ch 3 implementing stp
TRANSCRIPT
-
8/2/2019 Ch 3 Implementing STP
1/79
Implementing Spanning Tree
Ch 3
Topics
Describing STP Transparent Bridges &
Identifying Traffic Loops
802.1D S annin Tree
Implementing MSTP Explaining MSTP & MST Regions
Extended System ID.
Protocol
Root Bridge & Port Roles
Enhancements to STP
Implementing RSTP Rapid Spanning Tree Protocol
RSTP Port States & RSTP PortRoles
Edge Ports & RSTP Link
Interacting Between MST Regionsand 802.1D Networks
MSTP Implementation Commands
Configuring and Verifying MSTP
Spanning Tree Enhancements BPDU Guard
BPDU Filtering
Root Guard
9/3/2011 Ch3 Implementing STP 29/3/2011 2
RSTP BPDU
Proposal and AgreementProcess
RSTP Topology Change
Rapid PVST+ Implementation& Commands
UDLD
Flex Links
Recommended Practices
Troubleshooting STP
-
8/2/2019 Ch 3 Implementing STP
2/79
Spanning Tree History
STP was invented in 1985 by Radia Perlman at the Digital Equipment
Corporation
, .
Common Spanning Tree (CST) -> Cisco PVST+ -> Rapid STP (RSTP)
or IEEE 802.1w -> Cisco PVRST+ -> Multiple Spanning Tree (MST)or IEEE 802.1s -> STP security enhancements
9/3/2011 Ch3 Implementing STP 39/3/2011 3
Overview of the Spanning Tree Protocol
STP functionality of a switch is identical to that of a transparent bridge
Behavior of a switch without spanning tree
Does not modify the frames that are forwarded
Learns addresses by "listening" on a port for the source MAC addressof a device
Builds a MAC address table that indicates which MAC addresses arelearned on specific ports
Switches use this table to forward frames based on the destinationMAC address
Forwards packets with a destination multicast or broadcast MACaddress out all ports except for the port that initially received the
9/3/2011 Ch3 Implementing STP 49/3/2011 4
broadcast Referred to as flooding
Forwards a frame out all ports except for the port it entered if thedestination MAC address is unknown
Referred to as unknown unicast packets
-
8/2/2019 Ch 3 Implementing STP
3/79
Functions of a Bridge
Flooding
Filtering
Learning
Aging
9/3/2011 Ch3 Implementing STP 59/3/2011 5
Transparent Bridging
Switch treats each port as anindividual segment
Both ports belong to the
domain
Switch learns the MACaddresses Station A on port 1/1
Station B on port 1/2
Transparent to the attacheddevices
Allows bridges to forward
9/3/2011 Ch3 Implementing STP 69/3/2011 6
different packet types Without redundant links,
transparent bridging works
Problems, as soon as bridgednetworks have redundantpaths
-
8/2/2019 Ch 3 Implementing STP
4/79
Loop Behavior B will receive 2 copies
of frame from A
Each bridge will alsoreceive the others copy
ac r ge wupdate its table to saythat A is on LAN Y Neither bridge can
forward a packet to A
If Bridges dont knowwhere B is, each will
9/3/2011 Ch3 Implementing STP 79/3/2011 7
flood it, then receive itfrom the other and
transmit it back onLAN X This can repeat
indefinitely
Bridges with Loops1. Station A sends a frame to
station D. Both forward theframe and update theirtables based on the sourceaddress A.
2. Now there are two copiesof the frame on LAN 2.
The copy sent out bybridge 1 is received bybridge 2 and is flooded
The copy sent out bybridge 2 is received bybridge 1 and is flooded
Note that each frame ishandled separately
The tables of both bridgesare updated, but still thereis no information for
9/3/2011 Ch3 Implementing STP 89/3/2011 8
.
3. Now there are two copiesof the frame on LAN 1.Step 2 is repeated, and bothcopies flood the network.
4. The process continues onand on.
-
8/2/2019 Ch 3 Implementing STP
5/79
Spanning Tree Protocol (STP)
Part of 802.1d bridging specification
Can convert a loop into a tree by disabling links
.
Physical Network includes all connected bridges and Ports
Active Network are the paths that are in use
Inactive Routes are ports of Bridges in a blocking state Would form an illegal path if active
Can be placed in an active state if a primary route should fail
From Gra h Theor :
9/3/2011 Ch3 Implementing STP 99/3/2011 9
For any Connected Graph, consisting of nodes and edges, there is aspanning tree of edges that maintains the connectivity of the graph
but contains no closed loops
Removal of certain edges forms a structure that spans orconnects subnetworks
Spanning Trees
9/3/2011 Ch3 Implementing STP 109/3/2011 10
-
8/2/2019 Ch 3 Implementing STP
6/79
Preventing Bridging Loops with STP
STA Spanning TreeAlgorithm
To find the redundant links
point
Locates the redundant pathsto that reference point
Reference point is the root ofthe spanning tree
If the STA finds a redundantpath Selects a single path back
9/3/2011 Ch3 Implementing STP 119/3/2011 11
Blocks any otherredundancy paths
STP puts one of the switchports in blocking mode Preventing the bridging
loop
Blocked port continues toreceive bridge protocol dataunits (BPDU)
Switch forwards through thatport if a failure occurs on thecurrent forwarding link
Spanning Tree Example
9/3/2011 Ch3 Implementing STP 129/3/2011 12
was se ecte as root an t e spann ng tree wascreated from that root
-
8/2/2019 Ch 3 Implementing STP
7/79
STP (IEEE 802.1D)
STP uses the concepts of root bridges, root ports, and designated ports
Basic STP is defined in the STP-defining IEEE 802.1D
Bridge Identifier
,a bridge ID
2-byte priority value and the 6-byte MAC address make up the bridge ID
Default priority specified by IEEE 802.1D
32,768 (1000 0000 0000 0000 in binary, or 0x8000 in hex)
Midpoint value of possible values from 0 through 65,535
Bridge ID is always unique by virtue of a unique MAC address
9/3/2011 Ch3 Implementing STP 139/3/2011 13
STP Concepts
Layer 2 information between adjacent switches byexchanging bridge protocol data unit (BPDU)messages
Single root bridge is chosen to serve as thereference point
Each switch, except for the root bridge, selects a
9/3/2011 Ch3 Implementing STP 14
roo por a prov es e es pa o e roobridge
On the link between the two nonroot switch ports, aport on one switch becomes a designated port, andthe port on the other switch is in a blocking stateand does not forward frames
Typically, the designated port is on the switch withthe best path to the root bridge
-
8/2/2019 Ch 3 Implementing STP
8/79
Spanning-Tree Path Cost
Spanning-tree path cost is an accumulated total path cost based on
the bandwidth of all the links in the path Specified in the IEEE 802.1D specification
Prior to 802.1D-1998, different media, such as FDDI, ATM-155, and- , a to manua y sca e costs
Revised path cost of IEEE 802.1D-1998
Older specification calculated cost based on 1000-Mbps bandwidth
New specification adjusts the calculation by using a nonlinear scale toaccommodate higher-speed interfaces
Link S eedCost (Revised IEEE
S ecCost (Previous IEEE
S ec
9/3/2011 Ch3 Implementing STP 159/3/2011 15
10 Gbps 2 1
1 Gbps 4 1100 Mbps 19 10
10 Mbps 100 100
Bridge Protocol Data Units
Switches exchange control messages: BPDUs
Relay LAN topology information to other switches Refreshed at regular intervals 2 seconds by default
Multicast destination address for BPDUs is 01-80-c2-00-00-00
BPDUs are used to Elect a root bridge
Determine the location of redundant paths
Block certain ports to prevent loops
Notify the network of topology changes
Monitor the state of the spanning tree
Two types of BPDUs
Configuration BPDU
9/3/2011 Ch3 Implementing STP 169/3/2011 16
ent at per o c nterva s y t e root r ge on a ts ports Includes the STP parameters guarantees no mismatch in the timers
Used to elect the root bridge and to keep the topology stable
If not received from the root topology change may occur
Topology Change Notification (TCN) BPDU Generated by the switch when it detects a topology change
-
8/2/2019 Ch 3 Implementing STP
9/79
BPDUs
Two types: Configuration and TopologyChange Notification
Transmission of configuration BPDU istriggered by the root bridge Or one that considers itself the root
Passed by each bridge onto a LAN that it considersitself to be the designated bridge
Cascades throu hout the s annin tree
9/3/2011 Ch3 Implementing STP 179/3/2011 17
Collection is referred to as aconfiguration message
If a port does not receive a configurationmessage in its root port and times out, it willchange the topology and send a topologychange notification BPDU
Key BPDU Information
Root ID: The lowest bridge ID (BID)in the topology
Cost of path: Cost of all links from thetransmitting switch to the root bridge
BID: BID of the transmitting switch
Port ID: Transmitting switch port ID
STP timer values: Maximum age,hello time, forward delay
BPDUs contain the requiredinformation for STP configuration
9/3/2011 Ch3 Implementing STP 189/3/2011 18
0x00, and it uses the multicast MACaddress 01-80-C2-00-00-00
-
8/2/2019 Ch 3 Implementing STP
10/79
STP Root Bridge
9/3/2011 Ch3 Implementing STP 19
Startup
9/3/2011 Ch3 Implementing STP 20
-
8/2/2019 Ch 3 Implementing STP
11/79
Root Bridge Election
On boot up a switch assumes that it is the root bridge and sets the
bridge ID equal to the root ID Bridge ID is always unique by using a unique switch MAC address
Used to determine which switch becomes the root bridge
By exchanging BPDUs the switches determine which switch is the root
Example of the combination of the priority and bridge ID
