11-27-2008 12:03 AM - edited 03-06-2019 02:42 AM
Hi everyone,
I have the question about separation of STP domain on layer 2 network.
The following is the example of layer 2 network and the network is within one IP subnet, one VLAN.
Looped-Area#1-----Cat3750#1-----Layer 2 WAN-----Cat3750#2-----Looped-Area#2
<--looped---><-------------------No loop exist---------------><---looped-->
<---------------------------------single VLAN----------------------------->
There are some Catalyst Switches in each of "Looped-Area#1" and "Looped-Area#2".
STP is needed to run in the network in order to prevent loop.
However there is no bridge/switch loop between Cat3750#1 and Cat3750#2, in other words, multiple
paths does not exist between Cat3750#1 and Cat3750#2 as shown above.
So I think both Cat3750#1 and Cat3750#2 do not have to participate the STP domain in order to
calculate STP topology; rather Catalyst Switches in "Looped-Area#1" and Catalyst Switches in
"Looped-Area#2" should belong to different STP domain. By separating STP domain, I think I can:
for example, configure "Looped-Area#1" uses PVST+ while "Looped-Area#2" uses RSTP
avoid to reach STP convergence to whole layer 2 network
for exmaple, I use one STP domain whole network and STP root and STP secondary root exist in
"Looped-Area#1".
And when STP root changes to secondary root, STP convergence occurs and Catalyst Switches in
"Looped-Area#1" and also in "Looped-Area#2" must wait until STP convergence is completed.
During STP convergence, traffic does not across Layer 2 WAN, in other words, traffic just
within "Looped-Area#2" is also affected.
If I use two STP domain on each "Looped-Area#1" and "Looped-Area#2 and STP root exist each,
traffic within each area is unaffected by STP convergence occurred on another area.
I have the following question and concerns about it, could you please advise me?
To do so what configuration is needed on Catalyst Switches?
Just configure different "VTP domain name" on Catalyst Switches in each aera?
Assume that I can create two STP domain, I think BPDU packets are forwarded through whole
network regardless of differenciation of STP domain because BPDU packet is multicast.
But BPDU packets from different STP domain are ignored and not processed by Catalyst Switch.
Also assume that I can create two STP domain, I think if I use PVST+ and RSTP on each area,
for example, "Looped-Area#1" uses PVST+ and "Looped-Area#2" uses RSTP, 802.1D BPDU packets
and RSTP BPDU packets are forwarded through whole network regardless of differenciation of
STP domain and STP type(PVST+ or RSTP) because 802.1D and RSTP BPDU packets are multicast.
But Catalyst Switches in RSTP does not fall back to legacy STP(PVST+) even through any RSTP
port receives legacy 802.1D BPDU because PVST+ and RSTP are configured onto different STP domain.
Is my understanding correct?
Could you please let me know your advise?
Your information would be appreciated.
Best regards,
Shinichi
Solved! Go to Solution.
11-27-2008 05:27 AM
Hello Shinichi,
as far as I know only MST 802.1s has a concept of region including a region name an provides specifications on how to behave on a MST region border.
PVST+ misses the concept of region and I don't think it can be confined by simply having a different VTP domain name.
A VTP domain border can have impact only on negotiated trunks that will not form (but you can configure the two sides to trunk unconditionally).
To be sure to divide the two STP domains I would move to MST 8021.s on one side the one using Per Vlan Rapid STP.
If you are already using MST on one site you should be fine but a common CST will run on the border.
If only one link exists between the two catalysts you could think of something different but your topology is a flat single vlan so the best thing should be to move to Rapid STP on both sites and to have a single STP domain.
Hope to help
Giuseppe
11-27-2008 05:54 AM
Hi,
1. There is no "STP domain" concept available for PVSTP+ nor RSTP.
2. VTP domain has nothing common with STP instances. VTP enables a comfortable VLAN configuration, but once a VLAN is spread (even through multiple VTP domains) STP si running independantly on VTP.
3. If you are sure "there is no bridge/switch loop between Cat3750#1 and Cat3750#2, in other words, multiple paths does not exist between Cat3750#1 and Cat3750#2", why don't you simply configure
spanning-tree bpdufilter enable
on the Cat3750#1 and Cat3750#2 interfaces connected to the Layer 2 WAN?
for details.
BR,
Milan
11-27-2008 05:27 AM
Hello Shinichi,
as far as I know only MST 802.1s has a concept of region including a region name an provides specifications on how to behave on a MST region border.
PVST+ misses the concept of region and I don't think it can be confined by simply having a different VTP domain name.
A VTP domain border can have impact only on negotiated trunks that will not form (but you can configure the two sides to trunk unconditionally).
To be sure to divide the two STP domains I would move to MST 8021.s on one side the one using Per Vlan Rapid STP.
If you are already using MST on one site you should be fine but a common CST will run on the border.
If only one link exists between the two catalysts you could think of something different but your topology is a flat single vlan so the best thing should be to move to Rapid STP on both sites and to have a single STP domain.
Hope to help
Giuseppe
10-03-2014 01:09 AM
A single link between the sites and bpdu filter enabled on them works fine, but what is we have 2 links bundled into an etherchannel with bpdu filter enabled ? will that cause loops ?
Regards,
Shiva
10-03-2014 03:19 AM
Hi,
I believe STP BPDUs are being sent over one physical port only within Etherchannel which is then treated as on logical port from STP point of view.
So there should be no difference between a single port or Etherchannel from STP point of view.
But you have to be sure the Etherchannel is configured correctly on both ends!
BR,
Milan
10-03-2014 03:47 AM
Thanks Milan, sorry if i was not clear, what i meant was a scenario where an ether channel is configured and the bpdufilter is applied on the etherchannel (which would mean both physical links would then have bpdu filter on them) what would be the behaviour then ?
Cheers,
Shiva
10-03-2014 05:08 AM
Well, if true cables would be used to connect the switches and the Etherchannel would be configured correctly on both end, then it shoud work the same way as a single physical line.
I'd be careful though in the scenario desribed in the original thread - some L2 WAN involved.
Configuring an Etherchannel over such an envoironment might bring problems, I'm afraid.
BR,
Milan
10-03-2014 06:27 AM
Hmm...i have described my scenario in the new post below, what we have is 2 lanlinks bundled into a etherchannel and loops are seen happening when both links are up, have a look at the below when possible
https://supportforums.cisco.com/discussion/12316646/etherchannel-and-bpdu-filter
Cheers,
Shiva
11-27-2008 05:54 AM
Hi,
1. There is no "STP domain" concept available for PVSTP+ nor RSTP.
2. VTP domain has nothing common with STP instances. VTP enables a comfortable VLAN configuration, but once a VLAN is spread (even through multiple VTP domains) STP si running independantly on VTP.
3. If you are sure "there is no bridge/switch loop between Cat3750#1 and Cat3750#2, in other words, multiple paths does not exist between Cat3750#1 and Cat3750#2", why don't you simply configure
spanning-tree bpdufilter enable
on the Cat3750#1 and Cat3750#2 interfaces connected to the Layer 2 WAN?
for details.
BR,
Milan
11-30-2008 05:53 PM
Hello Giuseppe and Milan,
Thank you very much for your reply and advise.
I understand 802.1D PVSTP+ and 802.1w RSTP do not have the STP domain comcept, but 802.1s MST has.
So in my case, I can use MST to devide STP region or I can configure 'spanning-tree bpdufilter enable' to filter out BPDU packets so that STP region is separated.
Best regards,
Shinichi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide