Solved

Spanning Tree Question

Posted on 2013-01-22
3
549 Views
Last Modified: 2013-02-17
Hi all,

I've recently read that, unlike Cisco, BPDUs are not sent on the native/untagged - or any other - vlan.

Questions:

1. Is this really true?
2. If so, what effect does this have on spanning tree's ability to correctly detect loops?
3. What considerations are there on a medium sized HP Procurve network (20 switches, with separate access + distribution layers) to ensure that spanning tree correctly detects loops?

Basically, I'm looking for a decent explanation on how this difference between Cisco's and HP's implementation of spanning tree, and how I can prevent loops in an HP environment.

(this isn't academic, a recent loop in the network took out all switches and all vlans on the entire network)

Cheers
0
Comment
Question by:cakelayers
3 Comments
 
LVL 10

Expert Comment

by:convergint
ID: 38806088
On Procurve switches the BPDU is turned off by default and you must enable it to protect your network from loops.

The syntax from the CLI is:

spanning-tree all bpdu-protection

This basically enables the bpdu protection on every port, afterwards you should disable it on the uplink ports:

no spanning-tree {port} bpdu-protection

This blog has more detailed information: http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/

You can also download this HP whitepaper which discusses the differences in much finer detail: http://www.techdata.ca/techsolutions/networking/whitepapers/Feb10/HP%20Procurve%20Migrating%20from%20Cisco%20to%20ProCurve%20Networks.pdf
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 38808606
It is true that bpdu's are not tied to any vlan. They are merely sent as l2 PDF that under normal circumstances will never go beyond the next device it hits. It uses a special destination MAC address the other switches recognize so they know to look at the data gram.

Bpdu's can contain vlan information (or instance information in the case of MST) when running pvst, but the data gram itself is not tied to a vlan.

In terms of loop protection, it all boils down to what mistake was made. Disabling spanning tree on any given switch allows the opportunity for a loop. Mixing vendors and not taking the time to research and configure compatible spanning tree modes can cause loops. Sometimes people even end up finding out the hard way that some vendors disable spanning tree by default and they cause a loop immediately because they had it plugged in before configuring it (happened to my customer 2 weeks ago with new force10 switches).

The difference between hp and Cisco... They can both use standard modes which are compatible. Cisco also allows for pvst and rapid pvst which I don't believe hp fully supports. When mixing vendors, it is usually best to stick with MST or CST or RSTP (non-pvst unless specifically compatible).

If I had to make a blind guess, I would bet that either you had a switch(es) with spanning tree disabled or bpdufilter set, or the default cisco pvst versus hp MST (not a very compatible mix) caused a big disconnect in who was root for what.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38809400
See attached HP interop guide for detailed explanation and practical examples, STP starts on page 21.

Tamas
procurve-cisco-interop.pdf
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now