I.Yes Jon you are right. when i apply sh spantree 1 i dont see any entries.

II.If u look at my cr3-hy2 configs , yes we use router interfaces on dist switch.

Can i get the Mac address command on catos switch plz .

~Akber.

Hello Jon,

Can you pls let me know why cs401 is elected as root bridge though cs101/cs401 have same priority.

Also can u send me the command to check the mac address on cat os. so i can give you input the on the lowest mac address.

~Akber.

This may help find your root bridge if the switch you have access is running L3 and you have the mac, the switch you are on MAY be able to resolve the IP address of that mac. This maybe helpful if you know the IP's of all your devices.

show ip arp | include 6001

In most cases the last 4 characters of the MAC is enough to resolve the IP.

(I haven't used CatOS in quite some time so the command maybe different.)

HtH

NEVER, EVER, use the 'spanning-tree vlan root' macro to set the spanning-tree root bridge for the VLAN. This is VERY problematic. The spanning-tree root bridge should be set to the correct cost per the design.

In most cases the primary root bridge would have 'spanning-tree vlan 1-4094 priority 8192' and the secondary root bridge would have 'spanning-tree vlan 1-4094 priority 16384'. In most cases you will want to configure the edge switches for 'spanning-tree uplinkfast enable' to set the spanning-tree root priority > 46000 or all switches for 'spanning-tree mode rapid-pvst' (which means DO NOT run uplinkfast and/or backbonefast on ANY switches configured for rapid-pvst).

If you have redundant uplinks to diverse core switches you can play with setting spanning-tree vlan priorities so that switch 1 is priority 8192 (primary) for vlans 1,6,400 (priority 16384 for all other vlans) and switch 2 is priority 8192 for vlans 2-5,7,100 (priority 16384 for all other vlans). This will allow you to utilize both links for different vlans rather than one link always in blocking state for all vlans.

Using the spanning-tree root and spanning-tree root secondary macros will *TRY* to calculate the appropriate bridge priority to make it the root. This may cause the priority to be set to 1 which is obviously problematic.

The correct architecture is to use the commands above and ensure that 'spanning-tree guard root' is on all uplink ports to edge switches and specifically not on downlinks or crosslinks to the secondary root or core switch.

Hello,

Can you plese read the above discussions and answer my question.

Regards,

Akber.

Please clarify for me what you are trying to determine:

You only have access to one switch but you want to find out which switch is the current spanning-tree root bridge?

All you can tell from your one switch is the mac address and priority of the root bridge and which port (or ports) on your one switch have a path to that root.

Depending on the topology of the layer-2 network that your one switch is connected to, the root bridge could be in a different building, county or state!

Please provide more details as to the layer-2 topology of the network you are connected to in order for me to effectively answer your question.

How many switches make of the layer-2 topology of the network you are connected to?

How many buildings does this layer-2 network span?

Etc.

Bottom line is what the above posters have said and I will clarify.

Spanningtree root bridge and secondary root should be explicitly set per vlan.

In your case Akber the priority is set to 10 on multiple switches. Yes, it is the lowest mac address that wins the battle when they both have the same priority. No need to waste any more time chasing that down. That's just how it is. So... what you need to do is architect spanning tree. Decide which switch in the core you want to be the primary root bridge and set it just like it's set on multiple switches. Also don't forget to remove the competing values from other switches.

As for the whole 8192 jazz... that is only if you have extended vlans enabled. Obviously you do not, because the priority is 10. I would recommend to you to set the priority of the root to be 10 and secondary root to be 20.

There are multiple levels of knowledge of STP. You only need to know enough to know where the root is and statically set it and you are doing better than 80% of network engineers in the world. ;)

Please do not tell users to set their spanning root priority to anything less than 8192!!!

This both goes against any spanning-tree best practice guidelines and breaks spanning-tree in many cases (particularly with PVST). This has nothing to do with having extended VLANs enabled.

Since *ALL* Cisco switches by default run PVST (per-VLAN spanning-tree) and calculate the root priority by *ADDING* the VLAN id to the advertised root priority, a root priority between a core primary and secondary of anything less than 1000 is crazy and less than 4096 is asking for trouble.

