06-18-2024 12:10 AM
hello everyone. I have a wiring diagram like below:
I found a company where stp seems to work the way it wants and I want to change it. with extreme my experience is not very great.
when I check show stpd s0, I see that the root is switch mgmt 440g2, which should not be the case.
I once restarted the X670G2 switch from the diagram because only the mgmt 440g2 switch is connected to it, so I had a break in the network, probably due to tree reconstruction - it was not the best experience. I would like to move root stp to peer mlag but I don't know if it might be the best idea?
Ultimately, I want to get rid of the X670G2 switch and connect the 440G2 to mlag and at the same time I want to transfer the STP root.
X670G mlag
most devices in switches are intended for servers, arrays or firewalls. what should I pay attention to?
Do I need to use any specific configuration for server ports or mlag ports? I wanted to do root on mlag 1 and root backup on mlag2, but I also saw articles to be careful with stp configuration on mlag switches
X670G2 - he has definitely more vlans in autobind
and root X440G2 (he has the least number of vlans in autobind)
06-18-2024 05:26 AM
wsalkos,
At first glance, all the switches have the same STP Bridge priority, so following the standards there is an election for root bridge. If you want to specify which switch is the root, you should adjust the priority of that switch to be the lowest (usually 4096). There are some good examples/explanations with the user guide available for download from Extreme's Support Portal/Documentation site.
Are you using STP strictly for edge device loop prevention? If so, and the rest of the network is Extreme, we've had much better luck using ELRP.
Thanks,
Bill
06-18-2024 09:13 AM
Bridge prio is 0 as the lowest. It's just some Cisco fanboys proclaim not to use it, but use 4k instead in order to have a way of setting an even lower prio if all else fails. I think this is totally bonkers and always set the root to prio 0 and the secondary root to 0 or 4k depending on whichever wins the election of they are both 0. I have seen enough misbehaving gadgets (mainly industrial switches) with prio 0 and a low MAC address that take over a VLAN or an entire network not to use the lowest prio for the root.
OP: Why spanning tree at all? Sure, for blocking loops with STP, edge port it's fine, but you have no ring, why use STP? All you accomplish is to make your network vulnerable to STP BPDU injection. Aren't your switches supposed to have active links between them all the time or would you like some arbitrary device in your network (or a misbehaving OS in the switch) cause your links to block?
Use STP Edge for all access ports (anything that is not one of your switches essentially) and disable STP on all switch-to-switch links! If you actually do build a ring, activate STP on those ports with full control over cost, prio and redundancy.
06-23-2024 11:15 PM
hello, thank you for your answers. Yes, the priorities are at default values, but I didn't want to change them so as not to cause a break.
we have implemented the elrp mechanism on user switches. We have about 50 access switches and stp is implemented there. Unfortunately, the topology is constructed in such a way that these switches are connected to USR_Core and then to Core MLAG, hence probably STP.
Will it be safe to disable STP on server ports?
We have one link connected to one mlag-road port and a server link to the second mlag port.
I just don't want the rebuilt STP structure to affect the operation of the servers, only the access switches.
Another issue is whether it will be safe to run root STP on one of the MLAG switches?