Re: Creating a trunk to 3rd party switch

Andrew White · ‎06-10-2019

Hello,

I need to create a trunk to a 3rd party switch. Ours are 2 Nexus switches (connected via vPC) and theirs are 2 Extreme summit switches.

I want to make sure their switches don't cause issues when physically connected.

We don't seem to be running VTP:

# sh vtp status
Service not enabled

Spanning tree is rapid-pvst

1# sh spanning-tree sum
Switch is in rapid-pvst mode

Also

spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 8192

Thanks

Giuseppe Larosa · ‎06-10-2019

Hello Andrew,

you need to know what type of STP is running on the Extreme switches:

if they are running RSTP they will interact with your switch only on Vlan1 (verify that they send untagged STP BPDUs on native vlan ) with RSTP Vlan 1 instance.

If the Extreme switches run MST 802.1s the question is more complex:

either all your Rapid PVST provide better root bridge(s) then Extreme root bridges for each MST instance

or the opposite: all your Rapid PVST root bridges are worst then all MST instances root bridges on Extreme switches side,

A mixed scenario is not supported as there is no one to one corrispondence between Rapid PVST instances (one per Vlan) and MST instances that are only a few ( no more then 64).

[please note the above consistency rules are those required by Cisco switches running MST for PVST emulation but I think they make sense also in this context as a safe condition]

If the Extreme networks switches support Rapid PVST the interaction is easier.

>> spanning-tree loopguard default

This can be a problem in some contexts depending on what side is the "STP winner" the command can be good or not. This command should be enabled only on access layer switches that are not root bridge of any Vlan in my experience.

Edit:

I don't know the exact model of your extreme switches according to the following configuration guide

ttps://documentation.extremenetworks.com/EOS_Config/downloads/S_K_7100_Configuration_Guide.pdf

Extrem networks switches running EOS support the following STP modes/standards

Extreme Networks switch devices support the Spanning Tree Protocol (STP), Rapid Spanning TreeProtocol (RSTP), and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards anddescribed in IEEE 802.1Q:•IEEE 802.1D (Spanning Tree Protocol)

•IEEE 802.1w (Rapid Spanning Tree Protocol)

•IEEE 802.1s (Multiple Spanning Tree Protocol)

•IEEE 802.1t (Update to 802.1D)

on pag 296 of above document.

In any case I strongly recommend to disable STP loop guard on Cisco side for the trunk link towards these switches.

To be noted some Extreme switches support other network operating systems.

Hope to help

Giuseppe

Andrew White · ‎06-10-2019

Could we just turn off spanning tree between the 2 environments?

If so would that be turning on bpdu guard and filter?

Giuseppe Larosa · ‎06-10-2019

Hello Andrew,

you can turn off spanning-tree only if there is a single logical link between the Cisco devices and the Extreme switches.

You have Nexus switches so on Cisco side you can use a vPC, check if multi chassis LAG is supported on the Extreme switches.

The tool to use on Cisco side is spanning-tree bpdufilter.

On the extrem switches look for virtual switch bonding VSB see pag. 60 on the guide

https://documentation.extremenetworks.com/EOS_Config/downloads/S_K_7100_Configuration_Guide.pdf

Hope to help

Giuseppe

Andrew White · ‎06-11-2019

They have turned added bpdu filter on their Extreme switches.

Our 2 Nexus switches are connected via a vPC so are seen as one switch,

They will add add 4 x 10GB ports in an MLAG from the 2 Extreme switches to our 2 Nexus switches, so I created a port channel on both Nexus and configure the 4 ports.

On both Nexus:

interface port-channel300

description Extreme Uplink

switchport mode trunk

switchport trunk native vlan 999

switchport trunk allowed vlan 31,32,33,34

spanning-tree port type normal

speed auto

vpc 300

on ports 20/21 on both Nexus

interface Ethernet1/20

description Extreme Uplink

switchport mode trunk

switchport trunk native vlan 990

spanning-tree port type normal

switchport trunk allowed vlan add 301 ,311-313 ,990

channel-group 300 force

no shutdown

interface Ethernet1/21

description Extreme Uplink

switchport mode trunk

switchport trunk native vlan 999

spanning-tree port type normal

switchport trunk allowed vlan add 31 ,32-33 ,999

channel-group 300 force

no shutdown

Does this look ok? Anything you would add?

Thanks

Giuseppe Larosa · ‎06-11-2019

Hello Andrew,

I would use LACP on the port channel vPC link members as it provides protection from errors in cabling or other errors like misconfiguration.

>> They will add add 4 x 10GB ports in an MLAG from the 2 Extreme switches to our 2 Nexus switches, so I created a port channel on both Nexus and configure the 4 ports.

OK this is fine

Hope to help

Giuseppe

Andrew White · ‎06-11-2019

Can you confirm the command for this?

Also should I add root guard on the 4 ports leading to the Extreme switches and Bpdu guard?