en switch v6 ch03.pptx 0

7/18/2019 En SWITCH v6 Ch03.Pptx 0

http://slidepdf.com/reader/full/en-switch-v6-ch03pptx-0 1/80

Chapter 31© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

S#I$C% v& Chapter 31

Chapter 3:

ImplementingSpanning Tree

CCNP SWITCH: Implementing IP Switching



Chapter 32© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

Chapter 3 Objectives

§ 'escri"e spanning tree protocols.

§ 'escri"e and con(ig!re )S$.

§ 'escri"e and con(ig!re *S$.

§ Con(ig!re S$ (eat!res to enhance resiliency and prevent

(or+arding loops.§ -plain recommended S$ con(ig!rations and practices.

§ $ro!"leshoot spanning tree iss!es.




Spanning TreeProtocol Basics




Spanning Tree Histor

§ S$ +as invented in 1/ "y )adia erlman at the 'igital

!ipment Corporation.

§ In 1//0, I p!"lished the (irst standard (or the protocol

as 02.1'.

§ Common Spanning $ree CS$4 56 Cisco S$8 56 )apid

S$ )S$4 or I 02.1+ 56 Cisco )S$8 56 *!ltiple

Spanning $ree *S$4 or I 02.1s 56 S$ sec!rity




STP Operation ! "#eview $rom CCN%&



Chapter 3&© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

STP Operation ' "#eview $rom CCN%&

%ll lin(s are !)) *b+s,


http://slidepdf.com/reader/full/en-switch-v6-ch03pptx-0 7/80Chapter 3

7© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

#api- SpanningTree Protocol



© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

#STP Operation . Port States

ort State 'escription

'iscarding $his state is seen in "oth a sta"le active topology and d!ring topologysynchroni9ation and changes. $he discarding state prevents the (or+ardingo( data (rames, th!s :"rea;ing< the contin!ity o( a =ayer 2 loop.

=earning $his state is seen in "oth a sta"le active topology and d!ring topologysynchroni9ation and changes. $he learning state accepts data (rames topop!late the *AC ta"le to limit (looding o( !n;no+n !nicast (rames.

>or+arding$his state is seen only in sta"le active topologies. $he (or+arding s+itchports determine the topology. >ollo+ing a topology change, or d!ringsynchroni9ation, the (or+arding o( data (rames occ!rs only a(ter a proposaland agreement process.

?perational Stat!s S$ ort State )S$ ort State ort Incl!ded in Active $opology

na"led @loc;ing 'iscarding ona"led =istening 'iscarding o

na"led =earning =earning Bes

na"led >or+arding >or+arding Bes

'isa"led 'isa"led 'iscarding o



/© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

#STP Operation . Port #oles

S$ ort )ole )S$ ort

)ole

S$ ort

State

)S$ ort

State)oot port )oot port >or+arding >or+arding

'esignated port 'esignatedport

>or+arding >or+arding

ondesignatedport

Alternate or"ac;!p port

@loc;ing 'iscarding

'isa"led 'isa"led 5 'iscarding

$ransition $ransition =istening=earning

=earning




#STP Operation . #api- Transition to/orwar-ing . 0in( Tpe

=in;$ype

'escription

oint5to5point

ort operating in (!ll5d!ple- mode. It isass!med that the port is

connected to a singles+itch device at the otherend o( the lin;.

Shared ort operating in hal(5d!ple- mode. It isass!med that the port isconnected to sharedmedia +here m!ltiples+itches might e-ist.




#STP Operation . #api- Transition to/orwar-ing . 1-ge Ports

§ An )S$ edge port is a s+itch port

that is never intended to "e

connected to another s+itch device.

It immediately transitions to the

(or+arding state +hen ena"led.

§ either edge ports nor ort>ast5

ena"led ports generate topologychanges +hen the port transitions

to disa"led or ena"led stat!s.

nli;e ort>ast, an edge port that

receives a @' immediately loses

its edge port stat!s and "ecomes anormal spanning5tree port. #hen

an edge port receives a @', it

generates a topology change

noti(ication $C4.




#STP Operation . Proposal an-%greement




#STP Operation . Topolog Change "TC&*echanism

§ ?nly non5edge ports that are moving to the (or+arding state

ca!se a topology change. A port that is moving to "loc;ing

does not ca!se the respective "ridge to generate a $C@'.




#STP Operation . Bri-ge I-enti$ier $orP2#ST

§ ?nly (o!r high5order "its o( the 1&5"it @ridge riority (ield

a((ect the priority. $here(ore, priority can "e incremented

only in steps o( 0/&, onto +hich are added the =An!m"er. >or e-ample, (or =A 11D I( the priority is le(t at

de(a!lt, the 1&5"it riority (ield +ill hold 327& 8 11 E 3277/.




#STP an- 4)',!5 STP Compatibilit

§ )S$ can operate +ith 02.1' S$. %o+ever, 02.1+Fs

(ast5convergence "ene(its are lost +hen interacting +ith

02.1' "ridges.

§ ach port maintains a varia"le that de(ines the protocol to

r!n on the corresponding segment. I( the port receives

@'s that do not correspond to its c!rrent operating mode(or t+o times the hello time, it s+itches to the other S$

mode.




5e$a6lt STP Con$ig6ration on Cisco Switch

§ S$8

§ @ridge priority 32,7& (or each =A




Spanning Tree Port/ast

§ @ypass 02.1' S$ listening and learning states "loc;ing

state (or+arding state4

§ orts connected to end stations§ revents '%C timeo!ts

§ *ay create "ridging loops i( ena"led on tr!n; port




Con$ig6ring Port/ast on %ccess Ports

§ se the spanning-tree portfast inter(ace command

to ena"le the ort>ast (eat!re.

§ S+itchG con$ig6re terminal§ nter con(ig!ration commands, one per line. nd +ith

C$=H.§ S+itchcon(ig4G inter$ace /ast1thernet 3+'7§ S+itchcon(ig5i(4G spanning8tree port$ast§ J#arningD port(ast sho!ld only "e ena"led on ports

connected to a single§ host. Connecting h!"s, concentrators, s+itches, "ridges,

etc... to this§ inter(ace +hen port(ast is ena"led, can ca!se temporary

"ridging loops.§ se +ith CA$I?



Chapter 31/© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

Con$ig6ring Port/ast 9loball

§ se the spanning-tree portfast de(a!lt glo"al

con(ig!ration mode command to ena"le the ort>ast

(eat!re on all nontr!n;ing inter(aces.

§ S+itchcon(ig4G spanning8tree port$ast -e$a6lt




Con$ig6ring Port/ast on Tr6n( Ports

§ se the spanning-tree portfast trunk inter(ace

command to ena"le the ort>ast (eat!re on a tr!n; port.

§ S+itchcon(ig4G spanning8tree port$ast tr6n(




Con$ig6ring %ccess Port *acro

§ se the switchport host macro command on an

inter(ace connecting to an end station.

§ S+itchcon(ig5i(4G switchport host

§ s+itchport mode +ill "e set to access

§ spanning5tree port(ast +ill "e ena"led

§ channel gro!p +ill "e disa"led

§ S+itchcon(ig5i(4G en-

§

S+itchG




Implementing P2#ST

1. na"le )S$8 glo"ally. )S$8 sho!ld "e con(ig!red on all

s+itches in the "roadcast domain.

2. 'esignate and con(ig!re a s+itch to "e the root "ridge.3. 'esignate and con(ig!re a s+itch to "e the secondary "ac;!p4 root

"ridge.

. ns!re load sharing on !plin;s !sing priority and cost parameters.

. eri(y the con(ig!ration.




2eri$ing P2#ST

§ $he o!tp!t "elo+ ill!strates ho+ to veri(y the )S$

con(ig!ration (or =A2 on a nonroot s+itch in a topology.

§ S+itchG sho+ spanning5tree vlan 2

§ =A0002

§ Spanning tree ena"led protocol rstp§ )oot I' riority 327&

§ Address 000".(c".dac0

§ Cost 3

§ ort 7 >astthernet0H74

§ %ello $ime 2 sec *a- Age 20 sec >or+ard 'elay

1 sec

§ @ridge I' riority 32770 priority 327& sys5id5e-t 24

§ Address 0013.(1c.e1c0




*6ltipleSpanning Tree




*ST *otivation

§ A"oveD 2 lin;s – 1000 =As – 2 *S$ instances.

§ ach s+itch maintains only t+o spanning trees, red!cing

the need (or s+itch reso!rces.§ Concept e-tenda"le to 0/& =AsD =A load "alancing.

§ *S$ converges (aster than )S$8 and is "ac;+ard

compati"le +ith 02.1' S$ and 02.1+.




*ST Instances

§ 2 distinct S$ topologies re!ire 2 *S$ instances 00 per instance here4.

§ =oad5"alancing +or;s "eca!se hal( o( the =As (ollo+ each separate

instance.

§ S+itch !tili9ation is lo+ "eca!se it only has to handle t+o instances.

§ *S$ is the "est sol!tion (or this scenario.

§ ConsiderationsD *S$ is more comple- than 02.1' and 02.1+, so it re!ires

additional training. Interaction +ith legacy "ridges can "e challenging.




*ST #egions

§ ach s+itch that r!ns *S$ in the net+or; has a single *S$ con(ig!ration that consists o(

three attri"!tesD

K An alphan!meric con(ig!ration name 32 "ytes4

K A con(ig!ration revision n!m"er 2 "ytes4

K A 0/&5element ta"le that associates each o( the potential 0/& =As s!pported on the chassis

to a given instance

§ $he port on @1 is at the "o!ndary o( )egion A, +hereas the ports on @2 and @3 are

internal to )egion @.




*ST se o$ 1;ten-e- Sstem I5

§ *S$ carries the instance n!m"er in the 125"it -tended

System I' (ield o( the @ridge I'.




*ST Con$ig6ration

§ na"le *S$ on s+itch.

Switch(config)# spanning-tree mode mst

§ nter *S$ con(ig!ration s!"mode.

Switch(config)# spanning-tree mst configuration

§

'isplay c!rrent *S$ con(ig!ration.Switch(config-mst)# show current

§ ame *S$ instance.

Switch(config-mst)# name name

§ Set the 1&5"it *S$ revision n!m"er. It is not incremented

a!tomatically +hen yo! commit a ne+ *S$ con(ig!ration.

