5lekcija-poglavlje3

7/17/2019 5LEKCIJA-POGLAVLJE3

http://slidepdf.com/reader/full/5lekcija-poglavlje3 1/36

5. STP

It is clear that computer networks are critical components of most small- and medium-sized businesses. Consequently IT administrators have to implement redundancy intheir hierarchical networks. However adding etra links to switches and routers in thenetwork introduces tra!c loops that need to be managed in a dynamic way" when a

switch connection is lost# another link needs to quickly take its place withoutintroducing new tra!c loops. In this chapter you will learn how spanning-tree protocol$%T&' prevents loop issues in the network and how %T& has evolved into a protocol thatrapidly calculates which ports should be blocked so that a ()*+-based network is keptfree of tra!c loops.

,... /01+0*+C2

edundancy in a hierarchical network

The hierarchical design model was introduced in Chapter . The hierarchical designmodel addresses issues found in the 3at model network topologies. 4ne of the issues

is redundancy. )ayer 5 redundancy improves the availability of the network byimplementing alternate network paths by adding equipment and cabling. Havingmultiple paths for data to traverse the network allows for a single path to be disruptedwithout impacting the connectivity of devices on the network.

*s you can see in the animation6

. &C is communicating with &C7 over a redundantly con8gured network topology.

5. 9hen the network link between switch % and switch %5 is disrupted# the pathbetween &C and &C7 is automatically ad:usted to compensate for the disruption.

;. 9hen the network connection between % and %5 is restored# the path is thenread:usted to route tra!c directly from %5 through % to get to &C7.

*s businesses become increasingly dependent on the network# the availability of thenetwork infrastructure becomes a critical business concern that must be addressed.edundancy is the solution for achieving the necessary availability.

%T. 5

/amine a redundant design

In a hierarchical design# redundancy is achieved at the distribution and core layersthrough additional hardware and alternate paths through the additional hardware.

Click the %tarting &oint *ccess to 0istribution )ayer button in the 8gure.

In this eample# there is a hierarchical network with access# distribution# and corelayers. /ach access layer switch is connected to two di<erent distribution layerswitches. *lso# each distribution layer switch is connected to both core layer switches.=y having multiple paths to get between &C and &C7# there is redundancy that canaccommodate a single point of failure between the access and distribution layer# andbetween the distribution and core layer.

%T& is enabled on all switches. %T& is the topic of this chapter and will be eplained atlength. >or now# notice that %T& has placed some switch ports in forwarding state and



other switch ports in blocking state. This is to prevent loops in the )ayer 5 network.%T& will only use a redundant link if there is a failure on the primary link.

In the eample# &C can communicate with &C7 over the identi8ed path.

Click the &ath >ailure *ccess To 0istribution )ayer button in the 8gure.

The link between switch % and switch 0 has been disrupted# preventing the datafrom &C that is destined for &C7 from reaching switch 0 on its original path.However# because switch % has a second path to &C7 through switch 05# the path isupdated and the data is able to reach &C7.

Click the &ath >ailure 0istribution To Core )ayer button in the 8gure.

The link between switch 0 and switch C5 has been disrupted# preventing the datafrom &C that is destined for &C7 from reaching switch C5 on its original path.However# because switch 0 has a second path to &C7 through switch C# the path isupdated and the data is able to reach &C7.

Click the %witch >ailure 0istribution )ayer button in the 8gure.

%witch 0 has now failed preventing the data from &C# destined for &C7 fromreaching switch C5 on its original path. However# since switch % has a second path to&C7 through switch 05# the path is updated and the data is able to reach &C7.

Click the %witch >ailure Core )ayer button in the 8gure.

%witch C5 has now failed# preventing the data from &C that is destined for &C7 fromreaching switch 07 on its original path. However# because switch 0 has a secondpath to &C7 through switch C# the path is updated and the data is able to reach &C7.

edundancy provides a lot of 3eibility in path choices on a network# allowing data tobe transmitted regardless of a single path or device failing in the distribution or corelayers. edundancy does have some complications that need to be addressed before itcan be safely deployed on a hierarchical network.

,..5. I%%1/% 9ITH /01+0*+C2

)ayer 5 )oops

edundancy is an important part of the hierarchical design. *lthough it is important for

availability# there are some considerations that need to be addressed beforeredundancy is even possible on a network.

9hen multiple paths eist between two devices on the network and %T& has beendisabled on those switches# a )ayer 5 loop can occur. If %T& is enabled on theseswitches# which is the default# a )ayer 5 loop would not occur.

/thernet frames do not have a time to live $TT)' like I& packets traversing routers. *s aresult# if they are not terminated properly on a switched network# they continue tobounce from switch to switch endlessly or until a link is disrupted and breaks the loop.

=roadcast frames are forwarded out all switch ports# ecept the originating port. This

ensures that all devices in the broadcast domain are able to receive the frame. If thereis more than one path for the frame to be forwarded out# it can result in an endlessloop.

5



Click the &lay button in the 8gure to start the animation.

In the animation6

. &C sends out a broadcast frame to switch %5.

5. 9hen %5 receives the broadcast frame it updates its ?*C address table to recordthat &C is available on port >@A.

;. =ecause it is a broadcast frame# %5 forwards the frame out all switch ports#including Trunk and Trunk5.

7. 9hen the broadcast frame arrives at switches %; and %# they update their ?*Caddress tables to indicate that &C is available out port >@A on % and port >@A5 on%;.

,. =ecause it is a broadcast frame# %; and % forward it out all switch ports# ecept the

one they received the frame on.B. %; then sends the frame to % and vice versa. /ach switch updates its ?*C addresstable with the incorrect port for &C.

. /ach switch again forwards the broadcast frame out all of its ports# ecept the one itcame in on# resulting in both switches forwarding the frame to %5.

D. 9hen %5 receives the broadcast frames from %; and %# the ?*C address table isupdated once again# this time with the last entry received from the other twoswitches.

This process repeats over and over again until the loop is broken by physicallydisconnecting the connections causing the loop# or turning the power o< on one of theswitches in the loop.

)oops result in high C&1 load on all switches caught in the loop. =ecause the sameframes are constantly being forwarded back and forth between all switches in theloop# the C&1 of the switch ends up having to process a lot of data. This slows downperformance on the switch when legitimate tra!c arrives.

* host caught in a network loop is not accessible to other hosts on the network.=ecause the ?*C address table is constantly changing with the updates from the

broadcast frames# the switch does not know which port to forward the unicast framesout to reach the 8nal destination. The unicast frames end up looping around thenetwork as well. *s more and more frames end up looping on the network# a broadcaststorm occurs.

%T. 5

=roadcast %torms

* broadcast storm occurs when there are so many broadcast frames caught in a )ayer5 loop that all available bandwidth is consumed. Consequently# no bandwidth isavailable bandwidth for legitimate tra!c# and the network becomes unavailable for

data communication.

;



* broadcast storm is inevitable on a looped network. *s more devices send broadcastsout on the network# more and more tra!c gets caught in the loop# eventually creatinga broadcast storm that causes the network to fail.

There are other consequences for broadcast storms. =ecause broadcast tra!c isforwarded out every port on a switch# all connected devices have to process allbroadcast tra!c that is being 3ooded endlessly around the looped network. This cancause the end device to malfunction because of the high processing requirements forsustaining such a high tra!c load on the network interface card.


In the animation6

. &C sends a broadcast frame out onto the looped network.

5. The broadcast frame ends up looping between all the interconnected switches onthe network.

;. &C7 also sends a broadcast frame out on to the looped network.

7. The &C7 broadcast frame also gets caught in the loop and ends up looping betweenall the interconnected switches# :ust like the &C broadcast frame.

,. *s more and more broadcast frames are sent out onto the network by otherdevices# more tra!c gets caught in the loop# eventually resulting in a broadcast storm.

B. 9hen the network is fully saturated with broadcast tra!c looping between theswitches# new tra!c is discarded by the switch because it is unable to process it.

=ecause devices connected to a network are constantly sending out broadcast frames#such as *& requests# a broadcast storm can develop in seconds. *s a result# when aloop is created# the network quickly becomes disabled.

%T. ;

0uplicate 1nicast >rames

=roadcast frames are not the only type of frames that are a<ected by loops. 1nicastframes sent onto a looped network can result in duplicate frames arriving at thedestination device.


In the animation6

. &C sends a unicast frame destined for &C7.

5. %witch %5 does not have an entry for &C7 in its ?*C table# so it 3oods the unicastframe out all switch ports in an attempt to 8nd &C7.

;. The frame arrives at switches % and %;.

7. % does have a ?*C address entry for &C7# so it forwards the frame out to &C7.

7



,. %; also has an entry in its ?*C address table for &C7# so it forwards the unicastframe out Trunk; to %.

B. % receives the duplicate frame and once again forwards the frame out to &C7.

. &C7 has now received the same frame twice.

?ost upper layer protocols are not designed to recognize or cope with duplicatetransmissions. In general# protocols that make use of a sequence-numberingmechanism assume that the transmission has failed and that the sequence numberhas recycled for another communication session. 4ther protocols attempt to hand theduplicate transmission to the appropriate upper layer protocol to be processed andpossibly discarded.

>ortunately# switches are capable of detecting loops on a network. The %panning Tree&rotocol $%T&' eliminates these loop issues. 2ou will learn about %T& in the netsection.,..;. /*)-94)0 /01+0*+C2 I%%1/%

)oops in the 9iring Closet

edundancy is an important component of a highly available hierarchical networktopology# but loops can arise as a result of the multiple paths con8gured on thenetwork. 2ou can prevent loops using the %panning Tree &rotocol $%T&'. However# if %T& has not been implemented in preparation for a redundant topology# loops canoccur unepectedly.

+etwork wiring for small to medium-sized businesses can get very confusing. +etworkcables between access layer switches# located in the wiring closets# disappear into thewalls# 3oors# and ceilings where they are run back to the distribution layer switches on

the network. If the network cables are not properly labeled when they are terminatedin the patch panel in the wiring closet# it is di!cult to determine where the destinationis for the patch panel port on the network. +etwork loops that are a result of accidental duplicate connections in the wiring closets are a common occurrence.

Click the )oop from two connections to the same switch button in the 8gure.

The eample displays a loop that occurs if two connections from the same switch areconnected to another switch. The loop is localized to the switches that areinterconnected. However# the loop a<ects the rest of the network because of highbroadcast forwarding that reaches all the other switches on the network. The impact

on the other switches may not be enough to disrupt legitimate communications# but itcould noticeably a<ect the overall performance of the other switches.

