[c-nsp] Disabling PVST+ in mixed vendor network

j.vaningenschenau at utwente.nl j.vaningenschenau at utwente.nl
Wed Jun 23 10:28:54 EDT 2010 

Hi Tony,
 
Thanks for the suggestion. We already do that on all access ports on the
HP switches that support it. However, on the trunks between HP and Cisco
we have to run MST or RSTP for link redundancy. I want to keep RSTP or
MST on those links, but disable PVST+.
 

Regards,
 
Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands


________________________________

From: Tony [mailto:td_miles at yahoo.com] 
Sent: woensdag 23 juni 2010 16:20
To: cisco-nsp at puck.nether.net; Ingen Schenau, J. van (ICTS)
Subject: Re: [c-nsp] Disabling PVST+ in mixed vendor network


Hi,

Have you looked at the command "spanning-tree bpdufilter enable" ?

I use it to filter stuff inbound to some cat3550 switches. The
documentation says:

"Enabling BPDU filtering on an interface is the same as disabling
spanning tree on it"



regards,
Tony.

--- On Wed, 23/6/10, j.vaningenschenau at utwente.nl
<j.vaningenschenau at utwente.nl> wrote:



	From: j.vaningenschenau at utwente.nl
<j.vaningenschenau at utwente.nl>
	Subject: [c-nsp] Disabling PVST+ in mixed vendor network
	To: cisco-nsp at puck.nether.net
	Received: Wednesday, 23 June, 2010, 11:49 PM
	
	
	Hi,
	
	Maybe this issue is more of a "campus" nature than NSP
related... but I
	think this list reaches more knowledgeable people :)
	
	We're running a mixed vendor network: a couple of Cat6k switches
	(Sup720-3B) at the core for L3 (internal routing, BGP) and some
L2
	switching on campus-wide VLANs, and a lot (300+) of HP ProCurve
switches
	for all other L2 switching needs.
	
	We'd like to completely kill proprietary STP stuff from our
network and
	only run STP, RSTP and MST. Do any of you know a way to stop the
Cat6k
	from generating PVST / PVST+ and, more imoprtantly, from acting
upon
	accidentally received frames of that type?
	
	We already drop PVST+ on all ProCurve switches that support it,
but once
	in a while a frame makes it through. Last time that caused a 10
GE port
	to go into "PVST Inconsistent" state, dropping one of our DC's
off the
	network until we manually toggled the port down/up.
	
	Due to historical, political and budgetary reasons we have to
operate
	large L2 domains. That's going quite well, but the last large
	disruptions we had were all due to "PVST Inconsistent" ports
while there
	was nothing wrong with the logical topology. So I hope to get
some
	insight how to avoid that :)
	
	
	Regards,
	
	Jeroen van Ingen
	ICT Service Centre
	University of Twente, P.O.Box 217, 7500 AE Enschede, The
Netherlands
	
	_______________________________________________
	cisco-nsp mailing list  cisco-nsp at puck.nether.net
	https://puck.nether.net/mailman/listinfo/cisco-nsp
	archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list