?
Solved

Spanning-tree Implementation changes

Posted on 2011-10-20
13
Medium Priority
?
829 Views
Last Modified: 2012-10-15
Hi,

We are collapsing all our smaller switches (2960s and 3750s) into 2 6509s.  One of the 3750s is the root bridge for all our vlans, the other 3750 is the secondary root bridge for all our vlans.  We would like to have the 6509s replace all our other switches first, and then do the root bridges last.  

For example, for vlan 1, the Primary root bridge switch has that vlan with a root bridge of 24577 (when you plug in a switch with no configuration, it defaults the vlan to 24576, and then every vlan gets incremented by 1, unless someone manually configures the bridge ID).  Then, when the secondary root bridge was plugged in, it has a bridge ID of 28673, which is greater than 28673, so it becomes a backup root bridge.  The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID.  So the smaller the number, the closer you are to being the root bridge.  When we go to plug in these new switches, we must give them all bridge IDs greater than the root bridge IDs.  Once we fold in the 3750 switches that are the root bridges, we must redo this, giving them smaller numbers than the current primary root bridges before yanking them.

Now, according to my research: Interestingly, with spanning tree, the cmd is spanning-tree vlan X priority X.  But with the priority keyword, the range is 0 to 61440 in increments of 4096, assigning the first number of the interval to a vlan on the switch, and then that switch can only use IDs in that range (ie, the primary root bridge switch can only use 24576 to 28671).  The default spanning tree value with a switch is 32768.  Only the following number can be used as a priority value.

0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152 ,53248, 57344, 61440.

Is this correct ?

We cannot use 24576, because it is being used by the spanning tree root bridge, so we can only use numbers bigger than that.  Cannot use 28672 because it is being used by secondary root bridge switch.  Cannot use 32768 because that is on a 3rd switch.

Questions :
1. Is the thought process correct ? We give these vlans the worst possible spanning tree priority (61440 and beyond) on the new 6509s, and then we fold in all other switches.  When we do the primary root bridge and secondary root bridge, we redo the vlan priority again, but give the vlans priorities lower that the current root bridge and secondary root bridge?
2. I checked another switch  (4th 3750) and it has a number of vlans with numbers 32960, 32856, and 32772, which would conflict with the interval for the 3rd switch mentioned above.  How is this working?  Or is the Cisco document about the intervals no longer valid ?  
3. The cmd string per vlan is :
config t
spanning-tree vlan x priority x
does this sound correct ?
4. Anything else I am missing ?

thanks in advance
0
Comment
Question by:Elemental12
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 37000080
I think you are overthinking it. I say clean your slate and start from scratch. The simple fact that you are changing the layer 2 topology would lead me to want to redo the vlan priorities anyway.

On another note, have you considered doing layer 3 to the access layer and rely on dynamic routing for convergence instead of spanning tree?
0
 

Author Comment

by:Elemental12
ID: 37000123
We cannot go total clean slate ... We get very short maintenance windows here, so we can only move one or two switches at a time.  Well, we have to redo the vlan priorities because the root bridges are going away.

We thought about going layer 3 for a bit, but we are collapsing 10 small switches into two 6509s so we figured Layer 2 switching is fast enough for us.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 37000203
Okay, so when you install the 6509's why can't you just enter spanning tree root primary and secondary for all of the vlan?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 800 total points
ID: 37000212
>Only the following number can be used as a priority value.
>0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152 ,53248, 57344, 61440.
>Is this correct ?

Yes.

1. Pretty much.

2. Cisco uses a methodology known as "Extended System ID". Basically they take the defined priority and add the vlan number to it. So if you assigned the priority of 16384 to a switch, for VLAN 12, the priority would be 16396 (16384+12=16396).

3. That is the correct command syntax.

Your approach is workable. Add the new switches with default priorities. Your existing switches will remain their root status as defined. Once you're ready, lower the priority on the new switches to be lower than the existing switches.
0
 

Author Comment

by:Elemental12
ID: 37000223
Because those two switches are serving apps that cannot go down/be interrupted until 2nd quarter next year, so we need to continue forward movement by replacing the switches that have apps that can be interrupted sooner rather than later.
0
 

Author Comment

by:Elemental12
ID: 37000261
I appreciate your comments.  I will leave this open for the next day or so in case anyone has other suggestions.  As you can see this is a heavy lift for me, so I really want to make sure I do not miss anything and that it goes as seamless as possible.  I have a ticket open with Cisco TAC as well, but I like to get the "real world" take on upgrades like this as well.
0
 

Author Comment

by:Elemental12
ID: 37000297
My other question is about these intervals.  Do I need to check all my switches and find out what intervals they use?  I guess I can do 57344 on one 6509 and 61440 for the other.
0
 
LVL 26

Accepted Solution

by:
Soulja earned 800 total points
ID: 37000359
I still say just use the spanning-tree vlan <vlan range> root primary and secondary commands on the 6500's It will take care of the priority numbering.
0
 

Author Comment

by:Elemental12
ID: 37000601
but I cannot make these two 6509s primary and secondary until the very end
0
 
LVL 26

Expert Comment

by:Soulja
ID: 37000629
I understand that, do as Don stated and add them with their default priorities, then make them primary and secondary roots when you reach that point.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 37000630
The intervals are irrelevant.  The only thing that matters is that the desired root has a LOWER priority than the others switches.
0
 

Author Comment

by:Elemental12
ID: 37000635
Soulja, thanks ... rather than me manually putting in priorities, I will use the primary and secondary cmds as you suggest ...

DonJohnston, thanks for the clarification, and yes, the lower priority is the only thing that matters ... thanks
0
 
LVL 6

Assisted Solution

by:ipajones
ipajones earned 400 total points
ID: 37001466
I think everything has already been covered here but wanted to add the following.

The reason for the priority part of the BID requiring values in increments of 4096 upto 61440 is because the priority is a 16 bit value, made up as follows:

| priority | system-id |
  4 bits        12 bits       = 16 bits

As noted by @donjohnston cisco use an extended system-id.  This refers to the VLAN number which is a 12 bit value.  So that the remaining 12 bits can refer to the vlan id, the 4 bit priority goes up in increments of 4096 making the remaining 12 bits zero until the vlan id is added.

This priority value + the base MAC of the switch makes up the BID and the lowest BID becomes the root switch on a per vlan basis.  So as you've already noted as long as you leave the priority of the 6509's you're adding at their default of 32768 they will have higher BID's on a per vlan basis than the current root and secondary 3750's.

The "spanning-tree vlan X root primary" and "spanning-tree vlan X root secondary" are actually commands that execute a macro which sets the priority based on that of the current root switch.  The "root primary" command will set the priority to 24576 if the current root is higher than this or automatically sets it lower in increments of 4096 if the current root has a priority of 24576 or less.  The "root secondary" sets the priority to 28672 as it assumes this will be higher after the root primary command has been executed on another switch.  After using these commands you'll see in the config that the actual priorities are explicitly set.  So if in the future a switch is added with a lower priority then this could in thoery then take over as a root switch.  Entering these commands doesn't necessarily mean your making a switch the root forever.

I obviously don't know your topology but you could make one switch root for one set of vlans and the other root for the remaining thus load-balancing L2 traffic over what would be the redundant links.

Hope this was helpful!
--IJ

0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question