It prevents a network
from frame looping by putting some interfaces in forwarding state & some
interfaces in blocking state.
Whenever two or more
switches are connected with each other for redundancy purpose loop can occur.
STP Protocol is used to prevent the loop. STP is layer 2 Protocol & by
default it is enabled on switches.
 |
| STP Loop Problem |
- STP – IEEE 802.1D (Open Standard).
- RSTP – 802.1W (IEEE)
- MST – IEEE 802.1S (Multiple Spanning Tree)
- PVST – Cisco Proprietary (Per Vlan Spanning Tree)
- PVST+ - Cisco Proprietary
- RPVST – Cisco Proprietary
CST (Common Spanning
Tree)- All Vlan will participate in the single instance number.
IST (Inter Spanning Tree)- For different-different Vlans different-different instances
number.
If we don’t use STP,
these problems will occur on the network
(i) Broadcast Storms
(ii) High Processor
Utilization
(iii) Mac Table
instability
(iv) Multiple Frame
Transmission
STP Tasks
1. Elect Root Bridge
2. Elect Designated Port
3. Elect Root Port
Root Bridge- A switch which has best bridge ID (Lower Best).
Bridge ID is a
combination of Switch priority and its MAC addresses. It is 8 bytes ID. It
contains 2 bytes priority Plus 6 bytes MAC.
 |
| Root Bridge |
Switches by default Priority is 32768.
We can change the priority between 0 to 65535
MAC- Each Switch has a supervisor engine. Supervisor engine has a MAC pool, the pool contain 1024 MAC addresses. When a switch wants to create Bridge ID, it borrows MAC from MAC Pool.
Designated Port- They are those ports which advertise lowest cost BPDUs. DP sends BPDUs towards the Non Root Bridge.
Root Port- A port which receives lowest cost BPDUs. Shortest path to Root Bridge.
Cost- An integer value. It is used for DP & RP election.
Ethernet Standard
|
Cost
|
10 Mbps
|
100
|
100Mbps
|
19
|
1Gbps
|
4
|
10 Gbps
|
2
|
BPDU (Bridge Protocol Data Unit)
Switches sends hello to each other. This hello is called hello BPDU. (in every 2 sec)Types of BPDU
1. Configuration BPDU (Root to
Nonroot)
2. TCN BPDU (Topology
Change Notification) – Nonroot to Root
2. Version (always 0)
3. Message Type
4. Flag
5. Root Bridge ID
6. Root Cost
7. Sender Bridge ID
8. Sender Port Priority
9. Max-Age
10. Message Age
11. Hello
12. Forward delay
TCN Contents
- Protocol ID
- Version
- Message Type
Root bridge, after every
2 sec sends configuration BPDU.
The root bridge always sends 0 cost BPDUs.
Requirements for Root Bridge
- Lower Bridge Priority,
- Lower Mac Address.
(Note: Rood Bridge Always
Generates 0 Cost BPDU.)
Requirements for DP and RP
(Note: All Ports of Root Bridge are DP.
Every non root bridge
must have at least one root port.)
Root Bridge Election
When we start the
switches then each switch consider itself as a root, and sends BPDU to its all
ports.
When a switch receives a
superior BPDU then it accepts the neighbor switch as a root, which is sending
superior BPDU.
(Note: Superior means lower priority.)
DP, RP & Blocking
port selection method
- Lower cost to Root Bridge
- Lower Sender Bridge ID
- Lower Port ID (Port Priority 128 + Port number)
STP Port States
- Disable – It means port is administratively shut down.
- Blocking – It means neither a port is sending data nor receiving data, but still it is receiving BPDU.
- Listening – It means a port is Preparing for forwarding state without learning MAC.
- Learning – It means a port is preparing for forwarding state with learning MAC.
- Forwarding – It means a port is sending or receiving Data along with BPDU.
STP Timers
- Hello – 2 sec
- Max Age – 20 sec
- Forward Delay 15 sec
- Listening 15 sec
- Learning 15 sec
Hello – It is used to
send Hello BPDU. Default time 2 sec
Max Age – This time is used to store the best BPDU when a root port goes down.
Forward Delay – It is that time which is spent by a port in listening state and learning state. (Conversion time till forwarding state.)
STP Convergence Time is 52 Sec
- Max age – 20 sec
- Listening – 15 sec
- Learning – 15 sec
- BPDU - 2 Sec
- Total - 52 Sec
PVST Convergence Time is 32 Sec
(Note: Cisco switches by
default uses PVST (Per VLAN Spanning Tree). It doesn’t use max age
Listening – 15 sec
Learning – 15 sec
BPDU - 2 sec
Total – 32 Sec
Max-age always related to
superior BPDU.
Types of Topology Changes
1. Direct Topology Change
– When a root port of a non-root bridge goes down then it will be direct topology
change for this non-root bridge.
2. In-direct Topology
Change – When a indirect link goes down that will called as in-direct link
failure.
3. In-sufficient Topology change – When a access port goes up or down then switch sends TCN BPDUs. These changes are called in-sufficient topology change.
Convergence mechanism
1. Port Fast – A feature,
that puts a port directly in forwarding state when it becomes physically
active.
(Note: Two types of Port fast
(i)Globally
(ii)Interface
Always applied on
access port.)
2. Uplink Fast – A feature it enable non root switches to put their alternate port (Blocking port) directly in forwarding state, when their root port goes down. (In case of Direct Link Failure, it will work)
- It sends multicast updates 0100-0CCd-CDCD
- It sends 150 packet per/sec
- Priority will change 32768 – 49152
- 3000 cost will add per link cost.
(Note: If you will change
the priority then uplink fast will not work.
With using uplink
fast load balancing will not possible.)
3. Backbone Fast – A feature which prevents your network from inferior BPDU. (We use this for in case of indirect link failure).
3. Backbone Fast – A feature which prevents your network from inferior BPDU. (We use this for in case of indirect link failure).
When a indirect link
failure occurs in a topology then switch will receive inferior BPDUs. Due to
max-age timer of superior BPDU Switch will not take any action on inferior
BPDUs until and unless its max-age timer expire. To reduce this timer we enable
back bone fast on all switches in the network.
(Note: Backbone fast will remove max age time. Now total convergence time will 32 sec.
Using backbone fast we
save 20 sec (Max-Age).)
4. Inferior BPDU – When
a Switch announces itself as a root in the presence of root, these BPDUs are
called inferior BPDU. When we enable back bone fast and a switch root port goes
down now this switch will not send inferior BPDUs. It will send RLQ – (Root
Link Query) to neighbor Switch.
Sw1#sh cdp neighbor
Sw4 – 21/22
Sw3 – 19/20
Sw2 – 23/24
Sw1#sh spanning-tree
0012.7ffc.cw80
Sw2#sh spanning-tree
0012.4383. E200
Sw3#sh spanning-tree
0017.9581.3a00
Sw4#sh spanning tree
0012.0106.6f00
19/20 - DP, 21 –
Root, 22/23/24 Alt Blk
Sw2#sh spanning-tree
19 – Root, 20 – Alt
Blk, 21/22/23/24 – DP
Sw3#sh spanning-tree
19/20/21/22/24 –
Blk, 23 – RP
Sw4#sh spanning-tree
All port DP
Now here we can see Sw4 is the root bridge. Now we are going to make sw1 as a root bridge.
Sw1 (config) #spanning-tree vlan 1 priority ?
0 to 61440
Sw1 (config)
#spanning-tree vlan 1 priority 0
We can use the value multiply of 4096
Sw1#sh spanning-tree
Now if we want to make sw1 as Root Bridge for all the vlans
Sw1 (config) #spanning-tree vlan 1 – 4094 priority 0
Now switch 1 is the root bridge for all the vlans.
To remove
Sw1 (config) #no spanning-tree vlan 1 – 4094 priority 0
If we want to see particular vlan 1 information
Sw1#sh spanning-tree vlan 1
Sw1#sh spanning-tree
vlan 2
Now here if we want to load balancing of root bridges
Now if we have sw1 and sw2 is a good configuration switches.
I want to make sw1 work as a root bridge 1 for vlan 1 to 5.
And Sw2 work as root-bridge 2 for vlan 6 to 10
If incase sw1 goes down then sw2 will become root-bridge for all the switches.
If sw2 goes down then sw1 become root-bridge.
Sw1 (config) #spanning-tree vlan 1 -5 root primary
Sw1 (config)
#spanning-tree vlan 6 -10 root secondary
Sw2 (config) #spanning-tree vlan 1 -5 root secondary
Sw2 (config) #spanning-tree vlan 6 -10 root primary
Sw2#sh spanning-tree
vlan 6
When we add primary keyword, then switch will decrease the priority from 32768 to 24576
Sw2#sh spanning-tree vlan 6
When we add secondary keyword, then it will make its own priority 28672 automatically
Sw2#spanning-tree vlan 1
Now if Sw1 is down, then Sw2 would become root bridge for all (1 to 10) vlans.
If Sw2 goes down then Sw1 will become root-bridge for (1 to 10) Vlans
Now if incase Sw3 will make its own priority 0 then, it would become the root bridge for all the vlans. Primary or Secondary keywords would not work.
Now here for the safe side, we can set the priority 0 for vlan 1 to 5 and for 6 to 10 we will set the priority 4096 on Sw1
On Sw2 we will set the
priority for 1 to 5 vlans 4096, and for 6 to 10 we will set 0.
Now first we remove the
previous commands. When we remove primary and secondary command, Sw4 will
become the root bridge.
Sw4#sh spanning-tree vlan 1
Sw1 (config) #spanning-tree vlan 1 – 5 priority 0
Sw1 (config) #spanning-tree vlan 6 – 10 priority 4096
Sw2 (config) #spanning-tree vlan 1 – 5 priority 4096
Sw2 (config) #spanning-tree
vlan 6 – 10 priority 0
Suppose here if we want to make int 22 as root port.
For that either we can increase the int 21s cost or we can decrease the cost of int 22.
Sw1 (config) #int fa0/21
Sw1 (config-if) #spanning-tree vlan 1 cost 20
Sw1#sh spanning-tree
vlan 1
Root port is 22.
By default 100 MB links priority is 19, we increased the cost of 21s link.
Again here we will make it default
Sw1 (config) #int fa0/21
Sw1 (config-if) #no
spanning-tree vlan 1 cost 20
We can change the port priority also
Sw4 (config) #int fa0/22
Sw4 (config-if) #spanning-tree vlan 1 port priority ?
Sw4 (config-if) #spanning-tree vlan 1 port priority 112
Sw1#debug
spanning-tree events
When an access port goes up it takes 32 sec to start forwarding data, to stop this delay we can use Port Fast.
We can enable this command globally or on a particular interface also
Sw1 (config) #int fa0/12
Sw1 (config-if)
#spanning-tree portfast
We can use range also
Sw1 (config) #int range fa0/1 – 18
Sw1
(config-if-range) #spanning-tree portfast
Globally
Sw1 (config) #spanning-tree portfast default
Now here we will enable UplinkFast. It’s a globally enabled command.
Sw1 (config) #spanning-tree UplinkFast
BackboneFast
Sw3 (config) #int fa0/19
Sw3 (config-if)
#shut
Now we can see on Sw2 after 20 sec wait & then listening and learning state.
Sw3 (config) #int fa0/19
Sw3 (config-if) #no shut
Sw3 (config) #spanning-tree backbonefast
Sw2 (config) #spanning-tree backbonefast
Sw1 (config) #spanning-tree backbonefast
Sw3 (config) #int fa0/19
Sw3 (config-if) #shut
Sw3 (config-if) #no
shut
Now again we can see all the events on sw2 switch
To change the Hello Timer
Sw1 (config) #spanning-tree vlan 1 hello-time ?
Between 1 to 10
To change forward Timer
Sw1 (config) #spanning-tree vlan 1 forward-time ?
Between 4 to 30 (int STP
per vlan)
To change Max-age Timer
Sw1 (config) #spanning-tree vlan 1 max-age ?
Between 6 to 40
Sw1#sh spanning-tree
vlan 1
To Stop Spanning –tree protocol
Sw1 (config) no spanning-tree vlan 1
How to check the Root bridges through command line
Sw1#sh spanning-tree
Sw1#sh cdp neighbor
Sw2#sh spanning-tree vlan 1
Sw2#sh spanning-tree
root
Now here we will make Switch 1 as a root bridge.
Sw1 (config) #spanning-tree vlan 1 root priority?
If we provide 1 here then we will see some warning.
Bridge priority must be in increments of 4096.
Now we check the by default priority
Sw1#sh spanning-tree vlan 1
Sw2#sh spanning-tree int fa0/24 detail
Here we will see Path cost 0
Sw2#sh spanning-tree int fa0/19 detail
Path cost 19
128.19
128 is priority & 19 is port cost
Sw2#sh spanning-tree int fa0/19 detail
For Vlan 1 it is designated forwarding.
Sw3#sh spanning-tree int fa0/19 detail
Now here we want, if the primary root will down then secondary root will comes up.
On Switch 2
Sw2 (config) #spanning-tree vlan 1 root secondary
Sw2#sh run |be spann
Now here if we connect
one more link on 23 port, then by default 23 would be the root port but if we
decrease the priority of 24 then it would become root port.
Sw2 (config) #int fa0/24
Sw2 (config-if) #spanning-tree vlan 1 cost 140
Sw2#sh spanning-tree vlan 1
Sw2#sh spanning-tree
int fa0/23 detail
Now we will change the port priority
SW1 (config) # int f0/24
Sw1 (config-if) #
spanning-tree vlan 1 port priority 120
We will get some warning message here
Port Priority in
increments of 16 is required
Sw1 (config-if) #spanning-tree vlan 1 port priority 112
Sw2#sh spanning-tree int fa0/23 detail
Sw2#sh spanning-tree
int fa0/24 detail
Here we can see port id is 112.
To create a root port Manually
Manually change the cost.
Switch (config) #int fa0/22
Switch (config-if) #spanning-tree cost 10
Switch#sh
spanning-tree
We can see 22 is now root port. Because previously its cost was 19, when we decrease the cost then it would become root port.
Another criteria is Port Priority
We will change the sender’s port priority
Switch1 (config) #int fa0/22
Switch1 (config-if)
#spanning tree port priority 16
Switch4 #sh spanning-tree
Here we can see 22 is root port
To remove above command
Switch1 (config-if) #no spanning tree port priority 16
To change the Hello Timer
Sw1 (config) #spanning-tree vlan 1 hello time?
We can select from 1 to 10 sec
To change Max-age
Sw1 (config) #spanning-tree vlan 1 max-age?
We can select here between 6 to 40 sec
To change the forward delay timer
Sw1 (config) #spanning-tree vlan 1 forward-time?
Between 4 to 30 sec
By default cisco switches runs PVST. Per Vlan Spanning Tree Protocol
Switch#sh vlan brief
By default we can see only one Vlan. This is Vlan 1
Switch#sh spanning tree
One vlan, one instance
Single instance for single Vlan
Switch (config) #vlan 1 – 10
Switch #sh
spanning-tree
We can see here now 10 vlan instances
Switch#debug spanning-tree events
If we are using STP & connection is lost then we will get the connection after 52 sec. If we use PVST then we will get the connection after 32 sec.
Switch4 (config) #int fa0/21
Switch4 (config-if) #shut down
Switch4#debug
spanning-tree events
We can see here the listening and learning time
Switch4 (config) #int fa0/21
Switch4 (config-if)
#no shut down
Now we will implement uplink fast
SW4 #sh spanning-tree
Before enabling the uplink fast , Priority is 32768
Sw4 (config) #spanning-tree UplinkFast max-update-rate?
0 to 32000
By default are 150
packets per sec.
We can increase it also.
Command
for enabling uplink fast is
Sw4 (config) #spanning-tree UplinkFast
Sw4#sh spanning-tree
After enabling the uplink
fast we can see here the priority will change.
Previously it was 32768,
now it is 49152
And 3000 will added on
each links cost.
Uplink Fast is applied
for all the Vlans.
Uplink Fast is a feature
which enables non root switch to put there alternate port directly in
forwarding state when there root port goes down.
Before enabling Uplink
fast we were getting delay of 32 sec.
