Solved: RPVST - Blade_sw

samuel_M9 · ‎11-15-2011

Hi

Virtualization driving me crazy.

3750 switch connects to Blade-switch_1 and Blade-switch_2

Spanning-tree mode is configured as rapid-pvst on 3750 switch, do I need to configure rapid-pvst on both blade-switches or keep the default pvst config.

3750 is running VTP domain HQ and transparent mode

Both Blade_switches are running VTP domain CLI and transparent mode

To configure Etherchannel between 3750 and blade-switch_1 do I need to have all devices in same vtp domain

cheers

SAM

Beetlejuice01 · ‎11-16-2011

I have understand, i suggest the things i write before, and even if not necessary because you only have one "core" configure the rpvst on the blade if possible. If in future you will have possibility to add another core in case of faillure the different time of convergence between two protocol can create a temporary loop. Why you use a bpduguard on trunk? you will receive bpdu on that interface and the link will flap. Portfast trunk is not necessary with rpvst. Keep attention on 3020 with channel group on it's reccomended to use active or passive.

View solution in original post

Beetlejuice01 · ‎11-16-2011

Yes sam, and also remove port-security aging time, i suppose it is a command from an old config.

That command will be used in this cases:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html

View solution in original post

Reza Sharifi · ‎11-15-2011

Hi,

Are the blade switches Cisco also? If yes, configure the same STP on all of them.

HTH

samuel_M9 · ‎11-15-2011

Hi Reza

These are cisco blade switches 3020 which comes with HP enclosure.

There are Two switches 3020 both interconnected.

My plan to connect these two switches 3020 to our existing 3750, looking at some config sample I build this configuration but not sure if loop is created

*configuration On 3750 *

interface range gi 0/21 -22

description connected to blade-switch_1

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active

* Blade-switch-1 configuration *

int range g0/9 - 10

channel-group 1 mode on

description connected to 3750

*configuration On 3750 *

interface range gi 0/23 -24

description connected to blade-switch_2

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active

* Blade-switch-2 configuration *

int range g0/9 - 10

description connected to 3750

channel-group 1 mode on

any comment on this config

cheers

SAM

Reza Sharifi · ‎11-15-2011

Hi Sam,

If the blade switches are 3020, they then can be stacked together, so they logically act as one switch. Then you build an eEtherchannel between the stack and your 3750. This way you are logically connecting one switch (2 blade switches) to one 3750, and don't have to rely on SPT.

HTH

Reza

samuel_M9 · ‎11-15-2011

Hi Reza

once you push the 3020 switches to the enclosure how can you see if these are stacked. possible to see from switch cli.

For Etherchannel I will use the same channel-procotol no .1. going to both 3060 switches. Any comments on the Etherchannel-configuration

*configuration On 3750 *

interface range gi 0/21 -22

description connected to blade-switch_1

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active

* Blade-switch-1 configuration *

int range g0/9 - 10

channel-group 1 mode on

description connected to 3750

*configuration On 3750 *

interface range gi 0/23 -24

description connected to blade-switch_2

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active

* Blade-switch-2 configuration *

int range g0/9 - 10

description connected to 3750

channel-group 1 mode on

cheers

SAM

Beetlejuice01 · ‎11-16-2011

In the past i've configured some blade 3020 with etherchannel vs 2 core 6509-E, if i remember correctly there are four gigabit eth on 3020. If you have only one 3750 you can configure all interfaces in a channel for one switch and the same with the other... 2 differen't port channels.... The 3020 can't be configured as a stack. VTP is not necessary because is only for autoconfigure all vlan that you have on all switch, and in some case it can be dangerous and delete all vlan in a second. Tshe vlan used by the user doesn't need to exist on server switch, and i suggest, to filter the trunk on access switch only with the necessary vlans so the broadcast between in the server's vlan doesn't affect the trunk of the user switch and trunk of wifi access point if you have.

samuel_M9 · ‎11-16-2011

Thanks Fabio

I am summarising complete scenario. Please share your opinion on the full config and if you see any loop.

