06-06-2008 03:49 AM - edited 03-05-2019 11:27 PM
Hi,
I'm configuring the network as seen in the attachment.
I would like to have one rapid spanning tree domain per vlan. But I'm not quite sure if the routers also support rpvst+ or just pvst+. The core is running rpvst+. The routers seem to adapt to the timers from the rpvst+ domain. So thats my first question. Is this going to work?
My second question is how to convert two Layer 3 ports ( G0/0 and G0/1 ) into one Layer 2 port. I tried this by making a bridge group and configure the BVI interface, but I'm not quite sure this is the way to go.
--------- Sample config from one of the routers ----------
bridge irb
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.254
encapsulation dot1Q 254
bridge-group 254
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.254
encapsulation dot1Q 254
bridge-group 254
!
interface BVI254
ip address 10.254.1.251 255.255.255.0
bridge 254 protocol ieee
bridge 254 route ip
----------- END ------------
Is this the right configuration for the situation I would like to use it for?
Third Question: Is it also possible to use some sort of interface tracking between Gi 0/0 and 0/1 which allows subsecond failover instead of using spanningtree?
06-06-2008 08:55 AM
Per your diagram, the best design will be using L3 links between the routers and switches and run OSPF or EIGRP among these links.
Spanning-Tree and Bridging in routers is very cumbersome and something that should be avoided in new designs.
HTH,
__
Edison.
06-06-2008 09:07 AM
Yes I would also prefer that.
The problem is that there are several VLANS within the spanning tree domain that need to be routed securely with CBAC / reflexive ACL's.
Isn't there a way to use redundant interfaces like ASA 8.0(1)?
06-06-2008 09:33 AM
You can still implement CBAC and Reflexive ACLs with L3 links between devices. I don't know all the requirements so I can't comment further nor make any other suggestions. However, running L2 to the router is just a bad design all around.
Per your diagram, one port must likely is in blocking mode while the other is in forwarding mode. Per your diagram, I'm not sure what device is the root of the Spanning-Tree for a specific Vlan (most likely one of the routers due to their lower MAC Address). Also, routers do not run PVST, they run CST.
Please post the show spanning-tree output from one of the routers for confirmation.
__
Edison.
06-06-2008 12:32 PM
The switches are the primary and secondary root. One of the ports on each of the routers is in forwarding state (towards to root), the other ports are in blocking mode. Can't post a config since its weekend.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide