Information Technology Reference
In-Depth Information
A Cisco switch typically has a single IP address bound to a VLAN (which is often called the
administrative VLAN). In this VLAN, the switch is behaving like a generic IP host. In particular, every
single broadcast/multicast packet will be forwarded to the CPU. Having a high rate of
broadcast/multicast on the administrative VLAN can hit the CPU and impact its capability to process
vital BPDUs. Therefore, it is always a good idea to keep user traffic off the administrative VLAN.
Until recently, in a Cisco implementation, there was no way to remove VLAN 1 from a trunk. This
VLAN is generally used as an administrative VLAN, where all switches are accessible in the same IP
subnet. Although useful, this may be dangerous because a bridging loop on VLAN 1 will affect all trunks
and will probably bring the whole network down. Of course, the same problem exists whatever the
VLAN is. If possible, try to segment the bridging domains using high-speed Layer 3 switches.
As of version 5.4, the CatOS software allows the clearing of VLAN 1 on trunks (in fact, VLAN 1 still
exists but blocks traffic, thus preventing any loop possibility).
Avoid Tuning STP Parameters
Take special care if you plan to change STP timers from their default values. (Another option is to use
CatOS macros.) Trying to get faster reconvergence from this, for instance, is very dangerous because it
has implications on the diameter of the network and the stability of the STP. The only parameters that
you may want to change are the bridge priority (to select the root bridge) and the port cost or priority (to
control redundancy and load balancing).
Cisco Catalyst software provides you with macros that will finely tune most important STP parameters
for you:
The
set spantree root [secondary]
command macro decreases the bridge priority so that it becomes
root (or alternate root). You have an additional option that helps you tune the STP timers by
specifying the diameter of your network. Even when correctly done, timer tuning does not
significantly improve the convergence time (specially compared to features such as uplink fast or
backbone fast, or a good Layer 3 switching design) and introduces some instability risks in the
network. That kind of tuning must be updated each time a device is added into the network. It is
better to keep the conservative default values, familiar to network engineers.
•
The
set spantree uplinkfast
command increases the switch priority so that it cannot be root. You
typically want to use this command on a distribution switch, at least dually attached to some core
switches. Read the uplink fast feature documentation to learn more about the impact of this
command.
•
Configure UDLD When Possible
In case of a unidirectional link occurring on a link with a blocked port, you have a 50 percent chance of
a bridging loop. This is the most dangerous possibility of STP failure because the algorithm is not
capable of handling this situation. The latest Catalyst software implements the Uni-Directional Link
Detection (UDLD) feature that helps to detect this dangerous condition. This works on point-to-point
links between Cisco devices only.
Additional Sources
For further information, including step-by-step configuration materials and full command examples for
both the IP MLS-RP and the MLS-SE, you are highly encouraged to view the following (log in to
maximize the amount of material that you can view):
