STP - Classic
Spanning Tree Protocol - Stop network loops !!
Last updated
Spanning Tree Protocol - Stop network loops !!
Last updated
Classic Spanning Tree Protocol (802.1D) By selecting which ports are Forwarding and which ports are Bocking, STP creates a single path to/from each point in the network. This prevents Layer 2 loops
There is a process which determines which ports should be blocking and which ports should be forwarding. STP enabled switches send/receive HELLO BPDU's out of all interfaces every 2 seconds (default). If a switch receives a BPDU, it knows that interface it received it on is connected to a switch. (Routers, PC's etc don't use STP so they don't send HELLO BPDU's)
In a BPDU frame, the bridge with the LOWEST Bridge ID becomes the ROOT BRIDGE. The root bridge has ALL its ports in the FORWARDING state and all other switches must have a path to reach the root bridge.
The bridge ID field (Priority + MAC address) is used to elect a root bridge for the network
The present day Bridge ID includes a 12 bit field called the 'Extended System ID' which is just the VLAN ID. This was introduced because Cisco introduced a version of PVST (Per VLAN STP) as each interface can also be in different state (blocking / forwarding) depending on the VLAN its in. This means that each VLAN has it's OWN instance of STP running.
So with the last bit enabled on the bridge priority set (32768) and now the first bit set on the Extended System ID the value of the default VLAN 1 changes from 32768 to 32769 (32768 + 1 )
If you want to change the switch's bridge priority (without changing the VLAN numbers) what is the minimum unit of increase/decrease? The extended system ID is set and cannot be changed (because its determined by the VLAN ID) so the only thing you can do to change the "BRIDGE PRIORITY" is in units of 0 -> 61440 (in units of 4096
For example I could change this Bridge Priority (see above) from default 32769 to [16384 + 8192 + 4096] + 1 = 28673
We are just going to use one VLAN here (VLAN1 ) but if we were using VLANs 1, 2 and 3,then the bridge priority for the VLAN's would be
VLAN 1 = 32768 + 1 = 32769
VLAN 2 = 32768 + 2 = 32770
VLAN 3 = 32668 = 3 = 32771
We could make Switch 2 as the root bridge for VLAN2 and switch 3 as the root bridge for VLAN 3. Will discuss this later.
We see here that SW1 is the ROOT BRIDGE and that all interfaces are in the forwarding state. These interfaces that are in the forwarding state are called DESIGNATED PORTS
When a switch is powered up it assumes its a Root bridge
It will only change this if it receives a BPDU with a LOWER bridge ID
Once the topology has converged and all switches agree on a root bridge, ONLY the root bridge sends out BPDU's
Other switches will forward BPDU's but it wont generate their own original BPDU's
Which switch will become the root bridge?
As we know, the switch with the lowest bridge ID is elected as the ROOT BRIDGE. All ports on the root bridge are DESIGNATED PORTS (forwarding state)
Each remaining switch will select ONE of its interfaces to be its ROOT PORT. The interface with the LOWEST ROOT COST will be the root port. Root ports are also in the FORWARDING state
The ROOT COST is the TOTAL cost of the OUTGOING interfaces along the path to the ROOT BRIDGE !! You don't count the cost of the RECEIVING interface, just the SENDING OUTGOING interface
SW1 is the ROOT BRIDGE so has a COST of ZERO (0) on all its interfaces.
What port do you think SW2 will use as its ROOT PORT?
SW2's logic:
I was advertised a cost of 0 from SW1 on Gi0/1. My interface cost = 4. So toatl cost = (0+4)=4
I was advertised a cost of 4 on Gi0/0 and MY interface cost is 4 (4+4=8). SO int Gi0/1 will be my root port and this will be FORWARDING
SW3's logic
the same as SW2
Therefore Gi0/0 will be the root port and will be FORWARDING
What's the solution if there is still a tie? Then the root port is determined by the LOWEST NEIGHBOUR bridge ID
Step 1: Root Bridge
SW2 - Because it has the lowest Priority
All ports forwarding - Designated Ports
Step 2: Root Port
Lowest Root Cost
Lowest Neighbour Bridge ID
Lowest Neighbour PORT ID (See directly below to see how to determine Port ID)
SW1#show spanning tree
Each port has a default priority of 128 and then each port a unique number that increments by 1as per the above output.
STP PORT ID = port priority + port number So for Gi0/2 Port ID = 128 + 3 =131
Which port on SW3 will be selected as the Root Port?
