Professional Documents
Culture Documents
Ch 3
Topics
Describing STP
Transparent Bridges & Identifying Traffic Loops 802.1D Spanning Tree Protocol Root Bridge & Port Roles Enhancements to STP
Implementing MSTP
Explaining MSTP & MST Regions Extended System ID I Interacting Between MST R i i B Regions and 802.1D Networks MSTP Implementation Commands Configuring and Verifying MSTP
Implementing RSTP
Rapid Spanning Tree Protocol RSTP Port States & RSTP Port Roles Edge Ports & RSTP Link Types RSTP BPDU Proposal and Agreement Process RSTP Topology Change Rapid PVST+ Implementation & Commands
9/3/2011
STP was invented in 1985 by Radia Perlman at the Digital Equipment Corporation In 1990, IEEE published the first standard for the protocol as 802 1D 1990 802.1D Common Spanning Tree (CST) -> Cisco PVST+ -> Rapid STP (RSTP) or IEEE 802.1w -> Cisco PVRST+ -> Multiple Spanning Tree (MST) or IEEE 802.1s -> STP security enhancements
9/3/2011
Forwards packets with a destination multicast or broadcast MAC address out all ports except for the port that initially received the p p p y broadcast
Referred to as flooding
Forwards a frame out all ports except for the port it entered if the destination MAC address is unknown
Referred to as unknown unicast packets
9/3/2011 Ch3 Implementing STP 4
Functions of a Bridge
9/3/2011
Transparent Bridging
Switch treats each port as an individual segment Both ports belong to the same layer 2 broadcast domain Switch learns the MAC addresses
Station A on port 1/1 Station B on port 1/2
Transparent to the attached devices Allows bridges to forward different packet types Without redundant links, transparent bridging works Problems, as soon as bridged networks have redundant paths
9/3/2011 Ch3 Implementing STP 6
B will receive 2 copies of frame from A Each bridge will also receive the others copy E h bridge will Each b id ill update its table to say that A is on LAN Y
Neither bridge can forward a packet to A
Loop Behavior
If Bridges dont know where B is, each will flood i h fl d it, then receive it i i from the other and transmit it back on LAN X
This can repeat indefinitely
9/3/2011 Ch3 Implementing STP 7
3. Now there are two copies of the frame on LAN 1. Step 2 is repeated, and both copies flood the network. 4. The process continues on and on.
9/3/2011
Spanning Trees
9/3/2011
10
Reference point is the root of the spanning tree If the STA finds a redundant path
Selects a single path back to the root Blocks any other redundancy paths
Bl k d port continues to Blocked i receive bridge protocol data units (BPDU) Switch forwards through that port if a failure occurs on the current forwarding link
Ch3 Implementing STP 11
A was selected as root and the spanning tree was l t d t d th i t created from that root
9/3/2011
12
9/3/2011
13
STP Concepts
9/3/2011
Layer 2 information between adjacent switches by exchanging bridge protocol data unit (BPDU) messages Single root bridge is chosen to serve as the reference point Each switch, except for the root bridge, selects a root port th t provides the best path to the root t t that id th b t th t th t bridge On the link between the two nonroot switch ports, a port on one switch becomes a designated port, and the port on the other switch is in a blocking state and does not forward frames Typically, the designated port is on the switch with the best path to the root bridge
Ch3 Implementing STP 14
BPDUs
Two types: Configuration and Topology Change Notification Transmission of configuration BPDU is triggered by the root bridge
Or one that considers itself the root Passed by each bridge onto a LAN that it considers itself to be the designated bridge Cascades throughout the spanning tree g p g Collection is referred to as a configuration message
If a port does not receive a configuration message in its root port and times out, it will change the topology and send a topology change notification BPDU
9/3/2011 Ch3 Implementing STP 17
9/3/2011
18
9/3/2011
19
Startup
9/3/2011
20
10
By exchanging BPDUs the switches determine which switch is the root Example of the combination of the priority and bridge ID
08.00.00.00.0c.12.34.56 First 2 bytes are the priority Last 6 bytes are the MAC address of the switch
9/3/2011
21
PVST (Per VLAN Spanning Tree) requires separate instance of spanning tree for each VLAN
BID field is required to carry VLAN ID (VID) information A Accomplished by reusing a portion of the Priority field as the li h d b i ti f th P i it fi ld th extended system ID
