Topology: http://ift.tt/2yWPLoO
Configuring all of these individually with just 3 switches makes sense, however with this topology it just doesn't.
I am working on reviewing my notes and STP, starting back from PVST+ and working all the way to MST. At this time I am trying to create a topology that utilizes all of the STP toolkit features per best practice. However I am actually having a hard time with root-guard and where exactly I should use it, especially with this being a L2 load balanced topology (again this is just for reviewing classic STP and PVST+ I am not actually deploying this).
My understanding is it should be applied to designated ports that connect to other switches. With loopguard my understanding is it should go on non designated ports. Hence why I have it enabled on those ports facing upstream. The problem with the topology is if I remove G3/0 from the switches, I can never get CORESW2 to actually reach VLAN 1. I don't have root guard enabled on this link, just loopguard. I may actually just have the design wrong, but to me having root guard on those ports facing the access switches makes sense.
So my final question is, is root guard just meant more for DIST to access layer and not from core to dist? Is the problem here that I am using a collapsed core scenario?
CORESW1: en conf t vlan 2 exit int range g0/0 - 1, g1/1 switchport mode trunk no shut spanning-tree guard root int g3/0 switchport mode trunk no shut spanning-tree guard loop spanning-tree vlan 1 root primary spanning-tree vlan 2 root secondary spanning-tree backbonefast note2: Uplinkfast cannot be used at root bridges because it's an access/dist layer tech that increases priority and port cost SW3, SW4, SW5: en conf t spanning-tree uplinkfast spanning-tree backbonefast vlan 2 exit spanning-tree portfast edge bpduguard default int range <uplinks> spanning-tree guard loop switchport mode trunk no shut int range <access ports> switchport host
No comments:
Post a Comment