Understanding the Cisco ACI interaction with the Spanning-Tree protocol (STP) is essential for network professionals considering connecting external switches to the Cisco ACI fabric. In this video article, I explain the ACI and STP interaction to avoid potential layer-2 loops caused by the external switches.
Summary
- ACI doesn’t run STP inside the fabric. However, ACI floods every received STP BPDU frame in each encap VLAN within an EPG.
- We don’t need any configuration for the BPDU flooding in ACI.
- External switches are responsible for breaking any potential loops.
- Interfaces within the EPG that are connected to the external switches must reside in the same physical or L2 external domain.
- BPDU flooding is different from data traffic flooding. Data traffic flooding can be turned on or off at the per-bridge domain.
- When ACI receives STP TCNs on a VLAN, it flushes the endpoints associated with that VLAN in the BD (Any EPG). Therefore, endpoints in other encap VLANs in the BD will not be impacted.
- Fabric-facing ports in the external switches should be configured as “shared” RSTP link-type.
- In MST, BPDUs don’t carry a VLAN tag, and they are sent over the native VLAN. Therefore, we must create an EPG for the native VLAN to carry the BPDUs.
Hi, in ACI Multipod, how STP BPDU forward across pods?
Hi,
ACI encapsulates BPDUs in VXLAN and forwards them via IPN through the spine switches. This is handled transparently when needed to maintain compatibility with traditional STP-based networks.