This type of loop is common in the wiring closet. It happens when an administratormistakenly connects a cable to the same switch it is already connected to. This usuallyoccurs when network cables are not labeled or mislabeled or when the administratorhas not taken the time to verify where the cables are connected.

There is an eception to this problem. *n /therChannel is a grouping of /thernet portson a switch that act as a single logical network connection. =ecause the switch treatsthe ports con8gured for the /therChannel as a single network link# loops are notpossible. Con8guring /therChannels is beyond the scope of this course. If you would

like to learn more about /therChannels# visit6http6AAwww.cisco.comAenA1%AtechAtk;DEAtk5;AtechnologiesFwhiteFpaper@EDBa@@D@@E5E77.shtml

,

http://www.cisco.com/en/US/tech/tk389/tk213/technologies_white_paper09186a0080092944.shtml






Click the )oop from a connection to a second switch on the same network button inthe 8gure.

The eample displays a loop that occurs if a switch is connected to two di<erentswitches on a network that are both also interconnected. The impact of this type of loop is much greater because it a<ects more switches directly.

%T. 5

)oops in the Cubicles

=ecause of insu!cient network data connections# some end users have a personal hubor switch located in their working environment. ather than incur the costs of runningadditional network data connections to the workspace# a simple hub or switch isconnected to an eisting network data connection allowing all devices connected tothe personal hub or switch to gain access to the network.

9iring closets are typically secured to prevent unauthorized access# so often thenetwork administrator is the only one who has full control over how and what devicesare connected to the network. 1nlike the wiring closet# the administrator is not incontrol of how personal hubs and switches are being used or connected# so the enduser can accidentally interconnect the switches or hubs.

Click the )oop from two interconnected hubs button in the 8gure.

In the eample# the two user hubs are interconnected resulting in a network loop. Theloop disrupts communication between all devices connected to switch %.

%T.; G (/=* 1 &*CJ/T T*C/-1

,.5.. TH/ %&*++I+K T// &4T4C4)

%T& Topology

edundancy increases the availability of the network topology by protecting thenetwork from a single point of failure# such as a failed network cable or switch. 9henredundancy is introduced into a )ayer 5 design# loops and duplicate frames can occur.)oops and duplicate frames can have severe consequences on a network. The%panning Tree &rotocol $%T&' was developed to address these issues.

%T& ensures that there is only one logical path between all destinations on the networkby intentionally blocking redundant paths that could cause a loop. * port is consideredblocked when network tra!c is prevented from entering or leaving that port. This doesnot include bridge protocol data unit $=&01' frames that are used by %T& to preventloops. 2ou will learn more about %T& =&01 frames later in the chapter. =locking theredundant paths is critical to preventing loops on the network. The physical paths stilleist to provide redundancy# but these paths are disabled to prevent the loops fromoccurring. If the path is ever needed to compensate for a network cable or switchfailure# %T& recalculates the paths and unblocks the necessary ports to allow theredundant path to become active.


In the eample# all switches have %T& enabled6

B



. &C sends a broadcast out onto the network.

5. %witch %; is con8gured with %T& and has set the port for Trunk5 to a blocking state. The blocking state prevents ports from being used to forward switch tra!c# preventinga loop from occurring. %witch %5 forwards a broadcast frame out all switch ports#ecept the originating port from &C# and the port on Trunk5# which leads to theblocked port on %;.

;. %witch % receives the broadcast frame and forwards it out all of its switch ports#where it reaches &C7 and %;. %; does not forward the frame back to %5 over Trunk5because of the blocked port. The )ayer 5 loop is prevented.

Click the %T& compensates for network failure button in the 8gure and click &lay tostart the animation.

In this eample6

. &C sends a broadcast out onto the network.5. The broadcast is then forwarded around the network# :ust as in the previousanimation.

;. The trunk link between switch %5 and switch % fails# resulting in the previous pathbeing disrupted.

7. %witch %; unblocks the previously blocked port for Trunk5 and allows the broadcasttra!c to traverse the alternate path around the network# permitting communication tocontinue. If this link comes back up# %T& reconverges and the port on %; is againblocked.

%T& prevents loops from occurring by con8guring a loop-free path through the networkusing strategically placed blocking state ports. The switches running %T& are able tocompensate for failures by dynamically unblocking the previously blocked ports andpermitting tra!c to traverse the alternate paths. The net topic describes how %T&accomplishes this process automatically.

%T. 5

%T& *lgorithm

%T& uses the %panning Tree *lgorithm $%T*' to determine which switch ports on anetwork need to be con8gured for blocking to prevent loops from occurring. The %T*designates a single switch as the root bridge and uses it as the reference point for allpath calculations. In the 8gure the root bridge# switch %# is chosen through anelection process. *ll switches participating in %T& echange =&01 frames to determinewhich switch has the lowest bridge I0 $=I0' on the network. The switch with the lowest=I0 automatically becomes the root bridge for the %T* calculations. The root bridgeelection process will be discussed in detail later in this chapter.

The =&01 is the message frame echanged by switches for %T&. /ach =&01 contains a=I0 that identi8es the switch that sent the =&01. The =I0 contains a priority value# the?*C address of the sending switch# and an optional etended system I0. The lowest

=I0 value is determined by the combination of these three 8elds. 2ou will learn moreabout the root bridge# =&01# and =I0 in later topics.



*fter the root bridge has been determined# the %T* calculates the shortest path to theroot bridge. /ach switch uses the %T* to determine which ports to block. 9hile the %T*determines the best paths to the root bridge for all destinations in the broadcastdomain# all tra!c is prevented from forwarding through the network. The %T*considers both path and port costs when determining which path to leave unblocked.

The path costs are calculated using port cost values associated with port speeds foreach switch port along a given path. The sum of the port cost values determines theoverall path cost to the root bridge. If there is more than one path to choose from# %T*chooses the path with the lowest path cost. 2ou will learn more about path and portcosts in later topics.

9hen the %T* has determined which paths are to be left available# it con8gures theswitch ports into distinct port roles. The port roles describe their relation in thenetwork to the root bridge and whether they are allowed to forward tra!c.

oot ports - %witch ports closest to the root bridge. In the eample# the root port onswitch %5 is >@A con8gured for the trunk link between switch %5 and switch %. Theroot port on switch %; is >@A# con8gured for the trunk link between switch %; and

switch %.0esignated ports - *ll non-root ports that are still permitted to forward tra!c on thenetwork. In the eample# switch ports >@A and >@A5 on switch % are designatedports. %witch %5 also has its port >@A5 con8gured as a designated port.

+on-designated ports - *ll ports con8gured to be in a blocking state to prevent loops.In the eample# the %T* con8gured port >@A5 on switch %; in the non-designated role.&ort >@A5 on switch %; is in the blocking state.

2ou will learn more about port roles and states in a later topic.

%T. ; The oot =ridge

/very spanning-tree instance $switched )*+ or broadcast domain' has a switchdesignated as the root bridge. The root bridge serves as a reference point for allspanning-tree calculations to determine which redundant paths to block.

*n election process determines which switch becomes the root bridge.

Click the =I0 >ields button in the 8gure.

The 8gure shows the =I0 8elds. The details of each =I0 8eld are discussed later# but itis useful to know now that the =I0 is made up of a priority value# an etended systemI0# and the ?*C address of the switch.

*ll switches in the broadcast domain participate in the election process. *fter a switchboots# it sends out =&01 frames containing the switch =I0 and the root I0 every 5seconds. =y default# the root I0 matches the local =I0 for all switches on the network.

The root I0 identi8es the root bridge on the network. Initially# each switch identi8esitself as the root bridge after bootup.

*s the switches forward their =&01 frames# ad:acent switches in the broadcast domainread the root I0 information from the =&01 frame. If the root I0 from the =&01

received is lower than the root I0 on the receiving switch# the receiving switch updatesits root I0 identifying the ad:acent switch as the root bridge. +ote6 It may not be anad:acent switch# but any other switch in the broadcast domain. The switch then

D



forwards new =&01 frames with the lower root I0 to the other ad:acent switches./ventually# the switch with the lowest =I0 ends up being identi8ed as the root bridgefor the spanning-tree instance.

%T. 7

=est &aths to the oot =ridge

9hen the root bridge has been designated for the spanning-tree instance# the %T*starts the process of determining the best paths to the root bridge from alldestinations in the broadcast domain. The path information is determined by summingup the individual port costs along the path from the destination to the root bridge.

The default port costs are de8ned by the speed at which the port operates. In thetable# you can see that @-KbAs /thernet ports have a port cost of 5# -KbAs /thernetports have a port cost of 7# @@-?bAs >ast /thernet ports have a port cost of E# and@-?bAs /thernet ports have a port cost of @@.

+ote6 I/// de8nes the port cost values used by %T&. *s newer# faster /thernettechnologies enter the marketplace# the path cost values may change toaccommodate the di<erent speeds available. The non-linear numbers accommodatesome improvements to the /thernet standard but be aware that the numbers can bechanged by I/// if needed. In the table# the values have already been changed toaccommodate the newer @-KbAs /thernet standard.

*lthough switch ports have a default port cost associated with them# the port cost iscon8gurable. The ability to con8gure individual port costs gives the administrator the3eibility to control the spanning-tree paths to the root bridge.

Click the Con8guring &ort Costs button in the 8gure.

To con8gure the port cost of an interface# enter the spanning-tree cost value commandin interface con8guration mode. The range value can be between and 5@@#@@@#@@@.

In the eample# switch port >@A has been con8gured with a port cost of 5, using thespanning-tree cost 5, interface con8guration command on the >@A interface.

To revert the port cost back to the default value# enter the no spanning-tree costinterface con8guration command.

Click the &ath Costs button in the 8gure.

&ath cost is the sum of all the port costs along the path to the root bridge. The pathswith the lowest path cost become the preferred path# and all other redundant pathsare blocked. In the eample# the path cost from switch %5 to the root bridge switch %#over path is E $based on the I///-speci8ed individual port cost'# while the path costover path 5 is ;D. =ecause path has a lower overall path cost to the root bridge# it isthe preferred path. %T& then con8gures the redundant path to be blocked# preventinga loop from occurring.

Click the (erify &ort and &ath Costs button in the 8gure.

To verify the port and path cost to the root bridge# enter the show spanning-tree

privileged /L/C mode command. The Cost 8eld in the output is the total path cost tothe root bridge. This value changes depending on how many switch ports need to be

E



traversed to get to the root bridge. In the output# each interface is also identi8ed withan individual port cost of E.

*nother command to eplore is the show spanning-tree detail privileged /L/C modecommand.

,.5.5. %T& =&01

The =&01 >ields

In the previous topic# you learned that %T& determines a root bridge for the spanning-tree instance by echanging =&01s. In this topic# you will learn the details of the =&01frame and how it facilitates the spanning-tree process.

The =&01 frame contains 5 distinct 8elds that are used to convey path and priorityinformation that %T& uses to determine the root bridge and paths to the root bridge.

oll over the =&01 8elds in the 8gure to learn what they contain.

• The 8rst four 8elds identify the protocol# version# message type# and status3ags.

• The net four 8elds are used to identify the root bridge and the cost of the pathto the root bridge.

• The last four 8elds are all timer 8elds that determine how frequently =&01messages are sent# and how long the information received through the =&01process $net topic' is retained. The role of the timer 8elds will be covered inmore detail later in this course.

Click the =&01 /ample button in the 8gure.

The eample in the 8gure was captured using 9ireshark. In the eample# the =&01frame contains more 8elds than previously described. The =&01 message isencapsulated in an /thernet frame when it is transmitted across the network. TheD@5.; header indicates the source and destination addresses of the =&01 frame. Thisframe has a destination ?*C address of @6D@6C56@@6@@6@@# which is a multicastaddress for the spanning-tree group. 9hen a frame is addressed with this ?*Caddress# each switch that is con8gured for spanning tree accepts and reads theinformation from the frame. =y using this multicast group address# all other devices onthe network that receive this frame disregard it.

In the eample# the root I0 and the =I0 are the same in the captured =&01 frame. This

indicates that the frame was captured from a root bridge switch.

The timers are all set to the default values.

%T. 5.

The =&01 &rocess

/ach switch in the broadcast domain initially assumes that it is the root bridge for thespanning-tree instance# so the =&01 frames sent contain the =I0 of the local switch asthe root I0. =y default# =&01 frames are sent every 5 seconds after a switch is booted"that is# the default value of the hello timer speci8ed in the =&01 frame is 5 seconds./ach switch maintains local information about its own =I0# the root I0# and the pathcost to the root.

@



9hen ad:acent switches receive a =&01 frame# they compare the root I0 from the=&01 frame with the local root I0. If the root I0 in the =&01 is lower than the local rootI0# the switch updates the local root I0 and the I0 in its =&01 messages. Thesemessages serve to indicate the new root bridge on the network. *lso# the path cost isupdated to indicate how far away the root bridge is. >or eample# if the =&01 wasreceived on a >ast /thernet switch port# the path cost would be set to E. If the localroot I0 is lower than the root I0 received in the =&01 frame# the =&01 frame isdiscarded.

*fter a root I0 has been updated to identify a new root bridge# all subsequent =&01frames sent from that switch contain the new root I0 and updated path cost. That way#all other ad:acent switches are able to see the lowest root I0 identi8ed at all times. *sthe =&01 frames pass between other ad:acent switches# the path cost is continuallyupdated to indicate the total path cost to the root bridge. /ach switch in the spanningtree uses its path costs to identify the best possible path to the root bridge.

Click each step in the 8gure to learn about the =&01 process.

The following summarizes the =&01 process6

+ote6 &riority is the initial deciding factor when choosing a root bridge. If the priority of all the switches was the same# the ?*C address would be the deciding factor.

%tep . Initially# each switch identi8es itself as the root bridge. %witch %5 forwards=&01 frames out all switch ports.

%tep 5. 9hen switch %; receives a =&01 from switch %5# %; compares its root I0 withthe =&01 frame it received. The priorities are equal# so the switch is forced to eaminethe ?*C address portion to determine which ?*C address has a lower value. =ecause

%5 has a lower ?*C address value# %; updates its root I0 with the %5 root I0. *t thatpoint# %; considers %5 as the root bridge.

%tep ;. 9hen % compares its root I0 with the one in the received =&01 frame# itidenti8es the local root I0 as the lower value and discards the =&01 from %5.

%tep 7. 9hen %; sends out its =&01 frames# the root I0 contained in the =&01 frameis that of %5.

%tep ,. 9hen %5 receives the =&01 frame# it discards it after verifying that the root I0in the =&01 matched its local root I0.

%tep B. =ecause % has a lower priority value in its root I0# it discards the =&01 framereceived from %;.

%tep . % sends out its =&01 frames.

%tep D. %; identi8es the root I0 in the =&01 frame as having a lower value andtherefore updates its root I0 values to indicate that % is now the root bridge.

%tep E. %5 identi8es the root I0 in the =&01 frame as having a lower value andtherefore updates its root I0 values to indicate that % is now the root bridge.

,.5.;. =I0K/ I0

=I0 >ields



The bridge I0 $=I0' is used to determine the root bridge on a network. This topicdescribes what makes up a =I0 and how to con8gure the =I0 on a switch to in3uencethe election process to ensure that speci8c switches are assigned the role of rootbridge on the network.

The =I0 8eld of a =&01 frame contains three separate 8elds6 bridge priority# etendedsystem I0# and ?*C address. /ach 8eld is used during the root bridge election.

=ridge &riority

The bridge priority is a customizable value that you can use to in3uence which switchbecomes the root bridge. The switch with the lowest priority# which means lowest =I0#becomes the root bridge $the lower the priority value# the higher the priority'. >oreample# to ensure that a speci8c switch is always the root bridge# you set the priorityto a lower value than the rest of the switches on the network. The default value for thepriority of all Cisco switches is ;5BD. The priority range is between and B,,;B"therefore# is the highest priority.

/tended %ystem I0

*s shown in the eample# the etended system I0 can be omitted in =&01 frames incertain con8gurations. The early implementation of %T& was designed for networksthat did not use ()*+s. There was a single common spanning tree across all switches.9hen ()*+s started to become common for network infrastructure segmentation# %T&was enhanced to include support for ()*+s. *s a result# the etended system I0 8eldcontains the I0 of the ()*+ with which the =&01 is associated.

9hen the etended system I0 is used# it changes the number of bits available for thebridge priority value# so the increment for the bridge priority value changes from to

7@EB. Therefore# bridge priority values can only be multiples of 7@EB.

The etended system I0 value is added to the bridge priority value in the =I0 toidentify the priority and ()*+ of the =&01 frame.

2ou will learn about per ()*+ spanning tree $&(%T' in a later section of this chapter.

?*C *ddress

9hen two switches are con8gured with the same priority and have the same etendedsystem I0# the switch with the ?*C address with the lowest headecimal value has the

lower =I0. Initially# all switches are con8gured with the same default priority value. The ?*C address is then the deciding factor on which switch is going to become theroot bridge. This results in an unpredictable choice for the root bridge. It isrecommended to con8gure the desired root bridge switch with a lower priority toensure that it is elected root bridge. This also ensures that the addition of newswitches to the network does not trigger a new spanning-tree election# which coulddisrupt network communication while a new root bridge is being selected.

Click the &riority-based decision button in the 8gure.

In the eample# % has a lower priority than the other switches" therefore# it ispreferred as the root bridge for that spanning-tree instance.

Click the ?*C *ddress-based decision button in the 8gure.

5



9hen all switches are con8gured with the same priority# as is the case with allswitches kept in the default con8guration with a priority of ;5BD# the ?*C addressbecomes the deciding factor for which switch becomes the root bridge.

+ote6 In the eample# the priority of all the switches is ;5BE. The value is based onthe ;5BD default priority and the ()*+ assignment associated with each switch$M;5BD'.

The ?*C address with the lowest headecimal value is considered to be the preferredroot bridge. In the eample# %5 has the lowest value for its ?*C address and istherefore designated as the root bridge for that spanning-tree instance.

%T. 5

Con8gure and (erify the =I0

9hen a speci8c switch is to become a root bridge# the bridge priority value needs tobe ad:usted to ensure it is lower than the bridge priority values of all the other

switches on the network. There are two di<erent con8guration methods that you canuse to con8gure the bridge priority value on a Cisco Catalyst switch.

?ethod - To ensure that the switch has the lowest bridge priority value# use thespanning-tree vlan vlan-id root primary command in global con8guration mode. Thepriority for the switch is set to the prede8ned value of 57,B or to the net 7@EBincrement value below the lowest bridge priority detected on the network.

If an alternate root bridge is desired# use the spanning-tree vlan vlan-id root secondaryglobal con8guration mode command. This command sets the priority for the switch tothe prede8ned value of 5DB5. This ensures that this switch becomes the root bridge if the primary root bridge fails and a new root bridge election occurs and assuming that

the rest of the switches in the network have the default ;5BD priority value de8ned.

In the eample# switch % has been assigned as the primary root bridge using thespanning-tree vlan root primary global con8guration mode command# and switch %5has been con8gured as the secondary root bridge using the spanning-tree vlan rootsecondary global con8guration mode command.

?ethod 5 - *nother method for con8guring the bridge priority value is using thespanning-tree vlan vlan-id priority value global con8guration mode command. Thiscommand gives you more granular control over the bridge priority value. The priorityvalue is con8gured in increments of 7@EB between @ and B,,;B.

In the eample# switch %; has been assigned a bridge priority value of 57,B using thespanning-tree vlan priority 57,B global con8guration mode command.

Click the (eri8cation button in the 8gure.

To verify the bridge priority of a switch# use the show spanning-tree privileged /L/Cmode command. In the eample# the priority of the switch has been set to 57,B. *lsonotice that the switch is designated as the root bridge for the spanning-tree instance.

,.5.7. &4T 4)/%

&ort oles

;



The root bridge is elected for the spanning-tree instance. The location of the rootbridge in the network topology determines how port roles are calculated. This topicdescribes how the switch ports are con8gured for speci8c roles to prevent thepossibility of loops on the network.

There are four distinct port roles that switch ports are automatically con8gured forduring the spanning-tree process.

oot &ort

The root port eists on non-root bridges and is the switch port with the best path tothe root bridge. oot ports forward tra!c toward the root bridge. The source ?*Caddress of frames received on the root port are capable of populating the ?*C table.4nly one root port is allowed per bridge.

In the eample# switch % is the root bridge and switches %5 and %; have root portsde8ned on the trunk links connecting back to %.

0esignated &ort The designated port eists on root and non-root bridges. >or root bridges# all switchports are designated ports. >or non-root bridges# a designated port is the switch portthat receives and forwards frames toward the root bridge as needed. 4nly onedesignated port is allowed per segment. If multiple switches eist on the samesegment# an election process determines the designated switch# and thecorresponding switch port begins forwarding frames for the segment. 0esignated portsare capable of populating the ?*C table.

In the eample# switch % has both sets of ports for its two trunk links con8gured asdesignated ports. %witch %5 also has a designated port con8gured on the trunk link

going toward switch %;.

+on-designated &ort

The non-designated port is a switch port that is blocked# so it is not forwarding dataframes and not populating the ?*C address table with source addresses. * non-designated port is not a root port or a designated port. >or some variants of %T&# thenon-designated port is called an alternate port.

