Solved: Thanks Mark

Muhammad Thanveer · ‎07-13-2015

If we are making a switchport to be Layer3, do stp run on the port?

Peter Paluch · ‎07-13-2015

Muhammad,

I heard somewhere that when we are making the port to be a routed port, with the command no switchport. Switch is creating an internal usage vlan for that port and an svi and then associating it with the port, so that routing can take place.

You are correct, this is exactly what takes place. See for yourself:

DLS2# show run int fa1/0/24
Building configuration...

Current configuration : 108 bytes
!
interface FastEthernet1/0/24
 no switchport
 ip address 12.12.12.2 255.255.255.252
 ip ospf 1 area 0
end

DLS2# show run int po2     
Building configuration...

Current configuration : 103 bytes
!
interface Port-channel2
 no switchport
 ip address 172.16.1.2 255.255.255.252
 ip ospf 1 area 0
end

DLS2# show vlan internal usage

VLAN Usage
---- --------------------
1006 FastEthernet1/0/24
1008 Port-channel2

DLS2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
DLS2(config)# vlan 1006
DLS2(config-vlan)# name Test1
DLS2(config-vlan)# exit
% Failed to create VLANs 1006
VLAN(s) not available in Port Manager.
%Failed to commit extended VLAN(s) changes.

DLS2(config)#
*Mar  4 05:20:23.956: %PM-4-EXT_VLAN_INUSE: VLAN 1006 currently in use by FastEthernet1/0/24
*Mar  4 05:20:23.956: %SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 1006: VLAN(s) not available in Port Manager

DLS2(config-if)# do show run int fa1/0/15
Building configuration...

Current configuration : 36 bytes
!
interface FastEthernet1/0/15
end

DLS2(config-if)# int fa1/0/15
DLS2(config-if)# switchport access vlan 1006
% Access VLAN does not exist. Creating vlan 1006
DLS2(config-if)#
*Mar  4 05:21:17.366: %PM-4-EXT_VLAN_INUSE: VLAN 1006 currently in use by FastEthernet1/0/24
DLS2(config-if)#
*Mar  4 05:21:17.366: %PM-2-VLAN_ADD: Failed to add VLAN 1006 - VTP error.
DLS2(config-if)# do show run int fa1/0/15
Building configuration...

Current configuration : 36 bytes
!
interface FastEthernet1/0/15
end

DLS2(config-if)#

Notice how the two routed ports Fa1/0/24 and Po2 are each allocated a standalone internal usage VLAN, 1006 for Fa1/0/24 and 1008 for Po2. These VLANs cannot be used for any other purpose - they cannot be edited (as shown by my attempt to rename the VLAN 1006), nor can they be used by other access ports (as shown by my attempt to use VLAN 1006 as an access VLAN on Fa1/0/15).

If the switch creates a separate internal usage VLAN for each and every routed port then it is safe to assume that internally, the switch considers the routed port to actually be a switched port in the internal usage VLAN with a hidden SVI - because that's how the switch works. However, for a routed port (that is, a no switchport port) to resemble normal routed ports on routers, certain Layer2 protocols are deactivated on that port, including DTP, VTP, and STP.

So back to your question: No, there is no STP running on a no switchport interface. Following my example above, this is yet another proof of that on the same switch:

DLS2# show spanning-tree vlan 1006

Spanning tree instance(s) for vlan 1006 does not exist.

DLS2# show spanning-tree vlan 1008

Spanning tree instance(s) for vlan 1008 does not exist.

Would this answer your question? Please feel welcome to ask further.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎07-13-2015

Mark,

not sure what the mechanism is inside the switch that prevents this though from being part of normal stp

Not starting an STP instance is enough. After all, you can "emulate" the same for a manually created VLAN X using the no spanning-tree vlan X command.

i would say its taken out of the layer 2 process

This would not be a precise description because there is at least one Layer2 feature that must still be preserved: the containment of this internal usage VLAN (it must not spill into any other VLANs). However, most Layer2 processes that run for ordinary VLANs are deactivated on such an internal VLAN:

MAC address learning (similar to no mac address-table learning vlan X)
STP (similar to no spanning-tree vlan X)
DTP (similar to switchport nonegotiate on port)
VTP (similar to no vtp on port)

The actual implementation details may indeed differ but assuming that you can approximate the behavior of no switchport interfaces with this set of commands, I would personally assume that the implementation is not that different.

Best regards,
Peter

View solution in original post

Mark Malone · ‎07-13-2015

stp is layer 2 feature only , if the port is set to no switchport it becomes layer 3 and stp does not include it in its calculation for loop prevention

Muhammad Thanveer · ‎07-13-2015

That's correct, Let me be more specific on this, I have asked this question because, When we make a switchport to be a routed port, actually in the background we are creating a vlan (extended/internal usage vlan) and a svi, then we are associating it to the port, while still the actual port is an access port. If this is the case would STP run on the port?

Mark Malone · ‎07-13-2015

Once you enable no switchport port becomes disabled as an actual switch port as below and becomes capable of ip , you can check by doing show interface just add switchport after it as taken from one of my routed ports below on 6500 , i dont see how you can set the interface to be no switchport and then associate it with a switchport as soon as you issue the switchport access command under the interface it will set it back to being a layer 2 port , youre vlan can still be up/up at layer 3 and have an actual routed port on the same device not associated with any specific vlan and push all the svi traffic out the routed port

XIR#sh int gig1/7/46 switchport
Name: Gi1/7/46
Switchport: Disabled

XIR#sh run int gig1/7/46
Building configuration...

Current configuration : 141 bytes
!
interface GigabitEthernet1/7/46
description xxxxxxx
no switchport
no ip address
channel-group 5 mode active
end

Muhammad Thanveer · ‎07-13-2015

Hi Mark,

You are correct and I agree with you, I understand that while making the port from access to a routed port, STP is disabled.

