Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
0
Helpful
5
Replies

Move stp root to vpc n9k

Carlomd
Level 1
Level 1

‎01-29-2021 10:42 AM

Hi all,

We went through a network redesign with our consultant, were undergoing a cyber security compliance checklist, we have a pair of n9k's in vpc, some older catalyst switches, one of them a c4948 still has the stp root according to our consultant, he adviced me to switch over to the n9k's for optimum network flow, here's what the output of my 4948 vs the n9k's for sh span root and sh span sum, my question is can I during off hrs change over the root to the n9k's safely with my current spanning tree config, thanks in advanced.

  

crx4948#sh spanning-tree root

Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0010 28682 0022.55ad.4dc0 0 2 20 15
VLAN0020 28692 0022.55ad.4dc0 0 2 20 15
VLAN0025 28697 0022.55ad.4dc0 0 2 20 15
VLAN0030 28702 0022.55ad.4dc0 0 2 20 15
VLAN0040 28712 0022.55ad.4dc0 0 2 20 15
VLAN0050 28722 0022.55ad.4dc0 0 2 20 15
VLAN0060 28732 0022.55ad.4dc0 0 2 20 15
VLAN0090 28762 0022.55ad.4dc0 0 2 20 15
VLAN0099 28771 0022.55ad.4dc0 0 2 20 15

crx4948#sh span su
Switch is in pvst mode
Root bridge for: VLAN0010, VLAN0020, VLAN0025, VLAN0030, VLAN0040, VLAN0050
VLAN0060, VLAN0090, VLAN0099
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0010 0 0 0 6 6
VLAN0020 0 0 0 33 33
VLAN0025 0 0 0 3 3
VLAN0030 0 0 0 24 24
VLAN0040 0 0 0 5 5
VLAN0050 0 0 0 13 13
VLAN0060 0 0 0 3 3
VLAN0090 0 0 0 13 13
VLAN0099 0 0 0 5 5
---------------------- -------- --------- -------- ---------- ----------
9 vlans

 

crxn9k# sh spanning-tree root

Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- ------- ----- --- --- ----------------
VLAN0001 32769 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0010 32778 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0020 28692 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0025 28697 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0030 28702 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0040 32808 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0050 28722 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0060 28732 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0090 28762 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0099 32867 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0300 33068 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0500 33268 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0998 33766 5897.bd50.55f5 0 2 20 15 This bridge is root
VLAN0999 33767 5897.bd50.55f5 0 2 20 15 This bridge is root
crxn9k# sh spanning-tree su
Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN0010, VLAN0040, VLAN0099, VLAN0300, VLAN0500
VLAN0998-VLAN0999
L2 Gateway STP is disabled
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short
STP-Lite is disabled

Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0010 0 0 0 1 1
VLAN0020 0 0 0 4 4
VLAN0025 0 0 0 4 4
VLAN0030 0 0 0 4 4
VLAN0040 0 0 0 1 1
VLAN0050 0 0 0 4 4
VLAN0060 0 0 0 2 2
VLAN0090 0 0 0 3 3
VLAN0099 0 0 0 1 1
VLAN0300 0 0 0 3 3
VLAN0500 0 0 0 1 1
VLAN0998 0 0 0 2 2
VLAN0999 0 0 0 2 2
---------------------- -------- --------- -------- ---------- ----------
14 vlans 0 0 0 33 33

 

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎01-29-2021 02:05 PM

is this nexus is vPC or standard config ?

