06-22-2009 02:53 PM - edited 03-06-2019 06:23 AM
Hi All,
We resell the wireless services of another Service Provider and establish a trunk with them to which they send us the required customer vlans.
interface GigabitEthernet2/10
description Wireless Interconnect
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 301-322
switchport mode trunk
load-interval 30
speed 100
duplex full
no cdp enable
They've stopped spanning tree on their end because "as part of these measure we blocked spanning tree between networks to prevent potential flooding of either network."
We run spanning tree on our end and have "spanning-tree loopguard default" enabled and as a result the vlans being allowed through Gi2/10 stopped passing traffic because it no longer received any BPDU's. Below you can see that it's in a "broken" state.
core1#sh spanning-tree int g2/10
Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0301 Desg BKN*19 128.266 P2p *LOOP_Inc
VLAN0302 Desg BKN*19 128.266 P2p *LOOP_Inc
VLAN0303 Desg BKN*19 128.266 P2p *LOOP_Inc
VLAN0304 Desg BKN*19 128.266 P2p *LOOP_Inc
We contacted the wireless Service Provider and they have re-enabled spanning tree on their end - "We have re-enabled access to the spanning tree feature however we ask if this is a necessary requirement between our two networks as there is potential to flood each others network with spanning tree related traffic."
I'm not really sure what the best practice in this situation is with two different Service Providers passing customer vlans through the trunk port?
My understanding of spanning tree isn't all that great so was wondering what we should be doing in this situation. Do we continue to run spanning-tree and ask the other Provider to keep spanning tree enabled on their end as well? Or does the wireless Service Provider have a valid point in that they may be flooded by BPDU's from our end? If so, do we have to turn spanning tree off on the interface then?
Any help would be greatly appreciated.
Thanks.
Andy
06-23-2009 12:47 AM
Hello Andy,
STP is needed if there are multiple links between the two providers.
if the link is only one and there is no plan to add a second link you can disable STP on both sides using
spanning-tree bpdu filter enable
flooding happens in any case because it is the process of propagation of broadcast, multicast and unknown unicast traffic on each vlan = broadcast domain
Only BPDUs of permitted vlans are sent on the trunk with your configuration.
so the reasons are other ones and is that you may want to keep separated the two STP domains.
Hope to help
Giuseppe
06-23-2009 05:30 AM
HI Andy,
You can think about enabling QnQ in your Network, if it is connection between different Service Providers.
This will help you in avoiding the VLAN overlapping, etc.,
http://www.ippacket.org/blog/archives/2004/08/ieee_8021q-in-q.html
Best Regards,
Guru Prasad R.
07-02-2009 02:46 PM
Hi Guru,
Thank you for your suggestion. We do have QnQ running with some Service Providers.
Cheers.
Andy
07-01-2009 05:59 PM
Hi Giuseppe,
Thank you for your reply and sorry for my late response.
I totally agree with you - but we have loopguard turned on globally with "spanning-tree loopguard default". If we then enable "spanning-tree bpdufilter enable " on the interface, the port goes into a broken state because it's no longer receiving BPDUs. Does that mean we have to turn off "spanning-tree loopguard default" globally? What are the implications of doing this?
Thanks.
Andy
07-02-2009 03:56 PM
Would it safe to say that we shouldn't really be sharing spanning-tree bpdu's with another service provider if there's only one interconnect to/from us to their network.
Would something like this be good to put on our interface that interconnects us to another service provider.
spanning-tree loopguard default
!
interface GigabitEthernet0/43
description Interconnect with ISP2
spanning-tree bpdufilter enable
spanning-tree guard none
spanning-tree portfast
Thanks.
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide