Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
4
Replies

Correct spanning tree configuration

Go to solution
cisco
Level 1
Level 1

‎01-13-2012 08:39 PM - edited ‎03-07-2019 04:20 AM

The network in my building consists of several 2950s connected back to 3550s using redundant fiber links and MST.  Recently one tenant decided they wanted to run their own switch and use the existing building network for VoIP only which is on a dedicated VLAN.  I was thinking about creating an access port on the 2950 and setting it to the VoIP VLAN as I do not want to give them a trunk port.  The client can take this link and connect to their switch.  So far does not seem to be an issue.  Now what happens if the client configures spanning-tree on their switch?  I have no control over their device and cannot manage it.  Is there a way I can protect my edge switch and access port to allow them to run their own spanning tree without it interfearing with my existing MST instances? I was thinking BPDU guard but if they turn on stp and my switch sees a bpdu then the port is disabled and they lose VoIP access.  At the same time I dont want them to be able to create a loop on their switch and have it affect mine.  But since the is only a single cable from my device to theirs I don't think that would be possible...or could it?  Would bpdu filtering or root guard come into play here?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to cisco

‎01-14-2012 08:27 PM

If that happens, it will kill the entire VoIP switch and not yours.  To protect anything happening to your switch, you can deploy storm control on the interface connected to that switch

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/storm.html

HTH

View solution in original post

0 Helpful

Go to solution
Jeff Van Houten
Level 5
Level 5

‎01-15-2012 03:39 PM

an access port should be fine between your existing network and the new switch. Bpdu guard will not work as you said because the port would be disabled. You'll definitely want root guard to protect your spanning tree from theirs.

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-13-2012 09:43 PM

As long as you give them a single link (no redundancy) you should be fine.  In this case, there would no physical loop.

HTH

0 Helpful

Go to solution
cisco
Level 1
Level 1
In response to Reza Sharifi

‎01-14-2012 06:39 AM

I didn't think there would be, but just making sure.  So if the client messes up their switch on the VoIP ports would it just take theirs down or mine as well?  Let's say they aren't running spanning tree and they connect two ports, could that kill my entire VoIP vlan or just their switch?  Also what about preventing their switch from taking STP root?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to cisco

‎01-14-2012 08:27 PM

If that happens, it will kill the entire VoIP switch and not yours.  To protect anything happening to your switch, you can deploy storm control on the interface connected to that switch

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/storm.html

HTH

0 Helpful

Go to solution
Jeff Van Houten
Level 5
Level 5

‎01-15-2012 03:39 PM

an access port should be fine between your existing network and the new switch. Bpdu guard will not work as you said because the port would be disabled. You'll definitely want root guard to protect your spanning tree from theirs.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card