Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Spanning-tree Convergence Issue

I have dual 6509's with SUP2MSFC2's running version 12.2(18)SXF14 IPServices WAN IOS, in my core. Today someone plugged a DLINK switch and caused problems with spanning-tree. How can I prevent this from happeneing again when someone plugs in a DLINK switch? any suggestions?

  • LAN Switching and Routing
6 REPLIES
Bronze

Re: Spanning-tree Convergence Issue

You will have to look into commands like 'spanning-tree guard root' and 'spanning-tree bpdu-filter' in order to secure your Cat6500.

Also, make sure that you have set 'spanning-tree vlan xxx root primary' one one Cat6500 and 'spanning-tree vlan xxx root secondary' on the other. Then you are in control of where your Spanning Tree root is supposed to be and you are minimizing the chances (risk) of having another switch taking over the Spanning Tree.

HTH

Hall of Fame Super Silver

Re: Spanning-tree Convergence Issue

Hello,

the right tools should be

spanning-tree guard root

spanning-tree bpduguard enable

the second command puts the port in errordisable if an STP BPDU is heard on the port

I don't recommend spanning-tree bpdu-filter in an enterprise environment it doesn't provide protection from someone connecting together two ports with a cable.

It is a good tool for L2 SPs to avoid to take part in customers STPs.

edit:

I agree on the need of setting root primary and secondary for all vlans

Hope to help

Giuseppe

New Member

Re: Spanning-tree Convergence Issue

should these commands only be used on normal access points and not uplink ports ?

Hall of Fame Super Silver

Re: Spanning-tree Convergence Issue

Hello Carl,

your understanding is correct.

STP bdpuguard is the ideal companion of portfast.

For uplinks we use spanning-tree loop guard + storm-control broad 1%

Hope to help

Giuseppe

New Member

Re: Spanning-tree Convergence Issue

do we still need to use loopguard when using rstp ?

Hall of Fame Super Silver

Re: Spanning-tree Convergence Issue

Hello Carl,

yes loop guard is effective with RSTP, UDLD is too slow in reaction in comparison to RSTP fast convergence time.

We use loop guard with RSTP

Hope to help

Giuseppe

255
Views
0
Helpful
6
Replies
This widget could not be displayed.