RSTP

AlexanderDrago
Getting noticed

RSTP

Hello, everyone!

Can anyone share best practice with RSTP ? Example, what guard you enable on ports ? Do you use priority default or choose of priority for switches?

10 REPLIES 10
jdsilva
Kind of a big deal

I always set a priority 0 on a root switch (provided the switch fabric is large enough to matter, or there actually are redundant paths. It's better IMO for the root to be deterministic rather than random). Ideally, I'll also set a second switch to 4096 if there's one in the fabirc that makes sense to be secondary.

 

For access ports I always set BPDU Guard. 

 

I very rarely ever set Root Guard or Loop Guard. 


@jdsilva wrote:

I always set a priority 0 on a root switch (provided the switch fabric is large enough to matter, or there actually are redundant paths. It's better IMO for the root to be deterministic rather than random). Ideally, I'll also set a second switch to 4096 if there's one in the fabirc that makes sense to be secondary.

 

For access ports I always set BPDU Guard. 

 

I very rarely ever set Root Guard or Loop Guard. 


Thank you for answered

For trunk ports what guard do you use ?

Your answer coincided with my actions. I have did priority as same, how did you wrote.

For trunk ports, you don't really need anything. However, if you using Fiber, you may want Loop Guard, just in case you lose connectivity on one side and accidentally start a loop. Root guard cannot be used with Loop guard.

Root guard is really best near the core to ensure the designated switch is always root, but it will put the trunk port in inconsistent state until resolved. This is best to make sure no rogue switch hijack the network.

Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
jdsilva
Kind of a big deal

I agree with @Chris_M in that I don't generally use guards on trunk ports. Personally, I tend to prefer UDLD to LoopGuard on fibre links, but there are some differences there so the best advice is to read up on both and pick the one that best suits your use case.

 

Another good use for Root Guard is if you have a connection to switches that you do not manage, like a third party business partner.  

PhilipDAth
Kind of a big deal
Kind of a big deal

I agree with @jdsilva about setting the root switch priority.

 

On the whole, I don't use any of the other protective measures,  I have had them cause more outages through unexpected failures then they have saved.


@Chris_M wrote:
For trunk ports, you don't really need anything. However, if you using Fiber, you may want Loop Guard, just in case you lose connectivity on one side and accidentally start a loop. Root guard cannot be used with Loop guard.

Root guard is really best near the core to ensure the designated switch is always root, but it will put the trunk port in inconsistent state until resolved. This is best to make sure no rogue switch hijack the network.

Thank you for answer.
What do mean about core ? Is this stacking ?


@jdsilva wrote:

@AlexanderDrago wrote:

 

What do mean about core ? Is this stacking ?

https://en.wikipedia.org/wiki/Hierarchical_internetworking_model

 



Have read this. Thank you

The core is a switch or a group of switch if you want that handles all traffic within the network. It connects all other distribution and access switches to each other. In smaller network, the core and distribution are the same. You typically use root guard on those switches trunk port to access switches to prevent other switches from becoming root bridge. However, if priority not done correctly, it can cause issues in your network til you resolve them.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator


@Chris_M wrote:

The core is a switch or a group of switch if you want that handles all traffic within the network. It connects all other distribution and access switches to each other. In smaller network, the core and distribution are the same. You typically use root guard on those switches trunk port to access switches to prevent other switches from becoming root bridge. However, if priority not done correctly, it can cause issues in your network til you resolve them.


Thank you

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels