Proper STP port configuration for Core switches on two separate networks

Comes here often

Proper STP port configuration for Core switches on two separate networks

I have two networks that have a pair of stacked MS425-32 switches as the root bridges on each side. These networks are setup as two separate networks on the Meraki dashboard and they are each configured to be the root bridge in Switch Settings for their network. These two pairs of core switches connect to each other with two fiber connections. I want to make sure that these two sets of switches remain the root bridge for their sides of the network. Currently I have RSTP disabled on the aggregate ports on the MS425 stacks. STP Guard is set to Disabled. I don't think this is the right setup. I don't want spanning tree updates on one network to effect the other network, possibly causing an issue with which set of MS425's is the root bridge - each set should be the root bridge for its side of the network. How should STP be configured on the ports that connect these two networks together on the MS425 stacks?

STP Diagram.jpg 

Kind of a big deal
Kind of a big deal

@skifdank why do you have them as two separate networks and then have them direct L2 connected or are they using a transit VLAN and only routing over this connection?

Comes here often

@cmr Its a transit VLAN on the connections between the two core switches that we use to route traffic between the two networks. Both sides have a set of MX firewalls on top that we use for internet and auto-vpn failover in case the link between the two switches goes down. Geographically the sites are a couple miles apart.

Kind of a big deal

Hi @skifdank , I believe the configuration to be correct on those switch interconnect ports.  If you have RSTP disabled on those ports then no Spanning-Tree information will be processed.


Are you seeing any STP errors in the event log for either network?


Enabling RSTP on a Switch Port

In the RSTP field of the switch port configuration menu, you may select Enabled or Disabled.




RSTP must be enabled globally (see "Enable RSTP Globally") for any ports to be able to participate in Spanning Tree processes. When RSTP is enabled globally, RSTP will be enabled at the port level by default.

A disabled port can be re-enabled by selecting Enabled. While RSTP is enabled on a switch port, that port is able to participate in Spanning Tree processes. It is recommended that RSTP be enabled on all ports.

DisabledRSTP may be disabled at the port level. Disabling RSTP on a port removes the port from any STP processing including any STP guard configuration. Disabling RSTP on a port is not recommended unless the client device connected to the port is incompatible with STP. If RSTP is disabled globally, all ports will have RSTP disabled and cannot have it enabled.



Darren O'Connor |

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.