ccna exp3 - chapter05 - stp.ppt [compatibility mode]

8/3/2019 CCNA Exp3 - Chapter05 - STP.ppt [Compatibility Mode]

1/153

Chapter 5 - Spanning Tree Protocol

CCNA Ex loration 4.0


2/153

Objectives

Explain the role of redundancy in a convergednetwork.

Summarize how STP works to eliminate Layer 2loops in a converged network.

Explain how the STP algorithm uses three steps to

Hc vin mng Bch Khoa - Website: www.bkacad.com 2

converge on a loop-free topology. Implement rapid PVST+ in a LAN to prevent loops

between redundant switches.


3/153

Redundancy

Redundancy in a hierarchical network

Layer 2 redundancy improves the availability of the network byimplementing alternate network paths by adding equipment and

cabling.



4/153

Redundancy

Examine a redundant design

In a hierarchical design, redundancy is achieved at the distribution andcore layers through additional hardware and alternate paths through

the additional hardware.



5/153

Redundancy




6/153

Redundancy




7/153

Redundancy




8/153

Redundancy




9/153

Types of Traffic


Types of traffic (Layer 2 perspective)

1. Known Unicast: Destination addresses are in Switch Tables

2. Unknown Unicast: Destination addresses are not in Switch Tables

3. Multicast: Traffic sent to a group of addresses

4. Broadcast: Traffic forwarded out all interfaces except incoming

interface.

Unknown Unicast


10/153

Issues with Redundancy

A redundant switched topology (STP disabled) maycause:

1. Layer 2 Loops

2. Broadcast Storms3. Duplicate Unicast Frames

4. MAC address table instability



11/153


Layer 2 Loops

When multiple paths exist between two devices on the network andSTP has been disabled on those switches, a Layer 2 loop can occur.



12/153


Broadcast Storms

A broadcast storm occurs when there are so many broadcast framescaught in a Layer 2 loop that all available bandwidth is consumed.



13/153


Duplicate Unicast Frames

Unicast frames sent onto a looped network can result in duplicateframes arriving at the destination device.



14/153


Incorrectly learn the MAC address



15/153

Real-world Redundancy Issues

Loops in the Wiring Closet

If the network cables are not properly labeled when they are terminatedin the patch panel in the wiring closet. Network loops that are a result

of accidental duplicate connections in the wiring closets are a commonoccurrence.



16/153

Real-world Redundancy Issues

Loops in the Cubicles



17/153

Prevent loop, storm bordcast?


Enable Spanning Tree Protocol (STP) STP ensures that there is only one logical path between all

destinations on the network by intentionally blocking redundant paths

that could cause a loop. A port is considered blocked when networktraffic is prevented from entering or leaving that port.

Block redundant link and auto unblock redundant link when primary linkdown.


18/153

Spanning-Tree Protocol (STP)


STP is a Layer 2 link-management protocol that is used to maintain aloop-free network.

The Spanning-Tree Protocol requires network devices to exchange messagesto detect bridging loops, is called a Bridge Protocol Data Unit (BPDU).

BPDUs continue to be received on blocked ports.


19/153

Spanning-Tree Protocol



20/153

Spanning-Tree Protocol


STP executes an algorithm called Spanning Tree Algorithm (STA). STA chooses a reference point, called a root bridge, and then

determines the available paths to that reference point.

If more than two paths exists, STA picks the best path and blocksthe rest

STP calculations make extensive use of 2 key concepts in creating aloop-free topology:

1. Bridge ID

2. Path Cost


21/153

STP Algorithm


1. Root Bridge The lowest BID2. Root Ports - Switch ports closest to the root bridge.

3. Designated ports - All non-root ports that are still permitted to forward trafficon the network.

4. Non-designated ports - All ports configured to be in a blocking state toprevent loops.


22/153

The Root Bridge

Every spanning-tree instance (switched LAN or broadcast domain) hasa switch designated as the root bridge. The root bridge serves as areference point for all spanning-tree calculations to determine which

redundant paths to block.


Lowest Bridge ID valueis the root !


