Per VLAN Spanning Tree Plus (PVST+) is a flavor of Spanning Tree Protocol (see prior blog, Default STP Behavior on Cisco Switches) which maintains a spanning tree instance for each VLAN in the network. This means certain VLAN trunks (using 802.1q) can be forwarded for some VLANs while being blocked for others. Further, changes in one STP domain will not effect other spanning tree instances on other VLANs. Additionally, since each VLAN is treated as a separate network, layer 2 load balancing can be accomplished by forwarding some VLANs on one trunk and other VLANs on another trunk.
In this lab I will be configuring PVST+ on three Cisco 3560 switches [IOS 12.2(25r)SEC] connected together as shown in the diagram below. I take care to setup the configuration on each switch before connecting them together. With Cisco switches, spanning tree protocol is enabled by default, however, this is not the case for all vendors.
Lab topology for configuring PVST+
As you can see, besides for the default VLAN, I have two other VLANs in this network: VLAN 10 and VLAN 20. I will make Switch2 the root bridge for VLAN 20 and will make Switch1 the root bridge for VLAN 10. The root bridge for the default VLAN will become Switch2 since a priority will not be set explicitly and Switch2 has the lowest MAC address of the three switches. Also, notice I only have to configure trunking on one side of the trunk links since the ports are by default set to “switchport mode dynamic”, and, once a trunk port is detected on one side, the other side of the link also goes into trunk mode.
Switch1 Configuration:
– enable
– configure terminal
– spanning-tree mode pvst
– spanning-tree vlan 10 priority 8192
– interface fastEthernet 0/1
– switchport mode access
– switchport access vlan 10
– no shutdown
– exit
– interface fastEthernet 0/2
– switchport trunk encapsulation dot1q
– switchport mode trunk
– no shutdown
– exit
– interface fastEthernet 0/3
– switchport trunk encapsulation dot1q
– switchport mode trunk
– no shutdown
– end
– write
Switch2 Configuration:
– enable
– configure terminal
– spanning-tree mode pvst
– spanning-tree vlan 20 priority 8192
– interface fastEthernet 0/1
– switchport mode access
– switchport access vlan 10
– no shutdown
– exit
– interface fastEthernet 0/2
– switchport mode access
– switchport access vlan 20
– no shutdown
– exit
– interface fastEthernet 0/3
– switchport trunk encapsulation dot1q
– switchport mode trunk
– no shutdown
– interface fastEthernet 0/4
– switchport trunk encapsulation dot1q
– switchport mode trunk
– no shutdown
– end
– write
Switch3 Configuration:
– enable
– configure terminal
– spanning-tree mode pvst
– interface fastEthernet 0/1
– switchport mode access
– switchport access vlan 20
– no shutdown
– exit
– interface fastEthernet 0/2
– switchport trunk encapsulation dot1q
– switchport mode trunk
– no shutdown
– exit
– interface fastEthernet 0/3
– switchport trunk encapsulation dot1q
– switchport mode trunk
– no shutdown
– end
– write
If you now run the “show spanning-tree” command from Switch2, you will that Switch2 is indeed the root bridge for VLAN 20. Additionally, you will see the MAC address of Switch1 listed as the root bridge for VLAN 10. You should also now be able to ping between PCs in their respective VLANs.
Twitter
LinkedIn
Youtube
RSS
I use Switch Layer 2 in your lab
Is there any command allow to ping between Vlan 20 and 10 ?
You cannot ping between L2 devices and there is no MAC ping. However, if you have a L3 capable switch like the Cisco-3560-24PS, you could always put an IP address on the VLANs and ping between them via inter-vlan routing.
Depending on the switch model and OS version, Cisco also has the below command for tracing a MAC through the network which would likely help with your end goal. Cisco-3560 supports this command.
– traceroute mac:
shows the Layer 2 path only when the specified source and destination MAC addresses belong to the same VLAN
There is also:
– traceroute mac ip:
shows the Layer 2 path when the specified source and destination IP addresses belong to the same subnet
hi,i need ospf with this topology. how do you do????
Humair,
What makes you say that you cannot ping between layer 2 devices? How do you think you SSH or telnet into a layer 2 Cisco switch?
Answer: You give your layer 2 switch an IP address on one of it’s vlans. You can now ping, telnet, or SSH into that switch.
Also, why are you enabling pvst+? This is the default on Cisco switches..
Hi Jacob,
Of course if you have a management port or VLAN meant for management connectivity on a layer 2 switch you can use that management port or VLAN for management connectivity or pinging to another switch’s management port or VLAN.
Depending on the vendor, some layer 2 switches allowed an IP address on a single VLAN and that was used for management purposes. Some vendors’ layer 2 switches will not even allow for an IP address on a single VLAN but may have a dedicated management port or just a console port.
Although I understand what you are stating, if asked, I would state you cannot ping between layer 2 devices/switches. Of course a management port or VLAN if available can provide some flexibility, but most people would still not use the same subnet across different VLANs. There would just be one management VLAN. In any case, if you have different VLANs and hosts on different subnets like in this lab, you would still need a router.
Also, I mention in the post that PVST+ is enabled by default for Cisco switches but not for all vendor switches. The purpose was to show the configuration and show how to assign a different root bride for each VLAN deterministically.