In the eample# switch %; has the only non-designated ports in the topology. The non-designated ports prevent the loop from occurring.

0isabled &ort

The disabled port is a switch port that is administratively shut down. * disabled portdoes not function in the spanning-tree process. There are no disabled ports in theeample.

%T. 5

&ort oles

The %T* determines which port role is assigned to each switch port.

9hen determining the root port on a switch# the switch compares the path costs on allswitch ports participating in the spanning tree. The switch port with the lowest overall

7



path cost to the root is automatically assigned the root port role because it is closestto the root bridge. In a network topology# all switches that are using spanning tree#ecept for the root bridge# have a single root port de8ned.

9hen there are two switch ports that have the same path cost to the root bridge andboth are the lowest path costs on the switch# the switch needs to determine whichswitch port is the root port. The switch uses the customizable port priority value# orthe lowest port I0 if both port priority values are the same.

The port I0 is the interface I0 of the switch port. >or eample# the 8gure shows fourswitches. &ort >@A and >@A5 on switch %5 have the same path cost value back to theroot bridge. However# port >@A on switch %5 is the preferred port because it has alower port I0 value.

The port I0 is appended to the port priority. >or eample# switch port >@A has adefault port priority value of 5D.# where 5D is the con8gurable port priority value#and . is the port I0. %witch port >@A5 has a port priority value of 5D.5# by default.

%T.;Con8gure &ort &riority

2ou can con8gure the port priority value using the spanning-tree port-priority valueinterface con8guration mode command. The port priority values range from @ - 57@# inincrements of B. The default port priority value is 5D. *s with bridge priority# lowerport priority values give the port higher priority.

In the eample# the port priority for port >@A has been set to 5# which is below thedefault port priority of 5D. This ensures that the port is the preferred port whencompeting with another port for a speci8c port role.

9hen the switch decides to use one port over another for the root port# the other iscon8gured as a non-designated port to prevent a loop from occurring.

%T. 7.

&ort ole 0ecisions

In the eample# switch % is the root bridge. %witches %5 and %; have root portscon8gured for the ports connecting back to %.

*fter a switch has determined which of its ports is con8gured in the root port role# itneeds to decide which ports have the designated and non-designated roles.

The root bridge automatically con8gures all of its switch ports in the designated role.4ther switches in the topology con8gure their non-root ports as designated or non-designated ports.

0esignated ports are con8gured for all )*+ segments. 9hen two switches areconnected to the same )*+ segment# and root ports have already been de8ned# thetwo switches have to decide which port gets to be con8gured as a designated port andwhich one is left as the non-designated port.

The switches on the )*+ segment in question echange =&01 frames# which containthe switch =I0. Kenerally# the switch with the lower =I0 has its port con8gured as adesignated port# while the switch with the higher =I0 has its port con8gured as a non-

,



designated port. However# keep in mind that the 8rst priority is the lowest path cost tothe root bridge and that only if the port costs are equal# is the =I0 of the sender used.

*s a result# each switch determines which port roles are assigned to each of its portsto create the loop-free spanning tree.

Click each step in the 8gure to learn about how port roles are determined.

%T. ,

(erifying &ort oles and &ort &riority

+ow that spanning tree has determined the logical loop-free network topology# youmay want to con8rm which port roles and port priorities are con8gured for the variousswitch ports in the network.

To verify the port roles and port priorities for the switch ports# use the show spanning-tree privileged /L/C mode command.

In the eample# the show spanning-tree output displays all switch ports and theirde8ned roles. %witch port >@A and >@A5 are con8gured as designated ports. Theoutput also displays the port priority of each switch port. %witch port >@A has a portpriority of 5D..

,.5.,. %T& &4T %T*T/% *+0 =&01 TI?/%

&ort %tates

%T& determines the logical loop-free path throughout the broadcast domain. Thespanning tree is determined through the information learned by the echange of the

=&01 frames between the interconnected switches. To facilitate the learning of thelogical spanning tree# each switch port transitions through 8ve possible port states andthree =&01 timers.

The spanning tree is determined immediately after a switch is 8nished booting up. If aswitch port were to transition directly from the blocking to the forwarding state# theport could temporarily create a data loop if the switch was not aware of all topologyinformation at the time. >or this reason# %T& introduces 8ve port states. The tablesummarizes what each port state does. The following provides some additionalinformation on how the port states ensure that no loops are created during thecreation of the logical spanning tree.

• =locking - The port is a non-designated port and does not participate in frameforwarding. The port receives =&01 frames to determine the location and rootI0 of the root bridge switch and what port roles each switch port should assumein the 8nal active %T& topology.

• )istening - %T& has determined that the port can participate in frame forwardingaccording to the =&01 frames that the switch has received thus far. *t thispoint# the switch port is not only receiving =&01 frames# it is also transmittingits own =&01 frames and informing ad:acent switches that the switch port ispreparing to participate in the active topology.

• )earning - The port prepares to participate in frame forwarding and begins topopulate the ?*C address table.

• >orwarding - The port is considered part of the active topology and forwardsframes and also sends and receives =&01 frames.

B



• 0isabled - The )ayer 5 port does not participate in spanning tree and does notforward frames. The disabled state is set when the switch port isadministratively disabled.

%T.5

=&01 Timers

The amount of time that a port stays in the various port states depends on the =&01timers. 4nly the switch in the role of root bridge may send information through thetree to ad:ust the timers. The following timers determine %T& performance and statechanges6

Hello time>orward delay?aimum age

Click the oles and Timers button in the 8gure.

9hen %T& is enabled# every switch port in the network goes through the blocking stateand the transitory states of listening and learning at power up. The ports then stabilizeto the forwarding or blocking state# as seen in the eample. 0uring a topology change#a port temporarily implements the listening and learning states for a speci8ed periodcalled the forward delay interval.

These values allow adequate time for convergence in a network with a switchdiameter of seven. To review# switch diameter is the number of switches a frame hasto traverse to travel from the two farthest points on the broadcast domain. * seven-switch diameter is the largest diameter that %T& permits because of convergence

times. Convergence in relation to spanning tree is the time it takes to recalculate thespanning tree if a switch or a link fails. 2ou will learn how convergence works in thenet section.

Click the Con8gure +etwork 0iameter button in the 8gure.

It is recommended that the =&01 timers not be ad:usted directly because the valueshave been optimized for the seven-switch diameter. *d:usting the spanning-treediameter value on the root bridge to a lower value automatically ad:usts the forwarddelay and maimum age timers proportionally for the new diameter. Typically# you donot ad:ust the =&01 timers nor recon8gure the network diameter. However# if after

research# a network administrator determined that the convergence time of thenetwork could be optimized# the administrator would do so by recon8guring thenetwork diameter# not the =&01 timers.

To con8gure a di<erent network diameter for %T&# use the spanning-tree vlan vlan idroot primary diameter value global con8guration mode command on the root bridgeswitch.

In the eample# the spanning-tree vlan root primary diameter , global con8gurationmode command was entered to ad:ust the spanning tree diameter to 8ve switches.

%T.;

Cisco &ort>ast Technology



&ort>ast is a Cisco technology. 9hen a switch port con8gured with &ort>ast iscon8gured as an access port# that port transitions from blocking to forwarding stateimmediately# bypassing the typical %T& listening and learning states. 2ou can use&ort>ast on access ports# which are connected to a single workstation or to a server# toallow those devices to connect to the network immediately rather than waiting forspanning tree to converge. If an interface con8gured with &ort>ast receives a =&01frame# spanning tree can put the port into the blocking state using a feature called=&01 guard. Con8guring =&01 guard is beyond the scope of this course.

+ote6 Cisco &ort>ast technology can be used to support 0HC&. 9ithout &ort>ast# a &Ccan send a 0HC& request before the port is in forwarding state# denying the host fromgetting a usable I& address and other information. =ecause &ort>ast immediatelychanges the state to forwarding# the &C always gets a usable I& address.

>or more information on con8guring =&01 guard# see6

http6AAwww.cisco.comAenA1%AtechAtk;DEAtkB5AtechnologiesFtechFnote@EDBa@@D@@E7D5f.shtml.

+ote6 =ecause the purpose of &ort>ast is to minimize the time that access ports mustwait for spanning tree to converge# it should be used only on access ports. If youenable &ort>ast on a port connecting to another switch# you risk creating a spanning-tree loop.

Click the Con8gure &ort>ast button in the 8gure.

To con8gure &ort>ast on a switch port# enter the spanning-tree portfast interfacecon8guration mode command on each interface that &ort>ast is to be enabled.

To disable &ort>ast# enter the no spanning-tree portfast interface con8guration mode

command on each interface that &ort>ast is to be disabled.

Click the (erify &ort>ast button in the 8gure.

To verify that &ort>ast has been enabled for a switch port# use the show running-con8gprivileged /L/C mode command. The absence of the spanning-tree portfast commandin the running con8guration for an interface indicates that &ort>ast has been disabledfor that interface. &ort>ast is disabled on all interfaces by default.

%T. 7 G (/=* 1 &*CJ/T T*C/1

,.;.. %T& C4+(/K/+C/%T& Convergence %teps

The previous section described the components that enable %T& to create the logicalloop-free network topology. In this section# you will eamine the whole %T& processfrom start to 8nish.

Convergence is an important aspect of the spanning-tree process. Convergence is thetime it takes for the network to determine which switch is going to assume the role of the root bridge# go through all the di<erent port states# and set all switch ports to their8nal spanning-tree port roles where all potential loops are eliminated. The

convergence process takes time to complete because of the di<erent timers used tocoordinate the process.

D

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml






To understand the convergence process more thoroughly# it has been broken downinto three distinct steps6

%tep . /lect a root bridge

%tep 5. /lect root ports

%tep ;. /lect designated and non-designated ports

The remainder of this section eplores each step in the convergence process.

,.;.5. %T/& . /)/CTI+K 44T =I0K/

%tep . /lecting a oot =ridge

The 8rst step of the spanning-tree convergence process is to elect a root bridge. The

root bridge is the basis for all spanning-tree path cost calculations and ultimately leadsto the assignment of the di<erent port roles used to prevent loops from occurring.

* root bridge election is triggered after a switch has 8nished booting up# or when apath failure has been detected on a network. Initially# all switch ports are con8guredfor the blocking state# which by default lasts 5@ seconds. This is done to prevent a loopfrom occurring before %T& has had time to calculate the best root paths and con8gureall switch ports to their speci8c roles. 9hile the switch ports are in a blocking state#they are still able to send and receive =&01 frames so that the spanning-tree rootelection can proceed. %panning tree supports a maimum network diameter of sevenswitch hops from end to end. This allows the entire root bridge election process tooccur within 7 seconds# which is less than the time the switch ports spend in the

blocking state.

Immediately after the switches have 8nished booting up# they start sending =&01frames advertising their =I0 in an attempt to become the root bridge. Initially# allswitches in the network assume that they are the root bridge for the broadcastdomain. The 3ood of =&01 frames on the network have the root I0 8eld matching the=I0 8eld# indicating that each switch considers itself the root bridge. These =&01frames are sent every 5 seconds based on the default hello timer value.

*s each switch receives the =&01 frames from its neighboring switches# they comparethe root I0 from the received =&01 frame with the root I0 con8gured locally. If the root

I0 from the received =&01 frame is lower than the root I0 it currently has# the root I08eld is updated indicating the new best candidate for the root bridge role.

*fter the root I0 8eld is updated on a switch# the switch then incorporates the new rootI0 in all future =&01 frame transmissions. This ensures that the lowest root I0 isalways conveyed to all other ad:acent switches in the network. The root bridgeelection ends once the lowest bridge I0 populates the root I0 8eld of all switches inthe broadcast domain.

/ven though the root bridge election process has completed# the switches continue toforward their =&01 frames advertising the root I0 of the root bridge every 5 seconds./ach switch is con8gured with a ma age timer that determines how long a switch

retains the current =&01 con8guration in the event it stops receiving updates from itsneighboring switches. =y default# the ma age timer is set to 5@ seconds. Therefore# if a switch fails to receive @ consecutive =&01 frames from one of its neighbors# the

E



switch assumes that a logical path in the spanning tree has failed and that the =&01information is no longer valid. This triggers another spanning-tree root bridge election.

Click the &lay button in the 8gure to review the steps %T& uses to elect a root bridge.

*s you review how %T& elects a root bridge# recall that the root bridge election processoccurs with all switches sending and receiving =&01 frames simultaneously.&erforming the election process simultaneously allows the switches to determinewhich switch is going to become the root bridge much faster.

%T. 5

(erify oot =ridge /lection

9hen the root bridge election is completed# you can verify the identity of the rootbridge using the show spanning-tree privileged /L/C mode command

In the topology eample# switch % has the lowest priority value of the three switches#

so we can assume it will become the root bridge.Click the %witch % 4utput button in the 8gure.

In the eample# the show spanning-tree output for switch % reveals that it is the rootbridge. 2ou can see that the =I0 matches the root I0# con8rming that % is the rootbridge.

Click the %witch %5 4utput button in the 8gure.

In the eample# the show show spanning-tree output for switch %5 shows that the rootI0 matches the epected root I0 of switch %# indicating that %5 considers % the root

bridge.

Click the %witch %; 4utput button in the 8gure.

In the eample# the show spanning-tree output for switch %; shows that the root I0matches the epected root I0 of switch %# indicating that %; considers % the rootbridge.

,.;.;. /)/CT TH/ 44T &4T%

%tep 5. /lect oot &orts

+ow that the root bridge has been determined# the switches start con8guring the portroles for each of their switch ports. The 8rst port role that needs to be determined isthe root port role.

/very switch in a spanning-tree topology# ecept for the root bridge# has a single rootport de8ned. The root port is the switch port with the lowest path cost to the rootbridge. +ormally path cost alone determines which switch port becomes the root port.However# additional port characteristics determine the root port when two or moreports on the same switch have the same path cost to the root. This can happen whenredundant links are used to uplink one switch to another switch when an /therChannelcon8guration is not used. ecall that Cisco /therChannel technology allows you to

con8gure multiple physical /thernet type links as one logical link.

5@



%witch ports with equivalent path costs to the root use the con8gurable port priorityvalue. They use the port I0 to break a tie. 9hen a switch chooses one equal path costport as a root port over another# the losing port is con8gured as the non-designated toavoid a loop.

The process of determining which port becomes a root port happens during the rootbridge election =&01 echange. &ath costs are updated immediately when =&01frames arrive indicating a new root I0 or redundant path. *t the time the path cost isupdated# the switch enters decision mode to determine if port con8gurations need tobe updated. The port role decisions do not wait until all switches settle on whichswitch is going to be the 8nal root bridge. *s a result# the port role for a given switchport may change multiple times during convergence# until it 8nally settles on its 8nalport role after the root I0 changes for the last time.

Click each step in the 8gure to learn about electing root ports.

%T.5

(erify the oot &ort9hen the root bridge election has completed# you can verify the con8guration of theroot ports using the show spanning-tree privileged /L/C mode command.

In the topology eample# switch % has been identi8ed as the root bridge. The switch%5 >@A port and switch %; >@A port are the two closest ports to the root bridge and#therefore# should be con8gured as root ports. 2ou can con8rm the port con8gurationusing the show spanning-tree privileged /L/C mode command.

Click the %witch % 4utput button in the 8gure.

In the eample# the show spanning-tree output for switch % reveals that it is the rootbridge and consequently does not have any root ports con8gured.

Click the %witch %5 output button in the 8gure.

In the eample# the show spanning-tree output for switch %5 shows that switch port>@A is con8gured as a root port. The oot I0 shows the &riority and ?*C *ddress of switch %.

Click the %witch %; output button in the 8gure.

In the eample# the show spanning-tree output for switch %; shows that switch port>@A is con8gured as a root port. The oot I0 shows the &riority and ?*C *ddress of switch %.

,.;.7. %T/& ;. /)/CTI+K 0/%IK+*T/0 &4T% *+0 +4+-0/%IK+*T/% &4T%

%tep ;. /lecting 0esignated &orts and +on-0esignated &orts

*fter a switch determines which of its ports is the root port# the remaining ports mustbe con8gured as either a designated port $0&' or a non-designated port $non-0&' to8nish creating the logical loop-free spanning tree.

/ach segment in a switched network can have only one designated port. 9hen twonon-root port switch ports are connected on the same )*+ segment# a competition for

5



port roles occurs. The two switches echange =&01 frames to sort out which switchport is designated and which one is non-designated.

Kenerally# when a switch port is con8gured as a designated port# it is based on the=I0. However# keep in mind that the 8rst priority is the lowest path cost to the rootbridge and that only if the port costs are equal# is the =I0 of the sender.

9hen two switches echange their =&01 frames# they eamine the sending =I0 of thereceived =&01 frame to see if it is lower than its own. The switch with the lower =I0wins the competition and its port is con8gured in the designated role. The losingswitch con8gures its switch port to be non-designated and# therefore# in the blockingstate to prevent the loop from occurring.

The process of determining the port roles happens concurrently with the root bridgeelection and root port designation. *s a result# the designated and non-designatedroles may change multiple times during the convergence process until the 8nal rootbridge has been determined. The entire process of electing the root bridge#determining the root ports# and determining the designated and non-designated ports

happens within the 5@-second blocking port state. This convergence time is based onthe 5-second hello timer for =&01 frame transmission and the seven-switch diametersupported by %T&. The ma age delay of 5@ seconds provides enough time for theseven-switch diameter with the 5-second hello timer between =&01 frametransmissions.

Click each step in the 8gure to learn about electing designated ports and non-designated ports.

%T.5

(erify 0& and +on-0&

*fter the root ports have been assigned# the switches determine which remainingports are con8gured as designated and non-designated ports. 2ou can verify thecon8guration of the designated and non-designated ports using the show spanning-tree privileged /L/C mode command.

In the topology6

. %witch % is identi8ed as the root bridge and therefore con8gures both of its switchports as designated ports.

5. The switch %5 >@A port and switch %; >@A port are the two closest ports to the rootbridge and are con8gured as root ports.

;. The remaining switch %5 >@A5 port and switch %; >@A5 port need to decide which of the two remaining ports will be the designated port and which will be the non-designated port.

7. %witch %5 and switch %; compare their =I0 values to determine which one is lower The one with the lower =I0 is con8gured as the designated port.

,. =ecause both switches have the same priority# the ?*C address becomes the

deciding factor.

55



B. =ecause switch %5 has a lower ?*C address# it con8gures its >@A5 port as adesignated port.

. %witch %; consequently con8gures its >@A5 port as a non-designated port to preventthe loop from occurring.

2ou can con8rm the port con8guration using the show spanning-tree privileged /L/Cmode command.

Click the %witch % 4utput button in the 8gure.

In the eample# the show spanning-tree output for switch % reveals that it is the rootbridge and consequently has both of its ports con8gured as designated ports.

Click the %witch %5 4utput button in the 8gure.

In the eample# the show spanning-tree output for switch %5 shows that switch port>@A5 is con8gured as a designated port.

Click the %witch %; 4utput button in the 8gure.

In the eample# the show spanning-tree output for switch %; shows that switch port>@A5 is con8gured as a non-designated port.

,.;.,. %T& T4&4)4K2 CH*+K/

%T& Topology Change +oti8cation &rocess

* switch considers it has detected a topology change either when a port that wasforwarding is going down $blocking for instance' or when a port transitions to

forwarding and the switch has a designated port. 9hen a change is detected# theswitch noti8es the root bridge of the spanning tree. The root bridge then broadcaststhe information into the whole network.

In normal %T& operation# a switch keeps receiving con8guration =&01 frames from theroot bridge on its root port. However# it never sends out a =&01 toward the rootbridge. To achieve that# a special =&01 called the topology change noti8cation $TC+'=&01 was introduced. 9hen a switch needs to signal a topology change# it starts tosend TC+s on its root port. The TC+ is a very simple =&01 that contains no informationand is sent out at the hello time interval. The receiving switch is called the designatedbridge and it acknowledges the TC+ by immediately sending back a normal =&01 with

the topology change acknowledgement $TC*' bit set. This echange continues untilthe root bridge responds.

>or eample# in the 8gure switch %5 eperiences a topology change. It sends a TC+ toits designated bridge# which in this case is switch 0. %witch 0 receives the TC+#acknowledges it back to switch %5 with a TC*. %witch 0 generates a TC+# andforwards it to its designated bridge# which in this case is the root bridge.

Click the =roadcast +oti8cation button in the 8gure.

=roadcast +oti8cation

4nce the root bridge is aware that there has been a topology change event in thenetwork# it starts to send out its con8guration =&01s with the topology change $TC' bitset. These =&01s are relayed by every switch in the network with this bit set. *s a

5;



result# all switches become aware of the topology change and can reduce their agingtime to forward delay. %witches receive topology change =&01s on both forwardingand blocking ports.

The TC bit is set by the root for a period of ma age M forward delay seconds# which is5@M,N;, seconds by default.

,.7.. CI%C4 *+0 %T& (*I*+T%

)ike many networking standards# the evolution of %T& has been driven by the need tocreate industry-wide speci8cations when proprietary protocols become de factostandards. 9hen a proprietary protocol becomes so prevalent that all competitors inthe market need to support it# agencies like the I/// step in and create a publicspeci8cation. The evolution of %T& has followed this same path# as seen in the table.

9hen you read about %T& on the Cisco.com site# you notice that there are many typesor variants of %T&. %ome of these variants are Cisco proprietary and others are I///standards. 2ou will learn more details on some of these %T& variants# but to get started

you need to have a general knowledge of what the key %T& variants are. The tablesummarizes the following descriptions of the key Cisco and I/// %T& variants.

Cisco &roprietary

&er-()*+ spanning tree protocol $&(%T' - ?aintains a spanning-tree instance for each()*+ con8gured in the network. It uses the Cisco proprietary I%) trunking protocol thatallows a ()*+ trunk to be forwarding for some ()*+s while blocking for other ()*+s.=ecause &(%T treats each ()*+ as a separate network# it can load balance tra!c at)ayer 5 by forwarding some ()*+s on one trunk and other ()*+s on another trunkwithout causing a loop. >or &(%T# Cisco developed a number of proprietary etensionsto the original I/// [email protected] %T&# such as =ackbone>ast# 1plink>ast# and &ort>ast. These

Cisco %T& etensions are not covered in this course. To learn more about theseetensions# visit6http6AAwww.cisco.comAenA1%AdocsAswitchesAlanAcatalyst7@@@A.7Acon8gurationAguideAstpFenha.html.

&er-()*+ spanning tree protocol plus $&(%TM' - Cisco developed &(%TM to providesupport for I/// [email protected] trunking. &(%TM provides the same functionality as &(%T#including the Cisco proprietary %T& etensions. &(%TM is not supported on non-Ciscodevices. &(%TM includes the &ort>ast enhancement called =&01 guard# and root guard.

To learn more about =&01 guard# visit6http6AAwww.cisco.comAenA1%AtechAtk;DEAtkB5AtechnologiesFtechFnote@EDBa@@D@@E7

D5f.shtml. To learn more about root guard# visit6http6AAwww.cisco.comAenA1%AtechAtk;DEAtkB5AtechnologiesFtechFnote@EDBa@@D@@aeEBb.shtml.

apid per-()*+ spanning tree protocol $rapid &(%TM' - =ased on the I/// [email protected] and has a faster convergence than %T& $standard [email protected]'. apid &(%TMincludes Cisco-proprietary etensions such as =ackbone>ast# 1plink>ast# and &ort>ast.

I/// %tandards

apid spanning tree protocol $%T&' - >irst introduced in ED5 as an evolution of %T&

[email protected] standard'. It provides faster spanning-tree convergence after a topologychange. %T& implements the Cisco-proprietary %T& etensions# =ackbone>ast#1plink>ast# and &ort>ast# into the public standard. *s of 5@@7# the I/// has

57







incorporated %T& into [email protected]# identifying the speci8cation as I/// [email protected]@@7. %owhen you hear %T&# think %T&. 2ou will learn more about %T& later in this section.

?ultiple %T& $?%T&' - /nables multiple ()*+s to be mapped to the same spanning-treeinstance# reducing the number of instances needed to support a large number of ()*+s. ?%T& was inspired by the Cisco-proprietary ?ultiple Instances %T& $?I%T&' andis an evolution of %T& and %T&. It was introduced in I/// [email protected] as amendment [email protected]# EED edition. %tandard I/// [email protected]@@; now includes ?%T&. ?%T& providesfor multiple forwarding paths for data tra!c and enables load balancing. * discussionof ?%T& is beyond the scope of this course. To learn more about ?%T&# visit6http6AAwww.cisco.comAenA1%AdocsAswitchesAlanAcatalyst5E,@AsoftwareAreleaseA5.FEF eaAcon8gurationAguideAswmstp.html.

,.7.5. &(%T M

&(%TM

Cisco developed &(%TM so that a network can run an %T& instance for each ()*+ in

the network. 9ith &(%TM# more than one trunk can block for a ()*+ and load sharingcan be implemented. However# implementing &(%TM means that all switches in thenetwork are engaged in converging the network# and the switch ports have toaccommodate the additional bandwidth used for each &(%TM instance to send its own=&01s.

In a Cisco &(%TM environment# you can tune the spanning-tree parameters so that half of the ()*+s forward on each uplink trunk. In the 8gure# port >@A; on switch %5 is theforwarding port for ()*+ 5@# and >@A5 on switch %5 is the forwarding port for ()*+ @.

This is accomplished by con8guring one switch to be elected the root bridge for half of the total number of ()*+s in the network# and a second switch to be elected the rootbridge for the other half of the ()*+s. In the 8gure# switch %; is the root bridge for

()*+ 5@# and switch % is the root bridge for ()*+ @. Creating di<erent %T& rootswitches per ()*+ creates a more redundant network.

%T.5

&(%TM =ridge I0

*s you recall# in the original [email protected] standard# an D-byte =I0 is composed of a 5-bytebridge priority and a B-byte ?*C address of the switch. There was no need to identifya ()*+ because there was only one spanning tree in a network. &(%TM requires that aseparate instance of spanning tree run for each ()*+. To support &(%TM# the D-byte

=I0 8eld is modi8ed to carry a ()*+ I0 $(I0'. In the 8gure# the bridge priority 8eld isreduced to 7 bits and a new 5-bit 8eld# the etended system I0 8eld# contains the(I0. The B-byte ?*C address remains unchanged.

The following provides more details on the &(%TM 8elds6

• =ridge priority - * 7-bit 8eld carries the bridge priority. =ecause of the limited bitcount# the priority is conveyed in discrete values in increments of 7@EB ratherthan discreet values in increments of # as they would be if the full B-bit 8eldwas available. The default priority# in accordance with I/// [email protected]# is ;5#BD#which is the midrange value.

• /tended system I0 - * 5-bit 8eld carrying the (I0 for &(%TM.• ?*C address - * B-byte 8eld with the ?*C address of a single switch.

5,



The ?*C address is what makes a =I0 unique. 9hen the priority and etended systemI0 are prepended to the switch ?*C address# each ()*+ on the switch can berepresented by a unique =I0.

Click on the &(%TM =ridge I0 /ample button in the 8gure.

In the 8gure# the values for priority# ()*+# and ?*C address for switch % are shown. They are combined to form the =I0.

Caution6 If no priority has been con8gured# every switch has the same default priority#and the election of the root bridge for each ()*+ is based on the ?*C address.

Therefore# to ensure that you get the root bridge you want# it is advisable to assign alower priority value to the switch that should serve as the root bridge.

%T.;

The table shows the default spanning-tree con8guration for a Cisco Catalyst 5EB@series switch. +otice that the default spanning-tree mode is &(%TM.

%T.7

Con8gure &(%TM

The topology shows three switches with [email protected] trunks connecting them. There aretwo ()*+s# @ and 5@# which are being trunked across these links. This network hasnot been con8gured for spanning tree. The goal is to con8gure %; as the root bridgefor ()*+ 5@ and % as the root bridge for ()*+ @. &ort >@A; on %5 is the forwardingport for ()*+ 5@ and the blocking port for ()*+ @. &ort >@A5 on %5 is the forwardingport for ()*+ @ and the blocking port for ()*+ 5@. The steps to con8gure &(%TM onthis eample topology are6

%tep . %elect the switches you want for the primary and secondary root bridges foreach ()*+.

%tep 5. Con8gure the switch to be a primary bridge for one ()*+# for eample switch%; is a primary bridge for ()*+ 5@.

%tep ;. Con8gure the switch to be a secondary bridge for the other ()*+# for eample#switch %; is a secondary bridge for ()*+ @.

4ptionally# set the spanning-tree priority to be low enough on each switch so that it is

selected as the primary bridge.Click the &rimary and %econdary oot =ridges button in the 8gure.

Con8gure the &rimary oot =ridges

The goal is to con8gure switch %; as the primary root bridge for ()*+ 5@ andcon8gure switch % as the primary root bridge for ()*+ @. To con8gure a switch tobecome the root bridge for a speci8ed ()*+# use the spanning-tree vlan vlan-I0 rootprimary global con8guration mode command. ecall that you are starting with anetwork that has not been con8gured with spanning tree# so assume that all theswitches are in their default con8guration. In this eample# switch %# which has ()*+

@ and 5@ enabled# retains its default %T& priority.

Con8gure the %econdary oot =ridges

5B



* secondary root is a switch that may become the root bridge for a ()*+ if theprimary root bridge fails. To con8gure a switch as the secondary root bridge# use thespanning-tree vlan vlan-I0 root secondary global con8guration mode command.*ssuming the other bridges in the ()*+ retain their default %T& priority# this switchbecomes the root bridge if the primary root bridge fails. This command can beeecuted on more than one switch to con8gure multiple backup root bridges.

The graphic shows the Cisco I4% command synta to specify switch %; as the primaryroot bridge for ()*+ 5@ and as the secondary root bridge for ()*+ @. *lso# switch %becomes the primary root bridge for ()*+ @ and the secondary root bridge for ()*+5@. This con8guration permits spanning tree load balancing# with ()*+ @ tra!cpassing through switch % and ()*+ 5@ tra!c passing through switch %;.

Click the &(%TM %witch &riority button in the 8gure.

&(%TM %witch &riority

/arlier in this chapter you learned that the default settings used to con8gure spanningtree are adequate for most networks. This is true for Cisco &(%TM as well. There are anumber of ways to tune &(%TM. * discussion on how to tune a &(%TM implementationis beyond the scope of this course. However# you can set the switch priority for thespeci8ed spanning-tree instance. This setting a<ects the likelihood that this switch isselected as the root switch. * lower value increases the probability that the switch isselected. The range is @ to B77@ in increments of 7@EB. >or eample# a valid priorityvalue is 7@EB5 N DE5. *ll other values are re:ected.

The eamples show the Cisco I4% command synta.

Click the (erify button in the 8gure.

The privileged /L/C command show spanning tree active shows spanning-treecon8guration details for the active interfaces only. The output shown is for switch %con8gured with &(%TM. There are a lot of Cisco I4% command parameters associatedwith the show spanning tree command. >or a complete description# visit6http6AAwww.cisco.comAenA1%[email protected];F seAcommandAreferenceAcli5.htmlPwpref75E;.

Click the show run button in the 8gure.

2ou can see in the output that the priority for ()*+ @ is 7@EB# the lowest of the three

()*+ priorities. This priority setting ensures that this switch is the primary root bridgefor ()*+ @.

,.7.;. %T&

9hat is %T&Q

%T& $I/// [email protected]' is an evolution of the [email protected] standard. The [email protected] %T&terminology remains primarily the same as the I/// [email protected] %T& terminology. ?ostparameters have been left unchanged# so users familiar with %T& can rapidly con8gurethe new protocol.

In the 8gure# a network shows an eample of %T&. %witch % is the root bridge withtwo designated ports in a forwarding state. %T& supports a new port type. &ort >@A;on switch %5 is an alternate port in discarding state. +otice that there are no blocking

5



ports. %T& does not have a blocking port state. %T& de8nes port states asdiscarding# learning# or forwarding. 2ou will learn more about port types and stateslater in the chapter.

Click the %T& Characteristics button in the 8gure.

%T& Characteristics

%T& speeds the recalculation of the spanning tree when the )ayer 5 network topologychanges. %T& can achieve much faster convergence in a properly con8gured network#sometimes in as little as a few hundred milliseconds. %T& rede8nes the type of portsand their state. If a port is con8gured to be an alternate or a backup port it canimmediately change to a forwarding state without waiting for the network to converge.

The following brie3y describes %T& characteristics6

• %T& is the preferred protocol for preventing )ayer 5 loops in a switchednetwork environment. ?any of the di<erences were informed by Cisco-proprietary enhancements to [email protected]. These enhancements# such as =&01s

carrying and sending information about port roles only to neighboring switches#require no additional con8guration and generally perform better than the earlierCisco-proprietary versions. They are now transparent and integrated in theprotocolRs operation.

• Cisco-proprietary enhancements to [email protected]# such as 1plink>ast and=ackbone>ast# are not compatible with %T&.

• %T& [email protected]' supersedes %T& [email protected]' while retaining backward compatibility.?uch of the %T& terminology remains# and most parameters are unchanged. Inaddition# [email protected] is capable of reverting back to [email protected] to interoperate withlegacy switches on a per-port basis. >or eample# the %T& spanning-treealgorithm elects a root bridge in eactly the same way as [email protected].

•

%T& keeps the same =&01 format as I/// [email protected]# ecept that the version 8eldis set to 5 to indicate %T&# and the 3ags 8eld uses all D bits. The %T& =&01 isdiscussed later.

• %T& is able to actively con8rm that a port can safely transition to theforwarding state without having to rely on any timer con8guration.

%T.5

%T& =&01

%T& [email protected]' uses type 5# version 5 =&01s# so an %T& bridge can [email protected] on any shared link or with any switch running [email protected]. %T& sends =&01s and

populates the 3ag byte in a slightly di<erent manner than in [email protected]

• &rotocol information can be immediately aged on a port if hellos are notreceived for three consecutive hello times# B seconds by default# or if the maage timer epires.

• =ecause =&01s are used as a keepalive mechanism# three consecutively missed=&01s indicate lost connectivity between a bridge and its neighboring root ordesignated bridge. The fast aging of the information allows failures to bedetected quickly.

+ote6 )ike %T&# an %T& bridge sends a =&01 with its current information every hellotime period $5 seconds by default'# even if the %T& bridge does not receive any=&01s from the root bridge.

5D



%T& uses the 3ag byte of version 5 =&01 as shown in the 8gure6

• =its @ and are used for topology change noti8cation and acknowledgment asthey are in [email protected].

• =its and B are used for the &roposal *greement process $used for rapid

convergence'.• =its 5-, encode the role and state of the port originating the =&01.• =its 7 and , are used to encode the port role using a 5-bit code.

,.7.7. /0K/ &4T%

/dge &orts

*n %T& edge port is a switch port that is never intended to be connected to anotherswitch device. It immediately transitions to the forwarding state when enabled.

The edge port concept is well known to Cisco spanning-tree users# because it

corresponds to the &ort>ast feature in which all ports directly connected to endstations anticipate that no switch device is connected to them. The &ort>ast portsimmediately transition to the %T& forwarding state# thereby skipping the time-consuming listening and learning stages. +either edge ports nor &ort>ast-enabledports generate topology changes when the port transitions to a disabled or enabledstatus.

1nlike &ort>ast# an %T& edge port that receives a =&01 loses its edge port statusimmediately and becomes a normal spanning-tree port.

The Cisco %T& implementation maintains the &ort>ast keyword using the spanning-

tree portfast command for edge port con8guration. Therefore making an overallnetwork transition to %T& more seamless. Con8guring an edge port to be attached toanother switch can have negative implications for %T& when it is in sync statebecause a temporary loop can result# possibly delaying the convergence of %T& dueto =&01 contention with loop tra!c.

,.7.,. )I+J T2&/%

)ink Types

The link type provides a categorization for each port participating in %T&. The linktype can predetermine the active role that the port plays as it stands by for immediate

transition to forwarding state if certain conditions are met. These conditions aredi<erent for edge ports and non-edge ports. +on-edge ports are categorized into twolink types# point-to-point and shared. The link type is automatically determined# butcan be overwritten with an eplicit port con8guration.

/dge ports# the equivalent of &ort>ast-enabled ports# and point-to-point links arecandidates for rapid transition to a forwarding state. However# before the link typeparameter is considered# %T& must determine the port role. 2ou will learn about portroles net# but for now know that6

• oot ports do not use the link type parameter. oot ports are able to make a

rapid transition to the forwarding state as soon as the port is in sync.• *lternate and backup ports do not use the link type parameter in most cases.

5E



• 0esignated ports make the most use of the link type parameter. apid transitionto the forwarding state for the designated port occurs only if the link typeparameter indicates a point-to-point link.

,.7.B. %T& &4T T2&/% *+0 &4T 4)/%

%T& &ort %tates

%T& provides rapid convergence following a failure or during re-establishment of aswitch# switch port# or link. *n %T& topology change causes a transition in theappropriate switch ports to the forwarding state through either eplicit handshakes ora proposal and agreement process and synchronization. 2ou will learn more about theproposal and agreement process later.

9ith %T&# the role of a port is separated from the state of a port. >or eample# adesignated port could be in the discarding state temporarily# even though its 8nalstate is to be forwarding. The 8gure shows the three possible %T& port states6discarding# learning# and forwarding.

Click the 0escriptions button in the 8gure.

The table in the 8gure describes the characteristics of each of the three %T& portstates. In all port states# a port accepts and processes =&01 frames.

Click the %T& and %T& &orts button in the 8gure.

The table in the 8gure compares %T& and %T& port states. ecall how the ports in the%T& blocking# listening and disabled port states do not forward any frames. These portstates have been merged into the %T& discarding port state.

%T.5

%T& &ort oles

The port role de8nes the ultimate purpose of a switch port and how it handles dataframes. &ort roles and port states are able to transition independently of each other.Creating the additional port roles allows %T& to de8ne a standby switch port before afailure or topology change. The alternate port moves to the forwarding state if there isa failure on the designated port for the segment.

ollover the port roles in the 8gure to learn more about each %T& port role.

%T.;

%T& &roposal or *greement &rocess

In I/// [email protected] %T&# when a port has been selected by spanning tree to become adesignated port# it must wait two times the forward delay before transitioning the portto the forwarding state. %T& signi8cantly speeds up the recalculation process after atopology change# because it converges on a link-by-link basis and does not rely ontimers epiring before ports can transition. apid transition to the forwarding state canonly be achieved on edge ports and point-to-point links. In %T&# this conditioncorresponds to a designated port in the discarding state.


;@



,.7.. C4+>IK1I+K *&I0-&(%T&M

apid-&(%TM is a Cisco implementation of %T&. It supports spanning tree for each()*+ and is the rapid %T& variant to use in Cisco-based networks. The topology in the8gure has two ()*+s6 @ and 5@. The 8nal con8guration will implement rapid-&(%TMon switch %# which is the root bridge.

Con8guration Kuidelines

It is useful to review some of the spanning tree con8guration guidelines. If you wouldlike to review the default spanning-tree con8guration on a Cisco 5EB@ switch# see the0efault %witch Con8guration section earlier in this chapter. Jeep these guidelines inmind when you implement rapid-&(%TM.

apid-&(%TM commands control the con8guration of ()*+ spanning-tree instances. *spanning-tree instance is created when an interface is assigned to a ()*+ and isremoved when the last interface is moved to another ()*+. *s well# you can con8gure%T& switch and port parameters before a spanning-tree instance is created. These

parameters are applied when a loop is created and a spanning-tree instance iscreated. However# ensure that at least one switch on each loop in the ()*+ is runningspanning tree# otherwise a broadcast storm can result.

The Cisco 5EB@ switch supports &(%TM# rapid-&(%TM# and ?%T&# but only one versioncan be active for all ()*+s at any time.

>or details on con8guring the %T& software features on a Cisco 5EB@ series switch visitthis Cisco site6

http6AAwww.cisco.comAenA1%AproductsApsB7@BAproductsFcon8gurationFguideFchapter@EDBa@@D@D,;.html.

Click the Con8guration Commands button in the 8gure.

The 8gure shows the Cisco I4% command synta needed to con8gure rapid-&(%TM ona Cisco switch. There are other parameters that can also be con8gured.

+ote6 If you connect a port con8gured with the spanning-tree link-type point-to-pointcommand to a remote port through a point-to-point link and the local port becomes adesignated port# the switch negotiates with the remote port and rapidly changes thelocal port to the forwarding state.

+ote6 9hen a port is con8gured with the clear spanning-tree detected-protocolscommand and that port is connected to a port on a legacy I/// [email protected] switch# theCisco I4% software restarts the protocol migration process on the entire switch. Thisstep is optional# though recommended as a standard practice# even if the designatedswitch detects that this switch is running rapid-&(%TM.

>or complete details on all the parameters associated with speci8c Cisco I4%commands# visit6http6AAwww.cisco.comAenA1%[email protected];F seAcommandAreferenceAcli;.html.

Click the /ample Con8guration button in the 8gure.

The eample con8guration shows the rapid-&(%TM commands being enabled on switch%.

;



Click the (erify button in the 8gure.

The show spanning-tree vlan vlan-id command shows the con8guration of ()*+ @ onswitch %. +otice that the =I0 priority is set to 7@EB. The =I0 was set using thespanning-tree vlan vlan-id priority priority-number command.

Click the show run button in the 8gure.

In this eample# the show running-con8guration command has been used to verify therapid-&(%TM con8guration on %.

,.7.D. 0/%IK+ %T& >4 T41=)/ *(4I0*+C/

Jnow 9here the oot Is

2ou now know that the primary function of the %T* is to break loops that redundantlinks create in bridge networks. %T& operates at )ayer 5 of the 4%I model. %T& can fail

in some speci8c cases. Troubleshooting the problem can be very di!cult and dependson the design of the network. That is why it is recommended that you perform themost important part of the troubleshooting before the problem occurs.