23/153

Extra: The Root Bridge


The root bridge maintains the stability of the forwarding paths between allswitches for a single STP instance.

A spanning tree instance is when all switches exchanging BPDUs and

participating in spanning tree negotiation are associated with a single root. If this is done for all VLANs, it is called a Common Spanning Tree (CST)

instance.

There is also a Per VLAN Spanning Tree (PVST) implementation thatprovides one instance, and therefore one root bridge, for each VLAN.


24/153

Bridge ID (BID)



25/153

Bridge ID (BID)


For each Network, the switch with the highest switch priority (thelowest numerical priority value) is elected as the root switch.

The BID is made up of a priority value, an extended system ID, andthe MAC address of the switch.


26/153

Bridge ID (BID)



27/153

Bridge ID (BID)


Priority-based decision

The default value for the priority of all Cisco switches is 32768. The priority range is between 1 and 65536; therefore, 1 is the highest

priority.


28/153

Bridge ID (BID)

MAC Address-based decision



29/153

Configure and Verify the BID



30/153

Configure and Verify the BID



31/153

Best Paths to the Root Bridge

When the root bridge has been designated for the spanning-treeinstance, the STA starts the process of determining the best paths tothe root bridge from all destinations in the broadcast domain.



32/153




33/153



Each bridge advertises the spanning tree path cost in the BPDU. Thisspanning tree path cost is the cumulative cost of all the links from the rootbridge to the switch sending the BPDU.

In Figure, switch Y receives a BPDU from the root bridge (switch X) on itsswitch port on the Fast Ethernet segment, and another BPDU on its switch porton the Ethernet segment. The root path cost in both cases is 0. The local path cost on the Fast Ethernet switch port is 19, while the local

path cost on the Ethernet switch port is 100.


34/153

Bridge Protocol Data Unit (BPDU)


The BPDUs are transmitted in one direction from the root switch, andeach switch sends configuration BPDUs to communicate and tocompute the STP topology.


35/153

BPDU Field Format

802.3 Header Destination: 01:80:C2:00:00:00 Mcast 802.1d Bridge group Source: 00:D0:C0:F5:18:D1 LLC Length: 38

802.2 Logical Link Control (LLC) Header Dest. SAP: 0x42 802.1 Bridge Spanning Tree Source SAP: 0x42 802.1 Bridge Spanning Tree Command: 0x03 Unnumbered Information

802.1 - Bridge Spanning Tree


ro oco en er:

Protocol Version ID: 0 Message Type: 0x00 Configuration Message Flags: 00000000 Root Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 Cost Of Path To Root: 0x00000000 (0) Bridge Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0

Port Priority/ID: 0x80/ 0x1D Message Age: 0/256 seconds (exactly 0 seconds) Maximum Age: 5120/256 seconds (exactly 20 seconds) Hello Time: 512/256 seconds (exactly 2 seconds) Forward Delay: 3840/256 seconds (exactly 15 seconds)


36/153

Extra: BPDU Field Format


802.1d uses 2 types of BPDUs:

A configuration BPDU, used for initial STP configuraion. Type field=0x00 A topology change notification (TCN) BPDU used for topology changes.

Type field=0x80


37/153

Extra: BPDU Field Format



38/153

The BPDU Process



39/153

The BPDU Process

When the network first starts, all bridges are announcing a chaotic mixof BPDUs.



40/153

The BPDU Process


B


41/153

The BPDU Process


Th BPDU P


42/153

The BPDU Process

The BPDU Process


Th BPDU P


43/153

The BPDU Process


Th BPDU P


44/153

The BPDU Process


The BPDU Process


45/153

The BPDU Process


The BPDU Process


46/153

The BPDU Process


The BPDU Process


47/153

The BPDU Process


Port Roles


48/153

Port Roles


Port Roles


49/153

Port Roles

1. Root Port The root port exists on non-root bridges and is the switch port with the

best path to the root bridge.

2. Designated Port

The designated port exists on root and non-root bridges. For root bridges, all switch ports are designated ports.

For non-root bridges, a designated port is the switch port that receives andforwards frames toward the root bridge as needed.


Only one designated port is allowed per segment.

3. Non-designated Port The non-designated port is a switch port that is blocked, so it is not

forwarding data frames and not populating the MAC address table withsource addresses.

A non-designated port is not a root port or a designated port.4. Disabled Port The disabled port is a switch port that is administratively shut down. A

disabled port does not function in the spanning-tree process.

Configure Port Priority


50/153


The port priority values range from 0 - 240, in increments of 16. Thedefault port priority value is 128.




51/153



If all ports have the same priority, the port with the lowest port numberforwards frames.

(config-if)# spanning-tree port-priority {number}

(config-if)# spanning-tree port-priority {number}

Port Role Decisions


52/153

Port Role Decisions


Port Role Decisions


53/153

Port Role Decisions


Port Role Decisions


54/153

Port Role Decisions


Port Role Decisions


55/153

Port Role Decisions


Port Role Decisions


56/153

Port Role Decisions


Port Role Decisions


57/153


Port Role Decisions


58/153


Port Roles - Summary


59/153

y


STP Port States and BPDU Timers


60/153

Port States1. Blocking - The port is a non-designated port and does not participate

in frame forwarding. The port receives BPDU frames to determine thelocation and root ID of the root bridge switch and what port roles eachswitch port should assume in the final active STP topology.

2. Listening - STP has determined that the port can participate in frameforwarding according to the BPDU frames that the switch has receivedthus far. At this point, the switch port is not only receiving BPDU


adjacent switches that the switch port is preparing to participate in the

active topology.3. Learning - The port prepares to participate in frame forwarding and

begins to populate the MAC address table. The port is still sendingand receiving BPDUs.

4. Forwarding - The port is considered part of the active topology andforwards frames and also sends and receives BPDU frames.

5. Disabled - The Layer 2 port does not participate in spanning tree anddoes not forward frames. The disabled state is set when the switchport is administratively disabled.



61/153


If a bridge thinks it is the Root Bridge immediately after booting or inthe absence of BPDUs for a certain period of time, the port transitionsinto theListening state.



62/153




63/153


The BPDU timers not be adjusted directly because the values have beenoptimized for the seven-switch diameter.

Adjusting the spanning-tree diameter value on the root bridge to a lower valueautomatically adjusts the forward delay and maximum age timers proportionally

for the new diameter.

Extra: BPDU Timers


64/153

Hello timer: Determines how often root bridgesends configuration BPDUs. The default is 2

seconds.

Maximum Age (Max Age): Tells the bridge how


ong o eep por s n e oc ng s a e e ore

listening. The default is 20 seconds.

Forward Delay (Fwd Delay): Determines howlong to stay in the listening state before going to

the learning state, and how long to stay in thelearning state before forwarding. The default is 15seconds.

Extra: STP Timers


65/153




66/153

Cisco PortFast Technology

PortFast is a Cisco technology. When a switch port configured with PortFast isconfigured as an access port, that port transitions from blocking to forwarding

state immediately, bypassing the typical STP listening and learning states.


STP Convergence


67/153

All STP decisions are based on a thefollowing predetermined sequence:

FourFour--Step decision SequenceStep decision SequenceStep 1 - Lowest BID


Step 2 - Lowest Path Cost to RootBridge

Step 3 - Lowest Sender BID

Step 4 - Lowest Port ID

STP Convergence


68/153

The STP algorithm uses three simple steps to converge on a loop-freetopology.

Switches go through three steps for their initial convergence:STP ConvergenceSTP Convergence

Step 1 Elect one Root BridgeStep 2 Elect Root PortsStep 3 Elect Designated Ports


All STP decisions are based on a the following predeterminedsequence:FourFour--Step decision SequenceStep decision Sequence

Step 1 - Lowest BID

Step 2 - Lowest Path Cost to Root Bridge

Step 3 - Lowest Sender BID

Step 4 - Lowest Port ID

STP Convergence


69/153

STP ConvergenceSTP Convergence

Step 1 Elect one Root Bridge

Step 2 Elect Root Ports

Step 3 Elect Designated Ports


Step 1. Elect one Root Bridge


70/153




71/153




72/153

Verify Root Bridge Election


STP Convergence


73/153






Step 2. Elect Root Ports


74/153




75/153




76/153




77/153




78/153

Verify the Root Port


STP Convergence


79/153






Step 3. Electing Designated Ports and Non-Designated Ports


80/153




81/153




82/153




83/153




84/153




85/153




86/153




87/153




88/153

Verify DP and Non-DP


STP Topology Change

T l h tifi ti (TCN)


89/153

Topology change notification (TCN) Topology change acknowledgement (TCA) Topology change (TC)


designated bridge

In legacy STP, TCNs were

generated for any active port that

was not configured for PortFast.

STP Topology Change

Wh th R t B id i th ( t ) t l h


90/153

When the Root Bridge receives the (upstream) topology-changemessage (TCN BPDU), it sends out Configuration BPDUs to indicatethat a topology change is occurring (using the low-order bit in the Flagfield).

The Root Bridge sets the topology change in the configuration for aperiod of time equal to the sum of the Forward Delay and Max Ageparameters (20s+15s= 35s)


A bridge receiving a (downstream) topology change configuration

message from the Root Bridge will use the Forward Delay timer (15seconds) to age out entries in the address table.

This allows the device to age out entries faster than the normal 5-minute default so that stations no longer available are aged out

faster. The bridge continues this process until it no longer receives

topology change configuration messages from the Root Bridge.

STP (802.1D) Enhancements

U li kF t i l STP l ti th t id


91/153

UplinkFast is an access-layer STP solution that providesfast failover when the root port or root switch fails.

BackboneFast is a distribution and access-layer STP

solution that provides fast convergence in the network forindirect link failures.

-


port to enter the spanning tree forwarding stateimmediately, bypassing the listening and learning states.

Extra: PortFast


92/153

(config-if)# spanning-tree portfast

(config)# spanning-tree portfast default

Enable portfast by default on all access ports


When a device is connected to a port, the port normally enters the spanning tree Listening state.

When the Forward Delay timer expires, the port enters the Learning state. When the Forward Delaytimer expires a second time, the port is transitioned to the Forwarding or Blocking state.

When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to theForwarding state. As soon as the switch detects the link, the port is transitioned to the Forwardingstate (less than 2 seconds after the cable is plugged in).

Extra: PortFast


93/153


Extra: UplinkFast


94/153


STP UplinkFast accelerates the choice of a new Root Port when a link or switch fails or

when STP reconfigures itself. The Root Port transitions to the Forwarding stateimmediately without going through the Listening and Learning states, as it would withthe usual STP process.

UplinkFast also limits the burst of multicast traffic by reducing the max-update-rate. ForIOS the default for this parameter is 150 packets per second.

This change takes approximately 1 to 5 seconds

(config)# spanning-tree uplinkfast

Disable UplinkFast

Extra: UplinkFast


95/153

Disable UplinkFast


Enable UplinkFast

CAM Table Update

Extra: UplinkFast


96/153

CAM Table Update


Switch A begins to flood dummy packetswith the different MAC addresses

that it has in its CAM table as a source.

Extra: BackboneFast


97/153


BackboneFast is a Catalyst feature that is initiated when a Root Port or Blocked port on a switch

receives inferior BPDUs from its Designated Bridge. An inferior BPDU identifies one switch as boththe Root Bridge and the Designated Bridge. When a switch receives an inferior BPDU, it means that alink to which the switch is not directly connected (an indirect link) has failed. That is, the DesignatedBridge has lost its connection to the Root Bridge. Under STP rules, the switch ignores inferior BPDUsfor the configured Max Age (the default is 20 seconds).

This switchover takes approximately 30 seconds, twice the Forward Delay time if the default ForwardDelay time of 15 seconds is set. This saves up to 20 seconds.

