If you turn on spanning tree, how do you know there is an issue with your network?
Solution 1:
You watch your switch logs for spanning tree events, or configure your switches to send SNMP traps when STP shuts down a port.
Solution 2:
Testing. If you want to know that something is working, you test it.
Once you've enabled STP, schedule network maintenance and plug a cable in a loop. If the network is still working then the loop was detected by STP. If your network goes down then STP isn't working.
Solution 3:
Spanning tree does not think a loop is an "error". They are part of the protocol and it will find the ports that cause loops, and then disable forwarding on them. I think you're trying to use a protocol to find out if a certain condition exists, but that's not really its primary purpose. A "well-designed" network may very well have loops normally (for redundancy). In addition to turning on logging event spanning-tree status (or the equivalent on your platform), think outside the box. A loop in your network (if not disabled by spanning tree) will cause large traffic levels in a broadcast storm. So graph those levels and in your monitoring platform if you see a sharp rise in traffic you've probably got a loop.
Solution 4:
Here are some extra things to consider in your STP/RSTP/MSTP implementation along with your testing:
- Set your switch priorities to ensure that a predetermined switch is elected as the root and a secondary is designated to take over as root if the primary fails. This is the most common mistake i see in spanning tree implementations.
- Any port where you have a permanently-connected device (e.g. a server, printer, NAS) should be put in port fast mode (Cisco terminology; in HP ProCurve it's called edge port) to ensure they don't have a long wait time for STP convergence when they boot up.
- Any port where you connect to an edge device (including PCs, printers, servers, etc.) should have root guard enabled. This prevents people from connecting a misconfigured or unauthorised switch and causing reconvergence unexpectedly.
- Any port which is not a switch-to-switch link in your control (including PCs, printers, service provider routers) should have BPDU guard enabled, preferably set to disable the port when an STP BPDU is received. This way you find out immediately when people start doing the wrong things on your edge ports.
Solution 5:
In addition to the earlier diagnostic suggestions, you should also learn to interpret the output from your switch's "show spanning-tree" command (or equivalent). It will show you the root port, designated ports, and a number of other important diagnostics.
Here's an example network i just set up with 2 x Cisco 2950 and 1 x HP 3400cl. The connections in the network are as follows:
- hp3400cl [24] -> c2950 [g0/2] (1000 Mbps)
- c2950 [f0/23] -> c2950b [f0/47] (100 Mbps)
- c2950b [f0/45] -> hp3400cl [23] (100 Mbps)
The switches are all in MSTP mode, with only the common spanning tree instance set up. hp3400cl has priority 0, c2950 is the next highest priority at 8192, and c2950b is last with priority 12288. So hp3400cl should be the root. Here's how the "show spanning-tree" output looks:
hp3400cl# show spanning-tree
Multiple Spanning Tree (MST) Information
STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : 001871-8bd020
Switch Priority : 0
Max Age : 6
Max Hops : 20
Forward Delay : 4
Topology Change Count : 4
Time Since Last Change : 4 mins
CST Root MAC Address : 001871-8bd020
CST Root Priority : 0
CST Root Path Cost : 0
CST Root Port : This switch is root
IST Regional Root MAC Address : 001871-8bd020
IST Regional Root Priority : 0
IST Regional Root Path Cost : 0
IST Remaining Hops : 20
Root Guard Ports :
TCN Guard Ports :
BPDU Protected Ports :
BPDU Filtered Ports :
| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
----- --------- + --------- ----- ---------- + ------------- ----- --- ----
1 100/1000T | Auto 128 Disabled |
...
22 100/1000T | Auto 128 Disabled |
23 100/1000T | 200000 128 Forwarding | 001871-8bd020 1 Yes No
24 100/1000T | 20000 128 Forwarding | 001871-8bd020 1 Yes No
c2950#show spanning-tree
MST00
Spanning tree enabled protocol mstp
Root ID Priority 0
Address 0018.718b.d020
Cost 20000
Port 26 (GigabitEthernet0/2)
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)
Address 000c.308f.7f80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
...
Fa0/24 Desg FWD 200000 128.24 P2p
Gi0/2 Root FWD 20000 128.26 P2p Bound(RSTP)
c2950b#show spanning-tree
MST00
Spanning tree enabled protocol mstp
Root ID Priority 0
Address 0018.718b.d020
Cost 20000
Port 47 (FastEthernet0/47)
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Bridge ID Priority 12288 (priority 12288 sys-id-ext 0)
Address 000a.b7e3.30c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/45 Altn BLK 200000 128.45 P2p Bound(RSTP)
Fa0/47 Root FWD 200000 128.47 P2p
The important things to note about port states in the above listing are:
- The root switch's links to other switches are forwarding
- The non-root switches' links to the root are "Root FWD" in both cases
- The non-root switches' link to each other is "Altn BLK" on one end and "Desg FWD" on the other; this means that c2950b knows that f0/45 is an alternate route to the root and has blocked it to prevent the loop. If the root port (f0/47) fails, c2950b will set f0/45 as the root port without reconverging.