STP... Is this the right way to do this?

Unanswered Question
Dec 13th, 2007

Hello,

I have attached a diagram for you to look at and I want to know, with what I have done, if it is the best way to do it. (I would love the opinion of the Netpros!!)

Site A 6500

HSRP Priority 110 for

Vlans 2,3,4,5,6,7,8,9,10,11,12,251

HSRP default priority for

Vlans 13,14,15,16,17,18,19,20

Site B 6500

HSRP Priority 110 for

Vlans 13,14,15,16,17,18,19,20

HSRP default priority for

Vlans 2,3,4,5,6,7,8,9,10,11,12,251

Dist-SW-1-SiteA

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary

spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT secondary

Dist-SW-2-SiteA

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary

spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT secondary

Dist-SW-1-SiteB

spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT primary

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT secondary

Dist-SW-2-SiteB

spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT primary

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT secondary

Three questions as well...

Should I put the spanning-tree commands for the devices at the Core as well or just the access layer?

What about the switches that are connected to the access layer? Should they also have a spanning-tree config?

Should I set the ROOT bridge command on the two 6500's?

As always thanks in advance for your insight. :)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Edison Ortiz Thu, 12/13/2007 - 08:52

HSRP Config:

Are you planning to run MHSRP per your posting?

In other words, you are running group 1 for Vlans 2-12 and group 2 for Vlans 13-20. How about Vlan 1 ?

Overall, it's a good design.

STP Config:

You are only allow to have one ROOT primary per switch. While the command will work once it's implemented (it's a macro so it does a calculation when applied). Once switch will contain the ROOT on SiteA and the other will be secondary.

Ideally, flip the Vlans around

Dist-SW-1-SiteA

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary

spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT secondary

Dist-SW-2-SiteA

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT secondary

spanning-tree vlan 13,14,15,16,17,18,19,20 ROOT primary

___________

Your questions:

1) Just enter those commands at the core. Access switches will learn the best Layer2 path via STP.

2) No need to.

3) See above recommendation.

william.briere Thu, 12/13/2007 - 09:13

Hello Edison,

Thanks for your reply...

Here is part of the config from each 6500 seeing as they are all done the same way... I think I have done it properly... but please suggest modifications if you see any that apply. :)

Site A 6500

interface Vlan2

ip address 10.12.0.2 255.255.0.0

no ip redirects

standby 2 ip 10.12.0.1

standby 2 priority 110

standby 2 preempt

interface Vlan13

ip address 192.168.10.2 255.255.255.0

no ip redirects

standby 13 ip 192.168.10.1

Site B 6500

interface Vlan2

ip address 10.12.0.3 255.255.0.0

no ip redirects

standby 2 ip 10.12.0.1

interface Vlan13

ip address 192.168.10.3 255.255.255.0

no ip redirects

standby 13 ip 192.168.10.1

standby 13 priority 110

standby 13 preempt

We are using VTP as well so I thought I would mention that...

When you say flip them I'm not sure what you mean? I think I had it that way didn't I?

Thanks again :)

Edison Ortiz Thu, 12/13/2007 - 09:27

I'm trying to understand your network so forgive me for asking this type of questions.

When you mentioned SiteA and SiteB, are you referring to physical sites ? If so, are you extending your Vlans over the WAN ?

Is the intended HSRP VIP going to be shared among 4 switches ?

________________________________

VTP is just for Vlan Management. Ideally, VTP server at the core and VTP clients at the access-layer. Again, all these recommendations are depending upon your environment and requirements.

____________________

I said flip because you have DISTSW1 and DISTSW2 with the exact same commands for SiteA. If SiteA is a physical site, I recommend sharing the traffic between DISTSW1 and DISTSW2 on SiteA.

william.briere Thu, 12/13/2007 - 09:42

Hello Edison,

Thanks for your reply...

Here are the answers to your questions.

SiteA and SiteB are physically across the street from each other and are connected via private dark fiber. We have only the sup 720-3b's on each 6500 to terminate the fiber, which is why it is connected the way it is. We are extending the vlans onto both sides of the street but we used to route between the two sites so the new setup won't currently have any active connections where a vlan from SiteA is connected at siteB, That will now be a future option to us though as you see...

The two 6500's are the only places where the vlan interfaces exist. The idea was to not have traffic that should just go from a "local" distribution switch, to it's local 6500, cross to the other site. Which is the reason for the priority 110 command on the vlans that are meant to be primarily local to that 6500.

I hope I am describing that properly...

Did I do the HSRP config properly the way it is in my previous post?

I really have two VTP servers seeing as the config for VTP is typed into both 6500's and I know that changes or additions to any vlan info needs to be done on both as a result. It is too bad that VTP doesn't have some kind of redudnacy setup for servers...

