RPVST - Blade_sw

Answered Question
Nov 15th, 2011
User Badges:

Hi


Virtualization driving me crazy. 

3750 switch connects to Blade-switch_1 and Blade-switch_2

Spanning-tree mode is configured as rapid-pvst on 3750 switch, do I need to configure rapid-pvst on both blade-switches or keep the default pvst config.


3750 is running VTP domain HQ and transparent mode

Both Blade_switches are running VTP domain CLI and transparent mode

To configure Etherchannel between 3750 and blade-switch_1 do I need to have all devices in same vtp domain


cheers

SAM

Correct Answer by Beetlejuice01 about 5 years 9 months ago

Yes sam, and also remove port-security aging time, i suppose it is a command from an old config.


That command will be used in this cases:


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html

Correct Answer by Beetlejuice01 about 5 years 9 months ago

I have understand, i suggest the things i write before, and even if not necessary because you only have one "core" configure the rpvst on the blade if possible. If in future you will have possibility to add another core in case of faillure the different time of convergence between two protocol can create a temporary loop. Why you use a bpduguard on trunk? you will receive bpdu on that interface and the link will flap. Portfast trunk is not necessary with rpvst. Keep attention on 3020 with channel group on it's reccomended to use active or passive.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Reza Sharifi Tue, 11/15/2011 - 13:01
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,


Are the blade switches Cisco also?  If yes, configure the same STP on all of them.


HTH

samuel_M9 Tue, 11/15/2011 - 13:32
User Badges:

Hi Reza

These are cisco blade switches 3020 which comes with HP enclosure.

There are Two switches 3020 both interconnected.

My plan to connect these two switches 3020 to our existing 3750, looking at some config sample I build this configuration but not sure if loop is created


*configuration On 3750 *

interface range gi 0/21 -22

description connected to blade-switch_1

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active


* Blade-switch-1 configuration *

int range g0/9 - 10

channel-group 1 mode on

description connected to 3750



*configuration On 3750 *

interface range gi 0/23 -24

description connected to blade-switch_2

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active


* Blade-switch-2 configuration *

int range g0/9 - 10

description connected to 3750


channel-group 1 mode on



any comment on this config



cheers

SAM

Reza Sharifi Tue, 11/15/2011 - 14:20
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi Sam,


If the blade switches are 3020, they then can be stacked together, so they logically act as one switch.  Then you build an eEtherchannel  between the stack and your 3750.  This way you are logically connecting one switch (2 blade switches) to one 3750, and don't have to rely on SPT.


HTH

Reza

samuel_M9 Tue, 11/15/2011 - 21:19
User Badges:

Hi Reza


once you push the 3020 switches to the enclosure how can you see if these are stacked. possible to see from switch cli.

For Etherchannel I will use the same channel-procotol no .1. going to both 3060 switches. Any comments on the Etherchannel-configuration


*configuration On 3750 *

interface range gi 0/21 -22

description connected to blade-switch_1

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active


* Blade-switch-1 configuration *

int range g0/9 - 10

channel-group 1 mode on

description connected to 3750



*configuration On 3750 *

interface range gi 0/23 -24

description connected to blade-switch_2

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active


* Blade-switch-2 configuration *

int range g0/9 - 10

description connected to 3750


channel-group 1 mode on



cheers

SAM

Beetlejuice01 Wed, 11/16/2011 - 00:26
User Badges:

In the past i've configured some blade 3020 with etherchannel vs 2 core 6509-E, if i remember correctly there are four gigabit eth on 3020. If you have only one 3750 you can configure all interfaces in a channel for one switch and the same with the other... 2 differen't port channels.... The 3020 can't be configured as a stack. VTP is not necessary because is only for autoconfigure all vlan that you have on all switch, and in some case it can be dangerous and delete all vlan in a second. Tshe vlan used by the user doesn't need to exist on server switch, and i suggest, to filter the trunk on access switch only with the necessary vlans so the broadcast between in the server's vlan doesn't affect the trunk of the user switch and trunk of wifi access point if you have.

samuel_M9 Wed, 11/16/2011 - 00:47
User Badges:

Thanks Fabio

I am summarising complete scenario. Please share your opinion on the full config and if you see any loop.

