This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.

CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E


Sunday, July 10, 2011

Best Practices Part 1 - Layer 2 Spanning-Tree

The topology depicted in the diagrams is used to help demonstrate data flow during failure and to provide discussion around best practices and may not be necessarily be configured as optimal as possible. I will provide examples in a series of blogs that will provide alternate technical solutions that follow best practice guidelines.

Topology Image
Normal Data Path Flow
 Data Path Flow Root Fail

Data Path Flow-Access Trunk Fail
Data Path Flow Router Fail

Spanning-Tree mode Rapid-PVST (802.1w) or MST (802.1s) - I will show more about load balancing techniques leveraging each of these technologies in "Layer 2 Spanning-Tree Best Practices Part-2" Deterministic blocked ports - in this example we know exactly which ports are going to be blocked by STP. All redundant connections to the secondary root bridge will be blocked. Cisco also recommends that you do not exceed STP diameter of seven hops. Ensure that you hard configure your Root and Secondary Root bridges. Ensure that you only allow required VLAN's over the trunks to ensure you are not running unnecessary STP instances.

Features to leverage include:
Access Layer
-portfast
-bdpuguard
-disable DTP
-loopguard
-etherchannel Guard

Distribution Layer
-root and secondary root placement
-root guard
-disable DTP
-etherchannel Guard

Leverage EtherChannel to reduce the number of ports that need to transition from blocking to forwarding state when leveraging multiple links.

EtherChannel Ports
-EtherChannel Guard



Example:
Access Switch
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 61440
spanning-tree portfast bpduguard default
spanning-tree loopguard default

interface gig x/x
 description Link-to-RootBridge
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11
 switchport nonegotiate

interface gig x/x
 description Link-to-SecondaryBridge
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11
 switchport nonnegotiate

interface gig x/x
 description Link-to-Server
 switchport mode access
 switchport access vlan 10
 switchport nonnegotiate
 spanning-tree portfast

Distribution Switch
spanning-tree etherchannel guard misconfig
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 0
spanning-tree portfast bpduguard default

interface gig x/x
 description Link-to-AccessSwitch
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11
 switchport nonnegotiate
 spanning-tree guard root

interface port-channel 1
 description Link-to-SecondaryRoot
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11,12,13,14
 switchport nonegotiate

interface gig x/x
 description Link-to-SecondaryRoot-1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11,12,13,14
 switchport nonegotiate
 channel-group 1 mode active

interface gig x/x
 description Link-to-SecondaryRoot-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk allowed vlan 10,11,12,13,14
 switchport nonegotiate
 channel-group 1 mode active

Optional STP Features

2 comments:

Anonymous said...

Excellent Blog, many thanks

Anonymous said...

where can i find part 2?

Post a Comment