Yesterday I got a mail from one of my friend asking about common misconfiguration of MSTP

and i decided to post a blog on this topic so many of us get help from it......:)

Common Misconfigurations

The independence between instance and VLAN is a new concept that implies you must carefully plan your configuration. The IST Instance is Active on All Ports, Whether Trunk or Access section illustrates some common pitfalls and how to avoid them.

IST Instance is Active on All Ports, Whether Trunk or Access

This diagram shows Switches A and B connected with access ports each located in different VLANs. VLAN 10 and VLAN 20 are mapped to different instances. VLAN 10 is mapped to instance 0, while VLAN 20 is mapped to instance 1.

This configuration results in pcA 's inability to send frames to pcB. The show command reveals that Switch B is blocking the link to Switch A in VLAN 10, as shown in the this diagram:

How is that possible in such a simple topology, with no apparent loop?

This issue is explained by the fact that MST information is conveyed with only one BPDU (IST BPDU), regardless of the number of internal instances. Individual instances do not send individual BPDUs. When Switch A and Switch B exchange STP information for VLAN 20, the switches send an IST BPDU with an MRecord for instance 1 because that is where VLAN 20 is mapped. However, because it is an IST BPDU, this BPDU also contains information for instance 0. This means that the IST instance is active on all ports inside an MST region, whether these ports carry VLANs mapped to the IST instance or not.

This diagram shows the logical topology of the IST instance:

Switch B receives two BPDUs for instance 0 from Switch A (one on each port). It is clear that Switch B has to block one of its ports in order to avoid a loop.

The preferred solution is to use one instance for VLAN 10 and another instance for VLAN 20 to avoid mapping VLANs to the IST instance.

An alternative is to carry those VLANs mapped to the IST on all links (allow VLAN 10 on both ports, as in this diagram).

Two VLANs Mapped to the Same Instance Block the Same Ports

Remember that VLAN no longer means spanning tree instance. The topology is determined by the instance, regardless of the VLANs mapped to it. This diagram shows a problem that is a variant of the one discussed in the IST Instance is Active on All Ports, Whether Trunk or Access section:

Suppose that VLANs 10 and 20 are both mapped to the same instance (instance 1). The network administrator wants to manually prune VLAN 10 on one Uplink and VLAN 20 on the other in order to restrict traffic on the Uplink trunks from Switch A to distribution Switches D1 and D2 (an attempt to achieve a topology as described in the previous diagram). Shortly after this is completed, the network administrator notices that users in VLAN 20 have lost connectivity to the network.

This is a typical misconfiguration problem. VLANs 10 and 20 are both mapped to instance 1, which means there is only one logical topology for both VLANs. Load-sharing cannot be achieved, as shown here:

Because of the manual pruning, VLAN 20 is only allowed on the blocked port, which explains the loss of connectivity. In order to achieve load balancing, the network administrator must map VLAN 10 and 20 to two different instances.

A simple rule to follow to steer clear of this problem is to never manually prune VLANs off a trunk. If you decide to remove some VLANs off a trunk, remove all the VLANs mapped to a given instance together. Never remove an individual VLAN from a trunk and not remove all the VLANs that are mapped to the same instance.