06-23-2017 08:33 AM
I'm trying to wrap my head around some of this. Is the following correct?
I want spanning-tree 802-1w admin-edge-port on ports with devices (non-switches).
I want spanning-tree 802-1w admin-pt2pt-mac on ports with switches.
If the port is empty and I'm not sure what's going to be plugged into it, I want no spanning-tree?
I put stp-bpdu-guard on ports with non-switches.
And I put spanning-tree root-protect on ports with switches?
Anything else I should be enabling or disabling?
If I'm looking at the logs for a Brocade switch and there are a lot of STP DOT1wTransition alerts on a port connected to a non-Brocade switch, what do I enable/disable on the Brocade switch to keep that port happy?
If I have two 6450s connected to a 7250 and they're showing New RootPort and New RootBridge alerts, that's when I should have spanning-tree root-protect on the 7250 ports they're connected to, right?
06-29-2017 01:25 AM
Correct you need spanning-tree 802-1w admin-edge-port on ports connected to edge devices (servers etc.)
Correct you need spanning-tree 802-1w admin-pt2pt-mac on ports connected to other switches over point to pint links (not shared media).
I would suggest that on ports connected to unknown devices these are configured with spanning-tree 802-1w admin-edge-port.
Root should always be configured in topology by setting bridge priority to ensure a known switch will become root
On ports connected to edge hosts where you NEVER expect to receive BPDUs you can enable stp-bpdu-guard. And on ports connected to other switches which are not expected to ever become root spanning-tree root-protect can be enabled.
Any other switches connected to the environment should also be running RTSP to ensure that these are part of the same STP topology, you may need to set PVST+ compatibility with these devices if they run PVST+ type RSTP.
To prevent changes of root as mentioned before root should be configured by setting bridge priority.