Solved

portchannel and trunks

Posted on 2012-12-22
11
241 Views
Last Modified: 2013-01-15
I am going to try to explain it the way I saw it.
I have seen this in a video about configuring cisco switch for Cisco USC fabric Interconnect. the steps were:

1- they have configured 2 interfaces as trunk ports
2- they configured the trunk ports with portfast
3-they have configured the 2 interfaces that are trunk ports as etherchannel group 10 (po10)
4-then they configured the etherchanel port as a trunk with dot1q encapsulation.
5- they configured po10 with portfast


I wonder if step 2 is necessary, since portfast applies only to access ports ?
I wonder if step 4 is necessary, since po10 is based on the existing trunk that was already dot1q encapsulated
I wonder if step 5 is necessary ,since po10 does not need to be portfast.


Any clarifications will help.
Thanks
0
Comment
Question by:jskfan
  • 4
  • 4
  • 3
11 Comments
 
LVL 20

Expert Comment

by:rauenpc
Comment Utility
All steps are necessary. Portfast under normal circumstances only applies to access ports, but when configured as portfast trunk it immediately forwards even in trunk mode. Many years ago there was never a need for such a thing but with VM servers everywhere we need to treat many trunks as if they were access ports.

Any command that must be synchronized in a port channel needs to be applied to both the physical interfaces and logical port channel. Logically it would make sense that the commands would just sync themselves, but in the real world you end up repeating all the config on the physical ports to the logical port channels to make sure they match up and join the portchannel successfully.

As to portfast on the portchannel, it is necessary because once the physical ports agree to be in the logical portchannel, it is now the portchannel that participates in spanning tree, and not the physical
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Rauenpc is absolutely correct.

I just need to add that most configuration commands applied to an ether channel affects every member interface of that portchannell, but configuration commands applied to individual interfaces only affects that interface.

With that said, portfast could just have been applied to the etherchannel and the same results would be achieved (it gets applied to all member interfaces)
0
 

Author Comment

by:jskfan
Comment Utility
If I understand a Trunk is configured between 2 switches, so if you apply portfast on the Trunk, would not this create an STP loop ? considering that Portfast will not give too much time to STP to do its calculation.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Etherchannels are mostly used as an uplink (eg from an access layer switch to a distribution layer switch OR from distribution switches to Core switches. You would still apply the caution with portfast as you would on regular access port.

Distribution switches and core switches are usually Layer 3 switches (Have mini routers built in). With proper configuration (eg with HSRP, VRRP or GLBP configurations, you can have an excellent redundant topology).

Don't just imagine that portfast causes loop. The purpose of portfast is to eliminate listening - learning - forwarding transition of the ports - loops may occur when wrongly-applied
0
 
LVL 20

Expert Comment

by:rauenpc
Comment Utility
Just to add in... Although the fabric interconnects are switches, they are more considered end devices just like a VMware server because the interconnects are rarely configured to need or use spanning tree.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:jskfan
Comment Utility
I still did not get the Portfast  part, that can be applied to Trunk ports.
When someone applies portfast to an access port , they will get a message that applying port fast to a port that is connectina switch to a hub or to another  switch can cause a loop.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Spanning Tree - EffectiveSpanning tree  - Not Effective
Portfast disables spanning tree.

The message is to warn you not to enable portfast on a port connected to other switches if you have redundancy set up because a loop will occur.

Spanning tree is only effective when you have redundancy - that is - multiple connections in case of failure.

In the diagram (Spanning Tree - Not Effective), there is no redundancy, meaning there is no alternate path between the switches.
Switch 1 can only get to switch 2 one way, and to switch 3 one way.
Switch 2 and 3 can only link up through Switch 1

So if the link between Switch 1 and 2 is broken, Switch 2 becomes completely isolated.

In the diagram (Spanning Tree - Effective), the Switches have alternate paths (but Spanning tree only makes one path available) to prevent loop.

If link between switch 1 and 2 breaks, the alternate path from 1 to 2 will be to go through 3.

If you now enable portfast on the switches, all the paths become available as no BPDUs are monitored, so traffic can go round the switches in an endless loop. No router is between these switches to decrement the time to live (ttl) and the switches will crash at some point.

To explain portfast in more simpler terms
Switches have to listen on the port for signal, then learn the signal (ie what port it's coming from and the mac address of devices attached etc) before transitioning into forwarding mode. If the switch sends out a BPDU probe from a port, it never expects to receive it back - if it does, it knows there is redundancy and will try to block the least prioritized port.

With portfast enabled, you are telling the switch not to learn anything but transition immediately to forwarding state to minimize down time as the learning phase could take an average of 20 seconds.
0
 
LVL 20

Assisted Solution

by:rauenpc
rauenpc earned 220 total points
Comment Utility
The warning you receive when enabling portfast is just that... a warning. It is there to make sure you understand the potential risk involved.

Regardless of the warnings, portfast is a good choice on all interfaces of a fabric interconnect as long as it's in End Host Mode. If it is in Switch Mode, then the access ports should be portfast but uplinks should run spanning-tree and NOT have portfast enabled.

Cisco's explanation of the modes
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-623265.html#wp9000070
0
 

Author Comment

by:jskfan
Comment Utility
by: rauenpc

<< If it is in Switch Mode, then the access ports should be portfast but uplinks should run spanning-tree and NOT have portfast enabled >>

A Tunk is an Uplink, if I understand, so why can it be configured as Portfast ?
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 280 total points
Comment Utility
I think you are mixing the point altogether.

I will recommend that you keep an open mind about this so you can understand it better.

You wouldn't configure portfast on an uplink to another switch if you have two links to that switch. If you only have one uplink, then there is no need for spanning-tree. This lets you take advantage of the link coming up almost immediately, bypassing any learning phases.

You will always get the warning message anytime you configure portfast. This is just Cisco's way of reminding you especially if you are not fully aware how spanning-tree can completely annihilate your network.

Take this for example.
Take a switch that is NOT connected to anything.
Configure portfast on any port and see if you get the warning message.
Maybe that will help your understanding

All the best
0
 

Author Closing Comment

by:jskfan
Comment Utility
thank you guys!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now