The spanning-tree root bridge priority (per VLAN or spanning-tree instance) is a decimal number between 1 and 65535, with a default (per IEEE) of 32768. Why on earth would you suggest setting this value to 10 or 20 with this type of range and so different from the default? A value of 10 is nearly impossible to correct remotely by setting another switch with a lower priority.

Please don't create MASSIVE spanning-tree confusion by offering this bad advice. It is CCIE engineers like myself that continually spend hours and hours troubleshooting periodic, apparently random, network issues at clients only to determine that someone set the spanning-tree root bridge priority, without knowing what they were doing, to some insanely low number. And remember, I think a spanning-tree root bridge priority of 1000 is insanely low.

Thank you.

Wow... That has been the practice of Cisco SE's I've worked with for many years. I can quote "distinguished engineers" from Cisco on the same subject that recommend the same thing.

I can assure you setting the root to priority of 10 does in no manner, way, shape or form "break" PVST.

A value of ten is impossible to correct by lowering? You have the option of going from 0-9 to trump the 10 priority.

The true MASSIVE confusion is when people don't do anything at all, or do not set it explicitly by using the "root" command that just takes all other priorities it sees and cuts it in half. STP is a beautiful thing but should not be left to it's own vices to make decisions. An engineer has to know and understand how it works and manipulate the variables to make STP perform the way it is architected on a per network basis.

Wow though... crazy?? Asking for trouble how?

All I will tell you is that I stand behind my comments above. If you would open a TAC case and tell them your spanning-tree root bridge priority is set to 10, three things will happen:

1. A huge red flag will be raised and the assumption will be that you have no control over your spanning-tree environment.

2. The only reason to set the spanning-tree root priority to such a low number is as a workaround because all switches have not been configured correctly or by a specific design and you have had to *FORCE* the spanning-tree root bridge.

3. Your network is very small and was not deployed using Enterprise best practice standards that are detailed in documentation on Cisco's web site.

Basically, if the TAC gets a 'show tech-support' that shows the root bridge with a bridge priority of less than 8192, that is a bad sign.

I have been brought into several large networks by Cisco because of ongoing and apparently random network performance issues that were suspected to be caused by spanning-tree misconfiguration. In every case, like I stated before, someone who didn't understand what they were doing, set the root bridge priority to some insanely low number like 10.

Don't misread what I am saying, however, you are correct in that a spanning-tree root bridge priority of 10 *WILL* most likely elect that switch as the root bridge. But the only reason I can think of doing this is in a lab environment or to *FORCE* the root bridge in a poorly designed network in which the layer-2 network design was either deployed by multiple entities or cobbled together.

Note that layer-3 boundries should always be established between entities that manage different portions of the network, particularly at layer-2. I have seen numerous cases where spanning-tree issues cause significant outages because multiple layer-2 networks are connected together without a central management group. (This includes an unnamed emergency client in Boston a few years back).

Please note that using the 'set spantree root' or equivalent IOS macro will set the root bridge priority for that VLAN to 8192 and the 'set spantree root secondary' or equivalent IOS macro will set the root bridge priority for that VLAN to 16384. That should be your best example of a Cisco best practice, the built-in capabilities of the switch.

Hi all,

I'm not a distinguished engineer so consider this as a modest and reasonable point of view...

I would not recommend either to set the root bridge priority too low, because indeed, there is not much room to beat a bridge with a root priority of 10. Some recent high end platforms are always running extended sysid. This way, we just need *one* mac address to run STP, even in PVST mode, which is a considerable saving in term of mac address allocation. So practically, if 10 is the current priority of your root, your last chance of moving your root bridge to this big cat6513 you've just bought is by configuring it with a priority of 0.

Now, in a regular scenario, I don't see the problem of beating a bridge ID as such a big issue.

-1- If you need to move the root bridge in a hurry, having a single shot (priority 0) is probably enough in the short term.

-2- If you are planning a network change, you can increase the priority of the previous root if necessary.

-3- If you're not in case -1- or -2- (if you don't know which bridge is injecting this @%#! priority 10 in the network, or even worse, if you don't control the bridge that is the root in your network), I would say that you have an administrative issue that is much more critical that determining the exact value of the bridge priority of your root.