There is no trunk config between blade-switches (green-connection in diagram is disabled)

Spanning-tree configured is Rapid-PVST on 3750 and PVST on blade-switches



***On 3750 ***




*configuration On 3750 *

interface range gi 0/21 -22

description connected to blade-switch_1

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active


interface range gi 0/23 -24

description connected to blade-switch_2

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 2 mode active


interface port-channel 1

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk



interface port-channel 2

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk


-------------------------------------------------------------------------end of config 3750 ----------------------------------------------


* Blade-switch-1 configuration *

int range g0/9 - 10

channel-group 1 mode on

description connected to 3750



interface port-channel 1

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk


interface GigabitEthernet0/1 & 2

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable


interface GigabitEthernet0/3 - 4

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable



-----------------------------------------------------end-of-config-Blade-sw1------------------------------------------------------------





* Blade-switch-2 configuration *

int range g0/9 - 10

channel-group 2 mode on

description connected to 3750



interface port-channel 2

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk


interface GigabitEthernet0/1 - 2  ( port 1 and port 2 )

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable


interface GigabitEthernet0/3 & 4 ( port 3 and port 4)

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable



-----------------------------------------------------end-of-config-Blade-sw2------------------------------------------------------------


cheers

SAM

Correct Answer
Beetlejuice01 Wed, 11/16/2011 - 01:11
User Badges:

I have understand, i suggest the things i write before, and even if not necessary because you only have one "core" configure the rpvst on the blade if possible. If in future you will have possibility to add another core in case of faillure the different time of convergence between two protocol can create a temporary loop. Why you use a bpduguard on trunk? you will receive bpdu on that interface and the link will flap. Portfast trunk is not necessary with rpvst. Keep attention on 3020 with channel group on it's reccomended to use active or passive.

samuel_M9 Wed, 11/16/2011 - 09:12
User Badges:

Fabio Thanks. I take these input from your reply.


1. configure RPVST on blade-switch


2. Remove bpduguard on trunk < This is not clear >


3. 3020 with channel-group is recommended to use active or passive < 3750 switch is active so had 3020_blade_sw as ON > do you see any issues with this config



Thanks again

SAM

Beetlejuice01 Wed, 11/16/2011 - 09:26
User Badges:

For the point 3 you could use active, for the point 2 on trunk links switch use bpdu, with this command the switch send bpdu and the bpduguard enable put in errdisable the port and the link goes down.

Beetlejuice01 Wed, 11/16/2011 - 09:53
User Badges:

the 3020 of Sam if i'm not wrong hasn't the stack connector as 3120... isn't it?

samuel_M9 Wed, 11/16/2011 - 10:29
User Badges:

Reza

I got < cisco WS-CBS3020-HPQ >


Fabio you are right.


P#2  can you help me with correct command


  (( this is waht you posted earlier :::::

for the point 2 on trunk links switch use bpdu, with this command the  switch send bpdu and the bpduguard enable put in errdisable the port and  the link goes down.  ))

Beetlejuice01 Wed, 11/16/2011 - 11:07
User Badges:

Simple remove that command from the interface where you have configured, and in generally the bpduguard will be never configured on legittimate trunk port, but eventually on trunk with access point or access port where bpdu will not be received and if received someone is trying to plug in a switch. You can configure on core and distribution switch the command root guard to prevent some switch that want to become root of stp, but with bpduguard when receive a bpdu from a switch on that port it'will go in errdisable state.

samuel_M9 Wed, 11/16/2011 - 11:19
User Badges:

Thanks

This is the change you referred



*********************

Blade_Switch#2

*********************

interface GigabitEthernet0/1 - 2  ( port 1 and port 2 )

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

NO spanning-tree bpduguard enable


interface GigabitEthernet0/3 & 4 ( port 3 and port 4)

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

NO spanning-tree bpduguard enable



**********************

Blade_Swith#1

**********************


interface GigabitEthernet0/1 & 2

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

No spanning-tree bpduguard enable


interface GigabitEthernet0/3 - 4

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

No spanning-tree bpduguard enable

Actions

This Discussion