HPE Community
Comware Based
1753576 Members
6540 Online
108796 Solutions
New Discussion

STP, Loop-protection, and BPDU

 
Gflex78
Advisor

‎05-23-2016 05:36 AM

‎05-23-2016 05:36 AM

STP, Loop-protection, and BPDU

Hi!

 

First posting so please be nice J

I am getting really confused regarding STP, Loop-protection, and BPDU.

Attached a picture.

In your first rack we have 2 firewalls, two Core switches (2915) and 2 distribution switches (2910). All for redundancy.

In all our other racks we have 1 2910 edge switch.

We have enabled STP and sett priority both for the core and the distribution switches. On the edge switches we have just enabled STP.

We have seen some loops and going through the documentation and googling just made us more confused. Some say that STP should only be enable on core switches (and excluded on uplink ports), some say on all. Some say that you should not mix STP and loop-protection and some you should

The questions we have are

  1. Where should we enable STP?
  2. Where should we enable Loop-protection?
  3. Where should we enable BPDU?
  4. Are does three enough?
1 person had this problem.
0 Kudos
7 REPLIES 7
Vince-Whirlwind
Honored Contributor

‎05-23-2016 04:46 PM

‎05-23-2016 04:46 PM

Re: STP, Loop-protection, and BPDU

1. You should enable spanning-tree on all your managed switches. You should configure spanning-tree priorities systematically as follows:
- core switch 4k
- backup core 8k
- distribution layer 16k
- Access switches directly connected to Distribution switch - leave on default priority 32k
- Access switches daisy-chained off other access switches - 32k +4k per "hop" away from DIstribution layer.

2. You should enable loop-protection on all Access ports and all Edge ports. That is to say, enable it on all intrefaces that are connected to hosts on the floor and any 3rd-party networks.

3. BPDU protection same as loop-protection. Access ports and Edge ports.

4. #1 is the most vital. #2 & #3 are good to have.
DHCP snooping is pretty good too.
Also, broadcast limit can be useful.
Often overlooked is setting up multicasting properly - many devices use multicast by default and if you don't ever bother configuring it (like most people) the multicast traffic could be doing all sorts of weird things. Pick a central switch to be the "querier", another central switch to be "backup" and turn off querier on all other switches.

Gflex78
Advisor

‎05-24-2016 05:43 AM

‎05-24-2016 05:43 AM

Re: STP, Loop-protection, and BPDU

Hi Vince-Whirlwind!

 

Thank you for you clarifications. And also thanks for pointers on overlooked fetures.

 

Concider this isue resolved, will ceep it open for a while incase anyone else has any pointers. Thnak you for your time and have a great day!

0 Kudos
16again
Respected Contributor

‎05-24-2016 11:51 AM

‎05-24-2016 11:51 AM

Re: STP, Loop-protection, and BPDU

In addition to earlier recommendations:
If you do have way more access switches than shown in drawing  (2core and 2 distribution switches for 2 access switches seems overkill to me) start considering using L3 mode and routing protocol like OSPF.

For ports connecting 3rd party networks, disable STP, and only use loop protection. 

0 Kudos
Gflex78
Advisor

‎05-24-2016 01:16 PM

‎05-24-2016 01:16 PM

Re: STP, Loop-protection, and BPDU

The strange thing is when i enable loop-protection on a edge port it dosent work.

If i disable it and only user  STP it works. port 20 below dosnt work and port 21 works.

Any ideeas? Is STP enabled on all ports on the edge ports "good enugh"?

I read somewhere that you shoulden enable STP and loop-preotection toghetoher

interface Ten-GigabitEthernet1/0/20
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30 40 50  
stp loop-protection
stp port bpdu-protection enable

interface Ten-GigabitEthernet1/0/21
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 20 30 40 50
stp port bpdu-protection enable

0 Kudos
Vince-Whirlwind
Honored Contributor

‎05-24-2016 07:32 PM

‎05-24-2016 07:32 PM

Re: STP, Loop-protection, and BPDU

What kind of switch is this?

The command I was referring to is a global command "loop-protect ..." not "stp loop-protection" in an interface context.

0 Kudos
Gflex78
Advisor

‎05-25-2016 01:42 AM

‎05-25-2016 01:42 AM

Re: STP, Loop-protection, and BPDU

Hi Vince-Whirlwind

 

We hvae bought a HPE 5900AF-48XGT that i am playing around with.

That one has slighltly difrent commans sp insted off spanning-tree your wright STP

 

0 Kudos
Vince-Whirlwind
Honored Contributor

‎05-25-2016 04:37 PM

‎05-25-2016 04:37 PM

Re: STP, Loop-protection, and BPDU

You've posted this in the wrong forum then - that switch is not Provision, it's an HP re-badged 3COM switch, so you should be in the "Comware" forum.

On Comware it's done with 2 commands:
loopback-detection enable vlan all
loopback-detection action shutdown

The stp loop-protection you were trying to enable is Loop Guard. You absolutely do *not* want that on your Edge/Access ports.

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.