Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6815
Views
0
Helpful
4
Replies

Spanning tree best practice config

Go to solution
dbuckley77
Level 1
Level 1

‎01-03-2019 12:05 PM - edited ‎03-08-2019 04:56 PM

On our network we have portfast and bpduguard enabled on all access ports and nothing configured on trunk ports for spanning-tree.  Is this best practice or should we be doing something different?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-03-2019 12:28 PM

Portfast and bpduguard are fine. Don't think you need anything on the trunks. On the trunk ports just allow the specific vlans you need to have there and not all vlans.

HTH 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Andrew Khalil
Spotlight
Spotlight

‎01-03-2019 12:23 PM

Hello dbuckley77

Greetings,

 

Actually your question is not understood! but let me tell you some of the good things that spanning-tree will provide you if you use some of its functions,

 

you can issue for example #spanning-tree mode rapid-pvst

this will change the spanning tree mode and this rapid-pvst mode will fasten the convergence time of the trunk links to turn green by 30 sec! which is great!  you can also through it make some load balancing between switches so that you can make for example each switch a root for a specific vlan! I like to use this option too, you can achieve it by issuing  on Switch 1 #spanning-tree vlan x root primary, and on Switch 2 #spanning-tree vlan y root primary, which means that now Switch 1 is the root for vlan x while Switch 2 is the root for vlan y!

you can also configure on the trunk interfaces root guard to secure that switch for being a root even if it will receive a bpdu with less bridge ID.

And more and more! 

I guess you can provide us the topology so that we can recommend for you the best practice options regarding the spanning-tree! 

Best of luck! 

 

Please, don''t forget to rate my reply as a helpful, if you find it helpful enough! also you can mark it as a solution if it's helping to solve your problems or answer your inquiries! it would be so nice from you! 

Thanks in Advance! 

Bst Rgds,

Andrew Khalil

0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎01-03-2019 12:24 PM

Hi @dbuckley77,

 

These commands seek better convergence on access ports, where a switch will never connect (portfast) and avoid layer 2 loops if someone connects a switch to those ports (BPDUGuard).

But, if you have Layer 2 redundancy in your network, I recommend evaluating the configuration of UplinkFast and / or BackboneFast on trunks ports.
I share this link for more information on these options:

https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-1E/configuration/guide/swcg/stp_enha.pdf

 

Regards

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-03-2019 12:28 PM

Portfast and bpduguard are fine. Don't think you need anything on the trunks. On the trunk ports just allow the specific vlans you need to have there and not all vlans.

HTH 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-03-2019 01:58 PM

Hello

Enabling access-port  stp portfast on a trunk will have not effect to the trunk as it designed for end hosts at the edge of an stp domain thus basically it tells the switch it’s save to transition the port straight into a forwarding state - however stp portfast trunk command can do the same thing for a trunk so it isn’t advisable to apply to a trunk that’s connects to another switch - its usually advised ONLY to be enable this command when that trunk is connected to a device such as router / server or esx/vm host 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card