(config)# spanning-tree backbonefast

Extra: BackboneFast


98/153


Other Example


99/153


PVST+ RSTP and Rapid PVST+


100/153

PVST+, RSTP and Rapid PVST+


Cisco and STP Variants


101/153




102/153




103/153


PVST+

Cisco developed PVST+ so that a network can run an STP instance for


104/153

each VLAN in the network. And Creating different STP root switches

per VLAN creates a more redundant network.

With PVST+, more than one trunk can block for a VLAN and loadsharing can be implemented.


PVST+

PVST+ Bridge ID


105/153

The following provides more details on the PVST+ fields: Bridge priority - A 4-bit field carries the bridge priority

Extended system ID - A 12-bit field carrying the VID for PVST+.

MAC address - A 6-byte field with the MAC address of a single switch.


PVST+


106/153


Default Switch Configuration

The table shows the default spanning-tree configuration for a CiscoCatalyst 2960 series switch Notice that the default spanning tree


107/153

Catalyst 2960 series switch. Notice that the default spanning-treemode is PVST+.


Configure PVST+


108/153


Configure PVST+


109/153


RSTP

What is RSTP?

RSTP (IEEE 802 1w) is an evolution of the 802 1D standard RSTP can


110/153

RSTP (IEEE 802.1w) is an evolution of the 802.1D standard. RSTP canachieve much faster convergence in a properly configured network, sometimesin as little as a few hundred milliseconds.


If a port is configured to be analternate or a

backup port it can immediately change to a

forwarding state without waiting for the

network to converge.

RSTP


111/153


The immediate consideration with STP is convergence time. Depending on the type of

failure, it takes anywhere from 30 to 50 seconds to converge the network. RSTP helps with convergence issues that plague legacy STP. RSTP has additional features similar to UplinkFast and BackboneFast that offer better

recovery at Layer 2. RSTP is proactive and therefore negates the need for the 802.1D delay timers. RSTP (802.1w) supersedes 802.1D, while still retaining backward compatibility. Much of

the 802.1D terminology remains, and most parameters are unchanged. In addition,802.1w is capable of reverting back to 802.1D to interoperate with legacy switches on aper-port basis.

Because the RSTP and Cisco-proprietary enhancements are functionally similar,features such as UplinkFast and BackboneFast are not compatible with RSTP.

RTSP BPDU

RSTP (802.1w) uses type 2, version 2 BPDUs, so an RSTP bridge can communicate 802.1D on anyshared link or with any switch running 802.1D.

B BPDU d k li h i 3 i l i d BPDU i di


112/153

Because BPDUs are used as a keepalive mechanism, 3 consecutively missed BPDUs indicatelost connectivity between a bridge and its neighboring root or designated bridge.


Extra: Examining the RSTP BPDU


113/153

RSTP sends BPDUs and populates the flag byte in a slightly different manner than802.1D:


(2 seconds by default), even if it does not receive any BPDUs from the root bridge.

Protocol information can be immediately aged on a port if hellos are not received forthree consecutive hello times or if the max age timer expires.

Because BPDUs are now used as a keepalive mechanism, three consecutivelymissed BPDUs indicate lost connectivity between a bridge and its neighboring rootor designated bridge. This fast aging of the information allows quick failuredetection.

Unlike in legacy STP, each switch generates its own BPDUs regardless if it hearsBPDUs from the root.

In legacy STP, BPDUs were only generated by the root and propagated throughout thespanning tree domain. As a result, when a switch did not receive a configuration BPDU,it did not know where the failure occurred.

In RSTP mode, the switch needs to worry only about its immediate neighbors.

Edge Ports

Ports not participating in spanning tree are called edge ports. The edge port concept is already well known to Cisco spanning tree users, as it basically

corresponds to the PortFast feature


114/153

corresponds to the PortFast feature.

All ports directly connected to end stations cannot create bridging loops in the network.Therefore, the edge port directly transitions to the forwarding state, and skips thelistening and learning stages.


Unlike PortFast, an RSTP edge port

that receives a BPDU loses its edge

port status immediately and becomes

a normal spanning-tree port.

The edge port immediately becomes a

non-edge port if a BPDU is heard on

the port.

