This is the Q&A from "Understanding LAN Switching Features – STP, QOS, and Stacking session".
STP (Spanning-tree Protocol) related questions:
Q. Should root guard be enabled only on primary root switch or can it also be enabled on secondary root switch?
A. Root guard can enable on both, the primary and secondary, root switches¬. The Root Guard feature forces an interface to become a designated port to prevent surrounding switches from becoming a root switch. In other words, Root Guard provides a way to enforce the root bridge placement in the network.The Root Guard feature prevents a Designated Port from becoming a Root Port. If a port on which the Root Guard feature receives a superior BPDU, it moves the port into a root-inconsistent state (effectively equal to a listening state), thus maintaining the current Root Bridge status.
Q. Can BPDU guard be used when Cisco switches are connecting to a non-Cisco switch or can it only be used between Cisco switches?
A. BPDU guard can be enabled on any access-ports where you are not expected to receive any BPDU which affects the spanning-tree.
Q. What should be the first step to start troubleshooting spanning-tree loop in a network?
A. When you start troubleshooting spanning-tree loop, first you need to understand if there is an actual loop which can be easily identified by using enabled mac-address-table mac-move. Basically “MAC move” is when your switch learned same mac-address on different ports. To know more about STP troubleshooting, you can watch recorded video session.
Q. Can loop guard be implemented on uplinks between Cisco and Non-Cisco switches?
A. Yes, loop guard can be implemented on uplinks between Cisco and Non-Cisco switches.
Q. Does trunk port become port-fast, if you enable port-fast globally on switches?
A. When you enable port-fast globally using “spanning-tree portfast default” command, it enable port-fast only on all access ports.
Q. Can we use port-fast instead of BPDU filters on interface?
A. Port-fast is not a replacement for BPDU Filter or BPDU guard. Enabling portfast does not make any difference to sending or receiving BPDUs, it uses to avoid the port from participating in STP. If Portfast enable interface receives a BPDU on that port it’s not going to block the port from processing the BPDU whereas enabling BPDU filter stops sending and receiving BPDUs on the interface.
Q. What will happen if a Port-fast enabled interface receives BPDU?
A. Enabling portfast does not make any difference to sending or receiving BPDUs, it uses to avoid the port from participating in STP. If a Port-fast enabled interface receives a BPDU on that port it’s not going to block the port from processing the BPDU ,it will simply turnoff the port-fast feature from that interface and start participating in STP.
Q. How MAC flaps create loops in network and how to prevent it?
A. Not always the mac-flaps create loops in the network. Let’s take an example: If a wireless user roams between the access-points then we would see mac-flaps which can an expected behavior. We cannot prevent the mac-flaps with any specific command. However, if your network is loop free (non-close looped switching network) then you might not see mac-flaps.
Q. Can I see mac flapping logs on console port?
A. Yes, you can see log when you enable mac-move notifications.log can be seen as shown below:
“%SW_MATM-4-MACFLAP_NOTIF: Host aabb.ccdd.0000 in vlan 1 is flapping between port Gi2/0/3 and port Gi2/0/2”
Q. If I want to apply port fast globally on 48 port switch, but some uplinks needs to be excluded, how do I override it?
A. If you configure port-fast globally it will affect only access-ports which can be verified using "show spanning-tree int <interface > detail | in portfast" command.
Q. How we can find where a loop is created in a network having hundreds of switches?
A. If there is a loop in the network then most of the time you should see high CPU utilization on the switch.
Q. Isn't following TCN's also one of the method to find the source of the loop?
A. It can be used to identify the source but not always a TCN will be generated for every loop.
Q. If I have multiple line cards in a core switch, which mac address become the bridge id?
A. Every switch has a base mac-address and the least of the base mac-address will be used as bridge id.
Q. When we notice mac-flaps on the switches, why does the ARP input process shoots up?
A. You will not always see “arp-input” process to be high during mac-flap situations. However, in a few scenarios, if the mac-address flushes and re-learns which might trigger the ARP rebuilt process.
Q. How to trace mac-address in a switch network? Many times when I execute “traceroute mac” command on core switch, it does not give me exact result of that mac address exists in a switch network?
A. The best way to trace a mac address is to run the “show mac address-table address <> command” and follow the interfaces.
Stacking related questions:
Q. Does stacking switch support any routing protocol?
A. Stacking does not limit the switch to its routing capabilities. These are layer 3 switches and can route as well.
Hi,I have a location in Dubai with a stacked Cisco WS-C2960X-24PD-L. This switch connects to an ASA 5505, which has a VPN to three locations: My US data center, my UK data center, and our internet cloud security provider (Zscaler). The strangest issue is ...
i has try to make VLSM Address but the WAN LINK 3 has no IP Address because i already used all host of network 192.168.45.0/24 from Penang network until wan link 2. What should i do if i used all of host available and only Wan link 3 doesn't has...
Wondering if anyone can advise , Is it possible to implement VLAN Communication between two sites in Geographical Location . If I want VLAN 10 at R1 side SW1 to only communicate with VLAN 10 at R4 side SW2 &nbs...
Hi, How does authenticated user to virtual network association work ? Does that depends on the user connected switch port VLAN ID > BD >VNI / VRF association , regardless of authentication information ? Say a user from a Business Uni...
Hello,I have configured Ipsec site to site VPN between two routers all policy parameters and reachability seems ok but tunnel is not getting up i have tried all things nothing is working so pleave have a look R1-------------R2-----------------R3 ...