Switch(config-mst)# revision revision_number




*ST Con$ig6ration "cont&

§ *ap =As to *S$ instance.

S+itchcon(ig5mst4G instance instance_number vlan vlan_range

§ 'isplay ne+ *S$ con(ig!ration to "e applied.

S+itchcon(ig5mst4G show pen-ing

§

Apply con(ig!ration and e-it *S$ con(ig!ration s!"mode.S+itchcon(ig5mst4G e;it

§ Assign root "ridge (or *S$ instance. $his synta- ma;es the

s+itch root primary or secondary only active i( primary

(ails4. It sets primary priority to 27& and secondary to2&72.

S+itchcon(ig4G spanning8tree mst instance_number root primary L secondary




*ST Con$ig6ration 1;ample

SwitchA(config)# spanning-tree mode mst

SwitchA(config)# spanning-tree mst configuration

SwitchA(config-mst)# name XYZ

SwitchA(config-mst)# revision 1

SwitchA(config-mst)# instance 1 vlan 11, 21, 31

SwitchA(config-mst)# instance 2 vlan 12, 22, 32

SwitchA(config)# spanning-tree mst 1 root primary

SwitchB(config)# spanning-tree mode mst

SwitchB(config)# spanning-tree mst configuration

SwitchB(config-mst)# name XYZ

SwitchB(config-mst)# revision 1

SwitchB(config-mst)# instance 1 vlan 11, 21, 31

SwitchB(config-mst)# instance 2 vlan 12, 22, 32

SwitchB(config)# spanning-tree mst 2 root primary




2eri$ing *ST Con$ig6ration 1;ample "!&

§ Switch# configure terminal

§ Enter configuration commands, one per line.

End with CN!".

§ Switch(config)# spanning-tree mode mst

§

Switch(config)# spanning-tree mstconfiguration

§ Switch(config-mst)# show current

§ Current $S configuration

§

Name %&§ 'eision

§ *nstance +lans mapped

§ --------

--------------------------------------------




2eri$ing *ST Con$ig6ration 1;ample "'&

§ Switch# show spanning-tree mst

§

###### $S lans mapped0 1-§ Bridge address .e21.32 priorit4 56732 (56732 s4sid )

§ 'oot this switch for CS and *S

§ Configured hello time 6, forward dela4 1, ma8 age 6, ma8 hops 6

§ *nterface 'ole Sts Cost /rio.N9r 4pe

§ ---------------- ---- --- --------- -------- -------

§ :a5"6 ;esg :<; 6 62.16 Shr

§ :a5"56 ;esg :<; 6 62.3 /6p

§ :a5"6 Bac= B!> 6 62.7 /6p

§ ###### $S lans mapped0 -6

§ Bridge address .e21.32 priorit4 5673 (56732 s4sid )

§ 'oot this switch for $S


§ ---------------- ---- --- --------- -------- -------

§ :a5"6 ;esg :<; 6 62.16 Shr

§ :a5"56 ;esg :<; 6 62.3 /6p

§ :a5"6 Bac= B!> 6 62.7 /6p

§ ###### $S6 lans mapped0 5-

§ Bridge address .e21.32 priorit4 5677 (56732 s4sid 6)

§ 'oot this switch for $S6




2eri$ing *ST Con$ig6ration 1;ample "3&

§ Switch# show spanning-tree mst 1

§

###### $S lans mapped0 -6§ Bridge address .e21.32 priorit4 5673 (56732 s4sid )

§ 'oot this switch for $S


§ ---------------- ---- --- ------ -------- -----------------

§ :a5"6 ;esg :<; 6 62.16 Shr

§ :a5"56 ;esg :<; 6 62.3 /6p

§ :a5"6 Bac= B!> 6 62.7 /6p




2eri$ing *ST Con$ig6ration 1;ample "<&

§ Switch# show spanning-tree mst interface ast!thernet 3"2#

§ :astEthernet5"6 of $S is designated forwarding

§ Edge port0 no (default) port guard 0 none (default)

§ !in= t4pe0 shared (auto) 9pdu filter0 disa9le (default)

§ Boundar4 0 internal 9pdu guard 0 disa9le (default)

§ Bpdus sent 2, receied 2

§ *nstance 'ole Sts Cost /rio.N9r +lans mapped

§ -------- ---- --- ------- -------- -------------------------

§ ;esg :<; 6 62.16 1-

§ ;esg :<; 6 62.16 -6

§

6 ;esg :<; 6 62.16 5-




2eri$ing *ST Con$ig6ration 1;ample "=&

§ S+itchG show spanning8tree mst ! -etail

§ GGGGGG *S$01 vlans mappedD 152

§ @ridge address 000/.e.&0 priority 327&/

327& sysid 14

§

)oot this s+itch (or *S$01§ >astthernet3H2 o( *S$01 is designated (or+arding

§ ort in(o port id 12.12 priority 12 cost 2000000

§ 'esignated root address 000/.e.&0 priority 327&/

cost 0§ 'esignated "ridge address 000/.e.&0 priority 327&/

port id 12.12

§ $imersD message e-pires in 0 sec, (or+ard delay 0, (or+ard

transitions 1




n-erstan-ing

Spanning Tree1nhancements




Spanning Tree 1nhancements

§ BP5 g6ar-D revents accidental connection o( s+itching

devices to ort>ast5ena"led ports. Connecting s+itches to

ort>ast5ena"led ports can ca!se =ayer 2 loops or topologychanges.

