Pages

Wednesday, 22 June 2011

Spanning Tree Tips

Show blocked ports STP
show spanning-tree blockedports

Port Priorities
Set your root bridge on vlan 1 with:
Switch1(config)# spanning-tree vlan 1 root primary
This will set the priority to 24576

On the secondary switch use:
Switch2(config)# spanning-tree vlan 1 root secondary

This will set the priority to 28672

Say you have two trunk links bettween switches and you want to use one port over the other, for example:

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------------
Fa0/7 Desg FWD 19 128.9 P2p
Fa0/8 Desg FWD 19 128.10 P2p

The current Port priority is 128, this is the default.

To change individual priorities use:
Switch1(config-if)# spanning-tree port-priority 112

Now when you show spanning-tree:

Switch1# sh span

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------------
Fa0/7 Desg FWD 19 128.9 P2p
Fa0/8 Desg FWD 19 112.10 P2p

This will then send out a topology change. The remote switch connected to fa0/8 will now use the port with the lower priority instead of the default fa0/7.

Switch2# sh span

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------------
Fa0/7 Altn BLK 19 128.13 P2p
Fa0/8 Root FWD 19 128.14 P2p

The process of choosing which links to use and which to turn off include, lowest root priority, lowest port priority, lowest switchport/mac address.

PortFast
When configuring switchports for a host you can use:

Switch(config)# int range fa0/1-22
Switch(config-if-range)# switch mode access
Switch(config-if-range)# spanning-tree portfast

This will staticly make the port an access port and will not negotiate trunk links etc, which is the default.

If you use switchport host this will do access and portfast for you.

Switch(config)# int range fa0/1-22
Switch(config)# switch host

To verify the port fast configuration use the command

show spanning-tree interface Fa0/2 portfast

Trunk Links
To turn off DTP (dynamic trunking protocol) on your trunk link use:
Switch(config)# switch nonegotiate

If you trunk a Cisco switch with a non-Cisco switch, this is best practise as the other switch does not understand the DTP messages.
This will also speed up convergence time to up to 2 seconds on boot. This is recommended on all 'stable' trunk links, cisco-to-cisco or cisco-to-other.

Alias
Switch1(config)# alias configure fa int range fa
Switch1(config)# fa 0/1-24
Switch1(config-if-range)#

Portfast on trunks

Portfast can be enable on trunk links, this is useful when connect to a server that needs VLAN's configured. (Vmware). This can only used on switchport trunks that do not connect to other switches. as this may cause a layer 2 loop
Switch1(config)# interface gig0/1
Switch1(config int)#spanningtree portfast trunk

BPDU Guard
This should be set on access layer ports or ports that should not go to another switch or device that creates BPDU's. I will shutdown the port in err-disabled state.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)