If uplink fast is working
then port will up instantly.
Backbone
Fast
Switch (config) #spanning-tree BackboneFast
Switch#sh spanning-tree BackboneFast
BackboneFast is enabled
Port
Fast
Switch# int fa0/ 22
Switch (config-if) #shut
Switch (config-if) # no shut
Switch (config-if)
#do sh spanning-tree
Here we will see first
listening and then learning state
15 sec for listening and
15 sec for learning then it will come in forwarding state. On access port there
is no need to listening and learning. We can enable portfast globally or
locally.
Switch# int fa0/ 1
Switch (config-if) #spanning-tree portfast
Switch (config-if) #do sh spanning-tree
Switch (config-if) #shutdown
Switch (config-if) #no shut
Switch (config-if)
#do sh spanning-tree
Now here we will see port
is direct in forwarding state, no listening no learning.
Port fast is applied on
Access port.
Uplink fast is applied on
Non root switches.
Backbone fast is applied
on all the switches.
If we will change the
default priority then uplink fast will not work.
R1 (config) #int fa0/0
R1 (config-if) #no
shut
Sw1#sh int trunk
Sw2#sh cdp neighbor
Sw1 (config) #int fa0/1
Sw1 (config-if) #shut
Sw1 (config-if) #no shut
Sw1#sh spanning-tree vlan 1
Sw1 (config)
#spanning-tree portfast default
Globally
enabled
Sw1 (config) #int fa0/1
Sw1 (config-if) #shut
Sw1 (config-if) #no shut
Sw1#sh spanning-tree
vlan 1
If
we use inter vlan routing then we will enable portfast on trunk link
Sw1 (config) #int fa0/1
Sw1 (config-if)
#spanning-tree portfast trunk
To
enable BPDU Guard
Sw1 (config)
#spanning-tree portfast BPDU guard
If
we want to enable BPDU Guard per interface
Sw1 (config) #int fa0/1
Sw1 (config-if) #spanning-tree BPDU enable
Sw1#sh spanning-tree
summary
R1 (config) #bridge 1 protocol IEEE
R1 (config) #int fa0/0
R1 (config-if)
#bridge-group 1
Sw1#sh int status
Sw1 (config) #int fa0/1
Sw1 (config-if) #shut
Sw1 (config-if) #no
shut
Error
disables recovery for BPDU Guard
Sw1 (config) #errdisable recovery cause bpduguard
Sw1 (config) #errdisable
recovery interval?
R1 (config) #int fa0/0
R1 (config-if) #no bridge-group 1
R1 (config-if) #no
bridge 1 protocol IEEE
Sw1#sh int status
Sw1 (config) #no spanning-tree portfast bpdu guard default
Sw1 (config) #int fa0/1
Sw1 (config-if) #spanning-tree BPDU guard disable
Sw1 (config-if) #spanning-tree portfast default
Sw1#sh spanning-tree int fa0/1 portfast
Sw1 (config)
#spanning-tree portfast BPDU filter default
To
run on interfaces
Sw1 (config) #int fa0/1
Sw1 (config-if) #spanning-tree BPDU filter enable
Sw1#sh spanning-tree summary
Sw1#sh spanning-tree
int fa0/1 detail
R1 (config) #bridge 1 protocol IEEE
R1 (config) #int fa0/0
R1 (config-if)
#bridge-group 1
Sw1#sh int status
Sw1#sh spanning-tree int fa0/1 detail
Sw1 (config) #int fa0/0
Sw1 (config-if) #spanning-tree bpdu filter enable
Sw1 (config-if) #shut
Sw1 (config-if) #no
shut
Sw2 (config)
#spanning-tree uplinkfast
This
command will use Globally
Sw1 (config) #spanning-tree backbone fast
Sw2 (config) #spanning-tree backbone fast
Sw3 (config) #spanning-tree backbone fast
Sw2 (config) #spanning-tree vlan 1 max-age ?
Sw2 (config)
#spanning-tree vlan 1 forward time
STP
Show Commands
Switch#sh spanning-tree
Switch#show spanning-tree blockedports
Switch#show spanning-tree inconsistentports----
@NetwaxLab
No comments:
Post a Comment