Tag Archives: 2.1f

2.1.f Implement and troubleshoot spanning-tree

2.1.f [ii] Switch priority, port priority, path cost, STP timers

there are four ways to identify the root switch:

dls1#sh spann

VLAN0001
Spanning tree enabled protocol ieee
Root ID    Priority    32769
Address     0016.479e.4500
This bridge is the root 
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
Address     0016.479e.4500
Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa0/1               Desg FWD 19        128.3    P2p
Fa0/7               Desg FWD 19        128.9    P2p
Fa0/8               Desg FWD 19        128.10   P2p
Fa0/9               Desg FWD 19        128.11   P2p
Fa0/10              Desg FWD 19        128.12   P2p
Fa0/11              Desg FWD 19        128.13   P2p
Fa0/12              Desg FWD 19        128.14   P2p
1.  the first entry lists the mac of the root. the second entry lists the mac of the local switch. if they are the same… bingo

2. this bridge is the root (patently obvious)

3. there is no root port on a root switch; also no alt or blk, hence all roles are designated.

4. the status line reads all fwd

here is a command i should use more often; nice and simple:

dls1 sh span root

dls2 sh span root

note root cost on root port is 0. note root cost on dls2. note timers. no root port on dls1 (naturally) but root port on dls2 is identified.

2.1.f Implement and troubleshoot spanning-tree

2.1.f [iv] loopguard, rootguard

The STP loop guard feature provides additional protection against Layer 2 forwarding loops (STP loops). An STP loop is created when an STP blocking port in a redundant topology erroneously transitions to the forwarding state. This usually happens because one of the ports of a physically redundant topology (not necessarily the STP blocking port) no longer receives STP BPDUs. In its operation, STP relies on continuous reception or transmission of BPDUs based on the port role. The designated port transmits BPDUs, and the non-designated port receives BPDUs.

When one of the ports in a physically redundant topology no longer receives BPDUs , the STP conceives that the topology is loop free. Eventually, the blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop. The loop guard feature makes additional checks. If BPDUs are not  received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / discarding / learning / forwarding states. Without the loop guard feature, the port assumes the designated port role. The port moves to the STP forwarding state and creates a loop.

The root guard is mutually exclusive with the loop guard. The root guard is enabled on designated ports by default, and it does not allow the port to become non -designated. The loop guard works on non-designated ports and does not allow the port to become designated through the expiration of max_age. The root guard cannot be enabled on the same port as the loop guard. When the loop guard is configured on the port, it disables the root guard configured on the same port.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 1828-1834).  . Kindle Edition.

http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10596-84.html

The root guard is mutually exclusive with the loop guard. The root guard is used on designated ports, and it does not allow the port to become non-designated. The loop guard works on non-designated ports and does not allow the port to become designated through the expiration of max_age. The root guard cannot be enabled on the same port as the loop guard. When the loop guard is configured on the port, it disables the root guard configured on the same port.

 

http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html#ios

 

2.1.f Implement and troubleshoot spanning-tree

2.1.f [iii] port fast, BPDUguard, BPDUfilter

If you connect an end-host with a single NIC card or an IP phone to a switch port, the connection cannot create a physical loop. These connections are considered leaf nodes. There is no reason to make the workstation wait 30 seconds (15 seconds listening and 15 seconds learning) while the switch checks for loops if the workstation cannot cause a loop. Cisco added the PortFast or fast-start feature. With this feature, the STP for this port assumes that the port is not part of a loop and immediately moves to the forwarding state and does not go through the blocking, listening, discarding, or learning states . You should never use the PortFast feature on switch ports (e.g. root or designated) that connect to other switches, hubs, or routers.

The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have STP PortFast enabled are not able to influence the STP topology. At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console. This message is an example:

%SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port.

Disabling 2/ 1

%PAGP-5-PORTFROMSTP:Port 2/ 1 left bridge port 2/ 1

BPDU filtering allows you to avoid transmitting BPDU on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree immediately places ports in the forwarding state, instead of cycling through the listening, learning, and forwarding states. By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch effectively disabling STP for those ports.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 1818-1819).  . Kindle Edition.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750e_3560e/software/release/12-2_55_se/configuration/guide/3750escg/swstpopt.html

2.1.f Implement and troubleshoot spanning-tree

2.1.f [ii] Switch priority, port priority, path cost, STP timers

All Bridges (Switches) are assigned a numerical value called bridge priority. The Bridge (Switch) priority value is used to find the Bridge (Switch) ID.

The Switch ID is made from two values:

The Switch Priority, which is a numerical value defined by IEEE 802.1D, which is equal to 32,768 by default.

The MAC Address of the Switch. If all the Switches in your Local Area Network (LAN) are configured with the default Switch Priority (32,768), the Switch MAC address will become the decisive factor in electing the Root Bridge (Switch). The Bridge (Switch) with the lowest MAC Address is then elected as Root Bridge (Switch).

If you want one particular switch to be the Root Bridge (Switch), change the priority to a lower value than 32,768.

If you want to affect how to the local switch elects the root port change the cost on the links. Cost is cumulative throughout the STP domain. The higher cost is the less preferred. If you want to affect how downstream switch elects its root port change the priority. This is only local significance between the two directly connected switches. Highest priority is less preferred. Going away from the root of the tree use priority whereas, when going towards the root of the tree use cost.

There are several STP timers, as this list shows:

● hello—The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.

● forward delay—The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.

● max age—The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec. Among all these parameters, the only ones which you can tune are:

● hello

● max age

● forward delay

● diameter

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 1794-1800).  . Kindle Edition.

http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/19120-122.html