9/3/2011
22
11
Some switches that have fewer MAC addresses than the number of supported VLANs
MAC address reduction feature is the solution Catalyst 6500 supports up to 4094 VLANs: needs MAC address reduction to support 4094 STP instances
9/3/2011 Implementing STP Ch3 Implementing STP 23
Extended System ID
802.1D 16 bit Bridge Priority field is split into two fields 16-bit Bridge Priority: 4-bit field that carries the bridge priority
Priority is conveyed in discrete values in increments of 4096 rather than discrete values in increments of 1 Default priority is 32,768, which is the mid-range value
Extended System ID: 12-bit field that carries the VID for PVST MAC address: A 6-byte field with the MAC address of a single switch
9/3/2011 Ch3 Implementing STP STP Implementing 24
12
9/3/2011
25
Bridge priority becomes a multiple of 4096 plus the VLAN ID if MAC address reduction is enabled
Switch can specify the switch priority only as a multiple of 4096
Only the following values are possible: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440
9/3/2011
26
13
9/3/2011
27
Suggest a root priority value of 4096 to for the root bridge Secondary root bridge
Priority between the value of the root bridge (4096) and the default value (32,768) Generally the priority value 8192 is used
Automatically detect the current root switch and lower the priority value of the respective switch so that it becomes the root
spanning-tree vlan vlan-id root primary
Secondary root lowers the priority of the switch to a nondefault value but a higher value than the current root
spanning-tree vlan vlan-id root secondary
9/3/2011
28
14
9/3/2011
29
15
Ports wait for new topology information to propagate before starting to forward frames Five states for Layer 2 interface Blocking interface does not participate in frame forwarding but listens to incoming BPDUs
Does not learn MAC addresses of received frames
Listening switch resolves the root and selects the root port, the designated port, and the nondesignated ports
Does not learn the unicast address of any received frames
Disabled interface does not participate in spanning tree and does not forward frames
9/3/2011 Ch3 Implementing STP 31
Max age maximum length of time a bridge port saves its configuration BPDU information
20 seconds by default but is configurable between 6 and 40
Spanning-tree topology of the network adheres to the i l f h k dh h timers of the root bridge
Root bridge passes the times in BPDUs to all switches
9/3/2011
32
16
9/3/2011
33
State Transitions
When powered on bridge assumes it is the root bridge
Transitions to the listening state
During the listening state the bridge processes the BPDU received
Ports that remain as designated or root ports transition to the learning state after the forward delay Ports that are not the designated or root ports transition back to the blocking state
If a port is a designated or root port at the end of the learning state the port transitions to the forwarding state
Capable of sending and receiving user data
Ports that are not the designated or root ports transition back to the blocking state
9/3/2011 Ch3 Implementing STP 34
17
State Transitions
9/3/2011
35
STP Operation
2. Selects the root port on all nonroot bridges lowest-cost path to the root
Root ports send and receive traffic If equal-cost paths to the root selects the port that connects to the lowest bridge ID If all bridge IDs are the same bridge selects the lowest port ID From switch Y t e lowest-cost path to t e root is t oug t e Fast Ethernet o sw tc the owest cost pat the oot s through the ast t e et
3. Selects the designated port on each segment on the bridge with the lowest path cost to the root
9/3/2011
Designated port for both segments is on the root bridge 10BASE-T port on switch Y is a nondesignated port and Blocks Switch chooses a designated port as the least-cost path to the root bridge Bridge ID acts as the tiebreaker
Ch3 Implementing STP 36
18
Selecting the root bridge and enforcing the topology is vital to complex networks Step 1. Configure the root and secondary root bridges Step 2. Set the port priorities Step 3. Set the port costs Step 4. Enable root guard on access-layer switches (see later)
9/3/2011
37
Determining the root port of a switch that has equal-cost paths to the root
STP looks at the bridge ID of the switches that sent the BPDUs If equal, STP l k at th priority of the ports l looks t the i it f th t Port with the lowest port priority (cost) would be selected as the root port If equal, STP uses the port identifiers and selects the port with the lowest port priority as the root port
9/3/2011
38
19
Root path cost in both cases is 0 Local path cost on the Fast Ethernet port is 19 Local path cost on the Ethernet port is 100 Port on the Fast Ethernet segment has the lowest path cost to the root bridge and is elected the root port for switch Y
9/3/2011
39
Elects the port on the segment with the lowest path cost to the root bridge If multiple ports on the same bridge have the same cost, the port with the lowest port priority is chosen If the port priority is the same, then the port with the lowest port ID becomes the designated port Because all ports on the root bridge have a root path cost of 0
STP designates all ports on the root bridge as designated ports Root bridge ports act as designated ports in both the segments
9/3/2011
40
20
Backup or secondary root bridges are selected in the event of a failure of the primary root bridge
Selection is done intentionally With primary root bridge failure the new root bridge is still i t b id f il th t b id i till centrally located
In a production network
Backup root bridge must have the same capacity as the primary No degradation of performance with a primary root bridge failure
9/3/2011 Ch3 Implementing STP 41
Three switches have the same priority Bridge with the lowest MAC address becomes the root bridge ASW11 is the root bridge with a bridge ID of 00:00:0c:aa:aa:aa Other two switches are non-root bridges Root bridges designate all ports as designated ports
9/3/2011
42
21
Switch elects the port on segment 1 for DSW111 or segment 2 for DSW112 as the root port
9/3/2011 Ch3 Implementing STP 43
Port on either DSW111 or DSW112 ends up as designated port for segment 3 DSW111 and DSW112 examine the root bridge ID in the BPDUs
Root bridge IDs are the same
Port on DSW111 becomes the designated port on segment 3 Port on DSW112 becomes the non-designated port put into blocking state
9/3/2011 Ch3 Implementing STP 44
22
9/3/2011
45
9/3/2011
46
23
RPC=4
RPC=2 RPC=2
RPC=4
9/3/2011
47
9/3/2011
48
24
9/3/2011
49
Designated bridge generates another TCN for its own root port
So on until the TCN BPDU reaches the root bridge
Root bridge is aware there has been a topology change in the network
Starts sending out its configuration BPDUs with the Topology Change (TC) bit set Every bridge in the network relays these BPDUs with this bit set Each bridge reduces its MAC address table aging time to the value of the forward delay timer
9/3/2011 Ch3 Implementing STP 50
25
9/3/2011
51
9/3/2011
52
26
6. Switch receiving the TC configuration BPDU message from the root switch uses the value of the forward delay timer to age out entries in the address table h l f h f dd l i i i h dd bl
Age out MAC address entries faster than the 300-second default Ensures MAC addresses no longer available due to the topology change age out quickly Switch continues until it no longer receives TC BPDU messages from the root
9/3/2011
53
Enhancements to STP
9/3/2011
54
27
Plus sign indicates that STP 802.1D has been enhanced by Cisco with 802 1D proprietary features PVST+ provides for load balancing on a per-VLAN basis
Allows creation of different logical topologies using the VLANs on a switched network Ensure that all links can be used and that one link is not oversubscribed
Typical Building Access submodule switch connected to two Building Distribution submodule switches
One Building Distribution submodule switch is root for one VLAN Other Building Distribution submodule switch is root for the second VLAN Building Access submodule switch in this scenario would use both the links, one for each VLAN, achieving load balancing
PVST+
One spanning-tree instance exists for the primary VLAN p g p y Second instance for the alternate VLAN Single switch and a single trunking port can serve different roles for each VLAN On the access-layer switch, a port forwards for one VLAN while blocking for the other VLANs Desired STP configuration and resulting layer 2 topology is not necessarily automatic Network administrator needs to plan and configure manually
Ch3 Implementing STP 56
9/3/2011
28
Enable STP:
spanning-tree vlan vlan-id
9/3/2011
58
29
9/3/2011
59
Priority field is 8193 even though the configured priority value is 8192
Switch uses MAC address reduction feature P i it fi ld i l d th VLAN ID i f Priority fields include the information (8192 + 1 = 8193) ti
??