Generally, I don't like the BIG rules that are asserted by so many about spanning tree. Well, if there was such a big rule as "never ever do this", then the CLI would not even exist. One of the great weakness and strenght of STP is that it is able to work in a plug and play fashion. As a result, many people who have absolutely no clue about how STP works are operating large, critical L2 networks. For those, some simple guidelines have been written so that they don't shoot themselves in the foot. For engineers who know how STP works, I don't see any restriction.

Regards,

Francois

Hi Francois,

Can you please let me know what is extended system id in STP and when it is used with couple of examples.

Regards,

Akber

Hi Richard ,

Please see the below configs and answer my queries.

Access switch1:-

set spantree priority 10 483

set spantree priority 10 797

sh spantree :-

VLAN 1

Spanning tree mode RAPID-PVST+

Spanning tree type ieee

Spanning tree enabled

Designated Root 00-00-00-00-00-00

Designated Root Priority 0

Designated Root Cost 0

Designated Root Port 1/0

Root Max Age 0 sec Hello Time 0 sec Forward Delay 0 sec

Bridge ID MAC ADDR 00-00-00-00-00-00

Bridge ID Priority 32768

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Port State Role Cost Prio Type

Sh Spantree summanry:-

Spanning tree mode: RAPID-PVST+

Runtime MAC address reduction: disabled

Configured MAC address reduction: disabled

Root switch for vlans: 483.

Global loopguard is disabled on the switch.

Global portfast is disabled on the switch.

BPDU skewing detection disabled for the bridge.

BPDU skewed for vlans: none.

Portfast bpdu-guard enabled for bridge.

Portfast bpdu-filter disabled for bridge.

Uplinkfast disabled for bridge.

Backbonefast disabled for bridge.

Summary of connected spanning tree ports by vlan

VLAN Blocking Listening Learning Forwarding STP Active

----- -------- --------- -------- ---------- ----------

483 0 0 0 79 79

797 0 0 0 1 1

Blocking Listening Learning Forwarding STP Active

----- -------- --------- -------- ---------- ----------

Total 0 0 0 80 80

==================================================================

Management switch :-

"set spantree priority 10 797" ----for promoting root bridge

Sh spantree

VLAN 1

Spanning tree mode RAPID-PVST+

Spanning tree type ieee

Spanning tree enabled

Designated Root 00-00-00-00-00-00

Designated Root Priority 0

Designated Root Cost 0

Designated Root Port 1/0

Root Max Age 0 sec Hello Time 0 sec Forward Delay 0 sec

Bridge ID MAC ADDR 00-00-00-00-00-00

Bridge ID Priority 32768

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

---------------------------------------

Sh spantree summary:-

Spanning tree mode: RAPID-PVST+

Runtime MAC address reduction: disabled

Configured MAC address reduction: disabled

Root switch for vlans: 497,797.

Global loopguard is disabled on the switch.

Global portfast is disabled on the switch.

BPDU skewing detection disabled for the bridge.

BPDU skewed for vlans: none.

Portfast bpdu-guard enabled for bridge.

Portfast bpdu-filter disabled for bridge.

Uplinkfast disabled for bridge.

Backbonefast disabled for bridge.

Summary of connected spanning tree ports by vlan

VLAN Blocking Listening Learning Forwarding STP Active

----- -------- --------- -------- ---------- ----------

497 0 0 0 6 6

797 0 0 0 21 21

Blocking Listening Learning Forwarding STP Active

----- -------- --------- -------- ---------- ----------

Total 0 0 0 27 27

Port State Role Cost Prio Type

Each switch is configured with a singl vlan and made as Root bridge.

No Secondary Root is configured.

Why Root Guard is not configured in switch network

Can you plz let me know how management switch is becoming as root bridge for

vlan 797 though bridge priority and bridge mac address is same on both access switch and management switch.

Please let me know if u need any further inputs.

Regards,

Akber.

Hi Akber

The mac-address is not the same for your management switch and your access switch. You are viewing the output of STP on vlan 1 and that is why the Bridge MAC is showing as 00-00-00-00-00-00.

Please use the following on your management and access switch.

"sh spantree 797"

This should show you the proper priorities and mac-addresses of the two switches.

HTH

Jon