§ BP5 $iltering: )estricts the s+itch (rom sending

!nnecessary @'s o!t access ports.




BP5 96ar-

§ @' M!ard p!ts an inter(ace con(ig!red (or S$ ort>ast

in the err5disa"le state !pon receipt o( a @'. @'

g!ard disa"les inter(aces as a preventive step to avoid

potential "ridging loops.

§ @' g!ard sh!ts do+n ort>ast5con(ig!red inter(aces thatreceive @'s, rather than p!tting them into the S$

"loc;ing state the de(a!lt "ehavior4. In a valid

con(ig!ration, ort>ast5con(ig!red inter(aces sho!ld not

receive @'s. )eception o( a @' "y a ort>ast5

con(ig!red inter(ace signals an invalid con(ig!ration, s!ch

as connection o( an !na!thori9ed device.

§

@' g!ard provides a sec!re response to invalid




BP5 96ar- Con$ig6ration

§ $o ena"le @' g!ard glo"ally, !se the commandD

spanning-tree portfast $pduguard default

§ $o ena"le @' g!ard on a port, !se the commandD

spanning-tree $pduguard ena$le

§ @' g!ard logs messages to the consoleD6 $a4 6 105056 ?S/AN'EE-6-

'@/':AS0'eceied B/; on /ort:ast ena9le port.

;isa9ling 6"

6 $a4 6 105056 ?/AD/-1-/':'$S/0/ort 6"left 9ridge port 6"




BP5 96ar- Con$ig6ration 1;ample

§ Switch(config)# spanning-tree portfast edge $pduguard default

§ Switch(config)# end § Switch# show spanning-tree summary totals

§ 'oot 9ridge for0 none.

§ /ort:ast B/; Duard is ena9led

§ Etherchannel misconfiguration guard is ena9led

§ plin=:ast is disa9led§ Bac=9one:ast is disa9led

§ ;efault pathcost method used is short

§ Name Bloc=ing !istening !earning :orwarding S/ Actie

§ ------------ -------- --------- -------- ---------- ---------

§ 5 +!ANs 53 53




BP5 /iltering

§ @' (iltering prevents a Cisco s+itch (rom sending

@'s on ort>ast5ena"led inter(aces, preventing

!nnecessary @'s (rom "eing transmitted to host

devices.

§ @' g!ard has no e((ect on an inter(ace i( @' (iltering

is ena"led.

§ #hen ena"led glo"ally, @' (iltering has these attri"!tesD

K It a((ects all operational ort>ast ports on s+itches that do not have

@' (iltering con(ig!red on the individ!al ports.K I( @'s are seen, the port loses its ort>ast stat!s, @' (iltering is

disa"led, and S$ sends and receives @'s on the port as it +o!ld

+ith any other S$ port on the s+itch.

K pon start!p, the port transmits ten @'s. I( this port receives any

@'s d!ring that time, ort>ast and ort>ast @' (iltering are




BP5 /iltering Con$ig6ration

§ $o ena"le @' (iltering glo"ally, !se the commandD

spanning-tree portfast $pdufilter default

§ $o ena"le @' g!ard on a port, !se the commandD

spanning-tree $pdufilter ena$le




2eri$ing BP5 /iltering Con$ig6ration "!&

§ ort>ast @' (iltering stat!sD

§ S+itchG sho+ spanning5tree s!mmary

§ S+itch is in pvst mode

§ )oot "ridge (orD none

§ -tended system I' is ena"led

§ ort(ast 'e(a!lt is disa"led

§ ort>ast @' M!ard 'e(a!lt is disa"led

§ ort(ast @' >ilter 'e(a!lt is disa"led

§ =oopg!ard 'e(a!lt is disa"led

§ therChannel miscon(ig g!ard is ena"led

§ plin;>ast is disa"led

§ @ac;"one>ast is disa"led§ Con(ig!red athcost method !sed is short

§ ame @loc;ing =istening =earning >or+arding S$ Active

§ 5555555 5555 55555555 5555555 55555555 555555555

§ =A0001 2 0 0 &

§ 5555555 5555 55555555 5555555 55555555 555555555

§ 1 vlan 2 0 0 &




2eri$ing BP5 /iltering Con$ig6ration "'&

§ eri(ying ort>ast @' (iltering on a speci(ic portD

§ S+itchG show spanning8tree inter$ace $ast1thernet <+<

-etail

§ ort 1/& >astthernetH4 o( =A0010 is (or+arding

§ort path cost 1000, ort priority 1&0, ort Identi(ier

1&0.1/&.

§'esignated root has priority 327&, address

00d0.00".10a

§'esignated "ridge has priority 327&, address

00d0.00".10a

§'esignated port id is 1&0.1/&, designated path cost 0

§$imersDmessa e a e 0 (or+ard dela 0 hold 0




#oot 96ar-

§ )oot g!ard is !se(!l in avoiding =ayer 2 loops d!ring

net+or; anomalies. $he )oot g!ard (eat!re (orces aninter(ace to "ecome a designated port to prevent

s!rro!nding s+itches (rom "ecoming root "ridges.