08.00.00.00.0c.12.34.56
First 2 bytes are the priority
Last 6 bytes are the MAC address of the switch
Both switches are using the same default priority
Lowest MAC address becomes the root bridge
Ch3 Implementing STP9/3/2011 219/3/2011 21
PVST Extension to BID
Spanning tree operation requires that each switch have a
unique BID
n t e or g na . stan ar , t e was compose o
the Priority Field and the MAC address of the switch
All VLANs were represented by a CST (Common Spanning Tree)
PVST (Per VLAN Spanning Tree) requires separate
instance of spanning tree for each VLAN
BID field is required to carry VLAN ID (VID) information
9/3/2011 Ch3 Implementing STP 22
Accomp s e y reus ng a port on o t e r or ty e as t eextended system ID
-
8/2/2019 Ch 3 Implementing STP
12/79
MAC Address Allocation and Reduction
Catalyst switches typically have a pool of up to 1024 MACaddresses some have fewer Pool acts as the MAC address com onent of the brid e IDs for
VLAN spanning trees
Number of MAC addresses available depends on the switch model
Switch allocates MAC addresses sequentially First MAC address in the range assigned to VLAN 1
Second MAC address in the range assigned to VLAN 2 and so on
Assigns the Supervisor Engine in-band (sc0) management interfacethe last MAC address in its ran e
9/3/2011 23
Some switches that have fewer MAC addresses than the
number of supported VLANs MAC address reduction feature is the solution Catalyst 6500 supports up to 4094 VLANs: needs MAC address
reduction to support 4094 STP instances
Implementing STP9/3/2011 23Ch3 Implementing STP
Extended System ID
802.1D 16-bit Brid e Priorit field is s lit into two fields
9/3/2011 24
Bridge Priority: 4-bit field that carries the bridge priority Priority is conveyed in discrete values in increments of 4096 rather than
discrete values in increments of 1
Default priority is 32,768, which is the mid-range value
Extended System ID: 12-bit field that carries the VID for PVST
MAC address: A 6-byte field with the MAC address of a singleswitch
Implementing STP9/3/2011 24Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
13/79
Priority Values for Extended System ID
9/3/2011 25Ch3 Implementing STP9/3/2011 25
Bridge ID with MAC Address Reduction
Bridge ID contains an additional field called the system IDextension System ID extension with the bridge priority functions as the
un que ent er or a or an nstance seelater
Always the number of the VLAN or the MST instance
System ID extension for VLAN 100 is 100, and the system IDextension for MST instance 2 is 2
Bridge priority becomes a multiple of 4096 plus the VLANID if MAC address reduction is enabled
9/3/2011 26
w c can spec y e sw c pr or y on y as a mu p e o Only the following values are possible: 0, 4096, 8192,
12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960,45056, 49152, 53248, 57344, and 61440
Implementing STP9/3/2011 26Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
14/79
Root Bridge Election
9/3/2011 27Implementing STP9/3/2011 27Ch3 Implementing STP
Configuring the Root Bridge
Configure a switch to become the root bridge for a VLAN
Lower its priority from the default value
spanning-tree vlan vlan-idpriority value
Suggest a root priority value of4096 to for the root bridge
Secondary root bridge
Priority between the value of the root bridge (4096) and the default value(32,768)
Generally the priority value 8192 is used
Automatically detect the current root switch and lower the priorityvalue of the respective switch so that it becomes the root
spanning-tree vlan vlan-id root primary
9/3/2011 28
but a higher value than the current root
spanning-tree vlan vlan-id root secondary
Ch3 Implementing STP9/3/2011 28
-
8/2/2019 Ch 3 Implementing STP
15/79
Root Bridge Commands
9/3/2011 Ch3 Implementing STP 29
Planning Root Bridge Selection Locate the root bridge in the
center of the network
Keep path costs minimal
Traditional STP does not allow
Bridge priority does notguarantee a bridge will be root
If a new switch with a lowerbridge ID connects
STP topology changes
Cisco root guard feature
Protects switch from accepting
9/3/2011 30
etter s on spec ca yconfigured ports
Enable root guard on
Access-layer client ports
Distribution switch portsleading to the access switches
Implementing STP9/3/2011 30Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
16/79
Spanning-Tree Port States and BPDUTimers
Propagation delays exist in switched networks Topology changes occur at different times and at different segments
Ports wait for new topology information to propagate before starting to
Five states for Layer 2 interface
Blocking interface does not participate in frame forwarding butlistens to incoming BPDUs Does not learn MAC addresses of received frames
Listening switch resolves the root and selects the root port, thedesignated port, and the nondesignated ports Does not learn the unicast address of any received frames
9/3/2011 Ch3 Implementing STP 319/3/2011 31
Learns MAC addresses of incoming frames but does not forward frames
Forwarding interface forwards frames
Port learns source MAC addresses and forwards frames based on thedestination MAC address
Disabled interface does not participate in spanning tree and does notforward frames
Three Timers In BPDU Frames
Hello time between each BPDU that is sent on a port by
the root bridge
secon s y e au u con gura e e ween an
Forward delay in the listening and learning states
Default is 15 seconds but is configurable between 4 and 30
Max age maximum length of time a bridge port saves its
configuration BPDU information
20 seconds by default but is configurable between 6 and 40
9/3/2011 Ch3 Implementing STP 329/3/2011 32
Spanning-tree topology of the network adheres to thetimers of the root bridge
Root bridge passes the times in BPDUs to all switches
-
8/2/2019 Ch 3 Implementing STP
17/79
STP State Machine
9/3/2011 Ch3 Implementing STP 339/3/2011 33
State Transitions
When powered on bridge assumes it is the root bridge Transitions to the listening state
Two transitions occur when a bridge sees a change in topology Port implements listening and learning states for the forward delay
During the listening state the bridge processes the BPDU received Ports that remain as designated or root ports transition to the learning state
after the forward delay
Ports that are not the designated or root ports transition back to theblocking state
Port in the learning state populates its MAC address table Does not forward user data frames
Learning state lasts the value of the forward delay timer
9/3/2011 Ch3 Implementing STP 349/3/2011 34
If a port is a designated or root port at the end of the learning statethe port transitions to the forwarding state Capable of sending and receiving user data
Ports that are not the designated or root ports transition back tothe blocking state
-
8/2/2019 Ch 3 Implementing STP
18/79
State Transitions
9/3/2011 Ch3 Implementing STP 359/3/2011 35
Typical 30+ seconds before forwarding
STPOperation
1. Elects one root bridge per VLAN based on lowest priority All ports designated ports send and receive traffic and BPDUs
2. Selects the root port on all nonroot bridges lowest-cost path to the root Root ports send and receive traffic
If equal-cost paths to the root selects the port that connects to the lowest bridgeID
If all bridge IDs are the same bridge selects the lowest port ID
From switch Y the lowest-cost ath to the root is throu h the Fast Ethernet
9/3/2011 Ch3 Implementing STP 369/3/2011 36
3. Selects the designated port on each segment on the bridge with thelowest path cost to the root Designated port for both segments is on the root bridge
10BASE-T port on switch Y is a nondesignated port and Blocks
Switch chooses a designated port as the least-cost path to the root bridge
Bridge ID acts as the tiebreaker
-
8/2/2019 Ch 3 Implementing STP
19/79
Enforcing the Topology
Place the root bridge manually in the Building Distribution
Submodule
eeps e orwar ng opo ogy op ma
Even if the administrator sets the root bridge priority to 0
No guarantee of security of the root bridge position
Selecting the root bridge and enforcing the topology is
vital to complex networks
Step 1. Configure the root and secondary root bridges
9/3/2011 Ch3 Implementing STP 379/3/2011 37
Step 2. Set the port priorities
Step 3. Set the port costsStep 4. Enable root guard on access-layer switches (see later)
Selection of Root and Designated Port on
Nonroot Bridges Five criteria in the decision-making process
Lowest root bridge ID
Lowest ath cost to the root brid e
Lowest sender bridge ID
Lowest port priority
Lowest port ID
Determining the root port of a switch that has equal-costpaths to the root STP looks at the bridge ID of the switches that sent the BPDUs
9/3/2011 Ch3 Implementing STP 389/3/2011 38
equa , oo s at t e pr or ty o t e ports Port with the lowest port priority (cost) would be selected as the
root port
If equal, STP uses the port identifiers and selects the port with thelowest port priority as the root port
-
8/2/2019 Ch 3 Implementing STP
20/79
STP Root Port Selection
Switch Y receives a BPDU from the root switch X From a Fast Ethernet segment
From an Ethernet se ment
