Solved: stp configuration

suthomas1 · ‎09-16-2011

Hello All,

We have a new network with only a 6509 switch and a router/firewall. the switch will have direct connection for users and maybe servers.

In this case where there is no other access switch so far, how should the stp configuration look like on this 6509 switch so that in future if any access switch is added, spanning tree configuration is good for that.

Thanks in advance.

JohnTylerPearce · ‎09-20-2011

I would enter the following commands (If you are running PVST or RPVST)

1. spanning-tree extended system-id

2. spanning-tree vlan 1-4096 priority 0

This will make sure that all vlans you create will use the 6509 as the root switch. If you create vlan 10, the priority

will be 10. This should be the lowest priority and therefore a valid root switch. This way, if you bring in a few access

switches, and create some vlans on it, the root switch will still be the root switch.

View solution in original post

ameya_oke · ‎09-16-2011

Hi Suthomas,

Please find the below config points.

Before answering your query please take care of below points.

1) Create a VTP domain name for swithc 6509

2) Config this switch as VTP server

3) Create an authentication for VTP

4) Make the switch priority lowest so that this swith will always be Root bridge for STP calculation

This will ensure that all ports on this swithc be designated ports and never get blocked.

Before adding any new swithc to your network consider below points.

i) Delete vlan.dat file on new switch.

ii) While adding any other switch to your network make sure that you configure the swithch to vtp transparent mode so that config revision number is set to 0(most important step)

***If there is only 1 switin, STP will nominate this swithc as root bridge for all VLANs and all ports would be designate ports(forwarding).

please rate if helps.
Ameya

suthomas1 · ‎09-16-2011

Thanks Ameya,

do we use spanning-tree priority 8192 command , configuration wise,to make this lone switch as root bridge for now?

ameya_oke · ‎09-16-2011

Dear Suthomas,

You can even make the priority 0 but for now spanning-tree priority 8192 would be alright.

I would urge you to seriously consider VTP config, it is am amazing protocol but sometimes a devil in disguise.

Also Please place below config in all access ports(where you are absolutely sure you wont connect a swithc)

default 6509 interface config.

int GigabitEthernet1/1

description ## Src Rack:X ## Dst Rack Y ## Host IP:Q.W.E.R

switchport

switchport access vlan "abc"

switchport mode access

no ip address

speed 1000

duplex full

udld port aggressive

no cdp enable

spanning-tree portfast

shutdown

Please rate if helps.

Ameya

cadet alain · ‎09-17-2011

Hi,

I would also configure BPDU guard on all Portfast ports along with errdisable recovery timeout.

Regards.

Alain.

Don't forget to rate helpful posts.

suthomas1 · ‎09-19-2011

thanks to all for replying to my query. lastly, if i need to make this one switch as root. will spanning-tree vlan "" root primary be the command or is there any other command like " spanning-tree bridge or so" which when put in will get all default stp configuration.

thanks.

ameya_oke · ‎09-19-2011

Hi suthomas,

The spanning-tree vlan x root primary command will reduce the priority down to 4096 (when done enough times), and then it is up to the MAC addresses to decide on the winner (if the spanning-tree vlan x root command was issued over and over and over again on all the switches).

Another option would be to use the command spanning-tree vlan x priority 0, and that would force that to be winner (if no one else had that same priority and a lower MAC address).

Please rate helpful posts

Ameya

cadet alain · ‎09-19-2011

Hi,

to make a switch the root bridge for a specific vlan you can use:

1) spanning-tree vlan x priority

2) spanning-tree vlan x root primary

The second command is a macro which will examine the other switches "as of now" settings and will lower the value on this switch to win the election, meaning that if we change the priority with command one on another switch to win( after the command 2 has been issued) it will take effect whatsoever.

Regards.

Alain

Don't forget to rate helpful posts.

suthomas1 · ‎09-20-2011

In that case , out of the two commands, will it be advisable to use spanning-tree vlan 1-1024 root primary command for this lone switch.

thanks in advance.

cadet alain · ‎09-20-2011

Hi,

I would use the second option with a priority of zero so the only way to beat it is to have same priority of zero and a lower MAC.

Regards.

Alain.

Don't forget to rate helpful posts.

ameya_oke · ‎09-20-2011

Dear Suthomas,

You are the admin and you are sure that a particular switch is the ideal candidate for root bridge then it is advisable to set the priority manually to the lowest value

This will be helpful as you would be well aware of the root in your network.

Secondly in case of any issues you can directly start trouble shooting from this root bridge.

Please rate helpful posts.

Note: It is advisable to set priority manually.

Ameya

JohnTylerPearce · ‎09-20-2011

I would enter the following commands (If you are running PVST or RPVST)

1. spanning-tree extended system-id

2. spanning-tree vlan 1-4096 priority 0

This will make sure that all vlans you create will use the 6509 as the root switch. If you create vlan 10, the priority

will be 10. This should be the lowest priority and therefore a valid root switch. This way, if you bring in a few access

switches, and create some vlans on it, the root switch will still be the root switch.