Solved: Re: STP Query

AkbarAliSheikh · ‎10-30-2012

Hi All,

I have got 5 switches connected in star topology. The main switch to which rest of four switches connects is 3550 and running RSTP. Rest of the four switches are 3560X and running standard STP (IEEE). These four switches are all user facing interfaces. When ever some user accidentally plugs in a same cable to wall ports i get a broadcast storm over the network and everything crashes.

The details for the Main Switch as its ports are below:

spanning-tree mode rapid-pvst

spanning-tree extend system-id

VLAN0061

Spanning tree enabled protocol rstp

Root ID Priority 32829

Address 0011.202c.c280

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32829 (priority 32768 sys-id-ext 61)

Address 0011.202c.c280

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Desg FWD 19 128.1 P2p Peer(STP)

Fa0/4 Desg FWD 19 128.4 Edge P2p

Fa0/7 Desg FWD 19 128.7 P2p

Fa0/8 Desg FWD 19 128.8 Edge P2p

Fa0/10 Desg FWD 19 128.10 Edge P2p

Fa0/11 Desg FWD 19 128.11 Edge P2p

Fa0/24 Desg FWD 19 128.24 Edge P2p

Interfaces that connect to the four access switches:

Interace1:

interface FastEthernet0/8

switchport access vlan 61

switchport mode access

no ip address

no snmp trap link-status

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

end

Interface2:

interface FastEthernet0/11

switchport access vlan 61

switchport mode access

no ip address

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

end

Interface3:

interface FastEthernet0/24

switchport access vlan 61

switchport mode access

no ip address

no logging event link-status

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

end

Interface4:

interface FastEthernet0/1

switchport access vlan 61

switchport mode access

no ip address

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

end

STP details for the Access Switches as its' ports are below:

spanning-tree mode pvst

spanning-tree extend system-id

VLAN0061

Spanning tree enabled protocol ieee

Root ID Priority 32829

Address 442b.0379.5580

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32829 (priority 32768 sys-id-ext 61)

Address 442b.0379.5580

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1 Desg FWD 19 128.1 P2p

Gi0/4 Desg FWD 4 128.4 P2p

Gi0/5 Desg FWD 4 128.5 P2p

Gi0/7 Desg FWD 4 128.7 P2p

Gi0/9 Desg FWD 19 128.9 P2p

Gi0/12 Desg FWD 100 128.12 P2p

Gi0/14 Desg FWD 4 128.14 P2p

Gi0/15 Desg FWD 4 128.15 P2p

Gi0/16 Desg FWD 4 128.16 P2p

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/23 Desg FWD 4 128.23 P2p

Gi0/25 Desg FWD 4 128.25 P2p

Gi0/26 Desg FWD 4 128.26 P2p

Gi0/29 Desg FWD 19 128.29 P2p

Gi0/30 Desg FWD 4 128.30 P2p

Gi0/31 Desg FWD 4 128.31 P2p

Gi0/34 Desg FWD 4 128.34 P2p

Gi0/35 Desg FWD 19 128.35 P2p

Gi0/36 Desg FWD 4 128.36 P2p

Gi0/39 Desg FWD 4 128.39 P2p

Gi0/40 Desg FWD 4 128.40 P2p

Gi0/43 Desg FWD 100 128.43 P2p

Gi0/46 Desg FWD 4 128.46 P2p

Interface:

interface GigabitEthernet0/1

switchport access vlan 61

switchport mode access

end

Many thanks for you help and advise in advance.

Alessio Andreoli · ‎10-30-2012

Hi Akbar,
For this issue a command has been implemented. Essentially you need to issue the spanning-tree portfast enable on each user interface (assuming they are in a dedicated LAN) . This command will disable stp on user switch ports and they will go in forwarding immediately with no delay. All the switch ports accessible and for the users should have portfast enabled while all the rest of the ports should be in shutdown if you are not going to use pvstp+

If you instead decide to upgrade the IOS to run PVSTP just set all the unused and user-accessible switch ports in an unused vlan.

Vlan database
Vlan 999 name unused
Apply
Exit
!
!
Conf t
Interface range fast x/y - z
Description ***User Accessible/Defined switch port***
Swi mo acc
Sw vlan access 999
End
Wr
!

The above code is very helpful ONLY if a stp instance per vlan is used(PVSTP) otherwise:

!
Conf t
Interface range fast x/y - z
Description ***User Accessible/Defined switch port***
Shut
End
Wr
!

With RSTP or a single stp instance anyway.just forgetting that on the main switch you have PVSTP enabled downgraded to the RSTP present on the other switches. You should not have portfast enabled on the main switch but only trunks and access ports for eventual servers.
Interface 1,2,3,4:

Description trunk to switch 1 location wherever
Sw encapsulation dot1q
Sw mo trunk
Sw nonegotiate
Speed 1000
Duplex full
Sw trunk vlan allowed vlan-list-you-want-tocross-the-trunk

Hope this helps
Alessio
Sent from Cisco Technical Support iPad App

View solution in original post

milan.kulik · ‎10-30-2012

Hi,

configuring

spanning-tree bpdufilter enable

on the ports connecting your core 3550 switch to the other switches is the same like disabling STP there!

See http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/command/reference/cli2.html#wp2557315

for details.

So each of the edge switches "thinks" to be the STP root as not receiving any BPDUs from the core switch.

When a user connects a cable to two wall ports connected to two different edge switches, it creates an L2 loop in your LAN.

I'm not sure what happens exactly if that two ports belong to the same switch, it depends on you access port configuration details there.

I'd also recommend running the same STP mode on all switches - either RSTP or IEEE STP.

HTH,

Milan

Alessio Andreoli · ‎10-30-2012

Hi Akbar,
For this issue a command has been implemented. Essentially you need to issue the spanning-tree portfast enable on each user interface (assuming they are in a dedicated LAN) . This command will disable stp on user switch ports and they will go in forwarding immediately with no delay. All the switch ports accessible and for the users should have portfast enabled while all the rest of the ports should be in shutdown if you are not going to use pvstp+

If you instead decide to upgrade the IOS to run PVSTP just set all the unused and user-accessible switch ports in an unused vlan.

Vlan database
Vlan 999 name unused
Apply
Exit
!
!
Conf t
Interface range fast x/y - z
Description ***User Accessible/Defined switch port***
Swi mo acc
Sw vlan access 999
End
Wr
!

The above code is very helpful ONLY if a stp instance per vlan is used(PVSTP) otherwise:

!
Conf t
Interface range fast x/y - z
Description ***User Accessible/Defined switch port***
Shut
End
Wr
!

With RSTP or a single stp instance anyway.just forgetting that on the main switch you have PVSTP enabled downgraded to the RSTP present on the other switches. You should not have portfast enabled on the main switch but only trunks and access ports for eventual servers.
Interface 1,2,3,4:

Description trunk to switch 1 location wherever
Sw encapsulation dot1q
Sw mo trunk
Sw nonegotiate
Speed 1000
Duplex full
Sw trunk vlan allowed vlan-list-you-want-tocross-the-trunk

Hope this helps
Alessio
Sent from Cisco Technical Support iPad App