We have a stack of 2960S, and have a new client that wants to connect via diverse fibre to both switches(From 2 switches on there side).
We currently run MST and client is (currently) running PVRST.
The 2 links will be trunks (With the same ~5 vlans running over both)
Our "standard" trunk config is:
switchport trunk allowed vlan 228,229,265-268
switchport mode trunk
mls qos trust dscp
storm-control broadcast level 20.00
storm-control action trap
no cdp enable
spanning-tree bpdufilter enable
spanning-tree guard root
So after recommendations on what is needed to avoid L2 loop, and to ensure we force one trunk port to be the "primary" for those vlans, and the the other trunk port to be "backup"?
Thanks in advance!
If your 2960s are stacked, than they are logically one switch. If the customer has one switch and wants to connect to your stack, then there is no loop. It is as connecting one switch to one switch.
Thanks - Customer has 2 switches, and we want to prefer one trunk port(as primary), and have the other as "backup"..same vlans on both trunk ports.
There is compatibility between MST and PVST.
Switches that run MST are able to automatically detect PVST+ neighbors at boundaries. These switches are able to detect that multiple BPDUs are received on different VLANs of a trunk port for the instance.
Have a look at this doc:
Thanks Reza - so do we need to remove "spanning-tree bpdufilter enable" from both ports on our side?
We basically want:
- We are root for those vlans we trunk to client on both the trunk ports
- We control which trunk port is primary and backup for those vlans
- We are root bridge on both trunks
Yes, you would need to remove "spanning-tree bpdufilter enable" command. When it is enables, it is as you are not running spanning tree and can cause loop in the network.
In addition, the other thing you should do (if you can) make sure that this customer does not connect their switches together.
So you have your stack (one switch logically) connecting to two switches, and if the 2 customer switches are not connected together, than there is no physical loop.
Thanks Reza - And how to ensure we remain root bridge on both trunk ports, and also how do we make one trunk port the primary, and the other backup for those vlans?