CommScope RUCKUS Community Forums

BenBeck · ‎11-03-2021

Hey all,

I wanted to take a moment to look at spanning tree. By default, ICX switches run 802.1d spanning tree on a per-vlan basis. Ideally, we want to use a protocol with faster convergence such as rapid spanning tree (802.1w). I will go through some general configuration steps and a few best practices. These configurations will not suit all customers, but it is a good starting point for many.

Enabling RSTP on vlan(s)

ICX#conf t
ICX(config)#vlan 10 20 30 <--edits three vlans at once. You can edit vlans one at a time or using a range via the 'to' syntax (vlan 1 to 20)
ICX(config-mvlan-10*30)#spanning-tree 802-1w

Now that 802.1w is running, we will want to set a root bridge priority. If no priority is defined, the default of 32768 will be used. Let us assume you want this switch to be the root bridge. A lower priority number wins, so let us go ahead and set it to zero to ensure this switch becomes root bridge:

ICX(config-mvlan-10*30)#spanning-tree 802-1w priority 0

The resulting configuration will look like this:

vlan 10 by port
 tagged ethe 1/1/1 to 1/1/48 ethe 1/2/1 ethe 1/2/2 ethe 1/2/3 ethe 1/2/4 ethe 1/2/5 ethe 1/2/6 ethe 1/2/7 ethe 1/2/8
 spanning-tree 802-1w
 spanning-tree 802-1w priority 0
!
vlan 20 by port
 tagged ethe 1/1/1 to 1/1/48 ethe 1/2/1 ethe 1/2/2 ethe 1/2/3 ethe 1/2/4 ethe 1/2/5 ethe 1/2/6 ethe 1/2/7 ethe 1/2/8
 spanning-tree 802-1w
 spanning-tree 802-1w priority 0
!
vlan 30 by port
 tagged ethe 1/1/1 to 1/1/48 ethe 1/2/1 ethe 1/2/2 ethe 1/2/3 ethe 1/2/4 ethe 1/2/5 ethe 1/2/6 ethe 1/2/7 ethe 1/2/8
 spanning-tree 802-1w
 spanning-tree 802-1w priority 0

Now that our RSTP instances are running, let's take a look at a couple best practices.

Switch-to-switch connections should be defined as point-to-point links to optimize convergence times. In this example, let us assume ports 1/2/1 through 1/2/8 are all switch-to-switch links:

ICX#conf t
ICX(config)#interface ethernet 1/2/1 to 1/2/8
ICX(config-mif-1/2/1-1/2/8)#spanning-tree 802-1w admin-pt2pt-mac

The resulting configuration:

interface ethernet 1/2/1
 port-name Switch-to-Switch-Connection
 spanning-tree 802-1w admin-pt2pt-mac

Switch-to-client (edge) connections should be defined as operational edge ports. In this example, let us assume ports 1/1/1 through 1/1/48 are all client edge ports:

ICX#conf t
ICX(config)#interface ethernet 1/1/1 to 1/1/48
ICX(config-mif-1/1/1-1/1/48)#spanning-tree 802-1w admin-edge-port

Client ports can also have STP BPDU Guard enabled. This will shut down the port if any BPDUs are received on the port.


ICX#conf t
ICX(config)#interface ethernet 1/1/1 to 1/1/48
ICX(config)#stp-bpdu-guard

The resulting configuration:

interface ethernet 1/1/1
 port-name Client-Port
 spanning-tree 802-1w admin-edge-port
 stp-bpdu-guard

To see RSTP information, you can use the following commands:

ICX#show 802-1w
ICX#show 802-1w detail

Note: If you are running 802.1d, you will use 'show spanning-tree' and 'show spanning-tree detail'. MSTP also has unique commands such as 'show mstp' and 'show mstp detail'

To see all available configuration options for spanning tree, please see our FastIron Layer 2 Switching Configuration Guide:

HTML Version

PDF Version (requires login)

Let us know if you have any questions!

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us

jzsjr · ‎03-06-2024

Ben

Can spanning-tree 8 be used in conjunction with loop-detection and STP BPDU Guard for client-facing ports?

Thank you,

Jim

jzsjr · ‎03-06-2024

Sorry, let me re-phrase this. Can spanning-tree 8's BPDU Guard be used in conjunction with loop-detection or do they conflict?

CommScope RUCKUS Community Forums

Configuring RSTP (802.1w) and Spanning Tree Best Practices on ICX Switches