(ery often information about the location of the root is not available at troubleshootingtime. 0o not leave it up to the %T& to decide which bridge is root. >or each ()*+# youcan usually identify which switch can best serve as root. Kenerally# choose a powerfulbridge in the middle of the network. If you put the root bridge in the center of thenetwork with a direct connection to the servers and routers# you reduce the averagedistance from the clients to the servers and routers.

The 8gure shows6

• If switch %5 is the root# the link from % to %; is blocked on % or %;. In thiscase# hosts that connect to switch %5 can access the server and the router intwo hops. Hosts that connect to bridge %; can access the server and the routerin three hops. The average distance is two and one-half hops.

• If switch % is the root# the router and the server are reachable in two hops forboth hosts that connect on %5 and %;. The average distance is now two hops.

The logic behind this simple eample transfers to more comple topologies.

+ote6 >or each ()*+# con8gure the root bridge and the backup root bridge using lower

priorities.%T.5

To make it easier to solve %T& problems# plan the organization of your redundant links.In non-hierarchical networks you might need to tune the %T& cost parameter to decidewhich ports to block. However# this tuning is usually not necessary if you have ahierarchical design and a root bridge in a good location.

+ote6 >or each ()*+# know which ports should be blocking in the stable network. Havea network diagram that clearly shows each physical loop in the network and whichblocked ports break the loops.

;5



Jnowing the location of redundant links helps you identify an accidental bridging loopand the cause. *lso# knowing the location of blocked ports allows you to determine thelocation of the error.

?inimize the +umber of =locked &orts

The only critical action that %T& takes is the blocking of ports. * single blocking portthat mistakenly transitions to forwarding can negatively impact a large part of thenetwork. * good way to limit the risk inherent in the use of %T& is to reduce thenumber of blocked ports as much as possible.

(T& &runing

2ou do not need more than two redundant links between two nodes in a switchednetwork. However# a con8guration shown in the 8gure is common. 0istributionswitches are dual-attached to two core switches# switches# C and C5. 1sers onswitches % and %5 that connect on distribution switches are only in a subset of the()*+s available in the network. In the 8gure# users that connect on switch 0 are all

in ()*+ 5@" switch 05 only connects users in ()*+ ;@. =y default# trunks carry all the()*+s de8ned in the (T& domain. 4nly switch 0 receives unnecessary broadcast andmulticast tra!c for ()*+ 5@# but it is also blocking one of its ports for ()*+ ;@. Thereare three redundant paths between core switch C and core switch C5. Thisredundancy results in more blocked ports and a higher likelihood of a loop.

+ote6 &rune any ()*+ that you do not need o< your trunks.

Click the ?anual &runing button in the 8gure.

?anual &runing

(T& pruning can help# but this feature is not necessary in the core of the network. Inthis 8gure# only an access ()*+ is used to connect the distribution switches to thecore. In this design# only one port is blocked per ()*+. *lso# with this design# you canremove all redundant links in :ust one step if you shut down C or C5.

%T.;

1se )ayer ; %witching

)ayer ; switching means routing approimately at the speed of switching. * routerperforms two main functions6

• It builds a forwarding table. The router generally echanges information withpeers by way of routing protocols.

• It receives packets and forwards them to the correct interface based on thedestination address.

High-end Cisco )ayer ; switches are now able to perform this second function# at thesame speed as the )ayer 5 switching function. In the 8gure6

• There is no speed penalty with the routing hop and an additional segmentbetween C and C5.

• Core switch C and core switch C5 are )ayer ; switches. ()*+ 5@ and ()*+ ;@are no longer bridged between C and C5# so there is no possibility for a loop.

;;



edundancy is still present# with a reliance on )ayer ; routing protocols. The designensures a convergence that is even faster than convergence with %T&.

• %T& no longer blocks any single port# so there is no potential for a bridging loop.• )eaving the ()*+ by )ayer ; switching is as fast as bridging inside the ()*+.

%T. 7

>inal &oints

Jeep %T& /ven If It Is 1nnecessary

*ssuming you have removed all the blocked ports from the network and do not haveany physical redundancy# it is strongly suggested that you do not disable %T&.

%T& is generally not very processor intensive" packet switching does not involve theC&1 in most Cisco switches. *lso# the few =&01s that are sent on each link do not

signi8cantly reduce the available bandwidth. However# if a technician makes aconnection error on a patch panel and accidentally creates a loop# the network will benegatively impacted. Kenerally# disabling %T& in a switched network is not worth therisk.

Jeep Tra!c o< the *dministrative ()*+ and 0o +ot Have a %ingle ()*+ %pan the/ntire +etwork

* Cisco switch typically has a single I& address that binds to a ()*+# known as theadministrative ()*+. In this ()*+# the switch behaves like a generic I& host. Inparticular# every broadcast or multicast packet is forwarded to the C&1. * high rate of broadcast or multicast tra!c on the administrative ()*+ can adversely impact theC&1 and its ability to process vital =&01s. Therefore# keep user tra!c o< theadministrative ()*+.1ntil recently# there was no way to remove ()*+ from a trunk in a Ciscoimplementation. ()*+ generally serves as an administrative ()*+# where allswitches are accessible in the same I& subnet. Though useful# this setup can bedangerous because a bridging loop on ()*+ a<ects all trunks# which can bring downthe whole network. 4f course# the same problem eists no matter which ()*+ youuse. Try to segment the bridging domains using high-speed )ayer ; switches.

+ote6 *s of Cisco I4% %oftware elease 5.$b'/# you can remove ()*+ fromtrunks. ()*+ still eists# but it blocks tra!c# which prevents any loop possibility.

,.7.E. T41=)/%H44TI+K %T& 4&/*TI4+%

%witch or )ink >ailure

In the animation you see that when a port fails in a network con8gured with %T&# abroadcast storm may result.

In the intial state of the %T& failure scenario# switch %; has a lower =I0 than %5consequently the designated port between %; and %5 is port >@A on switch %;. %witch%; is considered to have a Sbetter =&01S than switch %5.

Click the &lay button in the 8gure to see %T& fail.

%T.5

;7



Troubleshoot a >ailure

1nfortunately# there is no systematic procedure to troubleshoot an %T& issue. Thissection summarizes some of the actions that are available to you. ?ost of the stepsapply to troubleshooting bridging loops in general. 2ou can use a more conventionalapproach to identify other failures of %T& that lead to a loss of connectivity. >oreample# you can eplore the path being taken by the tra!c that is eperiencing aproblem.

+ote6 In-band access may not be available during a bridging loop. >or eample# duringa broadcast storm you may not be able to Telnet to the infrastructure devices.

Therefore# out-of-band connectivity# such as console access may be required.

=efore you troubleshoot a bridging loop# you need to know at least these items6

• Topology of the bridge network• )ocation of the root bridge• )ocation of the blocked ports and the redundant links

This knowledge is essential. To know what to 8 in the network# you need to know howthe network looks when it works correctly. ?ost of the troubleshooting steps simplyuse show commands to try to identify error conditions. Jnowledge of the networkhelps you focus on the critical ports on the key devices.

The rest of this topic brie3y looks at two common spanning tree problems# a &ort>astcon8guration error and network diameter issues. To learn about other %T& issues# visit6http6AAwww.cisco.comAenA1%AtechAtk;DEAtkB5AtechnologiesFtechFnote@EDBa@@D@@E,ac.shtml.

%T.;

&ort>ast Con8guration /rror

2ou typically enable &ort>ast only for a port or interface that connects to a host. 9henthe link comes up on this port# the bridge skips the 8rst stages of the %T* and directlytransitions to the forwarding mode.

Caution6 0o not use &ort>ast on switch ports or interfaces that connect to otherswitches# hubs# or routers. 4therwise# you may create a network loop.

In this eample# port >@A on switch % is already forwarding. &ort >@A5 haserroneously been con8gured with the &ort>ast feature. Therefore# when a secondconnection from switch %5 is connected to >@A5 on %# the port automaticallytransitions to forwarding mode and creates a loop.

/ventually# one of the switches will forward a =&01 and one of these switches willtransition a port into blocking mode.

However# there is a problem with this kind of transient loop. If the looped tra!c is veryintensive# the switch can have trouble successfully transmitting the =&01 that stopsthe loop. This problem can delay the convergence considerably or in some etremecases can actually bring down the network.

/ven with a &ort>ast con8guration# the port or interface still participates in %T&. If aswitch with a lower bridge priority than that of the current active root bridge attaches

;,

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.shtml






to a &ort>ast-con8gured port or interface# it can be elected as the root bridge. Thischange of root bridge can adversely a<ect the active %T& topology and can render thenetwork suboptimal. To prevent this situation# most Catalyst switches that run CiscoI4% software have a feature called =&01 guard. =&01 guard disables a &ort>ast-con8gured port or interface if the port or interface receives a =&01.

>or more information on using &ort>ast on switches that run Cisco I4% software# referto the document S1sing &ort>ast and 4ther Commands to >i 9orkstation %tartupConnectivity 0elays#S available at6http6AAwww.cisco.comAenA1%AproductsAhwAswitchesAps@@AproductsFtechFnote@EDBa@@D@@b,@@.shtml.

>or more information on using the =&01 guard feature on switches that run Cisco I4%software# visit6http6AAwww.cisco.comAenA1%AtechAtk;DEAtkB5AtechnologiesFtechFnote@EDBa@@D@@E7D5f.shtml.

%T.7

+etwork 0iameter Issues

*nother issue that is not well known relates to the diameter of the switched network. The conservative default values for the %T& timers impose a maimum networkdiameter of seven. In the 8gure this design creates a network diameter of eight. Themaimum network diameter restricts how far away swtiches in the network can befrom each other. In this case# two distinct switches cannot be more than seven hopsaway. &art of this restriction comes from the age 8eld that =&01s carry.

9hen a =&01 propagates from the root bridge toward the leaves of the tree# the age8eld increments each time the =&01 goes though a switch. /ventually# the switch

discards the =&01 when the age 8eld goes beyond maimum age. If the root is too faraway from some switches of the network# =&01s will be dropped. This issue a<ectsconvergence of the spanning tree.

Take special care if you plan to change %T& timers from the default value. There isdanger if you try to get faster convergence in this way. *n %T& timer change has animpact on the diameter of the network and the stability of the %T&. 2ou can change theswitch priority to select the root bridge# and change the port cost or priority parameterto control redundancy and load balancing.

%T., G *CTI(IT2





5lekcija-poglavlje3

Documents