cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring RSTP (802.1w) and Spanning Tree Best Practices on ICX Switches

BenBeck
Moderator
Moderator

Hey all, 

 

I wanted to take a moment to look at spanning tree. By default, ICX switches run 802.1d spanning tree on a per-vlan basis. Ideally, we want to use a protocol with faster convergence such as rapid spanning tree (802.1w). I will go through some general configuration steps and a few best practices. These configurations will not suit all customers, but it is a good starting point for many. 

 

Enabling RSTP on vlan(s) 

 

ICX#conf t
ICX(config)#vlan 10 20 30 <--edits three vlans at once. You can edit vlans one at a time or using a range via the 'to' syntax (vlan 1 to 20)
ICX(config-mvlan-10*30)#spanning-tree 802-1w

 

Now that 802.1w is running, we will want to set a root bridge priority. If no priority is defined, the default of 32768 will be used. Let us assume you want this switch to be the root bridge. A lower priority number wins, so let us go ahead and set it to zero to ensure this switch becomes root bridge:

 

ICX(config-mvlan-10*30)#spanning-tree 802-1w priority 0

 

The resulting configuration will look like this:

 

vlan 10 by port
 tagged ethe 1/1/1 to 1/1/48 ethe 1/2/1 ethe 1/2/2 ethe 1/2/3 ethe 1/2/4 ethe 1/2/5 ethe 1/2/6 ethe 1/2/7 ethe 1/2/8
 spanning-tree 802-1w
 spanning-tree 802-1w priority 0
!
vlan 20 by port
 tagged ethe 1/1/1 to 1/1/48 ethe 1/2/1 ethe 1/2/2 ethe 1/2/3 ethe 1/2/4 ethe 1/2/5 ethe 1/2/6 ethe 1/2/7 ethe 1/2/8
 spanning-tree 802-1w
 spanning-tree 802-1w priority 0
!
vlan 30 by port
 tagged ethe 1/1/1 to 1/1/48 ethe 1/2/1 ethe 1/2/2 ethe 1/2/3 ethe 1/2/4 ethe 1/2/5 ethe 1/2/6 ethe 1/2/7 ethe 1/2/8
 spanning-tree 802-1w
 spanning-tree 802-1w priority 0

 

Now that our RSTP instances are running, let's take a look at a couple best practices.

 

Switch-to-switch connections should be defined as point-to-point links to optimize convergence times. In this example, let us assume ports 1/2/1 through 1/2/8 are all switch-to-switch links:

 

ICX#conf t
ICX(config)#interface ethernet 1/2/1 to 1/2/8
ICX(config-mif-1/2/1-1/2/8)#spanning-tree 802-1w admin-pt2pt-mac

 

The resulting configuration:

 

interface ethernet 1/2/1
 port-name Switch-to-Switch-Connection
 spanning-tree 802-1w admin-pt2pt-mac

 

Switch-to-client (edge) connections should be defined as operational edge ports. In this example, let us assume ports 1/1/1 through 1/1/48 are all client edge ports:

 

ICX#conf t
ICX(config)#interface ethernet 1/1/1 to 1/1/48
ICX(config-mif-1/1/1-1/1/48)#spanning-tree 802-1w admin-edge-port


Client ports can also have STP BPDU Guard enabled. This will shut down the port if any BPDUs are received on the port. 


ICX#conf t
ICX(config)#interface ethernet 1/1/1 to 1/1/48
ICX(config)#stp-bpdu-guard

 

The resulting configuration:

 

interface ethernet 1/1/1
 port-name Client-Port
 spanning-tree 802-1w admin-edge-port
 stp-bpdu-guard


To see RSTP information, you can use the following commands:

 

ICX#show 802-1w
ICX#show 802-1w detail


Note: If you are running 802.1d, you will use 'show spanning-tree' and 'show spanning-tree detail'. MSTP also has unique commands such as 'show mstp' and 'show mstp detail'

 

To see all available configuration options for spanning tree, please see our FastIron Layer 2 Switching Configuration Guide:

 

HTML Version

PDF Version (requires login)

 

Let us know if you have any questions!

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us
7 REPLIES 7

jzsjr
New Contributor II

Ben

Can spanning-tree 8 be used in conjunction with loop-detection and STP BPDU Guard for client-facing ports?

Thank you,

Jim

jzsjr
New Contributor II

Sorry, let me re-phrase this. Can spanning-tree 8's BPDU Guard be used in conjunction with loop-detection or do they conflict?

inphobia
Contributor

heya,
thx for this overview, is there a chance that the 10.0.10 & 10.0.20 docs could get a review? often they still make point of mentioning switch & router images, while since 10 it's a unified image:

a few examples:
https://docs.commscope.com/bundle/fastiron-10020-l2guide/page/GUID-92D9B12D-8B95-46DD-8482-781DAD6D3...
https://docs.commscope.com/bundle/fastiron-10020-l2guide/page/GUID-4F5D9098-E962-4C38-BA57-0C0D38ABB...

also, "Standard STP Parameter Configuration" states "For FastIron 10.0.00 and later, STP is disabled by default." on the very next page "STP Parameters and Defaults" it says "Default STP State: enabled"

on a more serious note: i've found it hard to figure out the difference what the difference is between global, port-based vlan & individual port stp. in particular regarding what interactions/overrides they can have.

i'm also not clear on what to make of this:
https://docs.commscope.com/bundle/fastiron-10020-l2guide/page/GUID-A7C9E7F9-8349-4B09-82D5-A4AA81723...
it starts out with " can be enabled on a port-based VLAN or on an individual port" , but in the first attention item it then talks about "even when 802.1W is globally disabled".

trying to get some 7850's up & running but stp hasn't really been playing along.

thx