Hi Deepak,

We would like set the RPVST two switches 9200L on each site.

EVGN is our main site

CAVC is our Backup Site

All setting that we use an Layer 2 setting in Etherchannel, Vlan, Trunk (Metro E)  to other backup site.

All switches only management port have IP address, other than is Layer 2 setting without IP.

It used Esxi server to connect with other devices such as SIP, Internal, PBL server or PC. 

Vlan 101 Operations, Administration, and Maintenance P 1 -12

Vlan 102 Public P 19 - 24

Vlan 103 SIP 1  P 25 -  30

Vlan 104 SIP 2  P 31 -  47

Metro E (Trunk): P 45

EtherChannel (Active,Active): P45 -47

Metro E will change to Fiber P1

Remote PC: P48 (Vlan 101)

Management (Switch 9200 and 9300) : P13 -16  (Vlan 101)

Current setting.

1. We set on Switch STP mode RPVST default and we did not set the STP Root priority of Vlan Primary and Secondary.

2. Vlan 101 -104 has set on Switches.

3. Etherchannel (active active )set trunk allowed Vlan 101 -102 and trunk mode on P 47 - 48 to connected Switch 2 9200L with same site.

4. Metro E Trunk allowed Vlan 101 - 102 and trunk mode  only set on P45 on Switch 1 and Switch 2 for internetwork to connect to backup set. 

STP Rapid PVST

P45 or later (Fiber P1) use for Metro E (CWDM) to connect to Backup site.

At same site, all esxi servers (SIP1, SIP2, PBL, INT) crossed to switch 1 and switch 2 at the same sites (Main site and Backup site)

• We would like to use the ESXi server access ports for Root bridge or Root port. 
• Vlan 101 -102 are only allowed to Metro E and Etherchannel.
• Vlan 103 - 104 are SIP server only. We do not want P25 to be Root bridge or Root Port.
• Trunk port (Etherchannel and Metro E) also do not want to be Root bridge or Root Port.
• All other Access Ports to set on Spanning-tree BPDUGuard enable and Portfast Edge.

Do we also set on one of remote PC port for Port-Security, storm control to prevent the loop for STP or switchport itself if we use PC port for remote or Wireshark purpose?

As these Setting, As I known, it is not enough to prevent Loop issue and we know that we still got some setting that we did not add on switches.

Main Site

SW1 101-102 Primary

        103 -104 secondary

SW2 103 -104 Primary

         101 - 102 secondary

Backup Site

SW1 101-102 Primary

        103 -104 secondary

SW2 103 -104 Primary

        101 - 102 secondary

what are your recommendation on our setting?

Best Regards,

Gary

Hi Deepak,

We find out

Main site                                                                           Backup Site

Switch 1A                  -->  Trunk (allowed 101 - 102)   --> Switch 2A

/\                                                                                               /\                                                                                                               

||                                                                                               ||

Etherchannel 1(Trunk Allowed 101 -102)                           Etherchannel 2(Trunk Allowed 101 -102)                        

||                                                                                                ||

\/                                                                                                \/ 

Switch 1B                   --> Trunk (allowed 101 - 102)  -->  Switch 2B

This RPVST RTP formed the Trunk Loop on VLan 101 and Vlan 102, but it did not form a blocked state as Link.

We still need to fix on this issue.

Do you have any suggestion on that?