?
Solved

Spanning Tree Question

Posted on 2013-01-22
3
Medium Priority
?
560 Views
Last Modified: 2013-02-17
Hi all,

I've recently read that, unlike Cisco, BPDUs are not sent on the native/untagged - or any other - vlan.

Questions:

1. Is this really true?
2. If so, what effect does this have on spanning tree's ability to correctly detect loops?
3. What considerations are there on a medium sized HP Procurve network (20 switches, with separate access + distribution layers) to ensure that spanning tree correctly detects loops?

Basically, I'm looking for a decent explanation on how this difference between Cisco's and HP's implementation of spanning tree, and how I can prevent loops in an HP environment.

(this isn't academic, a recent loop in the network took out all switches and all vlans on the entire network)

Cheers
0
Comment
Question by:cakelayers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Expert Comment

by:convergint
ID: 38806088
On Procurve switches the BPDU is turned off by default and you must enable it to protect your network from loops.

The syntax from the CLI is:

spanning-tree all bpdu-protection

This basically enables the bpdu protection on every port, afterwards you should disable it on the uplink ports:

no spanning-tree {port} bpdu-protection

This blog has more detailed information: http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/

You can also download this HP whitepaper which discusses the differences in much finer detail: http://www.techdata.ca/techsolutions/networking/whitepapers/Feb10/HP%20Procurve%20Migrating%20from%20Cisco%20to%20ProCurve%20Networks.pdf
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 2000 total points
ID: 38808606
It is true that bpdu's are not tied to any vlan. They are merely sent as l2 PDF that under normal circumstances will never go beyond the next device it hits. It uses a special destination MAC address the other switches recognize so they know to look at the data gram.

Bpdu's can contain vlan information (or instance information in the case of MST) when running pvst, but the data gram itself is not tied to a vlan.

In terms of loop protection, it all boils down to what mistake was made. Disabling spanning tree on any given switch allows the opportunity for a loop. Mixing vendors and not taking the time to research and configure compatible spanning tree modes can cause loops. Sometimes people even end up finding out the hard way that some vendors disable spanning tree by default and they cause a loop immediately because they had it plugged in before configuring it (happened to my customer 2 weeks ago with new force10 switches).

The difference between hp and Cisco... They can both use standard modes which are compatible. Cisco also allows for pvst and rapid pvst which I don't believe hp fully supports. When mixing vendors, it is usually best to stick with MST or CST or RSTP (non-pvst unless specifically compatible).

If I had to make a blind guess, I would bet that either you had a switch(es) with spanning tree disabled or bpdufilter set, or the default cisco pvst versus hp MST (not a very compatible mix) caused a big disconnect in who was root for what.
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38809400
See attached HP interop guide for detailed explanation and practical examples, STP starts on page 21.

Tamas
procurve-cisco-interop.pdf
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question