cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1894
Views
11
Helpful
14
Replies

Adding New VLAN to Existing Spanning Tree Statement

Jim Yorke
Level 1
Level 1

Hello all,

Creating a new vlan and adding it to our two Nexus 9372 core switches and don't want to screw up our existing spanning tree statement by incorrectly adding the new vlan.  Is there a spanning-tree add vlan command that I am missing or cannot find?  I do not want to compromise the current setup by doing this incorrectly. Thanks in advance!

 

Jim

2 Accepted Solutions

Accepted Solutions

So you definitely run Rapid-PVST+ as expected and are ready to go.

If you set the priority 8192 for another vlan, then this will simply be added to the string.

HTH!

View solution in original post

Just commenting in support of Jens... That's right Jim, as Jens said, it won't change or delete any existing configuration you have for other VLANs. It will re-order the list of your initial configuration without changing fundamental operation.

Example:

If your configuration currently consists of spanning-tree vlan 1-3,5,8,10-20,40 priority 4096

If we configure VLAN 9 with 'spanning-tree vlan 9 priority 4096' it will change the configuration to: 'spanning-tree vlan 1-3,5,8-20,30 priority 4096'

I would recommend applying the STP configuration for your new VLAN before actually creating the new vlan with 'vlan x'

View solution in original post

14 Replies 14

Jens Albrecht
Spotlight
Spotlight

Hello @Jim Yorke,

which STP protocol are you running? If you use PVST+ or Rapid-PVST+ then there is basically no need to worry. If you add a new vlan, then a new separate STP instance for this vlan will be created which does not affect the other instances. Of course, you need to configure root and secondary root for this new STP instance.

In case you run MSTP then it depends if the new vlan is already assigned to one or your MST instances or not. If yes, then creating the new vlan can be done without problems. However, if you need to add this new vlan to one of your MST instances, then this must be done in a maintenance window because each time you change the MST instance on one switch your entire MSTP topology reconverges.

HTH!

Unlike our standard IOS switches I cannot see a spanning-tree mode statement except for the below:  
spanning-tree port type edge bpduguard default
spanning-tree vlan 2-4,10,12,16-17,20,29-30,40,50,70,75-76,150,200,900 priority 8192


@Jim Yorke wrote:

spanning-tree vlan 2-4,10,12,16-17,20,29-30,40,50,70,75-76,150,200,900 priority 8192


This output points to either PVST+ or Rapid-PVST+.
With MSTP you see various statements for the MST instances and Vlan mappings for each instance.
So you have separate STP instances for each vlan and adding another vlan will not impact the existing ones.

Royalty
Spotlight
Spotlight

Hi @Jim Yorke,

Assuming you are running PVST+/RPVST+ you should be able to use the 'spanning-tree vlan <options>' commands to configure STP instance settings for the given new VLANs, e.g. root and secondary root bridges. This won't override the current config as the IOS parser will add the new VLAN config alongside the existing config statements, even if the said statements include the new VLANs in the range. As a pure example, if you have 'spanning-tree vlan 10-50 priority 4096' and want to add to VLAN 40, you can configure 'spanning-tree vlan 40 priority 8192' and it will automatically adjust the ranges in the first command, and add a new command or add to an existing command to set the priority to 8192.

@Jens Albrecht
makes an excellent point about MST in a circumstance that is actually realistic. If your current MST configuration for a particular instance includes one of those new VLANs in its current VLAN to instance mapping, a change would cause reconvergence. This is because on each switch in the MST domain, the MST Region Configuration Digest must match on all switches. This includes the name, configuration revision number, and VLAN to instance mapping. Since you have now changed the VLAN to instance mapping, they fallback to inter-region communication and act as an MST Boundary. That, causes reconvergence.

Assuming PVST+/RPVST+, you can configure spanning-tree related commands before actually creating the VLAN. The STP instance will only start once the VLAN is defined and created. Therefore, you can be assured that once you create the VLAN, the STP instance will start with the correct configuration and converge correctly from the get go.


@Jim Yorke wrote:
Unlike our standard IOS switches I cannot see a spanning-tree mode statement except for the below:
spanning-tree port type edge bpduguard default
spanning-tree vlan 2-4,10,12,16-17,20,29-30,40,50,70,75-76,150,200,900 priority 8192

You can have regular PVST+/RPVST+ configuration running alongside MST, it's just that it won't be active if the mode is set to MST. I doubt you are running MST of course as you would have probably seen it when viewing the config. To be sure, you can try 'show spanning-tree summary'. The top line of output indicates the running version.