9/3/2011 Ch3 Implementing STP 60
30
How can this be? Arent all ports Of a root bridge Designated Ports?
9/3/2011
61
9/3/2011
62
31
9/3/2011
63
9/3/2011
64
32
Cisco enhanced 802.1D with features such as UplinkFast, BackboneFast, and PortFast to speed up the convergence time
Proprietary and need additional configuration
In most cases RSTP performs better than the Cisco proprietary extensions 802.1w is capable of reverting to 802.1D to interoperate with legacy bridges on a per-port basis
Reverting negates the benefits of 802.1w for that segment
9/3/2011 Ch3 Implementing STP 65
RSTP
RSTP selects one switch as the root of an active topology
Assigns port roles to individual ports on the switch
P id rapid connectivity following the failure of a Provides id ti it f ll i th f il f switch, port, or LAN New root port and the designated port of the connecting bridge transition to forwarding through an explicit handshake protocol Allows switch-port configuration
Ports transition to forwarding directly when the switch reinitializes
Cisco Catalyst switches RPVST+ is the per-VLAN version of the RSTP implementation
Current generation Catalyst switches support RPVST+
9/3/2011 Ch3 Implementing STP 66
33
RSTP Ports
9/3/2011
67
STP mixes the state of a port with the role it plays in the active topology RSTP considers no difference between a port in blocking state and a port in listening state: both discard frames, and neither learns MAC addresses RSTP decouples the role of a port from the state of a port
9/3/2011 Ch3 Implementing STP 68
34
9/3/2011
69
Different switch
9/3/2011 Ch3 Implementing STP
Same switch
70
35
9/3/2011 9/3/2011
7171
Designated port bridge sending the best BPDU is the designated bridge for the segment
Corresponding port on that bridge is the designated port
Alternate port blocked from receiving root BPDUs from another bridge
Becomes the designated port if the active designated port fails
Backup port blocked from receiving root BPDUs from the designated port for a shared LAN segment from the same bridge on which the port is located
Becomes the designated port if the existing designated port fails
36
9/3/2011
73
Ports directly connected to end stations cannot create bridging loops (edge ports)
Transition directly to forwarding skipping the listening and learning stages Designate edge ports through manual configuration Does not generate a topology change when its link transitions If an edge port receives a BPDU it immediately becomes a normal spanning-tree port
RSTP ports are able to achieve rapid transition to forwarding on edge ports and point-to-point links
Most switch-to-switch links are point-to-point
Switches automatically derive the link type from the duplex mode of a port Rapid transition to the forwarding state for the designated port occurs only if the link type parameter indicates a point-to-point link
9/3/2011 Ch3 Implementing STP 74
37
Point-to- Port operating in full-duplex i i i f ll d l point mode. It is assumed that the port is connected to a single switch device at the other end of the link.
Shared
Port operating in half-duplex mode. It is assumed that the port is connected to shared media where multiple switches might exist.
