Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
3
Replies

STP fine tuning

k.abillama
Level 1
Level 1

‎01-05-2010 12:40 AM - edited ‎03-06-2019 09:09 AM

Hello,

I have a Data center where my SVIs are located on a pair of ASAs 5580 which are connected with two 6509s Core Switches

I need to force layer 2 traffic to take a specific path through the 'spanning tree vlan x priority y' command but since there are no SVIs on the Core Switches, I'm not sure if an stp instance will be created for my vlans, Can somebody advise how can I do it

Regards

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎01-05-2010 12:52 AM 

k.abillama wrote:
Hello,
I have a Data center where my SVIs are located on a pair of ASAs 5580 which are connected with two 6509s Core Switches
I need to force layer 2 traffic to take a specific path through the 'spanning tree vlan x priority y' command but since there are no SVIs on the Core Switches, I'm not sure if an stp instance will be created for my vlans, Can somebody advise how can I do it
Regards

Not sure i follow what you mean. You don't need SVIs to have an STP instance. As soon as you create the vlan at L2 then you have an STP instance, doesn't matter where the L3 interface for that vlan is ?

Could you clarify what you mean ?

Jon

0 Helpful

k.abillama
Level 1
Level 1
In response to Jon Marshall

‎01-05-2010 01:14 AM

Hi,

I'm not pro in Switching! I'm a security enginner

Thx for the info,I thought that the spanning tree instance will be created once I create the SVIs

Regards

0 Helpful

Francois Tallet
Level 7
Level 7

‎01-05-2010 10:31 AM

I guess your firewall is operating in transparent mode. Basically you a have an ingress vlan and an egress vlan. You don't have to worry about STP. Actually, if you needed to configure STP so that your traffic goes through the firewall, that would be an indication of a problem because it would mean that the traffic could skip the firewall as a result of a network reconfiguration (like a link going down). That's something that, as a security engineer, you should not like;-)

That said, it does not mean that you won't have to tune the priority of some bridges in order to get an optimal STP topology. The two vlans that you are stitching with the firewall will have a common root bridge. Put this root bridge close to the L3 interfaces (basically, make the switch hosting the SVI the root bridge), that's what *generally* result in the optimal topology (I don't know enough of your network to guarantee that of course).

Regards,

Francois

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card