Hi Tony, Thanks for the suggestion. We already do that on all access ports on the HP switches that support it. However, on the trunks between HP and Cisco we have to run MST or RSTP for link redundancy. I want to keep RSTP or MST on those links, but disable PVST+.
Regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands ________________________________ From: Tony [mailto:[email protected]] Sent: woensdag 23 juni 2010 16:20 To: [email protected]; Ingen Schenau, J. van (ICTS) Subject: Re: [c-nsp] Disabling PVST+ in mixed vendor network Hi, Have you looked at the command "spanning-tree bpdufilter enable" ? I use it to filter stuff inbound to some cat3550 switches. The documentation says: "Enabling BPDU filtering on an interface is the same as disabling spanning tree on it" regards, Tony. --- On Wed, 23/6/10, [email protected] <[email protected]> wrote: From: [email protected] <[email protected]> Subject: [c-nsp] Disabling PVST+ in mixed vendor network To: [email protected] Received: Wednesday, 23 June, 2010, 11:49 PM Hi, Maybe this issue is more of a "campus" nature than NSP related... but I think this list reaches more knowledgeable people :) We're running a mixed vendor network: a couple of Cat6k switches (Sup720-3B) at the core for L3 (internal routing, BGP) and some L2 switching on campus-wide VLANs, and a lot (300+) of HP ProCurve switches for all other L2 switching needs. We'd like to completely kill proprietary STP stuff from our network and only run STP, RSTP and MST. Do any of you know a way to stop the Cat6k from generating PVST / PVST+ and, more imoprtantly, from acting upon accidentally received frames of that type? We already drop PVST+ on all ProCurve switches that support it, but once in a while a frame makes it through. Last time that caused a 10 GE port to go into "PVST Inconsistent" state, dropping one of our DC's off the network until we manually toggled the port down/up. Due to historical, political and budgetary reasons we have to operate large L2 domains. That's going quite well, but the last large disruptions we had were all due to "PVST Inconsistent" ports while there was nothing wrong with the logical topology. So I hope to get some insight how to avoid that :) Regards, Jeroen van Ingen ICT Service Centre University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