There is no trunk config between blade-switches (green-connection in diagram is disabled)

Spanning-tree configured is Rapid-PVST on 3750 and PVST on blade-switches

***On 3750 ***

*configuration On 3750 *

interface range gi 0/21 -22

description connected to blade-switch_1

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 1 mode active

interface range gi 0/23 -24

description connected to blade-switch_2

no ip add

switchport

sw trunk encap dot1q

sw trunk allowed vlan 3,4,5

sw trunk native vlan 3

sw mode trunk

spanning-tree guard root

channel-protocol lacp

channel-protocol 2 mode active

interface port-channel 1

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

interface port-channel 2

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

-------------------------------------------------------------------------end of config 3750 ----------------------------------------------

* Blade-switch-1 configuration *

int range g0/9 - 10

channel-group 1 mode on

description connected to 3750

interface port-channel 1

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

interface GigabitEthernet0/1 & 2

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable

interface GigabitEthernet0/3 - 4

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable

-----------------------------------------------------end-of-config-Blade-sw1------------------------------------------------------------

* Blade-switch-2 configuration *

int range g0/9 - 10

channel-group 2 mode on

description connected to 3750

interface port-channel 2

no ip add

switchport

sw trunk encap dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

interface GigabitEthernet0/1 - 2 ( port 1 and port 2 )

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable

interface GigabitEthernet0/3 & 4 ( port 3 and port 4)

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

spanning-tree bpduguard enable

-----------------------------------------------------end-of-config-Blade-sw2------------------------------------------------------------

cheers

SAM

Beetlejuice01 · ‎11-16-2011

I have understand, i suggest the things i write before, and even if not necessary because you only have one "core" configure the rpvst on the blade if possible. If in future you will have possibility to add another core in case of faillure the different time of convergence between two protocol can create a temporary loop. Why you use a bpduguard on trunk? you will receive bpdu on that interface and the link will flap. Portfast trunk is not necessary with rpvst. Keep attention on 3020 with channel group on it's reccomended to use active or passive.

samuel_M9 · ‎11-16-2011

Fabio Thanks. I take these input from your reply.

1. configure RPVST on blade-switch

2. Remove bpduguard on trunk < This is not clear >

3. 3020 with channel-group is recommended to use active or passive < 3750 switch is active so had 3020_blade_sw as ON > do you see any issues with this config

Thanks again

SAM

Beetlejuice01 · ‎11-16-2011

For the point 3 you could use active, for the point 2 on trunk links switch use bpdu, with this command the switch send bpdu and the bpduguard enable put in errdisable the port and the link goes down.

Reza Sharifi · ‎11-16-2011

Hi Sam,

Each 3120 should have SBU type connector for stacking. The pins and size of the connector differs from the 3750 series, but there is a slot for stacking.

Are you planning on stacking them?

see table-1

Http://www.cisco.com/en/US/docs/switches/blades/3120/hardware/quick/guide/3120gsg.html

HTH

Beetlejuice01 · ‎11-16-2011

the 3020 of Sam if i'm not wrong hasn't the stack connector as 3120... isn't it?

samuel_M9 · ‎11-16-2011

Reza

I got < cisco WS-CBS3020-HPQ >

Fabio you are right.

P#2 can you help me with correct command

(( this is waht you posted earlier :::::

for the point 2 on trunk links switch use bpdu, with this command the switch send bpdu and the bpduguard enable put in errdisable the port and the link goes down. ))

Beetlejuice01 · ‎11-16-2011

Simple remove that command from the interface where you have configured, and in generally the bpduguard will be never configured on legittimate trunk port, but eventually on trunk with access point or access port where bpdu will not be received and if received someone is trying to plug in a switch. You can configure on core and distribution switch the command root guard to prevent some switch that want to become root of stp, but with bpduguard when receive a bpdu from a switch on that port it'will go in errdisable state.

samuel_M9 · ‎11-16-2011

Thanks

This is the change you referred

*********************

Blade_Switch#2

*********************

interface GigabitEthernet0/1 - 2 ( port 1 and port 2 )

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

NO spanning-tree bpduguard enable

interface GigabitEthernet0/3 & 4 ( port 3 and port 4)

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

NO spanning-tree bpduguard enable

**********************

Blade_Swith#1

**********************

interface GigabitEthernet0/1 & 2

description <<** BladeServer-1 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

No spanning-tree bpduguard enable

interface GigabitEthernet0/3 - 4

description <<** BladeServer-2 **>>

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3,4,5

switchport mode trunk

switchport port-security aging time 20

no cdp enable

spanning-tree portfast trunk

No spanning-tree bpduguard enable