spanning tree enhancements

8/13/2019 Spanning Tree Enhancements

1/20

Michel TANNOURYInstructor


2/20

Outline Introduction

BPDU guard

Root guard BPDU filter

Loop guard


3/20

Quick review of STP


4/20

STP enhancements STP is designed to never create a loop.

Based on assumptions, that sometimes might not be

valid. BPDU guard, Root guard, BPDU filter, and loop guard:

Filter sent/received BPDU

Control network reactions when unexpected topology

changes occur


5/20

STP enhancements Supported by:

PVST+

MST PVRST+


6/20

BPDU guard Shuts down a Portfast enabled interface when a BPDU

is received.


7/20


8/20

Root guard Forces an interface to become designated in order to

prevent a switch from becoming a root switch.


9/20

Root guard


10/20

Root guard


11/20

Root guardWith root guard enabled:


12/20

Root guard Packet tracer demo


13/20

BPDU filter Prevents switches from sending BPDU on Portfast-

enabled interfaces.

Can be enabled: Globally

Per interface basis


14/20

BPDU filter enabled on an interface S: Show spanning-tree int fa0/0 detail

BPDU: sent x, received 0

R: conf terminalR(config)# bridge 1 protocol ieee

Exit

R(config)# int fa0/0

R(config-if)# bridge-group 1

// the router is now participating in bridging and sending BPDU to

The switch

On the switch now:

S# show spanning-tree int fa0/0 detailBPDU: sent x, received y

Now enable bpdu filter:

S(config)#Int fa0/1

S(config-if)#Spanning-tree bpdufilter enable

Now issue again the command show spanning-tree int fa0/1 detail

You will see that number of received BPDUs is not increasing anymore


15/20

BPDU filter enabled globally On the switch enable BPDU filter and portfast

S(config)# spanning-tree portfast bpdufilter default

S(config)# spanning-tree portfast default

S#show spanning-tree summary

S#show spanning-tree interface fa0/1 portfast

On the router:

R(config)# bridge 1 protocol ieee

R(config)# int fa0/0

R(config-if)# bridge-group 1

On the switch:

S# show spanning-tree int fa0/1 portfast

Disabled

We can use also debug spanning-tree bpdu


16/20


17/20

Loop guard Used to prevent bridging loops

STP blocking port erroneously transitions to

forwarding state => bridging loopA blocking port stops receiving bpdu => transitions to

forwarding state => bridging loop

Loop guard feature : additional check before

transitioning a blocking port to the forwarding state(loop inconsistent state)


18/20

Loop guard demo


19/20

Loop guard demo Enable bpdu filter on fa0/2 on switch2.

Fa0/2 on switch3 wont receive bpdu anymore,

transitions to forwarding state, => loop


20/20

Loop guard demo Enable loopguard globally on the switches

Spanning-tree loopguard default

Bpdu filter enabled on Fa0/2 on Switch2

Fa0/2 on Switch3 will go to loop Inconsistent state

spanning tree enhancements

Documents