Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1447
Views
0
Helpful
7
Replies

Spanning tree Cisco 2960x

Go to solution
abimadaro4462
Level 1
Level 1

‎10-05-2019 02:21 AM

Hello, 

I have 4 Cisco switches are connected to each other in a mesh topology with trunk links. The trunk links are allowing only specific VLANs to pass.

Spanning tree configuration as below where SW1 acting as root and SW2 acting as secondary; 

SW1

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 25976

SW2

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 29472

SW3 

spanning-tree mode rapid-pvst
spanning-tree extend system-id

SW4 

spanning-tree mode rapid-pvst
spanning-tree extend system-id

 

Please advise as i feel that this configuration can cause some troubles.

 

Thanks in advance

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kapslock
Level 1
Level 1

‎10-05-2019 06:45 AM

Config on SW1 and SW2 looks fine, but you should include the same config on SW3 and SW4

spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default

 

Also using bpduguard and bpdufilter as defaults, you have to make sure to define all edge ports as access interfaces with "switchport mode access" and to use bpduguard and filter you have to type "spanning-tree portfast" on edge ports.

 

I would also include in global config "spanning-tree portfast default" which enables all ports configured as access mode, to run spanning-tree portfast as default.

 

The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations. If you enable Port Fast on an interface connecting to another switch, you risk creating a spanning-tree loop.

/K.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
marce1000
VIP
VIP

‎10-05-2019 02:58 AM

 

 = Perhaps the question more becomes. Why did you introduce all these none-defaulting spanning tree configuration commands in to your configuration. Do you understand them. If so, why do you use them ?

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
abimadaro4462
Level 1
Level 1
In response to marce1000

‎10-05-2019 03:10 AM - edited ‎10-05-2019 03:10 AM

Well as for spanning-tree portfast bpduguard default, spanning-tree portfast bpdufilter default what i know that we can save some start-up time while not allowing BPDU being sent out to the connected host.

However, I'm here asking for advice which means I'm not fully aware of spanning tree configuration. Can you advise please?

0 Helpful

Go to solution
Oleg Volkov
Spotlight
Spotlight

‎10-05-2019 05:17 AM

Hi!

I think you do not need in bpdufilter default.

Look on show spanning tree summary and blocked ports on each switch 

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

Go to solution
abimadaro4462
Level 1
Level 1
In response to Oleg Volkov

‎10-06-2019 06:12 AM

Things are good so far no blocked ports, but i was wondering if this the right way to avoid network loops as they are connected to each other with 6 links in mesh
0 Helpful

Go to solution
kapslock
Level 1
Level 1

‎10-05-2019 06:45 AM

Config on SW1 and SW2 looks fine, but you should include the same config on SW3 and SW4

spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default

 

Also using bpduguard and bpdufilter as defaults, you have to make sure to define all edge ports as access interfaces with "switchport mode access" and to use bpduguard and filter you have to type "spanning-tree portfast" on edge ports.

 

I would also include in global config "spanning-tree portfast default" which enables all ports configured as access mode, to run spanning-tree portfast as default.

 

The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations. If you enable Port Fast on an interface connecting to another switch, you risk creating a spanning-tree loop.

/K.
0 Helpful

Go to solution
abimadaro4462
Level 1
Level 1
In response to kapslock

‎10-06-2019 06:10 AM

Thanks for your explanation,
Do you think it's good idea to configure the priority of other switches as well?
0 Helpful

Go to solution
kapslock
Level 1
Level 1
In response to abimadaro4462

‎10-06-2019 07:04 AM

Personally I include a priority of 16,384 ‬on all switches except the distribution layer, just in case somebody attaches a switch with lower mac add and tries to take root role. I would then setup a lower priority on my distribution switches to take the root role. You want the root bridge to be at a central place in the network, to optimize the data path.
/K.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card