The topology depicted in the diagrams is used to help demonstrate data flow
during failure and to provide discussion around best practices and may not
be necessarily be configured as optimal as possible. The examples below will provide alternate technical solutions that follow
best practice guidelines.
Topology Image
Normal Data Path Flow
Data Path Flow Root Fail
Data Path Flow-Access Trunk Fail
Spanning-Tree mode Rapid-PVST (802.1w) or MST (802.1s) - This will show more about load balancing techniques leveraging each of these technologies in "Layer 2 Spanning-Tree Best Practices Part-2" Deterministic blocked ports - in this example we know exactly which ports are going to be blocked by STP. All redundant connections to the secondary root bridge will be blocked. Cisco also recommends that you do not exceed STP diameter of seven hops. Ensure that you hard configure your Root and Secondary Root bridges. Ensure that you only allow required VLAN's over the trunks to ensure you are not running unnecessary STP instances.
Features to leverage include:
Access Layer
-portfast
-bdpuguard
-disable DTP
-loopguard
-etherchannel Guard
Distribution Layer
-root and secondary root placement
-root guard
-disable DTP
-etherchannel Guard
Leverage EtherChannel to reduce the number of ports that need to transition from blocking to forwarding state when leveraging multiple links.
EtherChannel Ports
-EtherChannel Guard
Example:
Access Switch
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 61440
spanning-tree portfast bpduguard default
spanning-tree loopguard default
interface gig x/x
description Link-to-RootBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonegotiate
interface gig x/x
description Link-to-SecondaryBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
interface gig x/x
description Link-to-Server
switchport mode access
switchport access vlan 10
switchport nonnegotiate
spanning-tree portfast
Distribution Switch
spanning-tree etherchannel guard misconfig
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 0
spanning-tree portfast bpduguard default
interface gig x/x
description Link-to-AccessSwitch
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
spanning-tree guard root
interface port-channel 1
description Link-to-SecondaryRoot
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
switchport nonegotiate
spanning-tree guard root
interface gig x/x
description Link-to-SecondaryRoot-1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
spanning-tree guard root
switchport nonegotiate
channel-group 1 mode active
interface gig x/x
description Link-to-SecondaryRoot-2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
spanning-tree guard root
switchport nonegotiate
channel-group 1 mode active
Topology Image
Normal Data Path Flow
Data Path Flow Root Fail
Data Path Flow-Access Trunk Fail
Data Path Flow Router
Fail
Spanning-Tree mode Rapid-PVST (802.1w) or MST (802.1s) - This will show more about load balancing techniques leveraging each of these technologies in "Layer 2 Spanning-Tree Best Practices Part-2" Deterministic blocked ports - in this example we know exactly which ports are going to be blocked by STP. All redundant connections to the secondary root bridge will be blocked. Cisco also recommends that you do not exceed STP diameter of seven hops. Ensure that you hard configure your Root and Secondary Root bridges. Ensure that you only allow required VLAN's over the trunks to ensure you are not running unnecessary STP instances.
Features to leverage include:
Access Layer
-portfast
-bdpuguard
-disable DTP
-loopguard
-etherchannel Guard
Distribution Layer
-root and secondary root placement
-root guard
-disable DTP
-etherchannel Guard
Leverage EtherChannel to reduce the number of ports that need to transition from blocking to forwarding state when leveraging multiple links.
EtherChannel Ports
-EtherChannel Guard
Example:
Access Switch
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 61440
spanning-tree portfast bpduguard default
spanning-tree loopguard default
interface gig x/x
description Link-to-RootBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonegotiate
interface gig x/x
description Link-to-SecondaryBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
interface gig x/x
description Link-to-Server
switchport mode access
switchport access vlan 10
switchport nonnegotiate
spanning-tree portfast
Distribution Switch
spanning-tree etherchannel guard misconfig
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 0
spanning-tree portfast bpduguard default
interface gig x/x
description Link-to-AccessSwitch
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
spanning-tree guard root
interface port-channel 1
description Link-to-SecondaryRoot
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
switchport nonegotiate
spanning-tree guard root
interface gig x/x
description Link-to-SecondaryRoot-1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
spanning-tree guard root
switchport nonegotiate
channel-group 1 mode active
interface gig x/x
description Link-to-SecondaryRoot-2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
spanning-tree guard root
switchport nonegotiate
channel-group 1 mode active
No comments:
Post a Comment