01-03-2019 12:05 PM - edited 03-08-2019 04:56 PM
On our network we have portfast and bpduguard enabled on all access ports and nothing configured on trunk ports for spanning-tree. Is this best practice or should we be doing something different?
Solved! Go to Solution.
01-03-2019 12:28 PM
Portfast and bpduguard are fine. Don't think you need anything on the trunks. On the trunk ports just allow the specific vlans you need to have there and not all vlans.
HTH
01-03-2019 12:23 PM
Hello dbuckley77
Greetings,
Actually your question is not understood! but let me tell you some of the good things that spanning-tree will provide you if you use some of its functions,
you can issue for example #spanning-tree mode rapid-pvst
this will change the spanning tree mode and this rapid-pvst mode will fasten the convergence time of the trunk links to turn green by 30 sec! which is great! you can also through it make some load balancing between switches so that you can make for example each switch a root for a specific vlan! I like to use this option too, you can achieve it by issuing on Switch 1 #spanning-tree vlan x root primary, and on Switch 2 #spanning-tree vlan y root primary, which means that now Switch 1 is the root for vlan x while Switch 2 is the root for vlan y!
you can also configure on the trunk interfaces root guard to secure that switch for being a root even if it will receive a bpdu with less bridge ID.
And more and more!
I guess you can provide us the topology so that we can recommend for you the best practice options regarding the spanning-tree!
Best of luck!
Please, don''t forget to rate my reply as a helpful, if you find it helpful enough! also you can mark it as a solution if it's helping to solve your problems or answer your inquiries! it would be so nice from you!
Thanks in Advance!
Bst Rgds,
Andrew Khalil
01-03-2019 12:24 PM
Hi @dbuckley77,
These commands seek better convergence on access ports, where a switch will never connect (portfast) and avoid layer 2 loops if someone connects a switch to those ports (BPDUGuard).
But, if you have Layer 2 redundancy in your network, I recommend evaluating the configuration of UplinkFast and / or BackboneFast on trunks ports.
I share this link for more information on these options:
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-1E/configuration/guide/swcg/stp_enha.pdf
Regards
01-03-2019 12:28 PM
Portfast and bpduguard are fine. Don't think you need anything on the trunks. On the trunk ports just allow the specific vlans you need to have there and not all vlans.
HTH
01-03-2019 01:58 PM
Hello
Enabling access-port stp portfast on a trunk will have not effect to the trunk as it designed for end hosts at the edge of an stp domain thus basically it tells the switch it’s save to transition the port straight into a forwarding state - however stp portfast trunk command can do the same thing for a trunk so it isn’t advisable to apply to a trunk that’s connects to another switch - its usually advised ONLY to be enable this command when that trunk is connected to a device such as router / server or esx/vm host
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: