Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Applied Cisco Networking(CCNP BCMSN)CO32061Unit 3STP

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Transparent bridge

MAC1 MAC2 MAC3 MAC4

Bridging tableP1: MAC1P1: MAC2P2: MAC3P2: MAC4

P1 P2

Transparent bridge. Learns the MAC addresses on other side of the bridge, and forwards data frames that are destined for other networks.

Standardised: IEEE 802.1DAvoids loops, Learns stations, Filters on MAC addresses

Src: MAC1 Dest: MAC4

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

CAM

MAC1 MAC2 MAC3 MAC4

CAM P1: MAC1, MAC2P2: MAC3, MAC4

P1 P2

Content Addressable Memory (CAM). These days bridges are hardly ever used, and switches are used instead. The CAM contains a table of MAC addresses for each port, and forwards as required.

Src: MAC1 Dest: MAC4

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Showing CAM table

MAC1 MAC2 MAC3 MAC4

CAM P1: MAC1, MAC2P2: MAC3, MAC4

P1 P2

To show the CAM table:

Swi tch# sh mac address- tabl e dynami c Mac Address Tabl e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Vl an Mac Address Type Ports- - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 000d. 298e. a19a DYNAMI C Gi 0/ 2 1 0011. 5c5e. ac41 DYNAMI C Fa0/ 3 1 0011. 5c5e. ac42 DYNAMI C Fa0/ 4 10 000d. 298e. a19a DYNAMI C Gi 0/ 2 20 000d. 298e. a19a DYNAMI C Gi 0/ 2

Src: MAC1 Dest: MAC4

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Learning and ageing

MAC1 MAC3 MAC4

CAM P1: MAC1, MAC2P2: MAC3, MAC4

P1 P2

The MAC2 address is learnt, but after some time will be aged out of the CAM table

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Loops

MAC3 MAC4MAC3 MAC4

Redundant/parallel links have been added, to increase robustness

Loops. In this case two redundant/parallel loops have been added. Transparent switches cannot cope with multiple routes to a destination.

Requirement for STP (Spanning-tree protocol) – removes loops

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP and BPDUs

MAC3 MAC4MAC3 MAC4

Spanning tree provides:

· Detection/elimination of loops.· Detect faults, and find alternative routes.· Fine-tuning of the network performance.

Bridge Protocol Data Units (BPDUs) are sent out as a multicast packet. These advertise the changes to the topology.

BPDUs sent out which a new switch, new route, new port cost, and so on.

On an update, ports can be placed either into a forward or blocking mode, in order to stop two paths to a destination.

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP – key terms

Bridge Identifiers. This is a unique bridge ID. Contains: Bridge priority and one of its MAC addresses

Port priority. If two ports to a destination are the same accumulated port costs, the port with the highest priority wins!

Port cost. Each port has a cost:10Mbps – 100100Mbps – 191Gbps – 410Gbps – 2

To determine forwarding ports, the lowest accumulated port cost to the root switch wins!

Bridge Protocol Data Units (IEEE 802.1D)

Protocol ID (2 bytes)

Version (1 byte)

Message Type (1 byte)

Flags (1 byte)

Root identifier (8 bytes)

Root cost path (4 bytes)

Bridge ID (8 bytes)

Port ID (2 bytes)

Message age (2 bytes)

Max. age (2 bytes)

Hello Time (2 bytes)

Forward delay (2 bytes)

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Root switch election

Root switch electionThe starting of the STP is a root switch election. All the paths will then be measured related to the root switch.

· Lowest identifier wins the election.· If all the switches have the same priority,

the lowest MAC address wins.

Priority (2 bytes) MAC address (6 bytes)Switch ID

Root switch

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Root switch election

Priority (2 bytes) MAC address (6 bytes)Switch ID

Root switch

> enable# config t

(config)# spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions loopguard Spanning tree loopguard options mode Spanning tree operating mode mst Multiple spanning tree configuration pathcost Spanning tree pathcost options portfast Spanning tree portfast options uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree

(config)# spanning-tree vlan ? WORD vlan range, example: 1,3-5,7,9-11

(config)# spanning-tree vlan 1 ? forward-time Set the forward delay for the spanning tree hello-time Set the hello interval for the spanning tree max-age Set the max age interval for the spanning tree priority Set the bridge priority for the spanning tree root Configure switch as root <cr>

