1. Home
  2. Cisco Systems
  3. spanning tree & ip arp inspection c2821+c3560+c2960

spanning tree & ip arp inspection c2821+c3560+c2960

Hello All.

I would like obtain Your help, because subject is wide & I didn't find explanation in Google nor manuals :(

I need schematic guide rather than ready config - I will then dig further to check &repair my configs.

What should be minimal required configuration for rtr and switches to properly run spanning-tree when router is a root? What should be configured to have ip arp inspection when router is dhcp server? (I have statically assigned IP addresses for DHCP pool) What I need also to give acces to 2-3 servers whih have static addresses configured (to do ip arp inspection) What I need to run ip arp inspection on c2960?

I realize that are BIG questions rather, but I believe here is Someone which could explain a little

thanks in advance Przemek

Connections:

router (adv ip serv.) -->c3560(ip base)-->c2960(ip base)

Router config:

----------------------

1.DHCP for LAN (for vlan103)
  1. four vlans defined as "interface VlanXXX" (not as routed interface's subinterface) Let's call them vlan101, vlan102, vlan103, vlan104
  2. internal 4-port switch: fa0/1/0 configured as a trunk containing that four defined vlans (output to c3560)

important parts of real config:

ip dhcp pool LAN_USERS import all origin file flash:database.txt default-router a.b.c.d dns-server lease 0 17

interface FastEthernet0/1/0 description TRUNK switchport trunk native vlan 103 switchport mode trunk logging event subif-link-status

interface Vlan101 description ** Voice VLAN ** ip address x.y.z.w 255.255.255.0 ip directed-broadcast ip nbar protocol-discovery ip flow ingress ip flow egress ip virtual-reassembly

interface Vlan103 description ** Old Data VLAN * ip address q.w.e.r 255.255.255.0 ip nbar protocol-discovery ip flow ingress ip flow egress ip dns view-group default-list ip nat inside ip virtual-reassembly ip policy route-map lan-pbr

c3560 config:

----------------------

  1. Gi0/1 as trunk, connected to the router's fa0/1/0
  2. all other ports assigned to their vlans as access...
  3. except Gi0/2, which is trunk - to connect c2960

important parts of real config:

no service dhcp udld aggressive ip subnet-zero

errdisable recovery cause udld errdisable recovery cause bpduguard ... ........................................................... (all others possible - set like above) ... errdisable recovery cause arp-inspection errdisable recovery cause loopback errdisable recovery interval 30

spanning-tree mode pvst spanning-tree loopguard default spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1

Reply to
PrzemekD
Loading thread data ...

Routers don't run spanning-tree (or arp inspection) on routed interfaces. If you have a switching hardware module (such as an NM-16ESW, NME-16ESW or HWIC-4ESW), then spanning does run, but only on those interfaces that are configured as layer 2 (access or trunk ports) and only the NME switch modules support arp inspection but this module is configured completely separate from the router. Interfaces that are trunked do not run arp inpection and using the router as the DHCP server has no impact on arp inpection or its configuration.

Reply to
Thrill5

Hi do routers not run spanning tree if they are bridging ( bridge group 1 ieee?

Reply to
tweety

Yes, an interfaces running a bridge group would also run spanning-tree.

Hi do routers not run spanning tree if they are bridging ( bridge group 1 ieee?

Reply to
Thrill5

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.