Spanning Tree Protocol- 802.1D
- is a Layer 2 loop-prevention mechanism
-on Cisco switch PVST is enabled by default / one stp instance per vlan
BPDU (Bridge Protocol Data Unit)
-Is a packet used to advertise spanning-tree protocol information.
Bridge ID (BID)
The bridge ID (BID) is a critical element for the creation of the spanning-tree, loop-free topology.
- The bridge ID consists of a 2-byte bridge priority and a 6-byte MAC address. The default priority is 32,768.
- Newer switchoperating systems break the priority field into two sections:
4-bit priority and a 12-bit extended system ID.
- This extended system ID value is just the VLAN ID. This enables each VLAN to have a unique bridge ID while still using the same MAC address and priority value. Previously, multiple MAC addresses were needed for each VLAN to ensure uniqueness.
Path Cost
- is the measure of distance from one bridge to another. Links are assigned a cost value by STP. This cost value is based on bandwidth. Higher-bandwidth links receive a lower-cost value, and STP deems a lower-cost path as preferred to a higher-cost path.
STP Port Roles
1. Root port - Is the one port on a switch that is closest (with the lowest root path cost) to the root bridge.
2. Designated port - Is the downstream port on a LAN segment that is closest to the root. This port relays, or transmits BPDUs down the tree.
3. Blocking port - Is a port that are neither root nor a designated port.
4. Alternate port - Is a port that is a candidate root port in blocking state. (Next-closest to the root bridge)
- These ports are identified for quick use by the STP uplinkfast feature.
4. Forwarding port - Ports where no other STP activity is detected or expected. These are ports with normal end-user connections.
STP Process
1. Election of Root Bridge - switch that has lowest Bridge ID
- configuration bridge protocol data units (BPDU) are sent between switches for each port
and BIDs are compared.
2. Election of Root Ports
a. Lowest cumulative cost to the root:
b. Lowest upstream BID:
c. Lowest port ID
c.1 Lowest port priority (0-255) (default = 128)
c.2 Lowest port number ie Fa0/5 = 5.
3. Election of Designated Ports - same criteria as root ports
STP manipulation:
1. Port Cost (on inbound link is local, outbound does nothing)
- Can be changed to influence how the local switch elects its local ROOT port upstream.
- Changing the port cost will affect all downstream switches, as cost is the sum of all port costs to the root.
2. Port Priority (on outbound link will offset choice of downstream switch, inbound does nothing)
- Can be changed to influence how a downstream switch elects its root port.
- Priority is locally significant between two directly connected switches.
Note: show span vlan will not reflect the upstream priority the command "detail" option should use below;
show spanning-tree VLAN {id} detail
" as 'designated port id x.x'
STP Port Phases:
1. Disabled
- Ports that are in a down state. This state is special and is not part of the normal STP progression for a port.
2. Blocking - BPDUs receive only (only when switch initially come up)
- cannot recieve data and add MAC address to its table.
- Blocking delay=20 sec, and this value CANNOT be changed.
3. Listening BPDUs sent and received
- The port is allowed to receive and send BPDUs so that it can actively participate in STP.
- The port still cannot send or receive data frames.
Listening delay = 15 sec.
4. Learning Bridging table is built
- The switch now can learn new MAC addresses to add to its address table.
- The port cannot yet send any data frames.
- Learning delay = 15 sec.
5. Forwarding Sending/receiving data
- After the forward delay (listening and learning states) (default = 30 sec) the port transitions to forwarding state.
- The port now can send and receive data frames, collect MAC addresses in its address table, and send and receive BPDUs.
STP timers control convergence in the process:
1. Hello: 2 sec (time between each configuration BPDU)
2. Forward Delay: 15 sec (controls durations of listening/learning states)
command:
spanning-tree vlan # forward-time sec
3. Max Age: 20 sec (controls the duration of the blocking state)
command:
CCIE Lab Scenario: Ports initially comes up, should be forwarding not more than 44 seconds;
44 -20 (blocking time)= 24 (listening + forwarding) means 12 listening and 12 forwarding
spanning-tree vlan # forward-time 12
Advanced STP Features
1. STP Portfast - override listening and learning stage to forwarding stage.
- The switch does not generate a TCN when a port configured for PortFast is going up or down—for example, when a workstation power-cycles.
interface command:
spanning-tree portfast
2. STP Portfast default - same effect, this is a global command
global command:
spanning-tree portfast default
3. STP Uplinkfast - failure of a root port an alternate port is immediately transition to root port.
- cisco proprietary
When you configure UplinkFast, the local switch has a priority set to 49,152 and adds 3000 to the cost of all links.
Finally, a mechanism is included that causes the manipulation of MAC address tables for other bridges.
global command:
spanning-tree uplinkfast
4. STP Backbonefast - speed up convergence when indirect failure occurs upstream by immediately expiring max-age timer.
- cisco proprietary
Configure BackboneFast on all switches to speed convergence when the failure occurs and is indirectly located, such as in the core of the backbone. It reduces convergence from approximately 50 seconds to approximately 30 seconds.
global command:
spanning-tree backbonefast
5. STP BPDU Guard - enforce access layer security on the termination of STP domain.
- when BPDU is recieved the port will transition to err-disable stae
interface command:
spanning-tree bpduguard enable
6. STP BPDU Guard default - works with portfast default in order to automatically enable BPDU guard on any interface in the portfast state
global command:
spanning-tree portfast default
spanning-tree bpduguard default
7. STP BPDU filter - used to terminate STP domain
- it drops all inbound BPDUs and does not send BPDUs on to the interface
- does not put port into err-disable state.
interface command:
spanning-tree bpdufilter enable
8. STP BPDU filter default - works with portfast default by allowing interfaces that should have portfast enabled
global command:
spanning-tree portfast default
spanning-tree bpdufilter default
9. STP Root Guard - similar with BDPU guard, but the difference is a root guard interface is only disabled if a superior BPDU is received, placing the interface into ROOT_INCONSISTANT_STATE.
interface command:
spanning-tree guard root
10. STP Loop Guard - Is used to prevent STP loops from occurring due to a unidirectional link. loos causes by some stp process
- Similar to UDLD but instead uses BDPU keepalive to determine unidirectional traffic.
- If a blocked port transitions to forwarding state erroneously, a loop can occur.
- Blocked ports will be transitioned into LOOP_INCONSISTANT_STATE to avoid loops.
interface command:
spanning-tree guard loop
10. UDLD (Unidirection Link Detection) -
- Cisco proprietary.
- UDLD is typically used with fibre optic cables.
- Peers discover each other by exchanging frames sent to the MAC-address 0100:0CCC:CCCC.
global command:
udld enable
only applies to fibre interfaces!!!
interface command:
udld port aggressive
- applies to all interfaces
2 modes:
1. Normal - informational mode, generates a log entry, but doesn't disable or shutdown the port.
2. Aggressive - will place a interface into err-disable state.
Disabling Spanning-Tree
- STP cannot be disabled directly on a per interface basis.
- One can turn off Spanning Tree Protocol (STP) on a per-VLAN basis, or globally on the switch.
- Use the "no spanning-tree vlan vlan-id" command in order to disable STP on a per-VLAN basis.
- However by filtering BPDU's on a interface one will effectively disable STP running on that interface.
- FLEX-Links also disables STP on an interface.
No comments:
Post a Comment