§ )oot g!ard5ena"led ports are (orced to "e designated ports.

I( the "ridge receives s!perior S$ @'s on a )ootg!ard5ena"led port, the port moves to a root5inconsistent

S$ state, +hich is e((ectively e!ivalent to the S$

listening state, and the s+itch does not (or+ard tra((ic o!t o(

that port. As a res!lt, this (eat!re en(orces the position o(the root "ridge.




#oot 96ar- *otivation

§ S+itches A and @ comprise the core o( the net+or;. S+itch A is the root "ridge.

§ S+itch C is an access layer s+itch. #hen S+itch ' is connected to S+itch C, it

"egins to participate in S$. I( the priority o( S+itch ' is 0 or any val!e lo+er

than that o( the c!rrent root "ridge, S+itch ' "ecomes the root "ridge.

§ %aving S+itch ' as the root ca!ses the Miga"it thernet lin; connecting the t+o

core s+itches to "loc;, th!s ca!sing all the data to (lo+ via a 1005*"ps lin;

across the access layer. $his is o"vio!sly a terri"le o!tcome.




#oot 96ar-Operation

§ A(ter the root g!ard (eat!re is ena"led on a port, the s+itch

does not ena"le that port to "ecome an S$ root port.

§

Cisco s+itches log the (ollo+ing message +hen a rootg!ard–ena"led port receives a s!perior @'D

?S/AN'EE-6-'DA';B!C>0 /ort " tried to 9ecome

non-designated in +!AN 77.

$oed to root-inconsistent state.




#oot 96ar-Operation

§ $he c!rrent design recommendation is to ena"le root g!ard on all access ports so that a

root "ridge is not esta"lished thro!gh these ports.

§ In this con(ig!ration, S+itch C "loc;s the port connecting to S+itch ' +hen it receives a

s!perior @'. $he port transitions to the root5inconsistent S$ state. o tra((ic passesthro!gh the port +hile it is in root5inconsistent state.

§ #hen S+itch ' stops sending s!perior @'s, the port !n"loc;s again and goes thro!gh

reg!lar S$ transition o( listening and learning, and event!ally to the (or+arding state.

)ecovery is a!tomaticN no intervention is re!ired.




#oot 96ar- Con$ig6ration

Switch(config)# interface ast!thernet %"&

Switch(config-if)# spanning-tree guard rootSwitch(config-if)# end

Switch# show running-config interface ast!thernet %"&

Building configuration...

Current configuration0 37 94tes

interface :astEthernet1"2

switchport mode access

spanning-tree guard root

end




2eri$ing #oot 96ar- Con$ig6ration

Switch# show spanning-tree inconsistentports

Name *nterface *nconsistenc4-------------------- ---------------------- ------------------

+!AN :astEthernet5" /ort 4pe *nconsistent

+!AN :astEthernet5"6 /ort 4pe *nconsistent

+!AN6 :astEthernet5" /ort 4pe *nconsistent

+!AN6 :astEthernet5"6 /ort 4pe *nconsistent

Num9er of inconsistent ports (segments) in the s4stem 0




0oop 96ar-

§ $he =oop M!ard S$ (eat!re improves the sta"ility o( =ayer 2 net+or;s "y preventing "ridging loops.

§ In S$, s+itches rely on contin!o!s reception or transmission o( @'s, depending on the port role. A

designated port transmits @'s +hereas a nondesignated port receives @'s.

§ @ridging loops occ!r +hen a port erroneo!sly transitions to (or+arding state "eca!se it has stopped

receiving @'s.

§ orts +ith loop g!ard ena"led do an additional chec; "e(ore transitioning to (or+arding state. I( a

nondesignated port stops receiving @'s, the s+itch places the port into the S$ loop-inconsistent

"loc;ing state.

§ I( a s+itch receives a @' on a port in the loop5inconsistent S$ state, the port transitions thro!gh

S$ states according to the received @'. As a res!lt, recovery is a!tomatic, and no man!al

intervention is necessary.




0oop 96ar- *essages

§ #hen the =oop M!ard (eat!re places a port into the loop5

inconsistent "loc;ing state, the s+itch logs the (ollo+ing

messageDS/AN'EE-6-!/DA';B!C>0 No B/;s were receied on port

5"6 in lan 5.

$oed to loop-inconsistent state.

§ A(ter recovery, the s+itch logs the (ollo+ing messageD

S/AN'EE-6-!/DA';NB!C>0 port 5"6 restored in lan 5.




0oop 96ar- Operation




0oop 96ar- Con$ig6ration Consi-erations

§ Con(ig!re =oop M!ard on a per5port "asis,

altho!gh the (eat!re "loc;s inconsistent ports on aper5=A "asisN (or e-ample, on a tr!n; port, i(

@'s are not received (or only one partic!lar

=A, the s+itch "loc;s only that =A that is,

moves the port (or that =A to the loop5

inconsistent S$ state4. In the case o( an

therChannel inter(ace, the channel stat!s goes

into the inconsistent state (or all the ports

"elonging to the channel gro!p (or the partic!lar

=A not receiving @'s.

