10-15-2016 10:24 AM - edited 03-08-2019 07:48 AM
Hi All,
With reference to diagram Switch A & B are on site A and Switch C&D are on Site B (With Vlans extended across). Plan is to run STP (PVST+ ,etc) and It will block Backup link to avoid loopback (Can't create port Channel as both links are different in capacity and need to have Layer 2 Links Bot Fiber / Backup to extend VLans across site A & B due to Application requirements). Secondly Will introduce Storm Control to on Both side to avoid broad cast.
Still I have some Concern that if there is any issue on one site (A or B) like unknown unicast / BPDU storm due app or mulfunction hardware, etc that can impact the performance of one site. Obviously that can bring down other site as well. Is there other solutions to make sure that Layer2 level issue doesn't impact other side, however it doesn't disturb the functionality of STP as it easily helps me maintain a back up link for redundancy and HA.
Thanks
10-15-2016 11:17 AM
At first thought, you could just configure port security on the ports connecting the two sites. If those are trunk ports, you need to set the port to 'nonegotiate'.
switchport mode trunk
switchport nonegotiate
switchport port-security
10-15-2016 02:06 PM
Hi;
It's always recommend to use L3 connectivity b/w 2 sites instead of using L2 to avoid STP loops.
If it required to extand Vlan from b/w 2 sites then you need to be careful with reference to STP:
1. Site A switch should be STP root.
2. Trunk allowed vlan should be used to restrict the specific vlan to traverse b/w 2 sites.
3. Always configure Strom control to restrict the broadcast on L2 wan link.
Thanks & Best regards;
10-15-2016 07:06 PM
from you guys recommendation it looks there is no alternative for this given scenario. I need to extend few Vlans.
Actually i have read in a cisco recommendation (for interconnection two Data centres A & B);
1. apply BPDU Filter (to stop BPDU TCN , etc) and it will create two root (Primary & Secondary) Bridges on each site.
e.g. Site -1 Sw A - (Primary , root Switch) & Sw-B Secondary, likewise for Sw C ( Primary root switch ) & SW D (Secondary) on site - 2
but my thinking is , do so will also stop STP not functional which i need to block backup (via link until primary links fail to avoid loops.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide