Understanding the Cisco ACI interaction with the Spanning-Tree protocol (STP) is essential for network professionals considering connecting external switches to the Cisco ACI fabric. In this video article, I explain the ACI and STP interaction to avoid potential layer-2 loops caused by the external switches.
Summary
- ACI doesn’t run STP inside the fabric. However, ACI floods every received STP BPDU frame in each encap VLAN within an EPG.
- We don’t need any configuration for the BPDU flooding in ACI.
- External switches are responsible for breaking any potential loops.
- Interfaces within the EPG that are connected to the external switches must reside in the same physical or L2 external domain.
- BPDU flooding is different from data traffic flooding. Data traffic flooding can be turned on or off at the per-bridge domain.
- When ACI receives STP TCNs on a VLAN, it flushes the endpoints associated with that VLAN in the BD (Any EPG). Therefore, endpoints in other encap VLANs in the BD will not be impacted.
- Fabric-facing ports in the external switches should be configured as “shared” RSTP link-type.
- In MST, BPDUs don’t carry a VLAN tag, and they are sent over the native VLAN. Therefore, we must create an EPG for the native VLAN to carry the BPDUs.