§ na"le =oop M!ard on all nondesignated ports.

=oop g!ard sho!ld "e ena"led on root and

alternate ports (or all possi"le com"inations o(

active topologies.

§ =oop M!ard is disa"led "y de(a!lt on Cisco

s+itches.




0oop 96ar- Con$ig6ration

§ se the (ollo+ing inter(ace5level con(ig!ration command to

ena"le =oop M!ardDSwitch(config-if)# spanning-tree guard loop

§ I( =oop M!ard is ena"led glo"ally, the s+itch ena"les =oop

M!ard only on ports considered to "e point5to5point lin;s

(!ll5d!ple- lin;s4.§ $he glo"al con(ig!ration can "e overridden on a per5port

"asis. $o ena"le =oop M!ard glo"ally, !se the (ollo+ing

glo"al con(ig!ration commandD

Switch(config)# spanning-tree loopguard default




2eri$ing 0oop 96ar- Con$ig6ration

§ $o veri(y =oop M!ard stat!s on an inter(ace, iss!e the

(ollo+ing DSwitch(config-if)# spanning-tree guard loop

§ I( =oop M!ard is ena"led glo"ally, the s+itch ena"les =oop

M!ard only on ports considered to "e point5to5point lin;s

(!ll5d!ple- lin;s4. $he glo"al con(ig!ration can "eoverridden on a per5port "asis. $o ena"le =oop M!ard

glo"ally, !se the (ollo+ing glo"al con(ig!ration commandD

Switch(config)# spanning-tree loopguard default




2eri$ing 0oop 96ar- Con$ig6ration

§ $o veri(y =oop M!ard stat!s on an inter(ace, iss!e the

command show spanning-tree interfaceinterface-id detail.

§ S+itchG show spanning8tree inter$ace /ast1thernet 3+<'

-etail

§ort 170 >astthernet3H24 o( =A0001 is "loc;ing

§ort path cost 1/, ort priority 12, ort Identi(ier

12.170.

§

'esignated root has priority 1/3, address000/.e.&0

§'esignated "ridge has priority 1/3, address

000/.e.&0

§

'esignated port id is 12.1&0, designated path cost 0




ni-irectional 0in( 5etection "505&

§ $he lin; "et+een S+itches @ and C "ecomes !nidirectional. S+itch @ can

receive tra((ic (rom S+itch C, "!t S+itch C cannot receive tra((ic (rom S+itch @.

§ ?n the segment "et+een S+itches @ and C, S+itch @ is the designated "ridge

sending the root @'s and S+itch C e-pects to receive the @'s.§ S+itch C +aits !ntil the ma-5age timer 20 seconds4 e-pires "e(ore it ta;es

action. #hen this timer e-pires, S+itch C moves thro!gh the listening and

learning states and then to the (or+arding state. At this moment, "oth S+itch @

and S+itch C are (or+arding to each other and there is no "loc;ing port in the

net+or;.



Chapter 3&0© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

505 *o-es

§ Normal *o-e –'=' detects !nidirectional lin;s d!e to

misconnected inter(aces on (i"er5optic connections. '='changes the '='5ena"led port to an !ndetermined state i(

it stops receiving '=' messages (rom its directly

connected neigh"or.

§ %ggressive *o-e – re(erred4 #hen a port stopsreceiving '=' pac;ets, '=' tries to reesta"lish the

connection +ith the neigh"or. A(ter eight (ailed retries, the

port state changes to the err5disa"le state. Aggressive

mode '=' detects !nidirectional lin;s d!e to one5+aytra((ic on (i"er5optic and t+isted5pair lin;s and d!e to

misconnected inter(aces on (i"er5optic lin;s.




505 Con$ig6ration

§ '=' is disa"led on all inter(aces "y de(a!lt.

§ $he udld glo"al con(ig!ration command a((ects (i"er5optic inter(aces only.K udld ena$le ena"les '=' normal mode on all (i"er inter(aces.

K udld aggressive ena"les '=' aggressive mode on all (i"er inter(aces.

§ $he udld port inter(ace con(ig!ration command can "e !sed (or t+isted5pair

and (i"er inter(aces.

K $o ena"le '=' in normal mode, !se the udld port command. $o ena"le '=' inaggressive mode, !se the udld port aggressive.

K se the no udld port command on (i"er5optic ports to ret!rn :control< o( '=' to

the udld ena$le glo"al con(ig!ration command or to disa"le '=' on non(i"er5optic

ports.

K se the udld port aggressive command on (i"er5optic ports to override the

setting o( the udld ena$le or udld aggressive glo"al con(ig!ration command.se the no (orm on (i"er5optic ports to remove this setting and to ret!rn control o(

'=' ena"ling to the udld glo"al con(ig!ration command or to disa"le '=' on

non(i"er5optic ports.




