting to receive BPDUs regardless if the interface is in alternate or backup, and blocking the port if no BPDUs are received. 

 

Take care,

Sergiu

View solution in original post

8 REPLIES 8
Sergiu.Daniluk
VIP Advocate

Hi @zachartl 

The default configuration of a port is stp type normal. That's why you don't have the config option on N5k.

On newer platforms and software, developers added the "normal" option, but again, that is the default config. (you can verify the configuration by using "show run interface [ethX/Y | port-channel Z] all" command

In other words, to answer your question, in order for the vpc to operate normally, you will need to leave the default configuration.

If you will configure type network on N5K, the interface will actively send BPDUs and expect to receive BPDUs from remote switch. If it doesn't receive, the port will go in BA_Inc (Bridge Assurance inconsistency) state.

 

Stay safe,

Sergiu

View solution in original post

Hi Sergiu,

 

I very much appreciate your input. I'm quite comforted by it really. I got into this situation, as best I can tell, by of all things the vPC Best Practices Guide. I believe the Team that's requiring me to make this change is referring to that and the irony of it all is, I never configured these switches. It was done by Reps from their Company and sold to us as part of a System. I simply configured our network equipment to operate with theirs by way of vPC configurations. Using Spanning-tree port type Network, at the time. Would you happen to know why Cisco has gone in this direction with vPCs? Spanning-tree port type Network is for inter-switch communication or so I thought. I want to Thank You for help and I will begin filling out the Change Order for this configuration change, knowing that this can be done now. Again, your Assistance with this is Most Appreciated.

Best Regards,

Terry

Hi @zachartl 

I just read again my previous post and I need to add something, just to avoid confusion.

I mentioned: "in order for the vpc to operate normally, you will need to leave the default configuration".

That's the correct answer if you already have the "type normal" on the N9K switchport.

The second option, as you correctly mentioned, is to configure port type network on both sides, N5K and N9K, and this is indeed a configuration only for inter-switch connection.

What this port-type network does, it actually activates bridge assurance on the port, meaning it will try to detect and block unidirectional links, by sending and expecting to receive BPDUs regardless if the interface is in alternate or backup, and blocking the port if no BPDUs are received. 

 

Take care,

Sergiu

View solution in original post

Hi Sergiu,

 

Thank you for the clarification and for your assistance with this situation. The vPCs are connected using spanning-tree port type network and have been that way for a few years now. I don't like the idea of having to toggle that setting to Normal, there's a few hundred servers hosted there, but it's good to know this can be done. 

 

Have a Great Weekend!

Terry

Hi Terry,

 

So your VPCs to hosts are all configured with type network and the STP is in forwarding? 

That is indeed curious? Do you have any blade switch between servers and Nexus switch? It could be possible that those blade switches are running STP.

 

Cheers,

Sergiu

Hi Sergiu,

 

No, all of our Host vPCs are edge. It's the inter-switch vPCs I was referring to earlier. I'm not really expecting any VLAN spanning-tree hiccups when I make the  vPC port type changes, but I don't see why we just don't leave them as they were configured, setting new inter-switch vPCs to the vPC best practice guide setting of spanning-tree Normal going forward.

 

Best,

Terry

Hi @zachartl 

No no, leave them as network. Most likely on the other side of the vPC it's also configured as network. If you change them to normal, the remote side will go into BA_Inc state and forwarding will be affected.

 

Cheers,

Sergiu

Hey Sergiu,

 

I will be able to change both local and remote ends of the vPCs from Network to Normal. I just don't think it worth the risk, however slight it may be. As I mentioned earlier, those vPCs have been operating for years with the current settings.

 

Best Regards, and Thanks again.

 

Terry

Content for Community-Ad