Root path cost in both cases is 0
Local path cost on the Fast Ethernet port is 19
Local path cost on the Ethernet port is 100
Port on the Fast Ethernet segment has the lowest path costto the root bridge and is elected the root port for switch Y
9/3/2011 Ch3 Implementing STP 399/3/2011 39
STP Designated Port Selection
STP selects one designated port per segment to forward traffic Other ports on the segment receive traffic but do not forward
Elects the port on the segment with the lowest path cost to the root
If multiple ports on the same bridge have the same cost, the port withthe lowest port priority is chosen
If the port priority is the same, then the port with the lowest port IDbecomes the designated port
Because all ports on the root bridge have a root path cost of 0 STP designates all ports on the root bridge as designated ports
Root bridge ports act as designated ports in both the segments
9/3/2011 Ch3 Implementing STP 409/3/2011 40
-
8/2/2019 Ch 3 Implementing STP
21/79
Primary and Backup Root Bridges
For each VLAN the switch with the lowest bridge IDbecomes the root bridge for that VLAN
Choose a centrally located or core switch in the network
Has enough CPU power and switching capacity to forward trafficbetween various distribution-layer and access-layer switches
Backup or secondary root bridges are selected in the eventof a failure of the primary root bridge Selection is done intentionally
9/3/2011 Ch3 Implementing STP 419/3/2011 41
t pr mary root r ge a ure t e new root r ge s stcentrally located
In a production network Backup root bridge must have the same capacity as the primary
No degradation of performance with a primary root bridge failure
Sample Scenario of STP Election Process
Root Bridge Selection
9/3/2011 Ch3 Implementing STP 429/3/2011 42
Bridge with the lowest MAC address becomes the root bridge
ASW11 is the root bridge with a bridge ID of 00:00:0c:aa:aa:aa
Other two switches are non-root bridges
Root bridges designate all ports as designated ports
-
8/2/2019 Ch 3 Implementing STP
22/79
Root Port Selection
DSW111 and DSW112 are non-root bridges Each elects a single root port
9/3/2011 Ch3 Implementing STP 439/3/2011 43
ece ve a on segment or or segment orDSW112 Root path cost of 0, local path cost of 19, total cost of 19
Also receive a BPDU from the other on segment 3 Root path cost of 19, local path cost of 100
Switch elects the port on segment 1 for DSW111 or segment 2 forDSW112 as the root port
Designated PortSelection
Port on either DSW111 or DSW112 ends up as designated port for segment 3
DSW111 and DSW112 examine the root bridge ID in the BPDUs Root bridge IDs are the same
9/3/2011 Ch3 Implementing STP 449/3/2011 44
econ step t e r ges exam ne t e root pat cost Cost is the same for both ports
Third step is to check the sender bridge ID Both bridges have the same priority, so the bridge with the lower of the two MAC
addresses has the lowest bridge ID, DSW111
Port on DSW111 becomes the designated port on segment 3
Port on DSW112 becomes the non-designated port put into blocking state
-
8/2/2019 Ch 3 Implementing STP
23/79
Recall that switches go through three steps for their initial convergence:STP ConvergenceSTP Convergence
Step 1 Elect one Root Bridge
STP Convergence: Summary
Step 3 Elect Designated Ports
Also, all STP decisions are based on a the following predeterminedsequence:
FiveFive--Step decision SequenceStep decision Sequence
Step 1 - Lowest BID
Ste 2 - Lowest Path Cost to Root Brid e
Step 3 - Lowest Sender BID
Step 4 Lowest Port Priority
Step 5 - Lowest Port ID
9/3/2011 45Ch3 Implementing STP
STP Example Physical Topology
9/3/2011 Ch3 Implementing STP 469/3/2011 46
-
8/2/2019 Ch 3 Implementing STP
24/79
Active Topology After STP
RPC=4RPC=2
RPC=4
9/3/2011 Ch3 Implementing STP 479/3/2011 47
RPC=2
Another
TreeExampleNetwork
9/3/2011 Ch3 Implementing STP 489/3/2011 48
From 802.1d Spec
-
8/2/2019 Ch 3 Implementing STP
25/79
ResultantSpanning
ree
9/3/2011 Ch3 Implementing STP 499/3/2011 49
STP Topology Changes Bridge sends the TCN BPDU if either:
Port in forwarding or listening state transitions to blocking (link failure)
Port moves to forwarding state and the bridge already has a designatedport
Non-root bridge receives a TCN on its designated port
TCN is a simple BPDU with three fields Same as the first three fields of a configuration BPDU
Type field in a TCN BPDU is 0x80
Designated bridge receives the TCN and acknowledges it Sends back a configuration BPDU with the Topology Change
Acknowledgement (TCA) bit set
Bridge notifying change continues TCN BPDU until the designated bridgeacknowledges it
Desi nated brid e enerates another TCN for its own root ort
9/3/2011 Ch3 Implementing STP 509/3/2011 50
So on until the TCN BPDU reaches the root bridge
Root bridge is aware there has been a topology change in the network Starts sending out its configuration BPDUs with the Topology Change
(TC) bit set
Every bridge in the network relays these BPDUs with this bit set
Each bridge reduces its MAC address table aging time to the value ofthe forward delay timer
-
8/2/2019 Ch 3 Implementing STP
26/79
Topology Change Notification fromSource Bridge
Link to Switch a
9/3/2011 Ch3 Implementing STP 519/3/2011 51
Root Switch Sets TC Flag Due to TCN
9/3/2011 Ch3 Implementing STP 529/3/2011 52
-
8/2/2019 Ch 3 Implementing STP
27/79
Steps from Sample TCN
1. Switch B notices link failure has occurred when switch A fails
2. Switch B sends a TC BPDU out the root port Continues to send the TC BPDU until switch C responds with a TCA
3. Switch C sends a TCA to switch B Sends a TC BPDU out the root port
Propagation TCN
4. When the root switch receives the topology change message Acknowledges the TC BPDU with a TCA to the sending bridge
5. Root switch changes its configuration BPDU to indicate topology change Sets the topology change for a period equal to the sum of the the forward delay
timer and the max age timer
6. Switch receiving the TC configuration BPDU message from the root switch
9/3/2011 Ch3 Implementing STP 539/3/2011 53
uses the value of the forward delay timer to age out entries in the address table Age out MAC address entries faster than the 300-second default
Ensures MAC addresses no longer available due to the topology change age outquickly
Switch continues until it no longer receives TC BPDU messages from the root
Enhancements to STP
9/3/2011 Ch3 Implementing STP 54
-
8/2/2019 Ch 3 Implementing STP
28/79
Per VLAN Spanning Tree Plus
PVST+ maintains a separate spanning-tree instance for each
VLAN By default a single spanning tree runs on each VLAN
STP enabling and disabling on a per-VLAN basis
.proprietary features
PVST+ provides for load balancing on a per-VLAN basis Allows creation of different logical topologies using the VLANs on a
switched network
Ensure that all links can be used and that one link is not oversubscribed
Typical Building Access submodule switch connected to two BuildingDistribution submodule switches One Building Distribution submodule switch is root for one VLAN
9/3/2011 Ch3 Implementing STP 559/3/2011 55
Other Building Distribution submodule switch is root for the secondVLAN
Building Access submodule switch in this scenario would use both thelinks, one for each VLAN, achieving load balancing
Each instance of PVST+ on a VLAN has a single root bridge Provide different STP root switches per VLAN
Allows for the load balancing of root bridge responsibilities and link paths
PVST+
One s annin -tree instance exists for the rimar VLAN
9/3/2011 Ch3 Implementing STP 569/3/2011 56
Second instance for the alternate VLAN Single switch and a single trunking port can serve different roles for each VLAN
On the access-layer switch, a port forwards for one VLAN while blocking forthe other VLANs
Desired STP configuration and resulting layer 2 topology is not necessarilyautomatic
Network administrator needs to plan and configure manually
-
8/2/2019 Ch 3 Implementing STP
29/79
PVST+ Load Balancing Scenario
PVST+ is implemented for ten VLANs
9/3/2011 Ch3 Implementing STP 579/3/2011 57
Each port is participating in all ten VLANs
Actively forwarding traffic for only half of them
Each switch maintains ten spanning-tree instances
Configuring the Basic Parameters of
PVST+
Default mode for STP on Catalyst switches is
PVST+
Possible to disable STP on a per-VLAN basis
Enable STP:
spanning-tree vlan vlan-id
9/3/2011 Ch3 Implementing STP 589/3/2011 58
-
8/2/2019 Ch 3 Implementing STP
30/79
Configuring Port Cost
Assign lower cost values to interfaces to make spanningtree select those first
STP uses the port cost value when the interface is anaccess port
Uses VLAN port cost values when the interface is a trunkport
9/3/2011 Ch3 Implementing STP 599/3/2011 59
Verifying the STP Configuration Display the STP information for a specific VLAN
show spanning-tree vlan vlan-id
Priority field is 8193 even though the configured priority value is 8192
Switch uses MAC address reduction feature
r or ty e s nc u e t e n ormat on + =
9/3/2011 Ch3 Implementing STP 609/3/2011 60
??
-
8/2/2019 Ch 3 Implementing STP
31/79
How can
9/3/2011 Ch3 Implementing STP 619/3/2011 61
Arent all ports
Of a root bridgeDesignatedPorts?
Detailed STP Information for a Trunk
Interface
9/3/2011 Ch3 Implementing STP 629/3/2011 62
-
8/2/2019 Ch 3 Implementing STP
32/79
Spanning-Tree Bridge Information
show spanning-tree bridge
VLANs
9/3/2011 Ch3 Implementing STP 639/3/2011 63
IEEE Documents on STP
9/3/2011 Ch3 Implementing STP 64
-
8/2/2019 Ch 3 Implementing STP
33/79
Rapid Spanning Tree Protocol
Rapid Spanning Tree Protocol (IEEE 802.1w referred to as RSTP) Significantly speeds recalculation of spanning tree with topology
changes
Defines additional port roles of Alternate and Backup
Defines three port states: discarding, learning, or forwarding
Cisco enhanced 802.1D with features such as UplinkFast,BackboneFast, and PortFast to speed up the convergence time
Proprietary and need additional configuration
IEEE 802.1w standard (RSTP) is an evolution of 802.1D standard
802.1D terminology primarily the same and most parameters areunchan ed
9/3/2011 Ch3 Implementing STP 659/3/2011 65
In most cases RSTP performs better than the Cisco proprietaryextensions
802.1w is capable of reverting to 802.1D to interoperate with legacybridges on a per-port basis
Reverting negates the benefits of 802.1w for that segment
RSTP
RSTP selects one switch as the root of an active topology
Assigns port roles to individual ports on the switch
rov es rap connect v ty o ow ng t e a ure o a
switch, port, or LAN
New root port and the designated port of the connecting
bridge transition to forwarding through an explicit
handshake protocol
Allows switch-port configuration
9/3/2011 Ch3 Implementing STP 669/3/2011 66
Ports transition to forwarding directly when the switch reinitializes
Cisco Catalyst switches RPVST+ is the per-VLAN version
of the RSTP implementation
Current generation Catalyst switches support RPVST+
-
8/2/2019 Ch 3 Implementing STP
34/79
RSTP Ports
9/3/2011 Ch3 Implementing STP 67
RSTP Port States Three port states in RSTP:
Discarding
Learning
Forwarding
Discardin state is a mer er of Disabled
Blocking
Listening
STP mixes the state of a port withthe role it plays in the activetopology
RSTP considers no differencebetween a port in blocking state
an a por n s en ng s a e: odiscard frames, and neither learnsMAC addresses
RSTP decouples therole of aport from thestate of a port
9/3/2011 Ch3 Implementing STP 68
-
8/2/2019 Ch 3 Implementing STP
35/79
RSTP Operation Port StatesPort State Description
DiscardingThis state is seen in both a stable active topology and during topology
synchronization and changes. The discarding state prevents the forwarding of data
frames, thus breaking the continuity of a Layer 2 loop.
Learning This state is seen in both a stable active topology and during topologys nchronization and chan es. Thelearnin state acce tsdataframesto o ulate the .
MAC table to limit flooding of unknown unicast frames.
Forwarding This state is seen only in stable active topologies. The forwarding switch portsdetermine the topology. Following a topology change, or during synchronization, the
forwarding of data frames occurs only after a proposal
and agreement process.
Operational Status STP Port State RSTP Port State Port Included in
Active Topology
Enabled Blocking Discarding No
Enabled Listening Discarding No
Enabled Learning Learning Yes
Enabled Forwarding Forwarding Yes
Disabled Disabled Discarding No
9/3/2011 Ch3 Implementing STP 69
RSTP Port Roles
Port role defines
Purpose of a
switch port
The way it
handles data
frames
Port roles and
port states
transition
inde endent
of each other
9/3/2011 Ch3 Implementing STP 709/3/2011 70
Different switch Same switch
-
8/2/2019 Ch 3 Implementing STP
36/79
RSTP Operation Port Roles
STP Port Role RSTP PortRole STP PortState RSTPPortState
Root port Root port Forwarding Forwarding
Desi nated ort Desi nated Forwardin Forwardin
port
Nondesignated
port
Alternate or
backup port
Blocking Discarding
Disabled Disabled - Discarding
Transition Transition Listening
Learning
Learning
9/3/2011 Ch3 Implementing STP 719/3/2011 71Ch3 Implementing STP
RSTP Port Roles
Root closest port to the root bridge in terms of path cost Single root bridge for the whole bridged network
Root brid e is the onl brid e that does not have a root ort
Designated port bridge sending the best BPDU is thedesignated bridge for the segment Corresponding port on that bridge is the designated port
Alternate port blocked from receiving root BPDUsfrom another bridge
Becomes the designated port if the active designated port fails
9/3/2011 Ch3 Implementing STP 729/3/2011 72
Backup port blocked from receiving root BPDUs fromthe designated port for a shared LAN segmentfrom thesame bridge on which the port is located
Becomes the designated port if the existing designated port fails
Disabled port has no role within spanning tree
-
8/2/2019 Ch 3 Implementing STP
37/79
RSTP Port Roles
9/3/2011 Ch3 Implementing STP 739/3/2011 73
Rapid Transition to Forwarding
Most important feature of 802.1w
RSTP actively confirms that a port transition to forwarding is safewithout relying on a timer configuration
Relies upon two new variables
Link type
Ports directly connected to end stations cannot create bridgingloops (edge ports) Transition directly to forwarding skipping the listening and learning stages
Designate edge ports through manual configuration
Does not generate a topology change when its link transitions
If an edge port receives a BPDU it immediately becomes a normalspanning-tree port
9/3/2011 Ch3 Implementing STP 749/3/2011 74
RSTP ports are able to achieve rapid transition to forwarding onedge ports and point-to-point links Most switch-to-switch links are point-to-point
Switches automatically derive the link type from the duplex mode of aport
Rapid transition to the forwarding state for the designated port occursonly if the link type parameter indicates a point-to-point link
-
8/2/2019 Ch 3 Implementing STP
38/79
RSTP Operation Rapid Transition toForwarding Link Type
Link
Type
Description
Point-to-
point
Port operating in full-duplex
mode. It is assumed that the
port is connected to a single
switch device at the other end
of the link.
Shared Port operating in half-duplex
mode. It is assumed that the
media where multiple
switches might exist.
9/3/2011 75Ch3 Implementing STP
RSTP Operation Rapid Transition to
Forwarding Edge Ports RSTP edge port is a switch port that is
never intended to be connected to
another switch device
forwarding state when enabled
Neither edge ports nor PortFast-enabled
ports generate topology changes when
the port transitions
Unlike PortFast, an edge port that
receives a BPDU immediately loses its
ed e ort status and becomes a normal
spanning-tree port
When an edge port receives a BPDU, it
generates a topology change
notification (TCN)
9/3/2011 76Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
39/79
RSTP BPDU Format and BPDU Handling RSTP introduces a changes to the BPDU
In 802.1D only 2 bits in the Type field were used TC and TC Acknowledgement
RSTP uses all 6 remaining bits of the flag byte
nco e e ro e an s a e o e por or g na ng e
Handle the proposal and agreement mechanism
RSTP BPDU is now of type 2, version 2
9/3/2011 Ch3 Implementing STP 779/3/2011 77
BPDU Generation
802.1D non-root bridge generates a BPDU only when itreceives one on its root port
-.
If a port receives no BPDUs for three consecutive hellotimes Bridge immediately ages out protocol information
Immediate aging also happens if the max age timer expires
In RSTP, transmissions of BPDU act as keep-alivemechanisms
9/3/2011 Ch3 Implementing STP 789/3/2011 78
Bridge has lost connectivity if it misses three BPDUs in a row Fast aging of the information allows quick failure detection
In RSTP mode switches detect physical link failures muchfaster than in 802.1D
-
8/2/2019 Ch 3 Implementing STP
40/79
Proposal and Agreement in RSTP
Transition on point-to-point ports is rapid
Bridge A and bridge B connect through port a on bridge A and port bon bridge B Bridge A is the root because of its superior BPDUs
1. Ports a and b, the designated ports, start in discarding or learning stateand send BPDUs with the proposal bit
2. Port b receives the superior BPDU from bridge A and immediatelyknows that port b is the new root port
3. Bridge B sends a BPDU back to bridge A with the agreement bit set inthe BPDU
4. Bridge A transitions to forwarding as soon as it receives the BPDUwith the agreement bit set from bridge B
9/3/2011 Ch3 Implementing STP 799/3/2011 79
RSTP Proposal and Agreement Process Switch A has a path to the root via
switch B and switch C
New link is added between the rootand switch A
Both ports are in blocking state untilthey receive a BPDU
Port P0 of the root bridge sets theproposal bit on the BPDUs it sendsout.
Switch A sees that the proposalBPDU has a superior path cost
It blocks all non-edge designatedports other than the one over whichthe proposal-agreement process areoccurring called sync andprevents switches below A fromcausing a loop during the proposal-
9/3/2011 Ch3 Implementing STP 809/3/2011 80
agreemen process
Edge ports do not have to beblocked and remain unchangedduring sync
Bridge A sends an agreement thatallows the root bridge to put rootport P0 in forwarding state
Port P1 becomes the root port for A
-
8/2/2019 Ch 3 Implementing STP
41/79
Downstream Proposal and Agreement
Switch B on P5 will see that switchA is discarding and will alsotransition to the designateddiscarding state
Switch A sends its proposal BPDUdown to B with the root ID of theroot bridge
Switch B sees a proposal with thesuperior BPDU from A and blocks
9/3/2011 Ch3 Implementing STP 819/3/2011 81
all non-edge
Switch B sends a BPDU with theagreement bit set, and switch A P3transitions to forwarding state
The synchronization processcontinues with switchesdownstream from B
RSTP Topology Change Mechanism
Only non-edge ports moving to the forwarding state cause atopology change
Loss of connectivity does not generate a topology change
Port moving to blocking does not cause the bridge to generate a TCBPDU
RSTP bridge detects a topology change
1. Starts the TC While timer with a value equal to twice the hello timefor its non-edge designated ports and its root port
Interval during which the RSTP bridge actively informs the rest of thebridges of a topology change
9/3/2011 Ch3 Implementing STP 829/3/2011 82
2. Flushes the MAC addresses associated with all non-edge ports3. TC While timer running on a port:
BPDUs sent out of that port have the TC bit set
Bridge sends BPDUs even on the root port
-
8/2/2019 Ch 3 Implementing STP
42/79
Topology Change Mechanism in RSTP
9/3/2011 Ch3 Implementing STP 839/3/2011 83
Topology Change Propagations
Bridge receives a BPDU with the TC bit set from a neighbor
1. Clears the MAC addresses learned on all its ports except theone that received the topology change
2. Starts the TC While timer and sends BPDUs with TC set onits designated ports and root port RSTP does not use the specific TCN BPDU anymore unless a legacy
bridge needs to be notified.
Topology Change Notification is flooded very quickly Propagation is a one-step process
9/3/2011 Ch3 Implementing STP 849/3/2011 84
Initiator of the topology change is flooding this information throughoutthe network
802.1D only the root sends BPDUs with the TC bit set
In RSTP there is no need to wait for the root bridge to benotified
-
8/2/2019 Ch 3 Implementing STP
43/79
RSTP TC Actions Summary
9/3/2011 Ch3 Implementing STP 859/3/2011 85
RSTP and 802.1D STP Compatibility
RSTP can operate with 802.1D STP
802.1ws fast-convergence benefits are lost when
interacting with 802.1D bridges
Each port maintains a variable that defines the
protocol to run on the corresponding segment
If the port receives BPDUs that do not correspond to its
current operating mode for two times the hello time, it
Default STP Configuration on Cisco Switch
PVST+
Bridge priority 32,768 for each VLAN
9/3/2011 86Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
44/79
PortFast Spanning Tree PortFast causes an interface configured as an access
port to enter the forwarding state immediately
Bypasses the listening and learning states
Enable on Layer 2 access ports connected to a single workstation orserver
Server and workstation are attached to an access switch through portsthat have the PortFast feature enabled
9/3/2011 Ch3 Implementing STP 87
STP State Machine with PortFast
9/3/2011 Ch3 Implementing STP 88
STP state jumps directly from blocking to forwarding
without going through the listening and learning state
PortFast suppresses topology change notifications
-
8/2/2019 Ch 3 Implementing STP
45/79
Configuring the PortFast Feature Globally
On Building Access submodule switches enable PortFastgloballyspanning-tree portfast default
No need to ex licitl enable PortFast on each ort
Explicitly disable PortFast on uplink ports
[no] spanning-tree portfast
9/3/2011 Ch3 Implementing STP 89
Configuring PortFast on Trunk Ports Use the spanning-tree portfast trunk interface
command to enable the PortFast feature on a trunk port.
w c con g spann ng- ree por as run
9/3/2011 Ch3 Implementing STP 90
-
8/2/2019 Ch 3 Implementing STP
46/79
Configuring Access Port Macro
Use the switchport host macro command on an interfaceconnecting to an end station
PortFast is a highly recommended configuration on end-userports and server ports
Disable negotiation of channeling and trunking
To place an interface into this desired configurationswitchport host
Switch(config-if)# switchport host
switchport mode will be set to access
spann ng- ree por as w e ena e
channel group will be disabled
Switch(config-if)# end
Switch#
9/3/2011 Ch3 Implementing STP 91
Implementing PVRST+
1. Enable PVRST+ globally. PVRST+ should be configured on all switches in
t e roa cast oma n2. Designate and configure a switch to be the root bridge.
3. Designate and configure a switch to be the secondary (backup) root bridge.
4. Ensure load sharing on uplinks using priority and cost parameters.
5. Verify the configuration.
9/3/2011 Ch3 Implementing STP 929/3/2011 92
-
8/2/2019 Ch 3 Implementing STP
47/79
Verifying PVRST+
The output below illustrates how to verify the RSTP
configuration for VLAN2 on a nonroot switch in a topology.
Switch# show spanning-tree vlan 2
VLAN0002Spanning tree enabled protocol rstp
Root ID Priority 32768
Address 000b.fcb5.dac0Cost 38
Port 7 (FastEthernet0/7)
Hello Time 2 sec Max Age 20 sec Forward Delay15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address 0013.5f1c.e1c0Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
g ng me
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- -------- -------- --------
---------Fa0/7 Root FWD 19 128.7 P2pFa0/8 Root FWD 19 128.8 P2p
9/3/2011 Ch3 Implementing STP 939/3/2011 93
Multiple Spanning Tree (MST)
MST (802.1s) extends the IEEE 802.1w RST
algorithm to multiple spanning trees
Reduce the total number of spanning-tree
instances to match the physical topology of the
network
PVST+ runs STP instances for each VLAN
Does not take into consideration the physical topology
9/3/2011 Ch3 Implementing STP 949/3/2011 94
MST uses a minimum number of STP instances
Match the number of physical topologies present
-
8/2/2019 Ch 3 Implementing STP
48/79
MST (802.1s)
MST builds multiple spanning trees over trunks Grouping and associating VLANs to spanning-tree instances Each instance may have a topology that is independent of other
instances
Provides multiple forwarding paths for data traffic and enablesload balancing
Failure in one forwarding path does not affect other instances withdifferent forwarding paths
MST spanning-tree instance may exist only on bridges thathave compatible VLAN instance assignments Configuring a set of bridges with the same MST configuration
information allows them to participate in a specific set of
9/3/2011 Ch3 Implementing STP 959/3/2011 95
spann ng- ree ns ances
MST region refers to the set of interconnected bridges that
have the same MST configuration Achieve load balancing on the access switch uplinks based
on even or odd VLANs or any other scheme deemedappropriate
VLAN Load Balancing 1000 VLANs map to two MST instances
Each switch needs to maintain only two spanning trees
Concept of two MST instances extends to 4096 VLANs
MST converges faster than PVST+
Backward compatible with 802.1D STP, 802.1w (RSTP), and the CiscoPVST+ architecture
9/3/2011 Ch3 Implementing STP 969/3/2011 96
-
8/2/2019 Ch 3 Implementing STP
49/79
Comparison
PVST+ Case
Achieves load balancing by configuring such that a specific number ofVLANs are forwarding on each uplink trunk Brid e D1 to be the root for VLAN 501 1000
9/3/2011 Ch3 Implementing STP 979/3/2011 97
Bridge D2 to be the root for VLAN 1 500
Load balancing between the access and distribution layers
Switches 1000 VLAN instances for only two different logical topologies PVST+ characteristics
Provides the ability to optimize load balancing
Maintains per-VLAN STP instance and results in more CPU utilization
802.1Q Case
IEEE 802.1Q defines a Common Spanning Tree (CST)instance One spanning-tree instance for the entire bridged network
9/3/2011 Ch3 Implementing STP 989/3/2011 98
CST instance No load balancing is possible
Switch CPU utilization is low since only one instance
Cisco implementation enhances 802.1Q to support PVST+ Behaves exactly as the PVST case
-
8/2/2019 Ch 3 Implementing STP
50/79
MST Case
Combines the best of PVST+ and 802.1Q Most networks do not need more than a few topologies
Mapping several VLANs reduces the number of spanning-tree instances
9/3/2011 Ch3 Implementing STP 999/3/2011 99
Desired load-balancing scheme is possible
Switch utilization is low
Because MST is a newer protocol issues may arise More complex than the usual spanning tree and requires additional
training of the operation staff
Interaction with legacy bridges is sometimes challenging
MST Regions
Received BPDUs need to identify STP instances and the VLANs that aremapped to the instances
Each switch running MST has a single configuration ofthree attributes Alphanumeric configuration name (32 bytes)
on gura on rev s on num er ytes
4096-element table that associates each of the potential 4096 VLANs to a giveninstance
To be part of a common MST region switches must share the sameconfiguration attributes
Must be able to exactly identify the boundaries of the regions Characteristics of the region are included in BPDUs
Switches do not propagate exact VLANs-to-instance mapping in the BPDU
Switches onl need to know whether the are in the same re ion as a nei hbor
9/3/2011 Ch3 Implementing STP 1009/3/2011 100
Switches send a digest of the VLANs-to-instance mapping table along with therevision number and the name
Switch receives a BPDU compares it with its own computed digest
If the digests differ the port receiving the BPDU is at the boundary of aregion
-
8/2/2019 Ch 3 Implementing STP
51/79
Switches in Different MSTRegions
9/3/2011 Ch3 Implementing STP 1019/3/2011 101
Designated bridge on its segment is in a different region
It receives legacy 802.1D BPDUs
Port on B1 is at the boundary of region A
Ports on B2 and B3 are internal to region B
Extended System ID
9/3/2011 Ch3 Implementing STP 1029/3/2011 102
Rather than VLAN number in PVST
-
8/2/2019 Ch 3 Implementing STP
52/79
Configuring Basic Parameters of MST
9/3/2011 Ch3 Implementing STP 1039/3/2011 103
MST Configuration
Enable MST on switch
Switch(config)# spanning-tree mode mst
Enter MST confi uration submode
Switch(config)# spanning-tree mst configuration
Display current MST configuration
Switch(config-mst)# show current
Name MST instance
Switch(config-mst)# name name
- Not incremented automatically when you commit a new MST configuration
Switch(config-mst)# revision revision_number
9/3/2011 104Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
53/79
MST Configuration (cont)
Map VLANs to MST instanceSwitch(config-mst)# instance instance_numbervlan vlan_range
Switch(config-mst)# show pending
Apply configuration and exit MST configuration submode
Switch(config-mst)# exit
Assign root bridge for MST instance
Syntax makes the switch root primary or secondary (only active if
Sets primary priority to 24576 and secondary to 28672
Switch(config)# spanning-tree mst instance_numberroot primary |secondary
9/3/2011 105Ch3 Implementing STP
MST Configuration Example
SwitchA(config)# spanning-tree mode mst
SwitchA(config)# spanning-tree mst configuration
SwitchA(config-mst)# name XYZ
SwitchA(config-mst)# revision 1
SwitchA(config-mst)# instance 1 vlan 11, 21, 31
SwitchA confi -mst instance 2 vlan 12 22 32 , ,
SwitchA(config)# spanning-tree mst 1 root primary
SwitchB(config)# spanning-tree mode mst
SwitchB(config)# spanning-tree mst configuration
SwitchB(config-mst)# name XYZ
SwitchB(config-mst)# revision 1
SwitchB(config-mst)# instance 1 vlan 11, 21, 31
SwitchB(config-mst)# instance 2 vlan 12, 22, 32
SwitchB(config)# spanning-tree mst 2 root primary
9/3/2011 106Ch3 Implementing STP9/3/2011 106Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
54/79
Verifying MST Configuration Example (1)Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# spanning-tree mode mst
Switch(config)# spanning-tree mst configuration
Switch(config-mst)# show current
Current MST configuration
Name []
Revision 0
Instance Vlans mapped
-------- -----------------------------------------------------------
0 1-4094
---------------------------------------------------------------------
Switch(config-mst)# name cisco
Switch(config-mst)# revision 1
Switch(config-mst)# instance 1 vlan 1-10
Switch(config-mst)# show pending
Pending MST configuration
Name [cisco]
Revision 1
Instance Vlans mapped
-------- -----------------------------------------------------------0 11-4094
1 1-10
Switch(config-mst)# end
9/3/2011 107Ch3 Implementing STP
Verifying MST Configuration Example (2)Switch# show spanning-tree mst
###### MST00 vlans mapped: 5-4094
Bridge address 0009.e845.6480 priority 32768 (32768 sysid 0)
Root this switch for CST and IST
Configured hello time 2, forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------
Fa3/24 Desg FWD 2000000 128.152 Shr
Fa3/32 Desg FWD 200000 128.160 P2p
Fa3/42 Back BLK 200000 128.170 P2p
###### MST01 vlans mapped: 1-2
Bridge address 0009.e845.6480 priority 32769 (32768 sysid 1)
Root this switch for MST01
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------
Fa3/24 Desg FWD 2000000 128.152 Shr
Fa3/32 Desg FWD 200000 128.160 P2p
Fa3/42 Back BLK 200000 128.170 P2p
###### MST02 vlans ma ed: 3-4
Bridge address 0009.e845.6480 priority 32770 (32768 sysid 2)Root this switch for MST02
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------
Fa3/24 Desg FWD 2000000 128.152 Shr
9/3/2011 108Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
55/79
Verifying MST Configuration Example (3)
Switch# show spanning-tree mst 1
###### MST01 vlans mapped: 1-2
Bridge address 0009.e845.6480 priority 32769 (32768 sysid 1)
Root this switch for MST01
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- ------ -------- -----------------
Fa3/24 Desg FWD 2000000 128.152 Shr
Fa3/32 Desg FWD 200000 128.160 P2p
Fa3/42 Back BLK 200000 128.170 P2p
9/3/2011 109Ch3 Implementing STP
Verifying MST Configuration Example (4)
Switch# show spanning-tree mst interface FastEthernet 3/24
FastEthernet3/24 of MST00 is designated forwarding
Edge port: no (default) port guard : none (default)
Link type: shared (auto) bpdu filter: disable (default)
Boundary : internal bpdu guard : disable (default)
Bpdus sent 81, received 81
Instance Role Sts Cost Prio.Nbr Vlans mapped
-------- ---- --- ------- -------- -------------------------
0 Desg FWD 2000000 128.152 5-4094
1 Desg FWD 2000000 128.152 1-2
2 Desg FWD 2000000 128.152 3-4
9/3/2011 110Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
56/79
Verifying MST Configuration Example (5)Switch# show spanning-tree mst 1 detail###### MST01 vlans mapped: 1-2
Bridge address 0009.e845.6480 priority 32769 (32768 sysid1)Root this switch for MST01FastEthernet3/24 of MST01 is designated forwardingPort info port id 128.152 priority 128 cost 2000000Designated root address 0009.e845.6480 priority 32769 cost 0Designated bridge address 0009.e845.6480 priority 32769 port id128.152Timers: message expires in 0 sec, forward delay 0, forward transitions 1Bpdus (MRecords) sent755, received 0FastEthernet3/32 of MST01 is designated forwardingPort info port id 128.160 priority 128 cost 200000Designated root address 0009.e845.6480 priority 32769 cost 0Designated bridge address 0009.e845.6480 priority 32769 port id128.160Timers: message expires in 0 sec, forward delay 0, forward transitions 1Bpdus (MRecords) sent 769, received 1FastEthernet3/42 of MST01 is backup blockingPort info port id 128.170 priority 128 cost 200000Designated root address 0009.e845.6480 priority 32769 cost 0
Designated bridge address 0009.e845.6480 priority 32769 port id128.160Timers: message expires in 5 sec, forward delay 0, forward transitions 0Bpdus (MRecords) sent 1, received 769
9/3/2011 111Ch3 Implementing STP
Spanning Tree Enhancements Preventable common network attacks involving STP
Connecting an unauthorized hub Users may plug in aunauthorized hub to extend the network May create an STP loop
BPDU Guard detects the loop and effectively err-disables the user port
Connecting an unauthorized access switch Users may plug in anunauthorized access switch Will not cause a network loop but it may result in a topology change and
may become the root
Root Guard feature will detect the BPDU sent by this newly added accessswitch and will disable the user port
Unidirectional link due to faulty cabling or device cable fault ordevice will cause switch links to become unidirectional
9/3/2011 Ch3 Implementing STP 112
UDLD feature detects and err-disables the offending link
Blocking port erroneously moving to forwarding state softwareinconsistency or BPDU loss can also cause this to occur Loop Guard feature will detect such a condition and put the blocking
switch port into an inconsistent state
-
8/2/2019 Ch 3 Implementing STP
57/79
Spanning Tree Enhancements
BPDU guard: Prevents accidental connection of switching devices to PortFast-enabled
ports. Connecting switches to PortFast-enabled ports can cause Layer 2 loops or topology
chan es
BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access ports
Root guard: Prevents switches connected on ports configured as access ports from
becoming the root switch
Loop guard: Prevents root ports and alternate ports from moving to forwarding state when
they stop receiving BPDUs
BPDU Guard
Puts an interface configured for STP PortFast in the err-disable state upon receipt of a BPDU Disables interfaces to avoid a potential bridging loop
Shuts down PortFast-confi ured interfaces that receiveBPDUs Rather than putting them into the STP blocking state (default)
Manually re-enable the err-disabled interface after fixing theinvalid configuration
PortFast-configured interfaces should not receive BPDUs Reception of a BPDU signals an invalid configuration such as
connection of an unauthorized device
9/3/2011 Ch3 Implementing STP 114
uar app e g o a y to a ort ast-con gureinterfaces Can also be enabled/disabled per-interface basis
Global configuration command
[no] spanning-tree portfast bpduguard
-
8/2/2019 Ch 3 Implementing STP
58/79
BPDU Guard Configuration
To enable BPDU guard globally, use the command:spanning-tree portfast bpduguard default
To enable BPDU uard on a ort use the command:
spanning-tree bpduguard enable
BPDU guard logs messages to the console:2009 May 12 15:13:32 %SPANTREE-2-
RX_PORTFAST:Received BPDU on PortFast enable
port.
Disabling 2/1
2009 May 12 15:13:32 %PAGP-5-PORTFROMSTP:Port
2/1 left bridge port 2/1
9/3/2011 115Ch3 Implementing STP
BPDU Guard Configuration ExampleSwitch(config)# spanning-tree portfast edge bpduguard default
Switch(config)# end
Switch# show spanning-tree summary totals
Root bridge for: none.
or as uar s ena e
Etherchannel misconfiguration guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Default pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
------------ -------- --------- -------- ---------- ---------
34 VLANs 0 0 0 36 36
-
8/2/2019 Ch 3 Implementing STP
59/79
BPDU Filtering
Prevents switches from sending BPDUs on PortFast-enabled interfaces
Typically connect to host devices
Configure BPDU filtering on a per-port or global basis
If configured on an interface
Switch does not send BPDUs and drops all BPDUs it receives
If globally enabled
It affects all operational PortFast ports on switches that do not have BPDUfiltering configured on the individual ports
Switch changes the interface back to normal STP operation if the portreceives BPDUs on an interface
Upon startup, the port transmits ten BPDUs. If this port receives anyBPDUs during that time, PortFast and PortFast BPDU filtering are
9/3/2011 Ch3 Implementing STP 117
disabled
BPDU Guard enabled on the same interface as BPDU filtering has
no effect BPDU filtering takes precedence
BPDU Filtering Configuration
To enable BPDU filtering globally, use the command:
spanning-tree portfast bpdufilter
e au
To enable BPDU guard on a port, use the command:
spanning-tree bpdufilter enable
Verify the configuration
show spanning-tree summary totals
9/3/2011 118Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
60/79
Verifying BPDU Filtering Configuration (1)
PortFast BPDU filtering status:
Switch# show spanning-tree summary
Switch is in pvst mode
Root bridge for: none
Exten e system ID s ena e
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding
STP Active
------- ---- -------- ------- -------- ---------
VLAN0001 2 0 0 6
8
------- ---- -------- ------- -------- ---------1 vlan 2 0 0 6
8
9/3/2011 Ch3 Implementing STP 119
Verifying BPDU Filtering Configuration (2)
Verifying PortFast BPDU filtering on a specific port:
Switch# show spanning-tree interface fastEthernet 4/4 detail
Port path cost 1000, Port priority 160, Port Identifier 160.196.