 

crx4948#sh span su
Switch is in pvst mode
Root bridge for: VLAN0010, VLAN0020, VLAN0025, VLAN0030, VLAN0040, VLAN0050
VLAN0060, VLAN0090, VLAN0099

 

If you want those VLAN - nexus to be root 

 

Looking at nexus output Port-channel 48 (hope this is connected to your Cat 4K switch)

VLAN0020 28692 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0025 28697 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0030 28702 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0050 28722 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0060 28732 0022.55ad.4dc0 4 2 20 15 port-channel48
VLAN0090 28762 0022.55ad.4dc0 4 2 20 15 port-channel48

 

Example for VLAN 20 -  here to Lower the priority  for  VLAN at a time and test advised :

 

spanning-tree vlan 20  priority  16384   - then do the checks is the root bridge move to nexus

while you did this command there may be small reconvergence take place on all your Layer2 domain depends on how big your Layer 2 netwrork ( will hve up to 1min service interuption or less)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Carlomd
Level 1
Level 1
In response to balaji.bandi

‎01-29-2021 03:19 PM - edited ‎01-29-2021 03:25 PM

Hi Balaji,

Thanks for the reply, here's a sanitized screenshot of our diagram, we have n9k's in vpc, the cat4948 is hooked up to the n3k, then n3k to the vpc pairs of n9k's, I read that I can also use peer-sw command on my vpc domain 1, which I don't have enabled right now, I read that would help in the span root br for the n9k's.

Also do I need to run the command per vlan 

spanning-tree vlan 20  priority  16384

spanning-tree vlan 30, 50,90  priority  16384 and so forth?

thanks again.

output of running vpc

crxn9k# sh run vpc

!Command: show running-config vpc
!Running configuration last done at: Tue Jan 19 17:27:37 2021
!Time: Fri Jan 29 16:15:56 2021

version 9.2(4) Bios:version 07.41
feature vpc

vpc domain 1
peer-keepalive destination 10.10.10.2 source 10.10.10.1 vrf keepalive
peer-gateway
layer3 peer-router

interface port-channel1
vpc peer-link

interface port-channel44
vpc 44

interface port-channel48
vpc 48

Preview file
166 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Carlomd

‎01-29-2021 04:23 PM

Also do I need to run the command per vlan   - yes correct.

 

To start with 1 VLAN why advice is, so you learn the impact and how the process works - i gave example for you VLAN 20, you can choose any vlan which has less impact on the network - so you move less impact service VLAN to impacted service VLAN

 

If this is vPC - advise you below config. ( thinking that nexus 3K not have any spanningtreee config and priority configured)

 

Nexus 1

spanning-tree vlan 20  priority  8192

 

Nexus 2

spanning-tree vlan 20  priority  16384

 

 

9 vlans  - are root in Cat 4K switch, nexus only learning from PO48 - check other VLANs.

 

spanning-tree vlan 30, 50,90  priority  16384 and so forth?   - yes this is correct ( check my advise config on Nexus 1 and 2), i still advise 1 VLAN at a time to minimize the impact. or big bang approach based on the maintenance window you agreed with services.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Carlomd
Level 1
Level 1
In response to balaji.bandi

‎01-29-2021 04:51 PM - edited ‎01-29-2021 04:58 PM

Balaji,

I got you, thanks for the clarification, yes I never set the n3k for span root, I forgot that I've had the c4948 set as root a few yrs ago, and now we have the vpc pairs for n9k, I needed to move the rest of the vlans from the 4948,

  So after moving lets say vlan20 with a root id of 8192 and on the 2nd nexus 16384, if I leave the rest they will stay at that current root id?, I know I still need to move them to the n9k, how do I know what id numbers to assign the rest of the vlans, can I just pick a higher number like 17980, 18770 for the rest of vlans

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Carlomd

‎01-29-2021 05:02 PM 

So after moving lets say vlan20 with a root id of 8192 and on the 2nd nexus 16384, if I leave the rest they will stay at that current root id?, I know I still need to move them to the n9k, how do I know what id numbers to assign the rest of the vlans

yes once VLAN 20 moved you know well how that works and you learn lesson any issues.

The rest of the VLAN will be in Cat 4K until you do the same process for other VLANs.

 

when you ready to move to nexus 9K same procedure for other VLAN as below.

 

Nexus 1

spanning-tree vlan XX  priority  8192

 

Nexus 2

spanning-tree vlan XX priority  16384

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card