Solved

Port Fast, BPDU and HyperV

Posted on 2014-01-20
14
1,794 Views
Last Modified: 2014-02-05
Hello Experts,

I'm having a little trouble understanding portfast, bpdu guard, smart ports and when to use them
 I am also running into problems whilst enabling smartports and using HyperV (2012 R2).

 Should I be plugging our VOIP PBX into a portfast port and do I also need to enable bpdu guard?
 Would it be your advice to also set this as a smartport and label it as a switch?

 Secondly, what about all our other servers? Should they have portfast enabled and bpdu guard?

 Lastly :) - When enabling smartports and selecting a desktop for a port, whenever a Hyper V host server is plugged into that port with a few VM's running on the same NIC (not recommended I know) we seem to be getting constant intermittent network disconnections. So a server will work fine and when the other VM starts that VM will get network connectivity and the first looses network connectivity. Single servers do not have this issue.

I believe it maybe the result of multiple MAC addresses on the same NIC therefore the Cisco switch may be blocking multiple connections? Is there a way to check this on the switches? It's a Cisco 2960 by the way.


 Thanks!
0
Comment
Question by:dqnet
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 7

Expert Comment

by:unfragmented
ID: 39793944
generally, use portfast and bpduguard whenever you connect to anything except a switch.  

PBX is not a switch, therefore it should have portfast and bpduguard on the port.

Server is not a switch, therefore should have portfast and bpduguard on the port.

If you think something funny is going on with the switch, console or telnet into it and do a show log.  That should give you some clues.

The desktop smartport macro enables portsecurity.  This sounds like your issue.  Multiple MAC addresses from the hyperv host will cause the port to lockout.  Disable with cli command "no switchport port-security" on the relevant interface.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39794348
Just to expand on portfast and bpdu guard.  however unfragmented is correct.

These are related to spanning tree protocol (STP) which is solely used to remove layer 2 loops in a switching environment.  There are times that you know no loop is possible.  Such as when you plug a single layer 2 device into a port (e.g. PBX, server).  So enabling portfast "skips" a lot of the STP process that tries to detect if forwarding data on that port would cause a loop.  Since you know that it won't it is safe to enable that so that your devices can start sending data faster.

BPDU guard on the other hand should normally be used with portfast.  Remember portfast skips states so that the port forwards data.  What if you move the PBX and plug a switch into that port.  Well now you might accidentally introduce a loop.  BPDU's are messages that switches send to one another to determine where loops are occurring so it can shut down interfaces to prevent looping.  So enabling BPDU guard will disable an interface that receives a BPDU message because its expecting that it should /not/ see those types of messages and if it does then something is wrong.

I have limited experience with HyperV but I thought the virtual switches they have are cable of vlans.  So again, what unfragmented is correct in that HyperV is most likely causing some of the issues you're seeing based on if portfast/bpdu guard is enabled.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39795052
There isn't a mac address restriction on the port unless you explicitly set up port security.

In regards to the multiple VM's on that interface. Is the port setup as a trunk?

Anytime I connect ESX hosts to any or our switches I set the interface to trunk mode.

You also want portfast on the trunk:

int typex/x
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
0
 

Author Comment

by:dqnet
ID: 39805044
Hi experts,

Learnt a ton for your answers.. Thanks a million..!

I'll make all the necessary amendments and get back to you for your advice!
0
 

Author Comment

by:dqnet
ID: 39808520
I was on my way to configure portfast and bpdu guard on our ports however when I went to this site:  http://www.omnisecu.com/cisco-certified-network-associate-ccna/how-to-configure-and-verify-spanning-tree-protocol-stp-portfast.php   to get an idea of how to do them on the necessary ports I noticed the part where it says;

"%Portfast will be configured in 10 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.
Switch2(config-if-range)#end"

my interfaces are currently set with no access or no trunking. I understand the differences between the two and since all ports will be on the default vlan with no other then using trunk I am assuming is fine. But why does it say on that site that portfast doesn't work on trunk ports?

my ports are currently configured with nothing so they look like this;

interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
etc. etc.

thanks.
0
 

Author Comment

by:dqnet
ID: 39808533
Total ignorance - excuse the last comment.
So just to confirm I will be enabling;

portfast, bpdu and switchport mode access

correct?
0
 

Author Comment

by:dqnet
ID: 39813141
Anyone?
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39813204
with hyperv it should just be treated as a trunk port. granted I haven't worked with it for long as I found too many limitations for my environment.  however everywhere i've read it should be treated as a trunk port so no portfast, bpdu guard, etc.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39813209
Yes,

switchport mode access
 lock the port into access mode, so it doesn't try to negotiate into a trunk.

Yes, portfast and bpdu guard should be enabled on any port where there is an endhost connected to it.

There are case where you would enable portfast on trunks, this is the command spanning-tree portfast trunk

This is used on endhosts that are doing trunking suck as VMWare server hosts.
0
 

Author Comment

by:dqnet
ID: 39827536
So if I was to convert all my HyperV host ports to a trunk and  I don't enable portfast on a trunk wouldn't it take a long time for the servers to communicate?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39827739
No, you SHOULD enable portfast on the the trunks to your HyperV hosts? What if some of those VM's require DHCP services. The port wouldn't come up in time. Use the command I posted above for your ports connected to HyperV hosts.

spanning-tree portfast trunk
0
 

Author Comment

by:dqnet
ID: 39836029
@Soulia
Unless I understood wrong, Cyclops is saying the opposite " however everywhere i've read it should be treated as a trunk port so no portfast, bpdu guard, etc."

??
0
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39836080
What you are reading is regarding trunks that connect to other switches. If you are connecting to a server that is tagging traffic in which a HyperV or VMWare esx host is doing, you will want to use spanning-tree portfast trunk. Believe me I use it in my datacenters.
0
 

Author Comment

by:dqnet
ID: 39836140
Great - thanks
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now