Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4648
Views
10
Helpful
18
Replies

Common STP domain between ISP and customer

Alexander Istomin
Level 1
Level 1

‎10-10-2019 08:41 AM

Hello everyone!

 

What is the best practice to configure STP in the scenario as shown in the picture below?

How to protect ISP network from misconfiguration on the client side?

 

1. Root on ISP side?

2. Root guard on access ports to client?

3. Something else?

 

sss.PNG

 

 

Labels:
0 Helpful
18 Replies 18

paul driver
VIP
VIP
In response to Alexander Istomin

‎10-11-2019 09:05 AM

Hello

so you only concern here is what link from the access switch you would like to be the primary/secondary link 

You  already have the switch attached to you network and stp primary and secondary are defined?

 

The most simplistic way is to use spanning-tree port- priority xx to make the preferred link - this is very useful as it is only port/interface specific and doesn’t effect the entire stp calculation path like a change the port cost would do.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

paul driver
VIP
VIP

‎10-10-2019 02:10 PM

Hello

Looking at your diagram, it looks like although you will be trunking into the isp , It will probably be into a router not a switch, If this is correct then those switches interconnecting towards the ISP you would define them as your primary/secondary stp roots,

 

On the access layer switches these would have stp bridge priority much higher than the primary/secondary root switches and their switchports would be in a administrative mode of access with port fast/bpduguard enabled.

 

I would say rootguard wouldn't really be applicable It would only feasible if you are interconnecting different dtp domains or you have the potential for ports you dont want to become root ports.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Alexander Istomin
Level 1
Level 1
In response to paul driver

‎10-10-2019 11:26 PM - edited ‎10-10-2019 11:26 PM

Hello, Paul!

 

We are ISP. The client wants to connect his switch to our network with 2 access links for redundancy as I've shown on the picture. So no trunks to ISP, no routers.

0 Helpful

shaps
Level 3
Level 3
In response to Alexander Istomin

‎10-11-2019 02:02 AM

I used to work for a small MSP and we had a lot of request to hand off via a switch, root guard is advisable for sure, you never know what the customer would do in the future.
0 Helpful
Customers Also Viewed These Support Documents