[c-nsp] Root-Guard, Loop-Guard, portfast trunk questions

luismi asturluismi at gmail.com
Tue Oct 28 15:24:19 EDT 2008 

El lun, 27-10-2008 a las 16:19 -0400, Ryan Bradley escribió:
> 1)
> Root-guard should be enabled on every port you no not expect to hear from a root bridge.

Done

> 
> 2)
> Are you aggregating with PAgP of LACP?

None, we use "channel-group 1 mode on"

> 
> <snip>
> "Loop guard uses the ports known to spanning tree. Loop guard can take advantage of logical ports provided by the Port Aggregation Protocol (PAgP). However, to form a channel, all the physical ports grouped in the channel must have compatible configurations. PAgP enforces uniform configurations of root guard or loop guard on all the physical ports to form a channel."
> 
> http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/ios121_8/swcg/stp_enha.htm#1033825
> 
> 
> 3)
> Recommended config on uplink ports:
> switchport mode trunk
> switchport nonegotiate

That is done by policy here.

> 
> Ryan
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of luismi
> Sent: Monday, October 27, 2008 2:12 PM
> To: 'cisco-nsp at puck.nether.net'
> Subject: [c-nsp] Root-Guard, Loop-Guard, portfast trunk questions
> 
> Hi all,
> 
> We have here a 3750 stack working as distribution/core layer between
> access switches and some routers, nothing special.
> 
> We have few weeks ago an issue with one of the switches and some loops.
> We didn¡t find the root cause yet, we don't have neither to enough free
> time so we decide to go for the best configuration for our switches.
> 
> The topology is quite simple, the 3750 stack with several port-channels
> against 2960 switches, each connection from port-channel reach each 3750
> switch.
> 
> The steps we did until now are...
> - Configure primary root bridge manually
> - Configure secondary root bridge manually
> - Configure "root guard" in every port-channel, at the stack side. 
> 
> First of all I would like to know if "root guard" is correctly
> configured in that place -as far as I understand it is correctly-  and I
> would like to know also if there is other places to configure it.
> 
> Second.
> Loop Guard is not configured at all.
> The main reason is that an issue in one of the interfaces related to a
> port-channel can take down all the channel. Any comment about this?
> 
> Third.
> Configured Portfast trunk against the routers since they have also
> subinterfaces with several vlans too. Any advantage if we do that?
> 
> Any other comments are welcome too.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list