Designated root has priority 32768, address 00d0.00b8.140a
Designated bridge has priority 32768, address 00d0.00b8.140a
Designated port id is 160.196, designated path cost 0
Timers:message age 0, forward delay 0, hold 0
Number of transitions to forwarding state:1
The port is in the portfast mode by portfast trunk configuration
Link type is point-to-point by default
Bpdu filter is enabled
BPDU:sent 0, received 0
9/3/2011 Ch3 Implementing STP 120
-
8/2/2019 Ch 3 Implementing STP
61/79
PortFast BPDU Filtering PortConfigurations
Per-Port
Configuration
Global
Configuration
PortFast
State
PortFast BPDU
Filtering State
Default Enable Enable Enable
Default Enable Disable Disable
Default Disable Notapplicable
Disable
Disable Not applicable Nota licable
Disable
9/3/2011 Ch3 Implementing STP 121
Enable Not applicable Not
applicable
Enable
Root Guard
Useful in avoiding Layer 2 loops during network anomalies
Forces an interface to become a designated port to preventsurrounding switches from becoming a root switch Enforce the root bridge placement in the network
Bridge receives superior BPDUs on a Root Guard enabled port Port moves to a root-inconsistent STP state
Switch does not forward traffic out of that port
Switches A and B comprise the core of the network and switch A is theroot bridge for a VLAN
9/3/2011 Ch3 Implementing STP 122
-
8/2/2019 Ch 3 Implementing STP
62/79
Root Guard Motivation
Switches A and B comprise the core of the network; Switch A is the root bridge
When Switch D is connected to Switch C, it begins to participate in STP
If the priority of Switch D is 0 or any value lower than that of the current root bridge,
Switch D becomes the root bridge
Having Switch D as the root causes the Gigabit Ethernet link connecting the two coreswitches to block
Causes all the data to flow via a 100-Mbps link across the access layer.
Obviously a terrible outcome
9/3/2011 123Ch3 Implementing STP
Root Guard Operation
After the root guard feature is enabled on a port, the switch does not enable that
port to become an STP root port
Cisco switches log the following message when a root guardenabled portreceives a superior BPDU:
%SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to
become non-designated in VLAN 77.
Moved to root-inconsistent state.
9/3/2011 124Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
63/79
Root Guard Operation
Current design recommendation is to enable root guard on all access ports
Switch C blocks the port connecting to Switch D when it receives a superior BPDU
Port transitions to the root-inconsistent STP state
No traffic passes through the port while it is in root-inconsistent state
When Switch D stops sending superior BPDUs, the port unblocks again and goes
through regular STP transition
Recovery is automatic; no intervention is required
9/3/2011 125Ch3 Implementing STP
Configuring and Verifying RootGuard
Switch(config)# interface FastEthernet 5/8
Switch(config-if)# spanning-tree guard root
Switch(config-if)# end
Switch# show running-config interface FastEthernet 5/8
Building configuration...
Current configuration: 67 bytes
!
interface FastEthernet5/8
switchport mode access
spanning-tree guard root
end
Switch# show spanning-tree inconsistentports
Name Interface Inconsistency
-------------------- ---------------------- ------------------
V as erne or ype ncons s en
VLAN0001 FastEthernet3/2 Port Type Inconsistent
VLAN1002 FastEthernet3/1 Port Type Inconsistent
VLAN1002 FastEthernet3/2 Port Type Inconsistent
Number of inconsistent ports (segments) in the system :4
9/3/2011 Ch3 Implementing STP 126
-
8/2/2019 Ch 3 Implementing STP
64/79
Preventing Forwarding Loops and BlackHoles
Catalyst switches support two features to address
such conditions
UDLD aggressive and normal mode
Detects and disables unidirectional links
Loop Guard
Improves the stability of Layer 2 networks by
preventing bridging loops
9/3/2011 Ch3 Implementing STP 127
Loop Guard
Additional protection against Layer 2 forwarding loops Occur if one port of a redundant topology stops receiving BPDUs
Switches rely on continuous BPDUs
When one port in a redundant topology stops receiving BPDUs STP conceives the topology as loop-free
Blocking port changes to designated port and moves to forwarding state
Creates a bridging loop
Loop Guard feature switches do an additional check before transitioning Switch places the port into the STP loop-inconsistent blocking state
Switch logs the following messageSPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 3/2 in
vlan 3. Moved to loop-inconsistent state.
9/3/2011 Ch3 Implementing STP 128
- Port transitions through STP states
Recovery is automatic
After recovery the switch logs the following message:SPANTREE-2-LOOPGUARDUNBLOCK: port 3/2 restored in vlan 3.
-
8/2/2019 Ch 3 Implementing STP
65/79
Without Loop Guard
Unidirectionallink failure
between B and C
C is not receiving
BPDUs from B
Blocking port on
C transitions to
listening state and
to forwarding
state
9/3/2011 Ch3 Implementing STP 129
Bridging loop
occurs
Unidirectional Link with Loop Guard
Blocking port on C transitions into the loop-inconsistent state
9/3/2011 Ch3 Implementing STP 130
Port in the loop-inconsistent state does not passdata traffic
Bridging loop does not occur
Effectively equal to the blocking state
-
8/2/2019 Ch 3 Implementing STP
66/79
Loop Guard Messages
When the Loop Guard feature places a port into the loop-inconsistent blocking
state, the switch logs the following message:
SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port
3/2 in vlan 3.
Moved to loop-inconsistent state.
After recovery, the switch logs the following message:
SPANTREE-2-LOOPGUARDUNBLOCK: port 3/2 restored in vlan 3.
9/3/2011 Ch3 Implementing STP 131
Loop Guard Configuration Considerations Configure Loop Guard on a per-port basis
Blocks inconsistent ports on a per-
VLAN basis
For exam le on a trunk ort if BPDUs are, ,
not received for only one particular VLAN,
the switch blocks only that VLAN
Moves the port for that VLAN to the
loop-inconsistent STP state
Enable Loop Guard on all nondesignated
ports
Loop guard should be enabled on rootand alternate ports for all possible
combinations of active topologies
Loop Guard is disabled by default on Cisco
switches
9/3/2011 132Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
67/79
Configuring Loop Guard
Interface configuration command:
spanning-tree guard loop
Loop Guard and Root Guard cannot coexist on the same port Enabling Loop Guard disables any Root Guard
Enabling globally enables on ports considered to be point-to-point Full-duplex ports
Override the global configuration on a per-port basis
Global configuration command:-
9/3/2011 Ch3 Implementing STP 133
Disable on interface with interface configuration command
no spanning-tree guard
Verifying Loop Guard Configuration To verify Loop Guard status on an interface, issue the commandshow spanning-tree interface interface-id
detail
Switch# show spanning-tree interface FastEthernet 3/42 detail
Port 170 (FastEthernet3/42) of VLAN0001 is blocking
Port path cost 19, Port priority 128, Port Identifier 128.170.
Designated root has priority 8193, address 0009.e845.6480
Designated bridge has priority 8193, address 0009.e845.6480
Designated port id is 128.160, designated path cost 0
Timers: message age 1, forward delay 0, hold 0
Number of transitions to forwarding state: 0
L nk type s po nt-to-po nt y e au tLoop guard is enabled on the port
BPDU: sent 1, received 4501
9/3/2011 Ch3 Implementing STP 134
-
8/2/2019 Ch 3 Implementing STP
68/79
Unidirectional LinkFailures
Unidirectional links can cause
STP loops
Unidirectional Link Detection(UDLD) will detect
unidirectional link conditions
when Layer 1 mechanisms do
not
Provides the ability to shut
down the affected interface
9/3/2011 Ch3 Implementing STP 135
UDLD
UDLD allows for detection of unidirectional link conditions on switchports
Link remains in the up state but the interface is not passing traffic
Typically from faulty Gigabit Interface Converters (GBIC)
Layer 2 protocol that works with Layer 1 mechanisms
UDLD performs tasks that auto-negotiation cannot
Detects the identities of neighbors and shuts down misconnected ports
UDLD enabled switch periodically sends packets to its neighbor
Expects packets to be echoed back before a predetermined timer expires
If link is unidirectional it shuts down the port
9/3/2011 Ch3 Implementing STP 136
Sending the port's device ID and port ID
Neighbor's device ID and port ID
Neighbor devices with UDLD enabled send the same hello message
-
8/2/2019 Ch 3 Implementing STP
69/79
UDLD Modes
Normal Mode UDLD detects unidirectional links due to
misconnected interfaces on fiber-optic connections
UDLD changes the UDLD-enabled port to an undetermined state if
it sto s receivin UDLD messa es from its directl connected
neighbor
Aggressive Mode (Preferred) When a port stops
receiving UDLD packets, UDLD tries to reestablish the
connection with the neighbor
After eight failed retries, the port state changes to the err-disable
state
Aggressive mode UDLD detects unidirectional links due to one-
way traffic on fiber-optic and twisted-pair links and due to
misconnected interfaces on fiber-optic links
9/3/2011 137Ch3 Implementing STP
UDLD Scenario Due to Miswiring
A detects UDLD
advertisement from C
s a vert s ng as
its neighbor
All switches detect
the miswiring and
potentially err-
disable the ports
9/3/2011 Ch3 Implementing STP 138
Default interval for is15 seconds
Configurable for
faster detection
-
8/2/2019 Ch 3 Implementing STP
70/79
UDLD Configuration UDLD is disabled on all interfaces by default
udld global configuration command affects fiber-optic interfaces only udld enable enables UDLD normal mode on all fiber interfaces
udld aggressive enables UDLD aggressive mode on all fiber interfaces
udld port interface configuration command can be used for twisted-pair
and fiber interfaces
To enable UDLD in normal mode, use the udld port command
To enable UDLD in aggressive mode, use the udld port aggressive
Use the no udld port command on fiber-optic ports to return control of
UDLD to the udld enable global configuration command or to disable
UDLD on nonfiber-optic ports
Use the udld port aggressive command on fiber-optic ports to override
the setting of the udld enable or udld aggressive global configuration
command Use the no form on fiber-optic ports to remove this setting and to return control of
UDLD enabling to the udld global configuration command or to disable UDLD
on nonfiber-optic ports
9/3/2011 139Ch3 Implementing STP
Aggressive Mode UDLD
Variation of UDLD that provides additional benefits
When a port stops receiving UDLD packets tries to re-establish theconnection
- , -
Issue UDLD StateAggressive Mode
UDLD State
Link is bidirectional Bidirectional. Bidirectional.
