If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: May 27, 2025 11:18 AM
From: shpat
Subject: need configuration details on STP on core, distribution and access switch (CX SWITCH)
Well my recommendation, and i haven't tested this on a LAB or Virtual Infrastructure, would be:
For the CORE Switch
- For Downlinks towards the distribution switches (if it's not already configured)
interface lag256
spanning-tree port-type normal
Enable BPDU Guard globally only on edge-type ports
spanning-tree bpdu-guard
For the DISTRIBUTION Switch:
On uplinks towards Core (LAG31)
interface lag31
spanning-tree port-type normal
On Downlink towards Access Switch (if it is port 1/1/31)
interface 1/1/31
spanning-tree port-type normal
Edge Ports (if any user facing ports exist on this layer)
interface <user-facing-port>
spanning-tree port-type edge
spanning-tree bpdu-guard
For Access:
Uplink port (1/1/49)
interface 1/1/49
spanning-tree port-type normal
Downlink user facing ports
interface 1/1/47 <- if this is the user facing port
spanning-tree port-type edge
spanning-tree bpdu-guard
Keep in mind that it is good that you explicitly define port types to avoid STP delays on user ports and catch accidental loops.
I also noticed many LAGs showing as Disabled/Down on the Core and Distribution. If you are not using them, you should either remove then to keep STP and control-plane and configs clean or you have to bring them UP and make use of them.
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
Original Message:
Sent: May 27, 2025 02:13 AM
From: chandan
Subject: need configuration details on STP on core, distribution and access switch (CX SWITCH)
Please find the below my network diagram I need STP hardening for this topology and attached stp configuration.
Kindly help on this
Original Message:
Sent: May 27, 2025 01:53 AM
From: shpat
Subject: need configuration details on STP on core, distribution and access switch (CX SWITCH)
You should provide more details what you have configured then :)
Core switch -> Distribution on Downlink ports:
interface <interface-id>
spanning-tree port-type normal
Distribution Switch -> Core on Uplink ports:
interface <interface-id>
spanning-tree port-type normal
Distribution Switch -> Access on Downlink ports:
interface <interface-id>
spanning-tree port-type normal
Access Switch -> Distribution on Uplink ports:
interface <interface-id>
spanning-tree port-type normal
Access Switch -> Devices on Downlink Ports:
interface <interface-id>
spanning-tree port-type edge
spanning-tree bpdu-guard
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
Original Message:
Sent: May 27, 2025 01:41 AM
From: chandan
Subject: need configuration details on STP on core, distribution and access switch (CX SWITCH)
sir,
Already I have configured cx switch with RPVST
core switch stp priority as 0
distribution switch priority as 1
access switch priority as default as 32768
need STP configuration for uplink and downlink port configuration for core, distribution and access
regards
chandan kp
Original Message:
Sent: May 27, 2025 01:32 AM
From: shpat
Subject: need configuration details on STP on core, distribution and access switch (CX SWITCH)
Your request is very general, but let me try to describe it as simple as possible from my perspective.
Aruba CX (AOS-CX) uses MSTP by default. You can also configure RSTP or PVST if interoperability with legacy gear is required. But MSTP is preferred in modern CX deployments.
Potentially, you can have those 4 main bullet points:
- Using MSTP (Multiple Spanning Tree Protocol)
- Core: STP root
- Distribution: Intermediate layer
- Access: Edge (portfast-type behavior)
On the core, your configuration would look something like:
spanning-tree mode mstp
spanning-tree priority 0
spanning-tree mst configuration
name MST_REGION
revision 1
instance 1 vlan 1-4094
exit
You then will make this as an STP Root and use priority 0 for root bridge selection
Downlink ports towards distributions config would look something like:
interface <downlink-interface>
spanning-tree port-type normal
where STP would do its job in this case.
On the Distribution global configuration you would need maybe:
spanning-tree mode mstp
spanning-tree priority 4096
spanning-tree mst configuration
name <name the MST>
revision 1
instance 1 vlan 1-4094
exit
You would use higher priority than core to avoid root election and keep MST configuration identical to Cre.
Uplink ports from DST -> Core would be:
interface <uplink-interface>
spanning-tree port-type normal
Downlink ports from DST -> Access would be:
interface <downlink-interface>
spanning-tree port-type normal
Access Switches would have a global config mode with MSTP:
spanning-tree mode mstp
spanning-tree priority 32768
spanning-tree mst configuration
name MST_REGION
revision 1
instance 1 vlan 1-4094
exit
Uplink powers from Access-SW -> DST would be:
interface <uplink-interface>
spanning-tree port-type normal
Downlink ports / Access ports towards devices:
interface <port-interface>
spanning-tree port-type edge
Also, use bpdu-guard to prevent loops:
spanning-tree bpdu-guard
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
Original Message:
Sent: May 27, 2025 01:16 AM
From: chandan
Subject: need configuration details on STP on core, distribution and access switch (CX SWITCH)
need configuration details on STP on core, distribution and access switch (CX SWITCH)
what we need to configure on core uplink, downlink and global level
what we need to configure on distribution uplink, downlink and global level
what we need to configure on access switch uplink, downlink and global level
Regards
Chandan kp