Ran the sh spanning-tree summary and got the following output:  Switch is in rapid-pvst mode
Root bridge for: VLAN0002-VLAN0004, VLAN0010, VLAN0012-VLAN0013
VLAN0015-VLAN0017, VLAN0020, VLAN0029-VLAN0030, VLAN0040, VLAN0050, VLAN007
VLAN0075-VLAN0076, VLAN0150, VLAN0200
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is enabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short
vPC peer-switch is enabled (operational)
STP-Lite is disabled

So I should be able to just add spanning-tree vlan 40 but if I specify priority 8192 as in the spanning tree statement above will it change the priority for any of the other listed vlans or just add vlan 40 to the string?

So you definitely run Rapid-PVST+ as expected and are ready to go.

If you set the priority 8192 for another vlan, then this will simply be added to the string.

HTH!

Just commenting in support of Jens... That's right Jim, as Jens said, it won't change or delete any existing configuration you have for other VLANs. It will re-order the list of your initial configuration without changing fundamental operation.

Example:

If your configuration currently consists of spanning-tree vlan 1-3,5,8,10-20,40 priority 4096

If we configure VLAN 9 with 'spanning-tree vlan 9 priority 4096' it will change the configuration to: 'spanning-tree vlan 1-3,5,8-20,30 priority 4096'

I would recommend applying the STP configuration for your new VLAN before actually creating the new vlan with 'vlan x'

nav-hassan
Level 1
Level 1

On Cisco Nexus 9372 switches, when you create a new VLAN and want to include it in spanning tree, the VLAN is automatically included in the spanning-tree domain by default—there's no separate global spanning-tree add vlan command like on some older Catalyst switches.

What you typically do:

  1. Create the VLAN (if not already created):

 

bash
vlan <vlan-id>
name <vlan-name>
  1. Verify VLAN is active on the switch.

  2. Spanning-tree per VLAN:
    Spanning Tree runs per VLAN (PVST+ or MST), and by default, the VLAN will be part of the spanning-tree process. You do not need to add it manually to spanning tree.

Important notes:

  • If you are running MST (Multiple Spanning Tree), you need to make sure your VLAN is assigned to the correct MST instance. For example:

 

bash
spanning-tree mst configuration
instance 1 vlan <vlan-id>
  • If you do not assign the VLAN to an MST instance, it will be treated as part of the default instance (instance 0).

  • If you run PVST or Rapid PVST, VLANs are automatically handled without manual addition.

How to check what VLANs are in spanning tree?

You can run:

 

bash
show spanning-tree vlan <vlan-id>

 

or

 

bash
show spanning-tree mst configuration

Ok, so I created vlan 45 and named it on both of my cores and saved the configs but on show spanning-tree vlan 45 on Core 1 it tells me that Spanning tree instance for vlan does not exist, but on Core 2 it does.  Any suggestions as to why it would not automatically add it?

Hi Jim, the switch will not create an STP instance for a VLAN unless there is an operationally active (up/up) L2 interface assigned to that VLAN. These L2 interfaces can either be access ports that are explicitly assigned to the VLAN, or trunk ports that are allowed to carry the VLAN — the key is that the interface is up and participating in that VLAN. It is possible in your case that you have trunk interfaces to other switches that are pruning VLAN 45. For example, if you were to do a show interfaces trunk you can see the VLANs allowed on the trunk:

show interfaces trunk
Port               Vlans allowed on trunk
Gi1/0/1          1,10,20

If you do not see your VLAN 45 on the trunk allowed list, there will be switchport trunk allowed vlan command that is filtering VLAN 45 off the trunk. You'll need to go under the configuration for the relevant interfaces and issue a switchport trunk allowed vlan add 45.

Alternatively, a show vlan  should show a list of interfaces that are currently assigned to VLAN 45, but not necessarily those that are active.

saran04
Level 1
Level 1

there is no specific "spanning tree add vlan" command. Instead, when you create a new VLAN and assign it to an interface, you need to ensure it's also included in your existing spanning-tree configuration if you're using features like MST (Multiple Spanning Tree) or PVST+.

Jim Yorke
Level 1
Level 1

Just wanted to thank everyone for their input on this.  After creating the vlan, creating the interface, and adding the vlan to the trunk ports all is working as it should.  Thank you for giving me the confidence I needed to make this happen.  So new to this but now I feel reassured that I have a wonderful community that I can get input from along this journey when I need help.

Thanks for those kind words Jim, I'm sure Jens will appreciate as much as I. It's a pleasure to help someone who is interested, willing to learn, and those that take the initiative to fill in any gaps in our comments/replies. Do reach out if there's any further questions along the road!

Glad to hear that everything is working as expected. Keep practicing and digging deeper into these topics and you'll quickly get a better understanding on how networks work. We are here to answer any further questions you may have.

Regards, Jens