10-05-2019 02:21 AM
Hello,
I have 4 Cisco switches are connected to each other in a mesh topology with trunk links. The trunk links are allowing only specific VLANs to pass.
Spanning tree configuration as below where SW1 acting as root and SW2 acting as secondary;
SW1
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 25976
SW2
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 29472
SW3
spanning-tree mode rapid-pvst
spanning-tree extend system-id
SW4
spanning-tree mode rapid-pvst
spanning-tree extend system-id
Please advise as i feel that this configuration can cause some troubles.
Thanks in advance
Solved! Go to Solution.
10-05-2019 06:45 AM
Config on SW1 and SW2 looks fine, but you should include the same config on SW3 and SW4
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
Also using bpduguard and bpdufilter as defaults, you have to make sure to define all edge ports as access interfaces with "switchport mode access" and to use bpduguard and filter you have to type "spanning-tree portfast" on edge ports.
I would also include in global config "spanning-tree portfast default" which enables all ports configured as access mode, to run spanning-tree portfast as default.
The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations. If you enable Port Fast on an interface connecting to another switch, you risk creating a spanning-tree loop.
10-05-2019 02:58 AM
= Perhaps the question more becomes. Why did you introduce all these none-defaulting spanning tree configuration commands in to your configuration. Do you understand them. If so, why do you use them ?
M.
10-05-2019 03:10 AM - edited 10-05-2019 03:10 AM
Well as for spanning-tree portfast bpduguard default, spanning-tree portfast bpdufilter default what i know that we can save some start-up time while not allowing BPDU being sent out to the connected host.
However, I'm here asking for advice which means I'm not fully aware of spanning tree configuration. Can you advise please?
10-05-2019 05:17 AM
Hi!
I think you do not need in bpdufilter default.
Look on show spanning tree summary and blocked ports on each switch
10-06-2019 06:12 AM
10-05-2019 06:45 AM
Config on SW1 and SW2 looks fine, but you should include the same config on SW3 and SW4
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
Also using bpduguard and bpdufilter as defaults, you have to make sure to define all edge ports as access interfaces with "switchport mode access" and to use bpduguard and filter you have to type "spanning-tree portfast" on edge ports.
I would also include in global config "spanning-tree portfast default" which enables all ports configured as access mode, to run spanning-tree portfast as default.
The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations. If you enable Port Fast on an interface connecting to another switch, you risk creating a spanning-tree loop.
10-06-2019 06:10 AM
10-06-2019 07:04 AM
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide