Fine Tunning Spanning-Tree Protocol

Lets say you have received your new switches and you want to configure the spanning-tree parameters according to their final role. You will have core, aggregation and access switches.

As mentioned before, I personally like rapid-pvst as minimum. So I will start with it, even though all the rests of the parameters are not dependent to rapid-pvst.


!
spanning-tree mode rapid-pvst
!
spanning-tree etherchannel guard misconfig
!


If the switch is mainly an access switch you can enable portfast global command. Otherwise do it on a per-interface basis: (You have been warned)

!
! portfast will transition ports directly to forwarding state
spanning-tree portfast default
!

Warning: Never use the previous command without enabling bpduguard. Lets configure it such that if an access port receives a BPDU it will be shutdown. In those cases the port will remain "errdisable" until you go and manually re-enable it.
!
spanning-tree portfast bpduguard default
!

You can setup the switch for auto recovery from this type of error with the corresponding global configuration command:
!
errdisable recovery cause bpduguard
!

Now, the previous two tweaks can also be enabled on a per interface basis

!
interface FastEthernet 0/0
 description Port Connecting to a host
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface FastEthernet 0/1
 description Port Connecting to another switch
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast trunk
!



Perfect. We are done with that. What other tweaks we can apply?

If you have redundant paths from an access edge switch to your root switch, you can enable uplink fast. (WARNING: Only for edge devices).

What uplink fast does is that, in case of a direct link failure of your forwarding root interface, the switch will transition the redundant, and up to this time blocked interface, directly into forwarding state. In other words, it will start sending and receiving over your redundant link without having to go over the listening and learning states.

This is another global configuration command and it is quiet simple:

!
spanning-tree uplinkfast
!

Another interesting command is backbone fast. I will recommend this command for access and aggregation switches.

The simplest way to explain this one is with an example. Let say you have a dual core switch environment. SWCoreA and SWCoreB and that every edge device has a link to each one. For example SW1 will have an uplink connection to SWCoreA and nother to SWCoreB. Of course, under normal circumstances the core switches will have an interconnecting between them. Lets assume this link fails.

At that point, since CoreA and CoreB don't see each other, both will start advertising to SW1 that they are the root. Now, SW1 knows both still up.

Well, thats when the magic of backbone fast kicks in. SW1 "will take care of notifying" its "redundant" SWCore that the other, that was the root, stills up, and that it is reachable over SW1.

So at that point, the secondary root will use SW1 to reach the primary root switch. And that is the magic of backbone fast in plain English.

Again, this is a global configuration command:

!
spanning-tree backbonefast
!

There are two additional parameters that you can configure but you have to understand them. The first is an interface command to be used when connecting to another switch which you don't want to see as a path to the root switch:

!
interface FastEthernet 0/0
 spanning-tree guard root
!

What this one does is that it will disable that interface if during the spanning-tree calculation, for some reason, this ports is selected as the root port.

The last parameter you can configure is "loopguard". This one has to be enabled in all the switches of the switched network. The loopguard is a global configuration command:
!
spanning-tree loopguard default
!

Again, be very careful when using this last parameter. It may cause more problems that the ones you are trying to resolve.