Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

STP fine tuning

Hello,

I have a Data center where my SVIs are located on a pair of ASAs 5580 which are connected with two 6509s Core Switches

I need to force layer 2 traffic to take a specific path through the 'spanning tree vlan x priority y' command but since there are no SVIs on the Core Switches, I'm not sure if an stp instance will be created for my vlans, Can somebody advise how can I do it

Regards

3 REPLIES
Hall of Fame Super Blue

Re: STP fine tuning

k.abillama wrote:

Hello,

I have a Data center where my SVIs are located on a pair of ASAs 5580 which are connected with two 6509s Core Switches

I need to force layer 2 traffic to take a specific path through the 'spanning tree vlan x priority y' command but since there are no SVIs on the Core Switches, I'm not sure if an stp instance will be created for my vlans, Can somebody advise how can I do it

Regards

Not sure i follow what you mean. You don't need SVIs to have an STP instance. As soon as you create the vlan at L2 then you have an STP instance, doesn't matter where the L3 interface for that vlan is ?

Could you clarify what you mean ?

Jon

New Member

Re: STP fine tuning

Hi,

I'm not pro in Switching! I'm a security enginner

Thx for the info,I thought that the spanning tree instance will be created once I create the SVIs

Regards

Re: STP fine tuning

I guess your firewall is operating in transparent mode. Basically you a have an ingress vlan and an egress vlan. You don't have to worry about STP. Actually, if you needed to configure STP so that your traffic goes through the firewall, that would be an indication of a problem because it would mean that the traffic could skip the firewall as a result of a network reconfiguration (like a link going down). That's something that, as a security engineer, you should not like;-)

That said, it does not mean that you won't have to tune the priority of some bridges in order to get an optimal STP topology. The two vlans that you are stitching with the firewall will have a common root bridge. Put this root bridge close to the L3 interfaces (basically, make the switch hosting the SVI the root bridge), that's what *generally* result in the optimal topology (I don't know enough of your network to guarantee that of course).

Regards,

Francois

298
Views
0
Helpful
3
Replies