Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Recommendation on selecting Root switch
HiI am about to change all our switches and have pre configured spanning-tree and bpdu protection on all the switches.
I have simplified the drawing by removing a lot of switches, however all switches will connect back to switch 1 with a single crossover cable.
Spanning-tree with Portfast / Admin Edge Port and BPDU protection is configured on all ports with the exception of the uplinks.
I have a question about setting the root switch. I plan to set the bridge priority of switch 1 to have a value of 16384, all other switches are set to default. Would this be the recommended switch to set this on?
Do I also need to set a value of 16384 on the Cisco switch 5 for interface vlan 2?
Kind regards
Rick
Who is Participating?
If Switch one is going to be your main agg switch then it should be your root bridge. If it's also going to traverse vlan 2 traffic then it should also be the root for that segment as well.
For Cisco switches the default value for the bridge priority is 32k+. I would think it was a general standard default amongst other switch vendors as well.
MO
For Cisco switches the default value for the bridge priority is 32k+. I would think it was a general standard default amongst other switch vendors as well.
MO
Hi Michael, many thanks for your reply.
My primary and secondary (backup) routers do both connect to the same switch 1, so all traffic does go through that switch.
I don't however have any config on the switch 1 relating to vlan2. Traffic knows to get to vlan2 via a static route on the router to tell it to go through switch 5.
So, for me to make switch 1 the root for vlan 2 as well, will I just need to add a vlan 2 interface to the HP switch 1 and tag both vlans to the port on switch 1 that connects to switch 5?
Many thanks
Rick
My primary and secondary (backup) routers do both connect to the same switch 1, so all traffic does go through that switch.
I don't however have any config on the switch 1 relating to vlan2. Traffic knows to get to vlan2 via a static route on the router to tell it to go through switch 5.
So, for me to make switch 1 the root for vlan 2 as well, will I just need to add a vlan 2 interface to the HP switch 1 and tag both vlans to the port on switch 1 that connects to switch 5?
Many thanks
Rick
I'm confused. In your diagram, it shows that Switch 5 trunks to Switch 1. I'm assuming it sends the VLAN2 segment through the same link before it hits your Router(s)? Or do you have a separate link on Switch 5 that connects directly to your Router?
MO
MO
Hi, sorry I was trying to condense our network in the drawing I embedded.
There is actually a switch in between 1 and 5 .
The port that goes from this other switch to switch 5 is set up as a trunk for both vlans.
The port that goes from this other switch to switch 1 isn't set up as a trunk port.
There is actually a switch in between 1 and 5 .
The port that goes from this other switch to switch 5 is set up as a trunk for both vlans.
The port that goes from this other switch to switch 1 isn't set up as a trunk port.
Ok, so switches 5 & 6 carry both VLAN1 & 2 over to the intermediate switch. The intermediate switch connects to Switch 1. You specify that it's not trunked to Switch 1, but you are passing VLAN1 traffic from the intermediate to Switch one via the link illustrated, right? You're just not passing VLAN2 traffic? If not, where does VLAN2 traffic go beyond the intermediate switch? Anywhere?
MO
MO
Cisco and HP run incompatible versions of STP. You should use MSTP in mixed environment.
ProCurve & Cisco Spanning Tree Interoperability
And missing switches in drawing for STP are not good idea. Don't forget that max diameter of STP is 7 "hops" (end-to-end anywhere should not be more than 7 switches) and with that said from Cisco switch 1 to Cisco switch 6 is 4 "hops". Diameter actually can be more than 7 hops, however it is not recommended.
ProCurve & Cisco Spanning Tree Interoperability
And missing switches in drawing for STP are not good idea. Don't forget that max diameter of STP is 7 "hops" (end-to-end anywhere should not be more than 7 switches) and with that said from Cisco switch 1 to Cisco switch 6 is 4 "hops". Diameter actually can be more than 7 hops, however it is not recommended.
Hi Michael
The intermediate switch does connect to switch 1 from its port 1.
There is no config on port 1, however traffic from both subnets from vlan 1 and 2 on the other two switches are able to pass through to Switch 1.
!
interface GigabitEthernet0/1
!
Every switch on our network is able to ping every device on switches 5 & 6
Hi Predrag Jovic
Many thanks for your comments and link. I will print this out tomorrow and have a read through.
The only reason that its configured like that is switch 1 is currently an old cisco 2950 24 port. The intermediate switch is a 2960 and connects to switch 5 via a fibre link as its in a different comms room. I appreciate the guidance though.
The intermediate switch does connect to switch 1 from its port 1.
There is no config on port 1, however traffic from both subnets from vlan 1 and 2 on the other two switches are able to pass through to Switch 1.
!
interface GigabitEthernet0/1
!
Every switch on our network is able to ping every device on switches 5 & 6
Hi Predrag Jovic
Many thanks for your comments and link. I will print this out tomorrow and have a read through.
The only reason that its configured like that is switch 1 is currently an old cisco 2950 24 port. The intermediate switch is a 2960 and connects to switch 5 via a fibre link as its in a different comms room. I appreciate the guidance though.
Rick,
What that means is that the connection between the intermediate switch and Switch 1 is automatically trunking and the default behavior is to allow all VLAN traffic through.
MO
What that means is that the connection between the intermediate switch and Switch 1 is automatically trunking and the default behavior is to allow all VLAN traffic through.
MO
Thanks Michael, I'm very grateful for your time and knowledge.
Just to go back to your comment ref the root switch for vlan2, shall I make it the intermediate switch or switch 1?.
I will be leaving 6 cisco switches in place as they are quite new Gigabit switches. The rest will be replaced with HP, so it looks like I've got of extra learning to do on the Cisco / HP compatibility front :-)
regards
Rick
Just to go back to your comment ref the root switch for vlan2, shall I make it the intermediate switch or switch 1?.
I will be leaving 6 cisco switches in place as they are quite new Gigabit switches. The rest will be replaced with HP, so it looks like I've got of extra learning to do on the Cisco / HP compatibility front :-)
regards
Rick
The STP settings are fairly easy to modify. Shouldn't be a big deal at all.
Definitely want to make Switch 1 root for VLAN 1. For VLAN 2, it's really a toss-up. The worry is always about convergence time. In a setting like yours, I don't think it would be much of a problem making Switch 1 the root VLAN 2 as well, but it could also be on the intermediate switch and not be a problem. Do you lose convergence time from the one hop difference? Perhaps, but not anything noticeable, but it might be easier from an administrative level that 1 switch is the root for both VLANs.
MO
Definitely want to make Switch 1 root for VLAN 1. For VLAN 2, it's really a toss-up. The worry is always about convergence time. In a setting like yours, I don't think it would be much of a problem making Switch 1 the root VLAN 2 as well, but it could also be on the intermediate switch and not be a problem. Do you lose convergence time from the one hop difference? Perhaps, but not anything noticeable, but it might be easier from an administrative level that 1 switch is the root for both VLANs.
MO
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month7 days, 18 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
If you don't have redundant links and also have bpdu protection on all non trunk ports basically you don't need STP except as prevention method if redundant link is introduced to your network. You should use it , but basically, you don't need it. In your topology it is needed just be security mechanism so you can use STP's bpdu protection.
HP switches do not understand BPDUs for VLAN 2 (and still HP switches will receive those packets), that's why you need MSTP - both vendor support it and it is compatible between vendors. For STP or RSTP HP sends BPDU in native VLAN.
For your topology there is no difference where root bridge is located, although typically best place for sure would be on distribution switch (switch where interface VLANs are created - typically those are on the same switch (I guess your switch 1 or switch 5)), but there would be no difference if it is placed anywhere else in your topology.