(config)# spanning-tree vlan 1 priority 10

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP – Port costs

Priority (2 bytes) MAC address (6 bytes)Switch ID

Root switch

(config)# spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions loopguard Spanning tree loopguard options mode Spanning tree operating mode pathcost Spanning tree pathcost options portfast Spanning tree portfast options uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree(config)# spanning-tree vlan ? WORD vlan range, example: 1,3-5,7,9-11(config)# spanning-tree vlan 2 forward-time Set the forward delay for the spanning tree hello-time Set the hello interval for the spanning tree max-age Set the max age interval for the spanning tree priority Set the bridge priority for the spanning tree root Configure switch as root <cr>(config)# spanning-tree vlan 2 root ? primary Configure this switch as primary root for this spanning tree secondary Configure switch as secondary root

(config)# spanning-tree vlan 2 root primary(config)# int fa0/1(config-if)# spanning-tree cost ? <1-200000000> port path cost(config-if)# spanning-tree cost 32(config)# int fa0/2(config-if)# spanning-tree cost 31

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP – Root port selection

After the root switch election, there is a root port section on each switch.

· It is the lowest accumulated path cost to the root switch.

· On a tie, choose the neighbouring switch with the lowest bridge ID.

· If a tie for the ID, select port with the lowest priority.

· If a tie, select the lowest port number.

Root port on each switch will be the

one used to connect to

the root switch

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

Convergence times

Blocking. Only listens to BPDUs. It does not forward any data frames.20 seconds.

Disabled. This is typically caused by a broken connection or the administrator has disabled it.

After the root switch has been selected, and the root ports. The ports can be in the following state.

Time to converge: 30-50 seconds.

Listening. Detects paths to the root. It does not forward any data frames.15 seconds.

Learning. The port learns from the source MAC addresses and puts into the CAM table. It does not forward any data frames.15 seconds.

Forwarding. Normal mode. Learns and forwards data frames.

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements

• Portfast. Excludes ports which are not connected to bridges or switches. Reduces the STP data size. Ports do not go through blocking, listening, learning and forwarding phases, but go straight to forwarding. If DHCP is required on a machine, Portfast is needed, as there will be a 30-50 delay as the port goes through the main phases.

(config)# int fa0/1(config-if)# spanning-tree portfast

# sh running

spanning-tree mode pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-id!!interface FastEthernet0/1 no ip address spanning-tree portfast

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements

• Portfast. Excludes ports which are not connected to bridges or switches. Reduces the STP data size. Ports do not go through blocking, listening, learning and forwarding phases, but go straight to forwarding. If DHCP is required on a machine, Portfast is needed, as there will be a 30-50 delay as the port goes through the main phases.

# show spanning-tree summarySwitch is in pvst modeRoot bridge for: noneEtherChannel misconfiguration guard is enabledExtended system ID is enabledPortfast is disabled by defaultPortFast BPDU Guard is disabled by defaultPortfast BPDU Filter is disabled by defaultLoopguard is disabled by defaultUplinkFast is disabledBackboneFast is disabledPathcost method used is shortName Blocking Listening Learning Forwarding STP Active---------------------- -------- --------- -------- ---------- ----------VLAN0001 4 0 0 3 7---------------------- -------- --------- -------- ---------- ----------1 vlan 4 0 0 3 7

# show spanning int fa0/2Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Altn BLK 19 128.2 P2p# sh spanning int fa0/3

Vlan Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------VLAN0001 Desg FWD 19 128.3 P2p

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements

• BPDU Guard. Shuts down the port when it receives a BPDU, and goes into an error disable state.

Switch(config-if)# spanning ? bpdufilter Don't send or receive BPDUs on this interface bpduguard Don't accept BPDUs on this interface cost Change an interface's spanning tree port path cost guard Change an interface's spanning tree guard mode link-type Specify a link type for spanning tree protocol use mst Multiple spanning tree port-priority Change an interface's spanning tree port priority portfast Enable an interface to move directly to forwarding on link up stack-port Enable stack port vlan VLAN Switch Spanning Tree

Switch(config-if)# spanning bpduguard ? disable Disable BPDU guard for this interface enable Enable BPDU guard for this interface

Switch(config-if)#spanning bpduguard enable

Switch(config-if)#00:17:16: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port.

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements

• BPDU Filter. Filters BPDU packets on a port of a switch. If it receives more than 10 BPDU packets is disables PortFast, and returns to normal.

Switch(config)#int fa0/1Switch(config-if)#spanning ? bpdufilter Don't send or receive BPDUs on this interface bpduguard Don't accept BPDUs on this interface cost Change an interface's spanning tree port path cost guard Change an interface's spanning tree guard mode link-type Specify a link type for spanning tree protocol use mst Multiple spanning tree port-priority Change an interface's spanning tree port priority portfast Enable an interface to move directly to forwarding on link up stack-port Enable stack port vlan VLAN Switch Spanning Tree

Switch(config-if)#spanning portfast ? disable Disable portfast for this interface trunk Enable portfast on the interface even in trunk mode <cr>

Switch(config-if)#spanning bpduf ? disable Disable BPDU filtering for this interface enable Enable BPDU filtering for this interface

Switch(config-if)#spanning bpduf enable

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements - Uplinks

• Uplink. Uses a redundant link connection to reduce the convergence time to less than 4 seconds. Required:– Uplink enabled.– One port in a blocking state (on alternative

path).– Failure is on the current switch.