Layer 1 up
unidirectional link
error message displayed,
port in err-disable state
error message displayed,
port in err-disable state
9/3/2011 Ch3 Implementing STP 140
port stuck (tx and rx).
. ,
port in err-disable state
One side of a linkup & other side of the
link down
Undetermined. error message displayed,port in err-disable state
-
8/2/2019 Ch 3 Implementing STP
71/79
UDLD Configuration and VerificationSwitch(config)# interface gigabitEthernet 5/1
Switch(config-if)# udld port aggressive
Switch# show udld gigabitEthernet 5/1
Interface Gi5/1
---
Port enable administrative configuration setting: Enabled / in aggressive mode
Port enable operational state: Enabled / in aggressive mode
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 15
Time out interval: 5
Entry 1
---
Expiration time: 38
Device ID: 1
Current neighbor state: Bidirectional
Device name: FOX06310RW1
Port ID: Gi1/1
Neighbor echo 1 device: FOX0627A001
Neighbor echo 1 port: Gi5/1
Message interval: 15Time out interval: 5
CDP Device name: SwitchB
Loop Guard versus Aggressive Mode
UDLDLoop Guard Aggressive Mode UDLD
Configuration Per port Per port
Action granularity Per VLAN Per port
Auto-recovery Yes Yes, with err-disable timeout
feature
Protection against STP
failures caused by
unidirectional links
Yes, when enabled on all
root ports and alternate
ports in redundant
topology
Yes, when enabled on all links
in redundant topology
Protection against STP Yes No
in software in designated
bridge not sending BPDUs
Protection against
miswiring
No Yes
9/3/2011 142Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
72/79
Aggressive Mode UDLD and Loop Guard
Aggressive mode UDLD cannot detect failures caused by problems insoftware
Less common than failures caused by hardware failures
Aggressive mode UDLD is more robust in its ability to detectunidirectional links on EtherChannel
Loop Guard blocks all interfaces of the EtherChannel
Aggressive mode UDLD disables the single port that is exhibitingproblems
Aggressive mode UDLD is not dependent on STP, so it supports Layer3 links
Loop Guard does not support shared links or interfaces that are
9/3/2011 Ch3 Implementing STP 143
unidirectional on switch Bootup
If a port never receives BPDUs it becomes a designated port
Aggressive mode UDLD does provide protection against such a failure
Enabling both aggressive mode UDLD and Loop Guard providesthe highest level of protection
Flex Links Flex Links is a Layer 2 availability feature
Provides an alternative solution to STP Users turn off STP and still provide basic
link redundancy
Flex Links can coexist with spanning tree on
the distribution layer switches
the Flex Links feature
Flex Links enables a convergence time of less
than 50 milliseconds
Convergence time remains consistent
regardless of the number of VLANs or
MAC addresses configured
Flex Links is based on defining an
act ve stan y n pa r on a common accessswitch
Flex Links are a pair of Layer 2 interfaces,
either switchports or port channels
Configured to act as backup to other Layer
2 interfaces
9/3/2011 144Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
73/79
Flex Links Configuration Considerations
Flex Link is configured on one Layer 2 interface (the active link) byassigning another Layer 2 interface as the Flex Link or backup link
When one of the links is up and forwarding traffic, the other link is in
standby mode
At any given time, only one of the interfaces is in the link up state and
forwarding traffic
If the primary link shuts down, the standby link starts forwarding traffic
When the active link comes back up, it goes into standby mode and does
not forward traffic
Flex Links are supported only on Layer 2 ports and port channels, not on
VLANs or on Layer 3 ports
Only one Flex Link backup link can be configured for any active link
n nter ace can e ong to on y one ex n pa r
An interface can be a backup link for only one active link
An active link cannot belong to another Flex Link pair
STP is disabled on Flex Link ports
Flex Link port does not participate in STP, even if the VLANs present on
the port are configured for STP
9/3/2011 145Ch3 Implementing STP
Flex Links Configuration and Verification FlexLinks are configured at the interface level with the command
switchport backup interface
Here we configure an interface with a backup interface and verify the
configuration
Switch(config)# interface fastethernet1/0/1
Switch(config-if)# switchport backup interface fastethernet1/0/2
Switch(config-if)# end
Switch# show interface switchport backup
Switch Backup Interface Pairs:
Active Interface Backup Interface State
----------------- ------------------ ---------------------FastEthernet1/0/1 FastEthernet1/0/2 Active Up/Backup
Standby
9/3/2011 146Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
74/79
STP Best Practices and Troubleshooting
9/3/2011 147Ch3 Implementing STP
Switching Design Best
Practices Use Layer 3 connectivity at the distribution and
core layers.
Use PVRST+ or MST
Do not disable STP at the access la er
Isolate different STP domains in a multivendor
environment
Use Loop Guard on Layer 2 ports between
distribution switches and on uplink ports from
access to distribution switches
Use Root Guard on distribution switches facing
access switches
se or secur y, or as , uar , anRoot Guard on access switch ports facing end
stations
Use aggressive mode UDLD on ports linking
switches
9/3/2011 148Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
75/79
Potential STP Problems
Duplex mismatch
Unidirectional link failure
Frame corruption
Resource errors
PortFast configuration error
9/3/2011 149Ch3 Implementing STP
Duplex Mismatch
Point-to-point link One side of the link is manually configured as full duplex
Other side is using the default configuration for auto-negotiation
9/3/2011 150Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
76/79
Unidirectional Link Failure
Frequent cause of bridge loops
Undetected failure on a fiber link or a roblem with a transceiver
9/3/2011 151Ch3 Implementing STP
Frame Corruption
If an interface is experiencing a high rate of
physical errors, the result may be lost BPDUs
May lead to an interface in the blocking state moving to
the forwarding state
Uncommon scenario due to conservative default
STP parameters
Frame corruption is generally a result of a duplex
mismatch, bad cable, or incorrect cable length
9/3/2011 152Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
77/79
Resource Errors
STP is performed by the CPU (software-based)
If the CPU of the bridge is over-utilized for any reason,
it might lack the resources to send out BPDUs
STP is generally not a processor-intensive
application and has priority over other processes
Resource problem is unlikely
Exercise caution when multiple VLANs in PVST+
or PVRST+ mode exist
Consult the product documentation for therecommended number of VLANs and STP instances on
any specific switch
9/3/2011 153Ch3 Implementing STP
PortFast Configuration Error
Switch A has Port p1 in the forwarding state and Port p2 configured for PortFast and
Device B is a hub
Port p2 goes to forwarding and creates a loop between p1 and p2 as soon as the second
Loop ceases as soon as p1 or p2 receives a BPDU that transitions one of these two
ports into blocking mode
Problem is that if the looping traffic is intensive, the bridge might have trouble
successfully sending the BPDU that stops the loop
BPDU guard prevents this type of event from occurring
9/3/2011 154Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
78/79
Troubleshooting Methodology
Troubleshooting STP issues can be difficult if logicaltroubleshooting procedures are not deployed in
Occasionally, rebooting of the switches might resolvethe problem temporarily
Without determining the underlying cause of the problem,the problem is likely to return
Steps provide a general overview of a methodology fortroubleshootin STP:
Step 1. Develop a plan
Step 2. Isolate the cause and correct an STP problem Step 3. Document findings
9/3/2011 155Ch3 Implementing STP
Chapter 3 Summary (1)
Spanning Tree Protocol is a fundamental protocol to
prevent Layer 2 loops and at the same time provide
redundancy in the network. This chapter covered the basic
operation and configuration of RSTP and MST.
Enhancements now enable STP to converge more quickly
and run more efficiently.
RSTP provides faster convergence than 802.1D when topology
changes occur.
RSTP enables several additional port roles to increase the overall
mechanisms efficienc ..
show spanning-tree is the main family of commands used
to verify RSTP operations.
MST reduces the encumbrance of PVRST+ by allowing a single
instance of spanning tree to run for multiple VLANs.
9/3/2011 156Ch3 Implementing STP
-
8/2/2019 Ch 3 Implementing STP
79/79
Chapter 3 Summary (2)
The Cisco STP enhancements provide robustness and resiliency to theprotocol. These enhancements add availability to the multilayer
switched network. These enhancements not only isolate bridging loops
but also prevent bridging loops from occurring. To protect STP
operations, several features are available that control the way BPDUs
are sent and received:
BPDU guard protects the operat