Extra: Explaining Edge Ports


115/153


Unlike PortFast, an edge port that receives a BPDU loses its edge portstatus immediately and becomes a normal spanning tree port. When aswitch with an edge port receives a BPDU, it generates a TCN.

Link Types

Non-edge ports are categorized into 2 link types:1. point-to-point2. shared.


116/153

2. shared.

The link type is automatically derived from the duplex mode of a port. A port that operates infullduplex is assumed to be pointtopoint, while a halfduplex port is considered as a shared portby default.

RSTP can only achieve rapid transition to the forwarding state on edge ports and on pointtopointlinks.

Non-edge ports participate in the spanning tree algorithm and only non-edge ports generateto olo chan es TCs on the network when transitionin to forwardin state. TCs are not


generated for any other RSTP states.

Extra: Describing RSTP Link Types


117/153


Root ports do not use the link type parameter. Root ports are able to make a rapidtransition to the forwarding state as soon as the port is in sync. In addition, alternate and backup ports do not use the link type parameter in most cases. Designated ports make the most use of the link type parameter. Rapid transition to the

forwarding state for the designated port occurs only if the link type parameter indicates apoint-to-point link.

RSTP Port States

RSTP provides rapid convergence following a failure or during re-establishment of aswitch, switch port, or link. An RSTP topology change causes a transition in the appropriate switch ports to the


118/153

An RSTP topology change causes a transition in the appropriate switch ports to theforwarding state through either explicit handshakes or a proposal and agreementprocess and synchronization.

With RSTP, the role of a port is separated from the state of a port. For example, adesignated port could be in the discarding state temporarily, even though its final state isto be forwarding.


RSTP Port Roles


119/153


The role is now a variable assigned to a given port. The root port and designated port roles remain. The blocking port role is now split into the backup and alternate port roles. The Spanning Tree Algorithm (STA) determines the role of a port based on

Bridge Protocol Data Units (BPDUs).

To keep things simple, the thing to remember about a BPDU is that there isalways a way of comparing any two of them and deciding whether one is moreuseful than the other.

This is based on the value stored in the BPDU and occasionally on the port onwhich they are received.

RSTP Port Roles


120/153


Alternate Port


121/153

An alternate port provides


an a ternate pat to t e root

bridge and could therefore

replace the root port should itfail.

Backup Port


122/153

A backup port provides


segment and cannot guarantee an

alternate connectivity to the rootbridge. It was therefore excluded

from the uplink group.

RSTP Proposal or Agreement Process


123/153


In IEEE 802.1D STP, when a port has been selected by spanning tree tobecome a designated port, it must wait two times the forward delay before

transitioning the port to the forwarding state.

RSTP significantly speeds up the recalculation process after a topology

change, because it converges on a link-by-link basis and does not rely ontimers expiring before ports can transition.

Rapid transition to the forwarding state can only be achieved on edge portsand point-to-point links.


A port is in-sync if it meets eitherof the following criteria:

It i i Bl ki t t


124/153

It is in a Blocking state(which means discarding, ina stable topology).

It is an edge port.




125/153




126/153




127/153


Switch A has a path to the root via switch B and switch C. A new link is then createdbetween the root and switch A, and both ports are in designated blocking state untilthey receive a BPDU from their counterpart. When a designated port is in a discardingor learning state (and only in this case), it sets the proposal bit on the BPDUs it sendsout. This is what happens for port P0 of the root bridge.

Switch A sees that the proposal BPDU has a superior path cost. It blocks all non-edgedesignated ports other than the one over which the proposal-agreement process are

occurring. This operation is called sync and prevents switches below A from causing aloop during the proposal-agreement process. Edge ports do not have to be blockedand remain unchanged during sync.

Bridge A sends an agreement that allows the root bridge to put root port P0 inforwarding state. Port P1 becomes the root port for A.


Animation 5.4.6.3


128/153


Configuring rapid PVST+


129/153


Design STP for Trouble Avoidance

Know Where the Root Is You now know that the primary function of the STA is to break loops that redundant links

create in bridge networks.


