cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4964
Views
0
Helpful
8
Replies

Question regarding STP domain separation

snakayama
Level 3
Level 3

Hi everyone,

I have the question about separation of STP domain on layer 2 network.

The following is the example of layer 2 network and the network is within one IP subnet, one VLAN.

Looped-Area#1-----Cat3750#1-----Layer 2 WAN-----Cat3750#2-----Looped-Area#2

<--looped---><-------------------No loop exist---------------><---looped-->

<---------------------------------single VLAN----------------------------->

There are some Catalyst Switches in each of "Looped-Area#1" and "Looped-Area#2".

STP is needed to run in the network in order to prevent loop.

However there is no bridge/switch loop between Cat3750#1 and Cat3750#2, in other words, multiple

paths does not exist between Cat3750#1 and Cat3750#2 as shown above.

So I think both Cat3750#1 and Cat3750#2 do not have to participate the STP domain in order to

calculate STP topology; rather Catalyst Switches in "Looped-Area#1" and Catalyst Switches in

"Looped-Area#2" should belong to different STP domain. By separating STP domain, I think I can:

for example, configure "Looped-Area#1" uses PVST+ while "Looped-Area#2" uses RSTP

avoid to reach STP convergence to whole layer 2 network

for exmaple, I use one STP domain whole network and STP root and STP secondary root exist in

"Looped-Area#1".

And when STP root changes to secondary root, STP convergence occurs and Catalyst Switches in

"Looped-Area#1" and also in "Looped-Area#2" must wait until STP convergence is completed.

During STP convergence, traffic does not across Layer 2 WAN, in other words, traffic just

within "Looped-Area#2" is also affected.

If I use two STP domain on each "Looped-Area#1" and "Looped-Area#2 and STP root exist each,

traffic within each area is unaffected by STP convergence occurred on another area.

I have the following question and concerns about it, could you please advise me?

To do so what configuration is needed on Catalyst Switches?

Just configure different "VTP domain name" on Catalyst Switches in each aera?

Assume that I can create two STP domain, I think BPDU packets are forwarded through whole

network regardless of differenciation of STP domain because BPDU packet is multicast.

But BPDU packets from different STP domain are ignored and not processed by Catalyst Switch.

Also assume that I can create two STP domain, I think if I use PVST+ and RSTP on each area,

for example, "Looped-Area#1" uses PVST+ and "Looped-Area#2" uses RSTP, 802.1D BPDU packets

and RSTP BPDU packets are forwarded through whole network regardless of differenciation of

STP domain and STP type(PVST+ or RSTP) because 802.1D and RSTP BPDU packets are multicast.

But Catalyst Switches in RSTP does not fall back to legacy STP(PVST+) even through any RSTP

port receives legacy 802.1D BPDU because PVST+ and RSTP are configured onto different STP domain.

Is my understanding correct?

Could you please let me know your advise?

Your information would be appreciated.

Best regards,

Shinichi

2 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Shinichi,

as far as I know only MST 802.1s has a concept of region including a region name an provides specifications on how to behave on a MST region border.

PVST+ misses the concept of region and I don't think it can be confined by simply having a different VTP domain name.

A VTP domain border can have impact only on negotiated trunks that will not form (but you can configure the two sides to trunk unconditionally).

To be sure to divide the two STP domains I would move to MST 8021.s on one side the one using Per Vlan Rapid STP.

If you are already using MST on one site you should be fine but a common CST will run on the border.

If only one link exists between the two catalysts you could think of something different but your topology is a flat single vlan so the best thing should be to move to Rapid STP on both sites and to have a single STP domain.

Hope to help

Giuseppe

View solution in original post

milan.kulik
Level 10
Level 10

Hi,

1. There is no "STP domain" concept available for PVSTP+ nor RSTP.

2. VTP domain has nothing common with STP instances. VTP enables a comfortable VLAN configuration, but once a VLAN is spread (even through multiple VTP domains) STP si running independantly on VTP.

3. If you are sure "there is no bridge/switch loop between Cat3750#1 and Cat3750#2, in other words, multiple paths does not exist between Cat3750#1 and Cat3750#2", why don't you simply configure

spanning-tree bpdufilter enable

on the Cat3750#1 and Cat3750#2 interfaces connected to the Layer 2 WAN?

See http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swstpopt.html#wp1033638

for details.

BR,

Milan

View solution in original post

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Shinichi,

as far as I know only MST 802.1s has a concept of region including a region name an provides specifications on how to behave on a MST region border.

PVST+ misses the concept of region and I don't think it can be confined by simply having a different VTP domain name.

A VTP domain border can have impact only on negotiated trunks that will not form (but you can configure the two sides to trunk unconditionally).

To be sure to divide the two STP domains I would move to MST 8021.s on one side the one using Per Vlan Rapid STP.

If you are already using MST on one site you should be fine but a common CST will run on the border.

If only one link exists between the two catalysts you could think of something different but your topology is a flat single vlan so the best thing should be to move to Rapid STP on both sites and to have a single STP domain.

Hope to help

Giuseppe

A single link between the sites and bpdu filter enabled on them works fine, but what is we have 2 links bundled into an etherchannel with bpdu filter enabled ? will that cause loops ?

Regards,

Shiva

Hi,

 

I believe STP BPDUs are being sent over one physical port only within Etherchannel which is then treated as on logical port from STP point of view.

So there should be no difference between a single port or Etherchannel from STP point of view.

But you have to be sure the Etherchannel is configured correctly on both ends!

 

BR,

Milan

Thanks Milan, sorry if i was not clear, what i meant was a scenario where an ether channel is configured and the bpdufilter is applied on the etherchannel (which would mean both physical links would then have bpdu filter on them)  what would be the behaviour then ?

 

Cheers,

Shiva

Well, if true cables would be used to connect the switches and the Etherchannel would be configured correctly on both end, then it shoud work the same way as a single physical line.

 

I'd be careful though in the scenario desribed in the original thread - some L2 WAN involved.

Configuring an Etherchannel over such an envoironment might bring problems, I'm afraid.

 

BR,

Milan

 

Hmm...i have described my scenario in the new post below, what we have is 2 lanlinks bundled into a etherchannel and loops are seen happening when both links are up, have a look at the below when possible

https://supportforums.cisco.com/discussion/12316646/etherchannel-and-bpdu-filter

 

Cheers,

Shiva

milan.kulik
Level 10
Level 10

Hi,

1. There is no "STP domain" concept available for PVSTP+ nor RSTP.

2. VTP domain has nothing common with STP instances. VTP enables a comfortable VLAN configuration, but once a VLAN is spread (even through multiple VTP domains) STP si running independantly on VTP.

3. If you are sure "there is no bridge/switch loop between Cat3750#1 and Cat3750#2, in other words, multiple paths does not exist between Cat3750#1 and Cat3750#2", why don't you simply configure

spanning-tree bpdufilter enable

on the Cat3750#1 and Cat3750#2 interfaces connected to the Layer 2 WAN?

See http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swstpopt.html#wp1033638

for details.

BR,

Milan

Hello Giuseppe and Milan,

Thank you very much for your reply and advise.

I understand 802.1D PVSTP+ and 802.1w RSTP do not have the STP domain comcept, but 802.1s MST has.

So in my case, I can use MST to devide STP region or I can configure 'spanning-tree bpdufilter enable' to filter out BPDU packets so that STP region is separated.

Best regards,

Shinichi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: