Spanning-tree root switch

Unanswered Question
Jun 7th, 2009

Dear All,

Please find attached my branch office Network diagram. I am very new to this place so i am trying to understand the setup now.

I have attached the current diagram. as per the diagram one switch has been configured as the Root Switch for all the running Vlans except vlan 123.

1. If the root switch get switched off or disconnected from the network will all the vlan communications happen between switches or entire network will network go down?

2. Vlan 123 root switch is been configured as BNC-admin-Sw01 what difference does not make when it as a root switch for vlan 123?. when the other root switch goes down can the VLan123 network can communicate eachother?

3. Why they have configured Vlan 123 root switch as a separate switch ?

Please clarrify my doubts

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 06/07/2009 - 02:02

Hello Shibu,

1) if the central switch is powered off the network connectivity is broken: the network diagram doesn't show alternate paths.

I suggest you to access the devices and verify all the links.

if this network diagram is confirmed you have a single point of failure

2) also vlan 123 connectivity will be broken if the network diagram is correct and complete when central switch is powered off: where is the alternate link to reach other switches?

This unless vlan 123 is used only on that switch and the other one connected to it.

3) if vlan123 extends to that switch only or that switch and BNC-admin-sw02 this choice is reasonable.

Notice that not only central switch is a single point of failure for example all switches having a single uplink can become isolated if that link fails.

Other notes:

STP is disabled for Vlan1: verify if there are ports in this vlan; if there are any I suggest to enable STP on vlan1.

you have bpdu filter enabled I would use bpu guard instead in combination with portfast.

BPDU filter can easily be a cause of problems in a network it is enough to connect two ports with a cable to get a loop.

Bpdu guard disables a port when it listens a bpdu but allows bpdus to be sent out so it is able to deal with the event same cable connecting two ports.

You would need a second central switch and two uplinks on each switch to achieve a fault tolerant design.

Hope to help

Giuseppe

Shibu1978 Sun, 06/07/2009 - 06:16

Dear Giuseppe,

Thank you very much for your reply.

1) Yes i have verified the connectivity between all the switches and found out there is no alternative paths to other switches.

My question :- since there is no alternative path availble between switches is there any special reason to configure the Spanning tree with Root switch ? will the default spanning-tree config "Spanning-free pvst " in all switches will do the spanning-tree function ?

3) Yes . i found out Vlan 123 only resides in BNC-admin-sw01 & Sw02 .

There is no ports configured with Vlan1.

"you have bpdu filter enabled I would use bpu guard instead in combination with portfast.

BPDU filter can easily be a cause of problems in a network it is enough to connect two ports with a cable to get a loop.

Bpdu guard disables a port when it listens a bpdu but allows bpdus to be sent out so it is able to deal with the event same cable connecting two ports."

Last week we had a network outage due to this bpdu filter i think. In our conference room there were two cables dropped to connect to pcs . someone brought one Dlink switch and connected those 2 cables in to the switch . entire network were going in a loop untill we found out the culprit and his switch. we removed the switch from the network and everything became normal.

Shall i remove the BPDUfilter and add bpdu guard so that i can restrict users connect third switches to our network?

Thanks for your reply

Giuseppe Larosa Sun, 06/07/2009 - 11:33

Hello Shibu,

>> Shall i remove the BPDUfilter and add bpdu guard so that i can restrict users connect third switches to our network?

I strongly recommend this we use bpdu guard with STP portfast and it is effective on detecing unauthorized switches connected by end users.

And yes the problem in the conference room has been likely caused by the side effect of bpdu filter.

1)

With a default configuration a leaf switch can be elected root bridge : configuring the central switch as the root bridge is an improvement also for traffic flow.

Just to add to first post:

when the central switch fails or is powered off all other switches are isolated in different portion: on each portion a new STP root bridge election for each vlan is performed.

So local connectivity is restored but users are confined in each portion and all portions without a router have users confined in each vlan (no inter vlan routing is possible without a L3 device).

I would keep the central switch as the root bridge for all vlans except vlan 123.

As I noted in first post this design is not fault tolerant: if this is a customer network or it is your company it can be wise to report your findings to management.

It is important that who takes decisions knows the state of this campus.

Then managers can decide to keep it in this way for different reasons, but reporting to them should be done for your own sake.

Hope to help

Giuseppe

Shibu1978 Sun, 06/07/2009 - 22:13

Dear Giuseppe,

Thanks for your kind reply and advice. i will follow things as u specified.

Please find attached the Sample switch config which i have tested in the spare switch. i have aslo configured port security with maximum alowed mac is 1 on the switch port. "Spanning-tree portfast" command i have not included in the config.should i add that in the config or leave it as it is?

Thanks for your help.

Shibu

Actions

This Discussion