Hello, everyone!
Can anyone share best practice with RSTP ? Example, what guard you enable on ports ? Do you use priority default or choose of priority for switches?
I always set a priority 0 on a root switch (provided the switch fabric is large enough to matter, or there actually are redundant paths. It's better IMO for the root to be deterministic rather than random). Ideally, I'll also set a second switch to 4096 if there's one in the fabirc that makes sense to be secondary.
For access ports I always set BPDU Guard.
I very rarely ever set Root Guard or Loop Guard.
@jdsilva wrote:I always set a priority 0 on a root switch (provided the switch fabric is large enough to matter, or there actually are redundant paths. It's better IMO for the root to be deterministic rather than random). Ideally, I'll also set a second switch to 4096 if there's one in the fabirc that makes sense to be secondary.
For access ports I always set BPDU Guard.
I very rarely ever set Root Guard or Loop Guard.
Thank you for answered
For trunk ports what guard do you use ?
Your answer coincided with my actions. I have did priority as same, how did you wrote.
I agree with @Chris_M in that I don't generally use guards on trunk ports. Personally, I tend to prefer UDLD to LoopGuard on fibre links, but there are some differences there so the best advice is to read up on both and pick the one that best suits your use case.
Another good use for Root Guard is if you have a connection to switches that you do not manage, like a third party business partner.
I agree with @jdsilva about setting the root switch priority.
On the whole, I don't use any of the other protective measures, I have had them cause more outages through unexpected failures then they have saved.
@Chris_M wrote:
For trunk ports, you don't really need anything. However, if you using Fiber, you may want Loop Guard, just in case you lose connectivity on one side and accidentally start a loop. Root guard cannot be used with Loop guard.
Root guard is really best near the core to ensure the designated switch is always root, but it will put the trunk port in inconsistent state until resolved. This is best to make sure no rogue switch hijack the network.
Thank you for answer.
What do mean about core ? Is this stacking ?
@AlexanderDrago wrote:What do mean about core ? Is this stacking ?
https://en.wikipedia.org/wiki/Hierarchical_internetworking_model
@jdsilva wrote:
@AlexanderDrago wrote:What do mean about core ? Is this stacking ?
https://en.wikipedia.org/wiki/Hierarchical_internetworking_model
Have read this. Thank you
The core is a switch or a group of switch if you want that handles all traffic within the network. It connects all other distribution and access switches to each other. In smaller network, the core and distribution are the same. You typically use root guard on those switches trunk port to access switches to prevent other switches from becoming root bridge. However, if priority not done correctly, it can cause issues in your network til you resolve them.
@Chris_M wrote:The core is a switch or a group of switch if you want that handles all traffic within the network. It connects all other distribution and access switches to each other. In smaller network, the core and distribution are the same. You typically use root guard on those switches trunk port to access switches to prevent other switches from becoming root bridge. However, if priority not done correctly, it can cause issues in your network til you resolve them.
Thank you