9/3/2011
75
9/3/2011
76
38
9/3/2011
77
BPDU Generation
802.1D non-root bridge generates a BPDU only when it receives one on its root port 802 1w bridge sends a BPDU every hello time period 802.1w hello-time If a port receives no BPDUs for three consecutive hello times
Bridge immediately ages out protocol information Immediate aging also happens if the max age timer expires
In RSTP mode switches detect physical link failures much faster than in 802.1D
9/3/2011 Ch3 Implementing STP 78
39
1. Ports a and b, the designated ports, start in discarding or learning state and send BPDUs with the proposal bit 2. Port b receives the superior BPDU from bridge A and immediately knows that port b is the new root port 3. Bridge B sends a BPDU back to bridge A with the agreement bit set in the BPDU 4. Bridge A transitions to forwarding as soon as it receives the BPDU with the agreement bit set from bridge B
9/3/2011
79
40
Switch B on P5 will see that switch A is discarding and will also transition to the designated discarding state Switch A sends its proposal BPDU down to B with the root ID of the root bridge Switch B sees a proposal with the superior BPDU from A and blocks all non-edge Switch B sends a BPDU with the agreement bit set, and switch A P3 transitions to forwarding state The synchronization process continues with switches downstream from B
Ch3 Implementing STP 81
9/3/2011
RSTP bridge detects a topology change 1. Starts the TC While timer with a value equal to twice the hello time for its non-edge designated ports and its root port
Interval during which the RSTP bridge actively informs the rest of the bridges of a topology change
2. Flushes the MAC addresses associated with all non-edge ports 3. TC While timer running on a port:
BPDUs sent out of that port have the TC bit set Bridge sends BPDUs even on the root port
9/3/2011
82
41
9/3/2011
83
802.1D only the root sends BPDUs with the TC bit set In RSTP there is no need to wait for the root bridge to be notified
9/3/2011 Ch3 Implementing STP 84
42
9/3/2011
85
Each port maintains a variable that defines the protocol to run on the corresponding segment
If the port receives BPDUs that do not correspond to its current operating mode for two times the hello time, it switches to the other STP mode
43
PortFast
Spanning Tree PortFast causes an interface configured as an access port to enter the forwarding state immediately
Bypasses the listening and learning states
Enable on Layer 2 access ports connected to a single workstation or se ve server Server and workstation are attached to an access switch through ports that have the PortFast feature enabled
9/3/2011
87
STP state jumps directly from blocking to forwarding without going through the listening and learning state PortFast suppresses topology change notifications
9/3/2011 Ch3 Implementing STP 88
44
9/3/2011
89
9/3/2011
90
45
9/3/2011
91
Implementing PVRST+
1. 2. 3. 4. 5.
Enable PVRST+ globally. PVRST+ should be configured on all switches in the b d t domain th broadcast d i Designate and configure a switch to be the root bridge. Designate and configure a switch to be the secondary (backup) root bridge. Ensure load sharing on uplinks using priority and cost parameters. Verify the configuration.
9/3/2011 Ch3 Implementing STP 92
46
Verifying PVRST+
The output below illustrates how to verify the RSTP configuration for VLAN2 on a nonroot switch in a topology.
Switch# show spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol rstp Root ID Priority 32768 Address 000b.fcb5.dac0 Cost 38 Port 7 (FastEthernet0/7) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 0013.5f1c.e1c0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Ti A i Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------------------- ----------------------Fa0/7 Root FWD 19 128.7 P2p Fa0/8 Root FWD 19 128.8 P2p
9/3/2011
93
9/3/2011
94
47
MST (802.1s)
MST builds multiple spanning trees over trunks
Grouping and associating VLANs to spanning-tree instances Each instance may have a topology that is independent of other instances P id multiple forwarding paths for data traffic and enables Provides lti l f di th f d t t ffi d bl load balancing Failure in one forwarding path does not affect other instances with different forwarding paths
MST spanning-tree instance may exist only on bridges that have compatible VLAN instance assignments
Configuring a set of bridges with the same MST configuration information allows them to participate in a specific set of spanning-tree spanning tree instances
MST region refers to the set of interconnected bridges that have the same MST configuration Achieve load balancing on the access switch uplinks based on even or odd VLANs or any other scheme deemed appropriate
9/3/2011 Ch3 Implementing STP 95
Concept of two MST instances extends to 4096 VLANs MST converges faster than PVST+
Backward compatible with 802.1D STP, 802.1w (RSTP), and the Cisco PVST+ architecture
9/3/2011
96
48
Comparison
PVST+ Case Achieves load balancing by configuring such that a specific number of VLANs are forwarding on each uplink trunk
Bridge D1 to be the root for VLAN 501 1000 g Bridge D2 to be the root for VLAN 1 500 Load balancing between the access and distribution layers Switches 1000 VLAN instances for only two different logical topologies
PVST+ characteristics
Provides the ability to optimize load balancing Maintains per-VLAN STP instance and results in more CPU utilization
9/3/2011 Ch3 Implementing STP 97
802.1Q Case
CST instance
No load balancing is possible Switch CPU utilization is low since only one instance Cisco implementation enhances 802.1Q to support PVST+
Behaves exactly as the PVST case
9/3/2011 Ch3 Implementing STP 98
49
MST Case
MST Regions
Received BPDUs need to identify STP instances and the VLANs that are mapped to the instances Each switch running MST has a single configuration of three attributes
Alphanumeric configuration name (32 bytes) C fi Configuration revision number (2 bytes) ti ii b b t ) 4096-element table that associates each of the potential 4096 VLANs to a given instance
To be part of a common MST region switches must share the same configuration attributes Must be able to exactly identify the boundaries of the regions
Characteristics of the region are included in BPDUs Switches do not propagate exact VLANs-to-instance mapping in the BPDU Sw tc es only eed Switches o y need to know w et e t ey a e in the same region as a neighbor ow whether they are t e sa e eg o e g bo Switches send a digest of the VLANs-to-instance mapping table along with the revision number and the name Switch receives a BPDU compares it with its own computed digest If the digests differ the port receiving the BPDU is at the boundary of a region
9/3/2011
100
50
Extended System ID
9/3/2011
102
51
9/3/2011
103
MST Configuration
Enable MST on switch
Switch(config)# spanning-tree mode mst
9/3/2011
104
52
9/3/2011
105
SwitchA(config)# spanning-tree mode mst SwitchA(config)# spanning-tree mst configuration SwitchA(config-mst)# name XYZ SwitchA(config-mst)# revision 1 SwitchA(config-mst)# instance 1 vlan 11, 21, 31 SwitchA(config mst)# SwitchA(config-mst)# instance 2 vlan 12 22 32 12, 22, SwitchA(config)# spanning-tree mst 1 root primary SwitchB(config)# spanning-tree mode mst SwitchB(config)# spanning-tree mst configuration SwitchB(config-mst)# name XYZ SwitchB(config-mst)# revision 1 SwitchB(config-mst)# instance 1 vlan 11, 21, 31 SwitchB(config-mst)# instance 2 vlan 12, 22, 32 SwitchB(config)# spanning-tree mst 2 root primary
9/3/2011 9/3/2011
106 106
53
9/3/2011
107
priority 32769 (32768 sysid 1) Prio.Nbr -------128.152 128.160 128.170 Type ------Shr P2p P2p
9/3/2011
108
54
9/3/2011
109
Prio.Nbr Vlans mapped -------- ------------------------2000000 128.152 5-4094 2000000 128.152 1-2 2000000 128.152 3-4
9/3/2011
110
55
9/3/2011
111
Connecting an unauthorized access switch Users may plug in an unauthorized access switch
Will not cause a network loop but it may result in a topology change and may become the root Root Guard feature will detect the BPDU sent by this newly added access switch and will disable the user port
Unidirectional link due to faulty cabling or device cable fault or device will cause switch links to become unidirectional
Result in an STP loop UDLD feature detects and err-disables the offending link
Blocking port erroneously moving to forwarding state software inconsistency or BPDU loss can also cause this to occur
Loop Guard feature will detect such a condition and put the blocking switch port into an inconsistent state
9/3/2011
112
56
BPDU guard: Prevents accidental connection of switching devices to PortFast-enabled ports. Connecting switches to PortFast-enabled ports can cause Layer 2 loops or topology c a ges changes BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access ports Root guard: Prevents switches connected on ports configured as access ports from becoming the root switch Loop guard: Prevents root ports and alternate ports from moving to forwarding state when they stop receiving BPDUs
BPDU Guard
Puts an interface configured for STP PortFast in the errdisable state upon receipt of a BPDU
Disables interfaces to avoid a potential bridging loop
57
%PAGP-5-PORTFROMSTP:Port 2/1
9/3/2011
115
58
BPDU Filtering
Prevents switches from sending BPDUs on PortFast-enabled interfaces
Typically connect to host devices
If globally enabled
It affects all operational PortFast ports on switches that do not have BPDU filtering configured on the individual ports Switch changes the interface back to normal STP operation if the port receives BPDUs on an interface Upon startup, the port transmits ten BPDUs. If this port receives any BPDUs during that time, PortFast and PortFast BPDU filtering are disabled
BPDU Guard enabled on the same interface as BPDU filtering has no effect
BPDU filtering takes precedence
9/3/2011
117
9/3/2011
118
59
9/3/2011
119
9/3/2011
120
60
9/3/2011
121
Root Guard
Useful in avoiding Layer 2 loops during network anomalies Forces an interface to become a designated port to prevent surrounding switches from becoming a root switch
Enforce the root bridge placement in the network Root Guard enabled ports forced to be designated ports
Switches A and B comprise the core of the network and switch A is the root bridge for a VLAN
9/3/2011
122
61
Switches A and B comprise the core of the network; Switch A is the root bridge When Switch D is connected to Switch C, it begins to participate in STP If the priority of Switch D is 0 or any value lower than that of the current root bridge, Switch D becomes the root bridge
Having Switch D as the root causes the Gigabit Ethernet link connecting the two core switches to block Causes all the data to flow via a 100-Mbps link across the access layer. Obviously a terrible outcome
9/3/2011 Ch3 Implementing STP 123
After the root guard feature is enabled on a port, the switch does not enable that port to become an STP root port Cisco switches log the following message when a root guardenabled port receives a superior BPDU:
62
Current design recommendation is to enable root guard on all access ports Switch C blocks the port connecting to Switch D when it receives a superior BPDU Port transitions to the root-inconsistent STP state No traffic passes through the port while it is in root-inconsistent state
When Switch D stops sending superior BPDUs, the port unblocks again and goes through regular STP transition Recovery is automatic; no intervention is required
9/3/2011
125
9/3/2011
126
63
Loop Guard
Improves the stability of Layer 2 networks by preventing bridging loops
9/3/2011
127
Loop Guard
Additional protection against Layer 2 forwarding loops
Occur if one port of a redundant topology stops receiving BPDUs Switches rely on continuous BPDUs
If a switch receives a BPDU on a port in the loop-inconsistent STP state loop inconsistent
Port transitions through STP states Recovery is automatic
9/3/2011
128
64
9/3/2011
129
Blocking port on C transitions into the loopinconsistent state Port in the loop-inconsistent state does not pass data traffic
Bridging loop does not occur Effectively equal to the blocking state
9/3/2011 Ch3 Implementing STP 130
65
When the Loop Guard feature places a port into the loop-inconsistent blocking state, the switch logs the following message:
SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 3/2 in vlan 3. Moved to loop-inconsistent state.
9/3/2011
131
66
9/3/2011
133
9/3/2011
134
67
Unidirectional links can cause STP loops Unidirectional Link Detection (UDLD) will detect unidirectional link conditions when Layer 1 mechanisms do not Provides the ability to shut down the affected interface
9/3/2011
135
UDLD
UDLD allows for detection of unidirectional link conditions on switch ports
Link remains in the up state but the interface is not passing traffic Typically from faulty Gigabit Interface Converters (GBIC) i f f Gi i f C (G C)
Neighbor devices with UDLD enabled send the same hello message
9/3/2011
136
68
UDLD Modes
Normal Mode UDLD detects unidirectional links due to misconnected interfaces on fiber-optic connections
UDLD changes the UDLD-enabled port to an undetermined state if it stops receiving UDLD messages from its directly connected neighbor
Aggressive Mode (Preferred) When a port stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor
After eight failed retries, the port state changes to the err-disable state Aggressive mode UDLD detects unidirectional links due to oneway traffic on fiber-optic and twisted-pair links and due to misconnected interfaces on fiber-optic links
9/3/2011
137
69
UDLD Configuration
UDLD is disabled on all interfaces by default udld global configuration command affects fiber-optic interfaces only
udld enable enables UDLD normal mode on all fiber interfaces udld aggressive enables UDLD aggressive mode on all fiber interfaces
udld port interface configuration command can be used for twisted-pair and fiber interfaces
To enable UDLD in normal mode, use the udld port command To enable UDLD in aggressive mode, use the udld port aggressive Use the no udld port command on fiber-optic ports to return control of UDLD to the udld enable global configuration command or to disable UDLD on nonfiber-optic ports Use the udld port aggressive command on fiber-optic ports to override the setting of the udld enable or udld aggressive global configuration command Use the no form on fiber-optic ports to remove this setting and to return control of UDLD enabling to the udld global configuration command or to disable UDLD on nonfiber-optic ports
9/3/2011 Ch3 Implementing STP 139
Issue Link is bidirectional Layer 1 up unidirectional link One side of a link has port stuck (tx and rx). One side of a link up & other side of the link down
UDLD State Bidirectional. error message displayed, port in err-disable state Undetermined. Undetermined Undetermined.
