Solved: Joining 2 companies LAN networks together via a trunk link - RSTP issues?

fidessats · ‎08-04-2009

In order to provide a higher throughput link we want to connect our core switch to a company we are integrating with over a 4 gig trunk. However they run RSTP on thier LAN and so do we. I think we will run into issues with this when the trunk comes up between our core switch and theirs.

Has anyone got any advice on what issues may occur and if there is a way around keeping each companies current RSTP 'domain' separate until the companies are fully integrated on to one LAN. (This is meant to be an interim solution while their infrastructure and users are moved onto our kit, the current connection is via a routed firewall connection to their network so hoping to replace this with a switch to switch 4 gig trunk as we're now physically in the same building with the company merger that has happend).

Regards,

Chris

Peter Paluch · ‎08-04-2009

Hello Chris,

There is a facility called BPDU Filter that is intended for situations like these. The BPDU Filter efectively stops both sending and receiving BPDUs on a selected port, thereby creating a boundary between two RSTP domains. Of course, this link is not protected against Layer2 loops anymore so it is up to the network administrator to make sure that there are indeed no redundant connections between the two RSTP domains.

You can activate this feature simply by writing spanning-tree bpdufilter enable on the respective port. You have indicated that you are using a 4 gig trunk - I assume you have created an EtherChannel. That command would then be placed on the Port-channel interface.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎08-04-2009

Hello Chris,

There is a facility called BPDU Filter that is intended for situations like these. The BPDU Filter efectively stops both sending and receiving BPDUs on a selected port, thereby creating a boundary between two RSTP domains. Of course, this link is not protected against Layer2 loops anymore so it is up to the network administrator to make sure that there are indeed no redundant connections between the two RSTP domains.

You can activate this feature simply by writing spanning-tree bpdufilter enable on the respective port. You have indicated that you are using a 4 gig trunk - I assume you have created an EtherChannel. That command would then be placed on the Port-channel interface.

Best regards,

Peter

fidessats · ‎08-04-2009

Hi Peter,

Many thanks for the quick response.

I was just digging out the BCMSN course books we have in the library and reading up on the STP security features so was thinking of the BPDU Guard and root guard features but hadn't realised there was also the bpdu filter option - so thanks for that one!

Yes it will be a port-channel between our core 6509 switch and theirs via 4 gig ports - actually we want to try to send the traffic via our FWSM blade for this connection as well until we know more about what access the other companies users need to our network (just to complicate things!). Basically we want to route traffic between our networks via an interface on our FWSM but over the 4 gig trunk connection. E.g. they use 10.x.x.x/24 networks ranges in their company and we use 192.168.x.x/24 networks in ours. So the plan is to create a /30 network assign an ip to a new FWSM vlan on our side and the other to an SVI on their core switch, then route the traffic. But anyway keeping the RSTP separate was my first concern before we even start amending the routing!

Once again many thanks Peter.

Chris.