This post is more than 5 years old
1 Rookie
•
34 Posts
0
54489
How should I configure Spanning Tree
Hi,
I have several core Dell switches using PowerConnect 6224s mostly - these ink into my provider's Cisco kit. We run several VLANs and have redundant links between stacked switches.
I've read up on spanning tree and have the following tasks:
1. Map out the network - including ID root bridge, root ports, blocked paths, max age and helo time
Once I've done my analysis information, I'm not sure how to best optimize the spanning tree config, so far I have:
1. Ensure RSTP is enabled on all switches
2. Ensure all edge ports have spanning tree port fast configured
3. Do not declare spanning tree port fast on links between switches
4. Force speed and duplex settings on all link ports between switches (I assume this is because auto negotiate takes longer?)
What I'm not sure about is:
1. Should I enable BPDU guard and if so, where?
2. Should I enable root guard and if so, where?
I've read Todd's informative article: http://en.community.dell.com/support-forums/network-switches/f/866/t/19465205.aspx
But, I'm not sure where\whether I should be configuring the guard options - am happy to provide additional info as needed.
Thanks
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 19th, 2013 12:00
Spanning Tree BPDU Guard is used to disable the port in case a new device tries to enter the already
existing topology of STP. Thus devices, which were originally not a part of STP, are not allowed to
influence the STP topology. If set to Enable, when a BPDU is received on an edge port, that port is disabled. Once the port has been disabled it requires manual-intervention to be re-enabled.
Spanning Tree Root Guard is used to prevent the root of a Spanning Tree instance from changing
unexpectedly. The priority of a Bridge ID can be set to zero but another Bridge ID with a lower mac
address could also set its priority to zero and take over root.
Both are globally set on the switch. If you have any possibility of other networking devices being plugged into the switch without your knowledge. It may be a good idea to enabled these after STP is configured on the network. This way if someone randomly plugs a networking device in with STP on it, it wont throw your network for a loop.
Here are some good white pages to have on spanning tree
www.dell.com/.../app_note_13.pdf
www.dell.com/.../app_note_1.pdf
www.dell.com/.../pwcnt_MSTP_interoperability.pdf
Thanks
aetius80
1 Rookie
1 Rookie
•
34 Posts
0
August 19th, 2013 13:00
Thanks for the reply,
I've read throught your links and have a few questions. Am I right in thinking that the root bridge should be at the centre of the network as it is used in calculating the least cost path across the network?
Also, I'm thinking of using auto edge instead of bpdu guard as the bpdu guard requires manual intervention.
We had a network issue in the past, where I suspect our ISP changed spanning tree costs and caused one of our switches to go down - I've seen the option to enable root and loop guard, but the problem is that if I did enable this on our main uplink to our ISP, with this setting enabled, all that would happen (if I'm correct) is that our main uplink would fail.
Any tips would be appreciated - thanks in advance...
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 20th, 2013 09:00
I am going to pull from Cisco, they have some really good documentation.
" Do not leave the STP to decide which bridge is root. For each VLAN, you can usually identify which switch can best serve as root. This depends on the design of the network. Generally, choose a powerful bridge in the middle of the network. If you put the root bridge in the center of the network with direct connection to the servers and routers, you generally reduce the average distance from the clients to the servers and routers."
www.cisco.com/.../technologies_tech_note09186a00800951ac.shtml
The Auto Edge will set ports to be an edge port if the ports don’t see any BPDU. So that will work great on servers and storage devices as they will go straight to the forwarding state after being set to an edge port. However it wont help with the connection to the ISP.
When it comes to the connection from the ISP to your network, the best thing to do may be to call and talk to them and express what happened in the past and concerns for future issues like this occurring. Maybe they have made some changes to ensure this does not happen again.
When you manually set the root and path costs you can control which ports will be blocking/forwarding. This will create a scenario where other ports will on the network will go to a blocking status to get rid of the loop instead of the connection from the switch to ISP going into blocking status.