Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
0
Helpful
7
Replies

STP in Redundant Network Design

Jacob Samuel
Level 1
Level 1

‎08-01-2009 12:30 PM - edited ‎03-06-2019 07:02 AM

HI

I have a network with Cisco 3560 as the L2 edge switch, each switch have two uplink to the Core. Uplink 1 to Core switch 1 and uplink 2 to core switch 2. Core switch have connected together on 2x1Gig etherchannel. Since the edge switches having two uplink and core are interconected, i beleive there is a possible chance for a loop. I am running stp PVST mode, each port are configured with port-fast enabled and bpdu-guard enabled and spanning-tree loopguard default on the global config. How i can impliment this design with a loop free method.

I will be using core 1 as the hsrp active, so would like to keep the uplink2 on edge switch always in blocking mode. what should i do? how can i acheive this?

regards

Jcb

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎08-01-2009 12:47 PM

Jacob

I assume the 2 Gig etherchannel is a L2 trunk ? If so then yes you have a L2 loop in your setup. This is not an uncommon setup as STP will block one of the links.

Assuming your'e uplinks are 1Gbps to each core switch then your etherchannel interconnection between the 2 core switches will not block.

So one of the uplinks will block. If you want core switch 1 to be active for all vlans then simply make core switch 1 STP root for all vlans.

A more common approach is to utilise both uplinks by having the odd vlans forwarded on one link and blocked on the other and the opposite for even vlans.

So core switch 1 will be STP root for all odd vlans and STP secondary for all even vlans.

Core switch 2 will be STP root for all even vlans and STP secondary for all odd vlans.

Obviously you also make core switch 1 hsrp active for all odd vlans and core switch 2 hsrp active for all even vlans.

Jon

0 Helpful

Jacob Samuel
Level 1
Level 1
In response to Jon Marshall

‎08-02-2009 03:02 AM

Hi Jon,

Thanks for the reply.

Yes, the ethrechannel is L2 Trunk only.

I think the common approach will not be suitable to me since the L3 Vlans will be created on the FWSM Module, and the FWSM will be running in Single Context (Active/Standby). I red in some cisco docs that the manuel STP port priority configureation on the FWSM installed switch may create some issue at the time of Failover. So instead of port priority configuration on the Core switch, if i make the Core Switch1 as the Primary Root for whole Vlans and Core Switch2 as the Secondary Root, will it make any issue related to FWSM? hope No right?

appreciate your valuable input please.

regards

Jacob

0 Helpful

davy.timmermans
Level 4
Level 4
In response to Jacob Samuel

‎08-02-2009 04:39 AM

Hi Jacob,

STP root is L2 technology. Hence the L3 in your configuration can influence the administrator to prefer a core switch root above another.

If it means that the FWSM module is active in core switch 1 and all routing to another vlan/internet is done by this Firewall, then it's a good choice to make core 1 STP root for all vlans. If you would use STP LB in this scenario, all traffic which has core 2 as STP root needs to cross the etherchannel towards core 1.

I would suggest also to use RSTP

0 Helpful

Jacob Samuel
Level 1
Level 1
In response to davy.timmermans

‎08-02-2009 09:54 PM

Hi Davy & Jon,

Thanks for the update.

Regarding RPVST- do we need to make any necessary changes on the configuration other than changing the spanning-tree mode to rapid-pvst? on the ports i have already enabled portfast and bpduguard and globally the spanning-tree loopguard also. As of now it is running as PVST only, do i need to consider anything more to make the PVST to rstp?

Regards

Jacob

0 Helpful

davy.timmermans
Level 4
Level 4
In response to Jacob Samuel

‎08-02-2009 11:48 PM

Changing the mode to rstp should be enough.

You can safely disable pvst features as uplinkfast, backbonefast (if configured) as they are incorporated in RSTP.

Unless you have 3500XL/2900XL series, it should be supported

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Jacob Samuel

‎08-02-2009 06:49 AM

Jacob

I agree with Davy on this. If your L3 vlan interfaces are on the FWSM and you have an active/standby setup then make the FWSM primary switch the active one for the vlans ie. set it to STP root.

I have used this setup in production data centre environments and it works fine.

Jon

0 Helpful

Jacob Samuel
Level 1
Level 1
In response to Jon Marshall

‎08-18-2009 01:15 AM

Hi Jon/Davy,

If I include all the L2 vlans for FWSM in the spanning-tree root on switch01, as like in the below command will it make any issue?

spanning-tree vlan 1,10,50,100,101,102,103,199 root primary

vlan 10- inside of fwsm

vlan 50- DMZ of fwsm

vlan 101- outside of fwsm connecting back to MSFC

vlan 102- failover vlan for fwsm

vlan 103- state-fo-vlan for fwsm

vlan 100- not the member of fwsm

Do you think any issue in this?

appreciate your valuable input

Thanks and regards

Jacob

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card