Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2124
Views
0
Helpful
10
Replies

subject Spanning-tree

Go to solution
paul.tim681
Level 1
Level 1

‎10-23-2011 10:07 PM - edited ‎03-07-2019 03:00 AM

Hello All

Recently we got a cisco catalyst 4500 and six 2960 access switches. I need assistance on configure spanning-tree and faster convergenceon my network to avoid loop.

Access Switch config look like

Int gi 0/0

switchport mode trunk

int fa 0/1-24

spanning-tree portfast

vtp mode client

vtp domain ATY

vtp password cisco

vtp version 2

Cisco Catalyst 4500 switch config looks like

vtp mode server

vtp domain ATY

vtp password cisco

vtp version 2

vlan 2

name user-vlan

vlan 3

name server-vlan

vlan 4

name wireless-vlan

vlan 5

name management vlan

int gi 3/1-8

switchport trunk encap dot1q

switchport mode trunk

++++++++++++++++++++++++++++

cheers

Paul

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎10-23-2011 10:16 PM 

int gi 3/1-8
switchport trunk encap dot1q
switchport mode trunk

Firstly, this alone is not right.  The correct syntax should be "interface RANGE Gig 3/1 - 8".

Next, you need to specify which VLANs will be allowed to go through the trunk links.  The command is "switchport trunk allowed vlan 2-5".  Allowing ALL VLANs is no longer the "fad" and it's a lazy person's work.

For every access ports, if you have "spanningtree portfast", then use "spanning-tree bpduguard enable".  This will prevent a network loop.

Another thing, your 2960 will be assigned to VLAN 1 because you didn't specify what VLANs they are going to be assigned to.  Never use VLAN 1 to pass any traffic.  Disable interface VLAN1.

View solution in original post

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to paul.tim681

‎10-24-2011 04:24 AM

Hi,

just make sure the 4500 is the root bridge with the spanning-tree vlan x priority command or spanning-tree vlan x root primary command.By default you'll be running PVST+ but if you want RPVST+ then you can change on all switches with the command spanning-tree mode rapid-pvst.On access switches configure Portfast and BPDU Guard globally with spanning-tree portfast default  and spanning-tree portfast bpduguard default commands.

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to paul.tim681

‎10-24-2011 04:36 AM

Paul

Alain has pretty much covered but just to clear up the portfast issue.

Never run portfast on trunk links that interconnect switches. That means don't configure "spanning-tree portfast" or "spanning-tree portfast trunk" on any trunk links between switches.

The confusion may be because of the "spanning-tree portfast trunk" command. This command can be used for example on a server port when the server is connected to the switch via a L2 trunk to the allow the server to begin forwarding immediately. 

But it was never intended to be used on trunk connections between switches.

Jon

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎10-23-2011 10:16 PM 

int gi 3/1-8
switchport trunk encap dot1q
switchport mode trunk

Firstly, this alone is not right.  The correct syntax should be "interface RANGE Gig 3/1 - 8".

Next, you need to specify which VLANs will be allowed to go through the trunk links.  The command is "switchport trunk allowed vlan 2-5".  Allowing ALL VLANs is no longer the "fad" and it's a lazy person's work.

For every access ports, if you have "spanningtree portfast", then use "spanning-tree bpduguard enable".  This will prevent a network loop.

Another thing, your 2960 will be assigned to VLAN 1 because you didn't specify what VLANs they are going to be assigned to.  Never use VLAN 1 to pass any traffic.  Disable interface VLAN1.

0 Helpful

Go to solution
paul.tim681
Level 1
Level 1
In response to Leo Laohoo

‎10-23-2011 10:38 PM

thanks for suggestion. do i need the comand spanning-tree mode rapid-pvst, spanning-tree portfast trunk on catalyst 4500 and 2960. going ahead with redundancy one uplink port of access switch connects to 4500 and second uplink port connects to another access switch.

4500---------------------2960

||                              ||

2960--------------------------

Do I configure "switchport mode trunk" between Two 2960 uplink ports

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to paul.tim681

‎10-23-2011 11:50 PM

Hi Paul,


I would suggest you to disable spanning tree on trunk ports because if it is not turned off the switch disables the port on the link to the next switch. Do use it on all ports that are host ports and not trink ports

Better run bdu guard, and

You must need to configure "switchport mode trunk" between Two 2960 uplink ports


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Latchum Naidu

‎10-23-2011 11:59 PM

Naidu,

I would suggest you to disable spanning tree on trunk ports because if  it is not turned off the switch disables the port on the link to the  next switch.

Uh-oh, I would personally never do this. If STP should be disabled between switches, where should it be run, then?

On the contrary, the STP shall be run on all inter-switch connections. These connections must not be configured with BPDU Filter, BPDU Guard or PortFast features. Instead, RSTP will take care of rapidly putting such a link to forwarding state if the link is determined to be a part of active topology.

Best regards,

Peter

0 Helpful

Go to solution
paul.tim681
Level 1
Level 1
In response to Peter Paluch

‎10-24-2011 04:08 AM

Hi Peter,

Bit confused now for the config part. What spanning-tree configuration needed for catalyst 4500 and access switch 2960 for rapid convergence and loop free. Please do help with correct configuration.

cheers

Paul

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to paul.tim681

‎10-24-2011 04:24 AM

Hi,

just make sure the 4500 is the root bridge with the spanning-tree vlan x priority command or spanning-tree vlan x root primary command.By default you'll be running PVST+ but if you want RPVST+ then you can change on all switches with the command spanning-tree mode rapid-pvst.On access switches configure Portfast and BPDU Guard globally with spanning-tree portfast default  and spanning-tree portfast bpduguard default commands.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to paul.tim681

‎10-24-2011 04:36 AM

Paul

Alain has pretty much covered but just to clear up the portfast issue.

Never run portfast on trunk links that interconnect switches. That means don't configure "spanning-tree portfast" or "spanning-tree portfast trunk" on any trunk links between switches.

The confusion may be because of the "spanning-tree portfast trunk" command. This command can be used for example on a server port when the server is connected to the switch via a L2 trunk to the allow the server to begin forwarding immediately. 

But it was never intended to be used on trunk connections between switches.

Jon

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to Jon Marshall

‎10-24-2011 05:19 AM

Hi Peter,

I meant what Jon said actually... My appologies if that confused you.


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

Go to solution
paultim68
Level 1
Level 1
In response to Latchum Naidu

‎10-25-2011 05:23 AM

Thanks All for supporting

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to paultim68

‎10-25-2011 01:51 PM

Thanks for the rating.

0 Helpful
Customers Also Viewed These Support Documents