505 Con$ig6ration an- 2eri$ication

Switch(config)# interface giga$it!thernet %"1

Switch(config-if)# udld port aggressive

Switch# show udld giga$it!thernet %"1

*nterface Di1"

---/ort ena9le administratie configuration

setting0 Ena9led " in aggressie mode

/ort ena9le operational state0 Ena9led " in

aggressie modeCurrent 9idirectional state0 Bidirectional

Current operational state0 Adertisement -

Single neigh9or detected

$essage interal0 1

9




Clic; icon to add ta"le

0oop 96ar- vers6s %ggressive *o-e505

=oop M!ard Aggressive *ode '='

Con(ig!ration er port er port

Action gran!larity er =A er port

A!to5recovery Bes Bes, +ith err5disa"le timeo!t(eat!re

rotection against S$(ail!res ca!sed "y!nidirectional lin;s

Bes, +hen ena"led onall root ports andalternate ports inred!ndant topology

Bes, +hen ena"led on alllin;s in red!ndant topology

rotection against S$(ail!res ca!sed "y

pro"lem in so(t+are indesignated "ridge notsending @'s

Bes o

rotection againstmis+iring

o Bes

/l 0i (




/le; 0in(s

§ >le- =in;s is a =ayer 2 availa"ility (eat!re

that provides an alternative sol!tion to S$and allo+s !sers to t!rn o(( S$ and still

provide "asic lin; red!ndancy.

§ >le- =in;s can coe-ist +ith spanning tree on

the distri"!tion layer s+itchesN ho+ever, the

distri"!tion layer s+itches are !na+are o(

the >le- =in;s (eat!re.

§ >le- =in;s ena"les a convergence time o(

less than 0 milliseconds. In addition, this

convergence time remains consistent

regardless o( the n!m"er o( =As or *AC

addresses con(ig!red on s+itch !plin; ports.

§ >le- =in;s is "ased on de(ining an

activeHstand"y lin; pair on a common accesss+itch. >le- =in;s are a pair o( =ayer 2

inter(aces, either s+itchports or port

channels, that are con(ig!red to act as

"ac;!p to other =ayer 2 inter(aces.

/l 0i ( C $i ti C i- ti




/le; 0in(s Con$ig6ration Consi-erations

§ A >le- =in; is con(ig!red on one =ayer 2 inter(ace the

active lin;4 "y assigning another =ayer 2 inter(ace as the

>le- =in; or "ac;!p lin;. #hen one o( the lin;s is !p and

(or+arding tra((ic, the other lin; is in stand"y mode, ready to

"egin (or+arding tra((ic i( the other lin; sh!ts do+n. At anygiven time, only one o( the inter(aces is in the lin; !p state

and (or+arding tra((ic. I( the primary lin; sh!ts do+n, the

stand"y lin; starts (or+arding tra((ic. #hen the active lin;

comes "ac; !p, it goes into stand"y mode and does not(or+ard tra((ic.

§ >le- =in;s are s!pported only on =ayer 2 ports and port

channels, not on =As or on =ayer 3 ports.

/l 0i ( C $i ti - 2 i$i ti



Chapter 3&&© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

/le; 0in(s Con$ig6ration an- 2eri$ication

§ >le-=in;s are con(ig!red at the inter(ace level +ith the

command switchport $ackup interface.§ %ere +e con(ig!re an inter(ace +ith a "ac;!p inter(ace and

veri(y the con(ig!ration.

§

S+itchcon(ig4G inter$ace $astethernet!+)+!§ S+itchcon(ig5i(4G switchport bac(6p inter$ace

$astethernet!+)+'

§ S+itchcon(ig5i(4G en-

§ S+itchG show inter$ace switchport bac(6p§ S+itch @ac;!p Inter(ace airsD

§ Active Inter(ace @ac;!p Inter(ace State

§ 55555555555555555 555555555555555555 555555555555555555555

§ >astthernet1H0H1 >astthernet1H0H2 Active H@ac;!




STP Best

Practices an-Tro6bleshooting

S it hi 5 i B t P ti




Switching 5esign Best Practices

§ se =ayer 3 connectivity

at the distri"!tion and core

layers.

§ se )S$8 or *S$. 'o

not disa"le S$ at theaccess layer. Isolate

di((erent S$ domains in a

m!ltivendor environment.

§ se =oop M!ard on =ayer

2 ports "et+een

distri"!tion s+itches and

on !plin; ports (rom

P t ti l STP P bl



Chapter 3&/© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco !"lic

Potential STP Problems

§ '!ple- mismatch

§ nidirectional lin; (ail!re

§ >rame corr!ption

§ )eso!rce errors

§

ort>ast con(ig!ration error

5 l *i t h




56ple; *ismatch

§ oint5to5point lin;.

§ ?ne side o( the lin; is man!ally con(ig!red as (!ll d!ple-.

§ ?ther side is !sing the de(a!lt con(ig!ration (or a!to5negotiation.

i-i ti l 0i ( / il




ni-irectional 0in( /ail6re

§ >re!ent ca!se o( "ridge loops.

§ ndetected (ail!re on a (i"er lin; or a pro"lem +ith a

transceiver.

/ C ti




/rame Corr6ption

§ I( an inter(ace is e-periencing a high rate o( physical errors,

the res!lt may "e lost @'s, +hich may lead to aninter(ace in the "loc;ing state moving to the (or+arding

state.

§ ncommon scenario d!e to conservative de(a!lt S$

parameters.§ >rame corr!ption is generally a res!lt o( a d!ple- mismatch,

"ad ca"le, or incorrect ca"le length.

