Ross, Thank you for that:
>> I'm new to Spanning Trees and have read up on them, but need >> advice and guidance. I have the manuals and can set STP up - >> it is design that is my concern. My LAN is more complicated >> than this, but the following example will help me explain. > Quick word of advice especially with STP - do many mockups > in your lab and understand how to troubleshoot it when it blows > up. Implementing STP on an existing network can go horribly > wrong in a hurry I will. I have some old switches lying around and, while they don't support RSTP, it will help me understand behaviour. >> I have four switches (A, B, C & D) linked in a loop comprising >> 1Gbps fibre. Switch A is connected to a primary WAN router >> while switch C is connected to the secondary WAN router - the >> two routers working in a simple HSRP fail-over set. I want to >> ensure that this loop will survive the failure of any one link >> (e.g. if the link between A & B goes down, B will still be able >> to connect to the primary router via C & D. > Like this? > R1--A----B > | | > R2--C----D > Or... > R1--A----B > | | > D----C--R2 The second of those. >> I currently have the STP path costs set to A=4, B=5, C=6 and D=7 > This doesn't make much sense. STP path costs are determined by > tallying the port costs (remember two ports per link), this happens > for each path it sees back to the root, and if the two paths are of the > same cost then port priority is consulted. In a basic ring it doesn't > really matter that much, but you said your LAN is more complex > than this example. On reading your response - and used the links you suggested - I note that I could just leave everything as default and let STP sort itself out. The core topology is that simple, but we have some core clients off switch B and they need the best resilience / throughput. When this was originally set up - all links were 1Gb with the exception of C/D which was 100Mb. I've just upgraded C/D to 1Gb. We plan to upgrade D/A and B/C to 10Gb - but the other two distances are too much and will need to stay at 1Gb. All four switches have other switches hanging off them on long fibre links - but none of these satellite switches are connected to more than one switch. Only the four core switches have two links between them (e.g. A-B or A-D-C-B). >> Question 1: Does this make sense? Should the "root bridge" (using >> Wikipedia terminology) always be the one connected to the primary >> WAN router? Does STP work well when the WAN uplink fails over >> to the secondary or doesn't it matter. > In your example, each switch can be designated as a root bridge by way > of priority. On newer IOS switches you can simply run "spanning tree > vlan 9 priority root primary" or "...priority root secondary". Older units > you just enter the number on your own. You can configure this to match > the priorities of your routers. > In a basic example with the 4 switches, the default behaviour will be to > block off the longest path back to root. In the first little diagram, B > would block it's link towards D. D however has two equal-length paths > so will block whichever port is higher numbered. (lower numbered ports > = lower numeric priority). If D's link to C is on port 1 and D's link to B > on port 24 or whatever, this will be fine. Otherwise you need some manual > configuration. I will need to ponder on this. > The better idea IMHO is to determine which link should normally see lower > bandwidth and block that. With the first diagram, if your traffic is primarily > LAN stuff between B & D, I'd consider increasing port costs to block either > A-C or C-D depending on how your HSRP is configured and the other > resources lurking on your switches. The primary router is on A. Key, but low bandwidth, users are on B (they generate cash for the business). "Power" users (big spread sheets) are on A. C & D support "normal" users. >> The switch configurations seem to show that other ports - e.g. those >> connected to end-devices (printers / PCs) have an STP state of >> "forwarding". >> >> Question 2: Should I set all non-uplink (interswitch) ports as "disabled"? > Bad idea. One rogue D-Link and the whole thing blows up. (or maybe just > that switch). Spanning Tree is pretty much mandatory anywhere near edge > ports where curious hands can play with cables. One problem that arises is > that default timers in the 30s range can cause some operating systems to > think DHCP isn't working. You can turn the timers down to address this, > or set portfast and enable root guard and BPDU guard. These switches, and their patch panels) are in locked cabinets. But people could plug anything into the wall-ports. I will certainly set portfast and enable root guard and BPDU guard on all non-fibre ports. [Fibre is only used for the inter-switch links.] >I strongly recommend reading through some of the stuff here: >http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008 00951ac.shtml >http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_protocol _home.html Thank you. >Cheers >Ross _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