I heard somewhere that when we are making the port to be a routed port, with the command no switchport. Switch is creating an internal usage vlan for that port and an svi and then associating it with the port, so that routing can take place.

Now when it creates a vlan there must be an stp instance running on the port

I am trying to understand what is the mechanism that is stopping the STP run on that port.

Thanks

Mark Malone · ‎07-13-2015

Yes thats right it does create an internal vlan for use with a routed port but its an extended vlan that it uses thats currently not in use , not sure what the mechanism is inside the switch that prevents this though from being part of normal stp i presume it flags it somehow or the fact its disabled at layer 2 switchport level is enough , i have a lot of routed ports on 1 of my 65s but i only see the vlans i created as part of the actual stp calculation

From reading this 3550 doc it looks as if the vlan id is unusable once selected as a route port by the switch and used for internal and can no longer be used as an actual vlan extended or not so i would say its taken out of the layer 2 process , someone else might be able to provide more

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_13_ea1/configuration/guide/3550scg/swvlan.html

Peter Paluch · ‎07-13-2015

Mark,

not sure what the mechanism is inside the switch that prevents this though from being part of normal stp

Not starting an STP instance is enough. After all, you can "emulate" the same for a manually created VLAN X using the no spanning-tree vlan X command.

i would say its taken out of the layer 2 process

This would not be a precise description because there is at least one Layer2 feature that must still be preserved: the containment of this internal usage VLAN (it must not spill into any other VLANs). However, most Layer2 processes that run for ordinary VLANs are deactivated on such an internal VLAN:

MAC address learning (similar to no mac address-table learning vlan X)
STP (similar to no spanning-tree vlan X)
DTP (similar to switchport nonegotiate on port)
VTP (similar to no vtp on port)

The actual implementation details may indeed differ but assuming that you can approximate the behavior of no switchport interfaces with this set of commands, I would personally assume that the implementation is not that different.

Best regards,
Peter

Mark Malone · ‎07-13-2015

Thanks for clearing that up

Muhammad Thanveer · ‎07-13-2015

Hi Peter Paluch

You are awesome!

Muhammad Thanveer · ‎07-13-2015

Thanks Mark

Peter Paluch · ‎07-13-2015

Muhammad,

I heard somewhere that when we are making the port to be a routed port, with the command no switchport. Switch is creating an internal usage vlan for that port and an svi and then associating it with the port, so that routing can take place.

You are correct, this is exactly what takes place. See for yourself:

DLS2# show run int fa1/0/24
Building configuration...

Current configuration : 108 bytes
!
interface FastEthernet1/0/24
 no switchport
 ip address 12.12.12.2 255.255.255.252
 ip ospf 1 area 0
end

DLS2# show run int po2     
Building configuration...

Current configuration : 103 bytes
!
interface Port-channel2
 no switchport
 ip address 172.16.1.2 255.255.255.252
 ip ospf 1 area 0
end

DLS2# show vlan internal usage

VLAN Usage
---- --------------------
1006 FastEthernet1/0/24
1008 Port-channel2

DLS2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
DLS2(config)# vlan 1006
DLS2(config-vlan)# name Test1
DLS2(config-vlan)# exit
% Failed to create VLANs 1006
VLAN(s) not available in Port Manager.
%Failed to commit extended VLAN(s) changes.

DLS2(config)#
*Mar  4 05:20:23.956: %PM-4-EXT_VLAN_INUSE: VLAN 1006 currently in use by FastEthernet1/0/24
*Mar  4 05:20:23.956: %SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 1006: VLAN(s) not available in Port Manager

DLS2(config-if)# do show run int fa1/0/15
Building configuration...

Current configuration : 36 bytes
!
interface FastEthernet1/0/15
end

DLS2(config-if)# int fa1/0/15
DLS2(config-if)# switchport access vlan 1006
% Access VLAN does not exist. Creating vlan 1006
DLS2(config-if)#
*Mar  4 05:21:17.366: %PM-4-EXT_VLAN_INUSE: VLAN 1006 currently in use by FastEthernet1/0/24
DLS2(config-if)#
*Mar  4 05:21:17.366: %PM-2-VLAN_ADD: Failed to add VLAN 1006 - VTP error.
DLS2(config-if)# do show run int fa1/0/15
Building configuration...

Current configuration : 36 bytes
!
interface FastEthernet1/0/15
end

DLS2(config-if)#

Notice how the two routed ports Fa1/0/24 and Po2 are each allocated a standalone internal usage VLAN, 1006 for Fa1/0/24 and 1008 for Po2. These VLANs cannot be used for any other purpose - they cannot be edited (as shown by my attempt to rename the VLAN 1006), nor can they be used by other access ports (as shown by my attempt to use VLAN 1006 as an access VLAN on Fa1/0/15).

If the switch creates a separate internal usage VLAN for each and every routed port then it is safe to assume that internally, the switch considers the routed port to actually be a switched port in the internal usage VLAN with a hidden SVI - because that's how the switch works. However, for a routed port (that is, a no switchport port) to resemble normal routed ports on routers, certain Layer2 protocols are deactivated on that port, including DTP, VTP, and STP.

So back to your question: No, there is no STP running on a no switchport interface. Following my example above, this is yet another proof of that on the same switch:

DLS2# show spanning-tree vlan 1006

Spanning tree instance(s) for vlan 1006 does not exist.

DLS2# show spanning-tree vlan 1008

Spanning tree instance(s) for vlan 1008 does not exist.

Would this answer your question? Please feel welcome to ask further.

Best regards,
Peter

Do STP run on routed port of a switch?