cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4524
Views
10
Helpful
6
Replies

spanning tree port-priority

johnelliot6
Level 2
Level 2

Hi,

Running mst, and spanning-tree vlan n port-priority 16 has no affect on downstream switch?

(Downstream switch is running pvst)

Dual connections from 2960S (root) -> 3560.want to manipulate which port is used.

With "spanning-tree vlan 228 port-priority 16" configured on the 2960 port, I see no change in Designated port id value on the 3560:

Port 52 (FastEthernet0/48) of VLAN0228 is alternate blocking

   Port path cost 19, Port priority 128, Port Identifier 128.52.

   Designated root has priority 24576, address 64a0.e706.9b80

   Designated bridge has priority 24576, address 64a0.e706.9b80

   Designated port id is 128.55, designated path cost 0

   Timers: message age 1, forward delay 0, hold 0

   Number of transitions to forwarding state: 2

   Link type is point-to-point by default

   BPDU: sent 897, received 1729

sw01#sh spanning-tree vlan 228 interface fastEthernet 0/46 detail

Port 50 (FastEthernet0/46) of VLAN0228 is alternate blocking

   Port path cost 19, Port priority 128, Port Identifier 128.50.

   Designated root has priority 24576, address 64a0.e706.9b80

   Designated bridge has priority 24576, address 64a0.e706.9b80

   Designated port id is 128.1, designated path cost 0

   Timers: message age 1, forward delay 0, hold 0

   Number of transitions to forwarding state: 1

   Link type is point-to-point by default

   BPDU: sent 6, received 647

But If I change this to "spanning-tree port-priority 16" on the 2960 port, It changes this value, and I get the required result (port 0/48 on the 3560 is fwd):

sw01#sh spanning-tree vlan 228 interface fastEthernet 0/46 detail
Port 50 (FastEthernet0/46) of VLAN0228 is alternate blocking
   Port path cost 19, Port priority 128, Port Identifier 128.50.
   Designated root has priority 24576, address 64a0.e706.9b80
   Designated bridge has priority 24576, address 64a0.e706.9b80
   Designated port id is 128.1, designated path cost 0
   Timers: message age 1, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 6, received 647


sw01#sh spanning-tree vlan 228 interface fastEthernet 0/48 detail
Port 52 (FastEthernet0/48) of VLAN0228 is root forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.52.
   Designated root has priority 24576, address 64a0.e706.9b80
   Designated bridge has priority 24576, address 64a0.e706.9b80
   Designated port id is 16.55, designated path cost 0
   Timers: message age 2, forward delay 0, hold 0
   Number of transitions to forwarding state: 3
   Link type is point-to-point by default
   BPDU: sent 899, received 1848

VLAN0228
  Spanning tree enabled protocol ieee
  Root ID    Priority    24576
             Address     64a0.e706.9b80
             Cost        19
             Port        52 (FastEthernet0/48)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32996  (priority 32768 sys-id-ext 228)
             Address     f4ac.c17d.ad00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/46              Altn BLK 19        128.50   P2p
Fa0/47              Desg FWD 19        128.51   P2p Edge
Fa0/48              Root FWD 19        128.52   P2p

Is this expected behaviour? I was under the assumption I could manipulate port priority on a per vlan basis?

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hello John,

I was under the assumption I could manipulate port priority on a per vlan basis?

Not with MST. With MST, you can manipulate port priority on a per-instance basis, i.e. spanning-tree mst X port-priority N. This is quite a common mistake: while running MST, people still tend to configure per-VLAN parameters which are ignored.

Remember, when running MST, all commands of the form spanning-tree vlan X ... must be appropriately replaced with spanning-tree mst X ...

Best regards,

Peter

View solution in original post

6 Replies 6

Peter Paluch
Cisco Employee
Cisco Employee

Hello John,

I was under the assumption I could manipulate port priority on a per vlan basis?

Not with MST. With MST, you can manipulate port priority on a per-instance basis, i.e. spanning-tree mst X port-priority N. This is quite a common mistake: while running MST, people still tend to configure per-VLAN parameters which are ignored.

Remember, when running MST, all commands of the form spanning-tree vlan X ... must be appropriately replaced with spanning-tree mst X ...

Best regards,

Peter

Much appreciated Peter - makes perfect sense!

One other question - To ensure the 2960S is root, is spanning-tree guard root sufficient under each of the 2960S's connecting interfaces?

Hi John,

To ensure the 2960S is root, is spanning-tree guard root sufficient under each of the 2960S's connecting interfaces?

No, it is not. Configuring the Root Guard on each of the 2960S's connecting interface would merely prevent this switch from learning that there is a different root switch in the network, but it would not prevent the remainder of the network to converge to the new root bridge.

The primary way to ensure that the 2960S becomes the root bridge for a particular MST instance is to lower its priority so that it is the lowest among all switches in your topology. If there is a part of the network you do not trust then all ports to that part should be protected using the Root Guard, but otherwise, it makes no sense to use the Root Guard inside your network if all switches can be considered trused.

Best regards,

Peter

Thanks again Peter.

The 3560 is not trusted, so I would keep spanning-tree guard root enabled on the 2960S ports connecting to it?

And I would also add the following in global conf to ensure the 2960S is root bridge?

spanning-tree mst 0 priority 0

Hi John,

The 3560 is not trusted, so I would keep spanning-tree guard root enabled on the 2960S ports connecting to it?

Yes, that is correct. Note that by saying "not trusted", I am implying that the 3560 is not under your control. The Root Guard is not supposed to be used as a safety belt mechanism against one's configuration mistakes. If the 3560 is under your administrative control then I suggest not using Root Guard at all and simply being careful with the STP settings, that's all.

And I would also add the following in global conf to ensure the 2960S is root bridge?

spanning-tree mst 0 priority 0

Yes, that is correct. If you have multiple STP instances, you would want to use the command multiple times for any instance you want your switch to become the root bridge for.

Best regards,

Peter

Thanks again Peter - And correct, the 3560 is not under my control.

Review Cisco Networking for a $25 gift card