Switch(config)# sp ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions logging Enable Spanning tree logging loopguard Spanning tree loopguard options mode Spanning tree operating mode mst Multiple spanning tree configuration pathcost Spanning tree pathcost options portfast Spanning tree portfast options transmit STP transmit parameters uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements - RSTP

• Rapid STP (RSTP). 802.1W allows rapid convergence. Standard on many devices. PVST+ used on ISL or 802.1Q links to allow RSTP to work correctly – defined as RPVST+ (enabled by default).

• RSTP can converge the spanning-tree instance in less than a second, as apposed to almost 50 seconds for standard 802.1D spanning tree). This type of setup is important in real-time applications such as voice and video traffic.

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements - MST

• Multiple Spanning Tree (MST). MSTP (Multiple STP – IEEE 802.1S) are used to provide rapid convergence of the spanning-tree protocol. MSTP is used to group VLANs into a single spanning-tree instance. It allows multiple instances of STP, and reduce overhead time for PVST. Advantages: Load balancing and redundant connections. Disadvantages: more complex that standard, and more skill required. MST defines regions, and each switch has the same region name, the same revision number and the same VLAN table content.

(config)# spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions loopguard Spanning tree loopguard options mode Spanning tree operating mode mst Multiple spanning tree configuration pathcost Spanning tree pathcost options portfast Spanning tree portfast options uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree(config)# spanning-tree mst ? WORD MST instance range, example: 0-3,5,7-9 configuration Enter MST configuration submode forward-time Set the forward delay for the spanning tree hello-time Set the hello interval for the spanning tree max-age Set the max age interval for the spanning tree max-hops Set the max hops value for the spanning tree(config)# spanning-tree mst configuration

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements - MST

• Multiple Spanning Tree (MST). Allows multiple instances of STP, and reduce overhead time for PVST. Advantages: Load balancing and redundant connections. Disadvantages: more complex that standard, and more skill required.

• MST defines regions, and each switch has the same region name, the same revision number and the same VLAN table content.

(config)# spanning-tree mst configuration(config-mst)# ? abort Exit region configuration mode, aborting changes exit Exit region configuration mode, applying changes instance Map vlans to an MST instance name Set configuration name no Negate a command or set its defaults private-vlan Set private-vlan synchronization revision Set configuration revision number show Display region configurations(config-mst)# instance ? <0-15> MST instance id(config-mst)# instance 1 ? vlan Range of vlans to add to the instance mapping(config-mst)# instance 1 vlan ? LINE vlan range ex: 1-65, 72, 300 -200(config-mst)# instance 1 vlan 1(config-mst)# name ? WORD Configuration name(config-mst)# name fred(config-mst)# revision ? <0-65535> Configuration revision number(config-mst)# revision 1(config-mst)# exit(config)# spanning-tree mode ? mst Multiple spanning tree mode pvst Per-Vlan spanning tree mode rapid-pvst Per-Vlan rapid spanning tree mode(config)# spanning-tree mode mst

Au

tho

r: B

ill B

ucha

nan

Au

tho

r: B

ill B

ucha

nan

STP Enhancements - Etherchannels

• Etherchannels allow ports to aggregated to be treated as a single channel. They use LACP (Link Aggregation Control Protocol - IEEE 802.3ad). The LACP packets use EtherChannels to intercommunicate, where the neighours and and port group capabilities are learnt and compared with local switch capabilities. In LACP there are roles assigned to the EtherChannel endpoints. Thus the switch with the lowest system priority is then elected to make decisions about what ports are actively participating in the EtherChannel.

(config)# lacp ? system-priority LACP priority for the system(config)# lacp system-priority ? <1-65535> Priority value(config)# lacp system-priority 2(config)# interface fa0/1(config-if)# channel-protocol ? lacp Prepare interface for LACP protocol pagp Prepare interface for PAgP protocol(config-if)# channel-protocol lacp(config-if)# channel-group ? <1-6> Channel group number(config-if)# channel-group 1 ? mode Etherchannel Mode of the interface(config-if)# channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected(config-if)# channel-group 1 mode active(config-if)# lacp ? port-priority LACP priority on this interface(config-if)# lacp port-priority ? <1-65535> Priority value(config-if)# lacp port-priority 1