[c-nsp] Spanning Tree help sought
Ross Halliday
ross.halliday at wtccommunications.ca
Thu Nov 15 10:50:25 EST 2012
On Thursday, November 15, 2012 8:14 AM, Christopher Gray wrote:
> I'm new to Spanning Trees and have read up on them, but need advice and
> guidance. I have the manuals and can set STP up - it is the design that
> is
> my concern. My LAN is more complicated than this, but the following
> example
> will help me explain.
Quick word of advice especially with STP - do many mockups in your lab and understand how to troubleshoot it when it blows up. Implementing STP on an existing network can go horribly wrong in a hurry
> I have four switches (A, B, C & D) linked in a loop comprising 1Gbps
> fibre.
> Switch A is connected to a primary WAN router while switch C is connected
> to
> the secondary WAN router - the two routers working in a simple HSRP
> fail-over set. I want to ensure that this loop will survive the failure
> of
> any one link (e.g. if the link between A & B goes down, B will still be
> able
> to connect to the primary router via C & D.
Like this?
R1--A----B
| |
R2--C----D
Or...
R1--A----B
| |
D----C--R2
> I currently have the STP path costs set to A=4, B=5, C=6 and D=7
This doesn't make much sense. STP path costs are determined by tallying the port costs (remember two ports per link), this happens for each path it sees back to the root, and if the two paths are of the same cost then port priority is consulted. In a basic ring it doesn't really matter that much, but you said your LAN is more complex than this example.
> Question 1: Does this make sense? Should the "root bridge" (using
> Wikipedia
> terminology) always be the one connected to the primary WAN router? Does
> STP work well when the WAN uplink fails over to the secondary or doesn't
> it
> matter.
In your example, each switch can be designated as a root bridge by way of priority. On newer IOS switches you can simply run "spanning tree vlan 9 priority root primary" or "...priority root secondary". Older units you just enter the number on your own. You can configure this to match the priorities of your routers.
In a basic example with the 4 switches, the default behaviour will be to block off the longest path back to root. In the first little diagram, B would block it's link towards D. D however has two equal-length paths so will block whichever port is higher numbered. (lower numbered ports = lower numeric priority). If D's link to C is on port 1 and D's link to B on port 24 or whatever, this will be fine. Otherwise you need some manual configuration.
The better idea IMHO is to determine which link should normally see lower bandwidth and block that. With the first diagram, if your traffic is primarily LAN stuff between B & D, I'd consider increasing port costs to block either A-C or C-D depending on how your HSRP is configured and the other resources lurking on your switches.
> The switch configurations seem to show that other ports - e.g. those
> connected to end-devices (printers / PCs) have an STP state of
> "forwarding".
>
> Question 2: Should I set all non-uplink (interswitch) ports as "disabled"?
Bad idea. One rogue D-Link and the whole thing blows up. (or maybe just that switch). Spanning Tree is pretty much mandatory anywhere near edge ports where curious hands can play with cables. One problem that arises is that default timers in the 30s range can cause some operating systems to think DHCP isn't working. You can turn the timers down to address this, or set portfast and enable root guard and BPDU guard.
I strongly recommend reading through some of the stuff here:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.shtml
http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_protocol_home.html
Cheers
Ross
More information about the cisco-nsp
mailing list