#eso6rce 1rrors




#eso6rce 1rrors

§ S$ is per(ormed "y the C so(t+are5"ased4. $his

means that i( the C o( the "ridge is over5!tili9ed (or anyreason, it might lac; the reso!rces to send o!t @'s.

§ S$ is generally not a processor5intensive application and

has priority over other processesN there(ore, a reso!rce

pro"lem is !nli;ely to arise.§ -ercise ca!tion +hen m!ltiple =As in S$8 or

)S$8 mode e-ist. Cons!lt the prod!ct doc!mentation (or

the recommended n!m"er o( =As and S$ instances on

any speci(ic s+itch to avoid e-ha!sting reso!rces.

Port/ast Con$ig6ration 1rror




Port/ast Con$ig6ration 1rror

§ S+itch A has ort p1 in the (or+arding state and ort p2 con(ig!red (or ort>ast.

'evice @ is a h!". ort p2 goes to (or+arding and creates a loop "et+een p1

and p2 as soon as the second ca"le pl!gs in to S+itch A. $he loop ceases as

soon as p1 or p2 receives a @' that transitions one o( these t+o ports into"loc;ing mode.

§ $he pro"lem +ith this type o( transient loop condition is that i( the looping tra((ic

is intensive, the "ridge might have tro!"le s!ccess(!lly sending the @' that

stops the loop. @' g!ard prevents this type o( event (rom occ!rring.

Tro6bleshooting *etho-olog




Tro6bleshooting *etho-olog

§ $ro!"leshooting S$ iss!es can "e di((ic!lt i( logical

tro!"leshooting proced!res are not deployed in advance.?ccasionally, re"ooting o( the s+itches might resolve the

pro"lem temporarily, "!t +itho!t determining the !nderlying

ca!se o( the pro"lem, the pro"lem is li;ely to ret!rn. $he

(ollo+ing steps provide a general overvie+ o( amethodology (or tro!"leshooting S$D

§ Step 1. 'evelop a plan.

§ Step 2. Isolate the ca!se and correct an S$ pro"lem.

§ Step 3. 'oc!ment (indings.

Chapter 3 S6mmar "!&




Chapter 3 S6mmar "!&

§ Spanning $ree rotocol is a (!ndamental protocol to

prevent =ayer 2 loops and at the same time providered!ndancy in the net+or;. $his chapter covered the "asic

operation and con(ig!ration o( )S$ and *S$.

nhancements no+ ena"le S$ to converge more !ic;ly

and r!n more e((iciently.K )S$ provides (aster convergence than 02.1' +hen topology

changes occ!r.

K )S$ ena"les several additional port roles to increase the overall

mechanismFs e((iciency.

K show spanning-tree is the main (amily o( commands !sed toveri(y )S$ operations.

K *S$ red!ces the enc!m"rance o( )S$8 "y allo+ing a single

instance o( spanning tree to r!n (or m!ltiple =As.

Chapter 3 S6mmar "'&




Chapter 3 S6mmar "'&

§ $he Cisco S$ enhancements provide ro"!stness and

resiliency to the protocol. $hese enhancements add

availa"ility to the m!ltilayer s+itched net+or;. $hese

enhancements not only isolate "ridging loops "!t also

prevent "ridging loops (rom occ!rring. $o protect S$

operations, several (eat!res are availa"le that control the

+ay @'s are sent and receivedD

K @' g!ard protects the operation o( S$ on ort>ast5con(ig!red

ports.K @' (iltering prevents @'s (rom "eing sent and ignores received

@'s +hile leaving the port in (or+arding state.

K )oot g!ard prevents root s+itch "eing elected via @'s received on

a root5g!ard con(ig!red port.

Chapter 3 0abs




§ 0ab 38!Spanning Tree Protocol "STP& 5e$a6lt Behavior

§ 0ab 38'*o-i$ing 5e$a6lt Spanning Tree Behavior§ 0ab 383Per820%N Spanning Tree Behavior

§ 0ab 38<*6ltiple Spanning Tree

Chapter 3 0abs

#eso6rces




#eso6rces

§ Cisco Spanning $ree rotocol Con(ig!ration M!ideD

+++.cisco.comHenHSHdocsHs+itchesHlanHcatalyst3&0Hso(t+areHreleaseH12.2O2OseHcommandHre(erenceH3&0cr.html

§ Con(ig!ring *S$ Con(ig!ration M!ideD

+++.cisco.comHenHSHdocsHs+itchesHlanHcatalyst3&0Hso(t+areHreleaseH12.2O2OseHcon(ig!rationHg!ideHs+stp.html

§ Cisco ?ptional Spanning5$ree >eat!res Con(ig!ration

M!ideD

+++.cisco.comHenHSHdocsHs+itchesHlanHcatalyst3&0Hso(t+areHreleaseH12.2O2OseHcon(ig!rationHg!ideHs+mstp.html

+++.cisco.comHenHSHdocsHs+itchesHlanHcatalyst3&0Hso(t+areHreleaseH12

.2O2OseHcon(ig!rationHg!ideHs+stpopt.html

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/command/reference/3560cr.html


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstp.html


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swmstp.html


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swstpopt.html










en switch v6 ch03.pptx 0

Documents