Hello!

Thank you for reply! Some information in your post is very helpful!

Hello, Deepak Kumar!

I reason from ISP point.

And yes, we locate services from different clients on the same switch. For this particular customer we use vlan 100, for an example, and links are in access mode to the client switch . So, I want to protect ISP network, not client.

Hi,

Then I recommend protecting your ISP Switches from the customer's STP domain with BPDU guard or filter. But be clear that yesterday, we faced an issue with a client as the Client was not ready to configure BPDU filter on the port which was connected to the ISP switch and the ISP team was configured "BPDU GUARD" feature on the port. Now the switchport on ISP switch was in error disable mode due to BPDU received from the Client switch. 

In this case, we removed the BPDU guard and enabled the BPDU filter on the particular ISP switchport.

If I enable BPDU filter/guard how does redundancy will work? 

Hi,

As I am looking at your diagram, ISP switches are standalone and uplink is connected to ISP routers. Here, Both switches are doing their own tasks without communicating with each other. There will no effect on the redundancy. 

I apologize if the previous image is confusing.

I changed the picture to show the real situation.

In normal situation traffic goes via left ISP switch.

When left ISP switch goes down, traffic should goes via right ISP switch. We can't use something like LAG or vPC to avoid of using STP.

Hi,

Now I got something better Idea on the switch connections. Here are my ideas for the same:

As per the connection, we can't element the STP due to complete looping in the network so suppose ISP VLAN ID is 100 then

1. Configure PVST+ and make ISP switch A (Right) as root for the VLAN 100 only with a command "

spanning-tree vlan 100 priority 0" (You may choose any other lower priority but less than customer's priority).

2.  Make ISP switch A (Left) as backup/secondary root for the VLAN 100 only with a command "

spanning-tree vlan 100 priority 4096" (You may choose any other lower priority but less than customer's priority).

Also, guide the customer to don't change the root bridge priority for VLAN 100 (keep deafult as 32768).

You can't make it "STP Portfast" because this command will disable automatically after receiving BPDU from the client switch and you can't disable the BPDU here.

Thank you for replies!

One more question:

Is it working scenario in our situation where we can't use LAG or it looks like very bad practice to share STP domain with client?

Hi,

Is it working scenario in our situation where we can't use LAG or it looks like very bad practice to share STP domain with client?

As both switches are not in the stack/vPC/VSS so we can't use LAC. Both switches are working as a standalone body. I think we use STP or choose a routed port on your switch (IP design will change), any Dynamic routing protocol. But where is the current Root bridge?

A routed port (that is, a no switchport) to resemble normal routed ports on routers, certain Layer2 protocols are deactivated on that port, including DTP, VTP, and STP.

Hello

So then are these ISP switches already in production or are you wanting to introduce them along with the Customer switch?

If they are currently in production what stp mode are they using and where is you stp root at this time?

Hello, Paul.

Yes, switches are in production now. The client pays for 2 links for redundancy as i said before. But secondary link is not working now, so I want to turn it on for full redundancy. I understand that better way to make it is by using some sort of LAG technology, but as I said before, we can't do so because of network design.

Hello

so you only concern here is what link from the access switch you would like to be the primary/secondary link 

You  already have the switch attached to you network and stp primary and secondary are defined?

The most simplistic way is to use spanning-tree port- priority xx to make the preferred link - this is very useful as it is only port/interface specific and doesn’t effect the entire stp calculation path like a change the port cost would be.