130/153

Generally, choose a powerful bridge in the middle of the network. If you put the rootbridge in the center of the network with a direct connection to the servers and routers,

you reduce the average distance from the clients to the servers and routers.



Minimize the Number of Blocked Ports The only critical action that STP takes is the blocking of ports. A single blocking port

that mistakenly transitions to forwarding can negatively impact a large part of thenetwork


131/153

network.

A good way to limit the risk inherent in the use of STP is to reduce the number of

blocked ports as much as possible.



VTP Pruning Only switch D1 receives unnecessary broadcast and multicast traffic for VLAN

20, but it is also blocking one of its ports for VLAN 30.


132/153

The are three redundant paths between core switch C1 and core switch C2.This redundancy results in more blocked ports and a higher likelihood of a

loop.



Manual Pruning VTP pruning can help, but this feature is not necessary in the core of the

network.


133/153

Only one port is blocked per VLAN.

Hc vi

n m

ng Bch Khoa - Website: www.bkacad.com 133


What is Layer 3 Switch? Layer 3 switching means routing approximately at the speed of

switching. A router performs two main functions:


134/153

g p

It builds a forwarding table. The router generally exchanges

information with peers by way of routing protocols. It receives packets and forwards them to the correct interface

Hc vi

n m

ng Bch Khoa - Website: www.bkacad.com 134

High-end Cisco Layer 3 switches are now able to perform this second

function, at the same speed as the Layer 2 switching function. In thefigure:

There is no speed penalty with the routing hop and an additionalsegment between C1 and C2.

Core switch C1 and core switch C2 are Layer 3 switches. VLAN 20and VLAN 30 are no longer bridged between C1 and C2, so thereis no possibility for a loop.



135/153


Use Layer 3 Switching

The design ensures a convergence that is even faster than convergence with STP. STP no longer blocks any single port, so there is no potential for a bridging loop.

Leaving the VLAN by Layer 3 switching is as fast as bridging inside the VLAN.



136/153


Troubleshoot STP Operation


137/153


Switch or Link Failure

(Animation 5.4.9.1) For some reason port F0/3 on switch S2 fails to receive BPDUs for the Default

max_age time of 20 seconds.


138/153



(Animation 5.4.9.1) For some reason port F0/3 on switch S2 fails to receive BPDUs for the Default

max_age time of 20 seconds.


139/153



Problem During normal operation, bridge B is designated on the link BC.

Bridge B sends BPDUs down to C, which is blocking the port. Thet i bl k d hil C BPDU f B th t li k


140/153

port is blocked while C sees BPDUs from B on that link.

Now, consider what happens if the link BC fails in the direction ofC. C stops receiving traffic from B, however, B still receives trafficfrom C.



Solution: Uses Unidirectional Link Detection feature on switch.


141/153




142/153


PortFast Configuration Error

Problem You typically enable PortFast only for a port or interface that connects

to a host. When the link comes up on this port, the bridge skips the firststages of the STA and directly transitions to the forwarding mode


143/153

stages of the STA and directly transitions to the forwarding mode.


PortFast Configuration Error

Solution

To prevent this situation, most Catalyst switches that run Cisco IOS softwarehave a feature called BPDU guard. BPDU guard disables a PortFast-configured port or interface if the port or interface receives a BPDU.


144/153


Network Diameter Issues

The conservative default values for the STP timers impose a maximum network diameterof seven. When a BPDU propagates from the root bridge toward the leaves of the tree, the age

field increments each time the BPDU goes though a switch. Eventually, the switchdiscards the BPDU when the age field goes beyond maximum age


145/153

discards the BPDU when the age field goes beyond maximum age.


Extra: STP Vulnerabilities


146/153



Activity


147/153



Activity


148/153


Lab - Basic Spanning Tree Protocol


149/153


Challenge Lab Spanning Tree Protocol


150/153


Troubleshooting Spanning Tree Protocol


151/153


Summary


152/153



153/153


ccna exp3 - chapter05 - stp.ppt [compatibility mode]

Documents