9/3/2011
140
70
Yes, when enabled on all Yes, when enabled on all links root ports and alternate in redundant topology ports in redundant topology Yes No
No
Ch3 Implementing STP
Yes
142
71
Aggressive mode UDLD is more robust in its ability to detect unidirectional links on EtherChannel
Loop Guard blocks all interfaces of the EtherChannel Aggressive mode UDLD disables the single port that is exhibiting problems
Aggressive mode UDLD is not dependent on STP, so it supports Layer 3 links Loop Guard does not support shared links or interfaces that are p pp unidirectional on switch Bootup
If a port never receives BPDUs it becomes a designated port Aggressive mode UDLD does provide protection against such a failure
Enabling both aggressive mode UDLD and Loop Guard provides the highest level of protection
9/3/2011 Ch3 Implementing STP 143
Flex Links
Flex Links is a Layer 2 availability feature Provides an alternative solution to STP Users turn off STP and still provide basic link redundancy Flex Links can coexist with spanning tree on the distribution layer switches Distribution layer switches are unaware of the Flex Links feature Flex Links enables a convergence time of less than 50 milliseconds Convergence time remains consistent regardless of the number of VLANs or MAC addresses configured Flex Links is based on defining an active/standby link pair on a common access i / db li k i switch Flex Links are a pair of Layer 2 interfaces, either switchports or port channels Configured to act as backup to other Layer 2 interfaces
144
9/3/2011
72
9/3/2011
9/3/2011
146
73
9/3/2011
147
9/3/2011
148
74
9/3/2011
149
Duplex Mismatch
Point-to-point link One side of the link is manually configured as full duplex Other side is using the default configuration for auto-negotiation
9/3/2011
150
75
Frequent cause of bridge loops Undetected failure on a fiber link or a problem with a transceiver
9/3/2011
151
Frame Corruption
If an interface is experiencing a high rate of physical errors, the result may be lost BPDUs
May lead to an interface in the blocking state moving to the forwarding state
Uncommon scenario due to conservative default STP parameters Frame corruption is generally a result of a duplex mismatch, bad cable, or incorrect cable l i h b d bl i bl length h
9/3/2011
152
76
Resource Errors
STP is performed by the CPU (software-based)
If the CPU of the bridge is over-utilized for any reason, it might lack the resources to send out BPDUs
STP is generally not a processor-intensive application and has priority over other processes
Resource problem is unlikely
Exercise caution when multiple VLANs in PVST+ or PVRST mode exist PVRST+ d i
Consult the product documentation for the recommended number of VLANs and STP instances on any specific switch
9/3/2011 Ch3 Implementing STP 153
Switch A has Port p1 in the forwarding state and Port p2 configured for PortFast and Device B is a hub Port p2 goes to forwarding and creates a loop between p1 and p2 as soon as the second cable plugs in to Switch A Loop ceases as soon as p1 or p2 receives a BPDU that transitions one of these two ports into blocking mode
Problem is that if the looping traffic is intensive, the bridge might have trouble successfully sending the BPDU that stops the loop BPDU guard prevents this type of event from occurring
Ch3 Implementing STP 154
9/3/2011
77
Troubleshooting Methodology
Troubleshooting STP issues can be difficult if logical troubleshooting procedures are not deployed in advance Occasionally, rebooting of the switches might resolve the problem temporarily
Without determining the underlying cause of the problem, the problem is likely to return
Steps provide a general overview of a methodology for troubleshooting STP: Step 1. Develop a plan Step 2. Isolate the cause and correct an STP problem Step 3. Document findings
9/3/2011 Ch3 Implementing STP 155
9/3/2011
156
78
79