On your last point I notice after I clicked "post" about the difference with the STP configs... Sorry for the confusion :)

Edison Ortiz Thu, 12/13/2007 - 09:51

Are you planning to implement HSRP on the 4 switches ? I only saw the configuration from 2 6500s.

william.briere Thu, 12/13/2007 - 09:55

No. The 4948's will just have trunked links to the two 6500's and the vlans will be hosted on the 6500's only. VTP will allow for any of the ports on the 4948's to be part of any Vlan

steve.busby Thu, 12/13/2007 - 11:59

William,

Your HSRP config looks correct.

Where you said "I really have two VTP servers seeing as the config for VTP is typed into both 6500's and I know that changes or additions to any vlan info needs to be done on both as a result. It is too bad that VTP doesn't have some kind of redudnacy setup for servers... "

Let me clarify; both 6500s will be VTP servers so they will have the same vtp domain name. If you configure your VLANs on either one of them, provided you allow VLAN1 (or whatever management VLAN you have created) to traverse that trunk, then the VTP configuration will be updated. By putting your access layer in the same VTP domain as clients (provided you allow your management VLAN on the trunk), then they to will get the updates from the VTP server.

Here's a good link to help explain:

http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

HTH

Steve

william.briere Thu, 12/13/2007 - 12:53

Hello,

I have one last question. Why do I need to flip the spanning-tree configs on the distribution switches?

My goal is to use the access layer to plug in other switches and some servers and unfortunately none will be dual homed between the two distribution switches. What is the thought behind flipping the spanning-tree configs on the distribution switches?

Sorry for not knowing already :)

Edison Ortiz Thu, 12/13/2007 - 13:07

As I stated before, you had DISTSW1 and DISTSW2 from SiteA as ROOT Primary for the same Vlans.

One physical switch can only be the primary of a vlan. While the command will work once entered on both switches, only one switch will truly be the primary ROOT for the specified vlans.

ROOT Primary is a macro that checks for the existing primary root and applies a lower priority to the switch in question in order to become the root for such vlan.

The order of precedence does count when executing the command. For instance, if you apply:

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary

to DISTSW1, then

spanning-tree vlan 2,3,4,5,6,7,8,9,10,11,12,251 ROOT primary

to DISTSW2

DISTSW2 will become the root for Vlans 2-12 since you applied the command last.

Hope this makes sense.

william.briere Fri, 12/14/2007 - 10:42

Hello,

Perhaps I should ask then if this way is the best to way to setup spanning-tree on all six devices?

My goal is to have interfaces off of both of the two 4948's at SiteA being part of SiteA's vlans (2,3,4,5,6,7,8,9,10,11,12) and interfaces off of both of the two 4948's at SiteB being part of SiteB's vlans (13,14,15,16,17,18,19,20)...

This is what I have... (Please pick it apart!!)

6500 SiteA:

spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT primary

spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT secondary

SiteA-4948SW1:

spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT primary

spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT secondary

SiteA-4948SW2:

spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT secondary

spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT primary

SiteB 6500:

spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT primary

spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT secondary

SiteB-4948SW1:

spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT primary

spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT secondary

SiteB-4948SW2:

spanning-tree vlans 2,3,4,5,6,7,8,9,10,11,12 ROOT secondary

spanning-tree vlans 13,14,15,16,17,18,19,20 ROOT primary

Points to consider while you pick this apart...

1) SiteA and SiteB are layer 2 trunked using dark fiber.

2) We want to ensure that we use the ether-channels when traffic is going from a 4948 to its "same site" 6500...

Example:

SiteB-4948SW2

int gi1/6

switchport access vlan 17

We would want this traffic to go across the ether-channel to the SiteB 6500 and not go across the fiber to the SiteA 6500 unless the SiteB 6500 was down.

Another Example:

SiteA-4948SW1

int gi1/6

switchport access vlan 11

We would want this traffic to go across the ether-channel to the SiteA 6500 and not go across the fiber to the SiteB 6500 unless the SiteA 6500 was down.

Does that make sense?

3) We will have servers and riser closet switches plugged into the access layer

4) We may have a couple of servers pluued directly into the Core

5) We will have users plugged into the riser closet switches

6) Eventually we will extend VTP beyond the access layer to the riser closet switches, but since they are not all Cisco's (some are Nortel 450's), we won't have VTP everywhere.

7) We want to maximze the use of the ether-channeled ports so we have sufficient bandwidth if needed...

Your comments, as always, are appreciated. :)

Edison Ortiz Fri, 12/14/2007 - 11:36

STP entries should only be made in the 6500s from SiteA and SiteB.

The 4948s will dynamically learn the best Layer2 path from those values.

The values you've displayed are correct, just eliminate the STP configuration on the 4948s, not needed.

Actions

This Discussion