Root port
Lowest Root Cost - Both cost the same (0+4)
Lowest Neighbour Bridge ID - The lowest Neighbour root cost is the same for both (SW1)
Lowest Neighbour Port ID
In this case it would be SW1 G0/1 ---VERY NB (The NEIGHBOUR port ID !!!)
Therefore on SW3 Gi0/2 is the root Port
IF SW3 Gi0/ is the root port then the link to SW1 Gi0/2 must be a Designated Port
show spanning tree
show spanning-tree
show spanning-tree vlan <vlan-id> | detail
show spanning-tree detail ---------gives total path cost :)
show spanning-tree summary --------Blocking, Learning etc. for each VLAN STP state
Only DESIGNATED or ROOT ports enter the listening state. NON-DESIGNATED ports are ALWAYS blocking. That's because listening is a 'Transitional Sate' that eventually leads to the forwarding state
Listening state = 15 seconds and is determined by the Forward Delay timer
Learning state = 15 seconds and is also determined by the Forward Delay timer
Remember once the network has converged - only the ROOT bridge sends BPDU's. Other switches forwards them on their DESIGNATED ports (not root ports or non-designated ports), updating information like the Bridge Root cost, sending port ID, sending bridge ID etc. Two seconds later the root bridge will send BPDU's again, and again other switches will send them out of their designated ports
To speed up the STP process, we can move all access ports (no BPDU's coming through) connected to PC's etc, into a forwarding state immediately by by-passing the listening and learning states using the PORTFAST statement
If an interface with BPDU Guard enabled and it recieves a BPDU on that interface (meaning a switch has been connected to that interface, the interface will be shut down to prevent a loop forming
Once you have fixed the problem - then shutdown and no shut the interface to enable the port again
If you enable root guard on an interface,even if it receives a superior BPDU (lower bridge ID) on that interface, that switch will not accept the new switch as the root bridge. The interface will be disabled
If you enable Loop Guard on an interface, even if the interface stops receiving BPDU's. it will NOT start forwarding. The interface will be disabled.
Check in with CCNP
Check in with CCNP
SW1(config)# interface gi0/2
SW1(config-if)# spanning-tree portfast
SW1(config-if)# spanning-tree bpduguard enable
From Global command Mode:
SW1(config)#spanning-tree portfast default ---Enables all access ports (not trunk ports)
SW1(config)#spanning-tree portfast bpduguard default ---Enables BPDU Guard on all Portfast enabled interfaces.
1)Configure Spanningh Tree Mode:
SW1(config)# spanning-tree mode?
mst Multiple Spanning Tree Mode
pvst Per-Vlan Spanning Tree (Classic Spanning Tree but with Ciscos per Vlan)
rapid-pvst ** Newer switchws run RPVST by default, but to play with the classic PVST use the follwing command:
SW1(config)#spanning-tree mode pvst
2)Manually configure the Root Bridge by manipulating the Bridge Priority.We can also configure the "Secondary Root Bridge" if current root bridge fails
SWITCH 1 = Primary
SW3(config)# spanning-tree vlan 1 root primary --- this command sets the STP priority to 24576. IF another switch already has a priority lower that 24576, then it sets the switchs priority 4096 less than the other switches current priority
SWITCH 2 = Secondary
SW2(config)# spanning-tree vlan 1 root secondary - sets the priority to 28672 (4096 higer than the primary)
3)Configure STP Port Settings
SW2(config-if)#spanning-tree vlan 1?
cost -----------------port cost (Fa=19,Gi=4 etc)
port-priority----------128 default
SW2(config-if)#spanning-tree vlan 1 cost 200 (1- 200 million)
SW2(config-if)#spanning-tree vlan port-priority 32 (increments of 32)
We are using the Classic PVST+ Spanning Tree Here we manually set SW3 as the Root Bridge for VLAN 1 and SW2 as the secondary
Here in VLAN 2, its using the default Root bridge and we see that instead of Gi0/0 on SW1 as a NON-DESIGNATED port, in VLAN 2 its SW3 Gi0/3 as the NON-DESIGNATED port. This is called STP LOAD BALANCING. If we have multiple VLAN's in our network blocking the same interface in each VLAN is waste of inetrface bandwidth. That connection will be doing nothing. just waiting for a connection to fail so it can start forwarding However if you can configure a different root bridge for different VLAN's, different VLAN's will disable different interfaces.
SW1(config)# spanning-tree vlan 10 root primary
SW1(config)# spanning-tree vlan 20 root secondary
SW2(config)#spanning-tree vlan 20 root primary
SW2(config)#spanning-tree vlan 10 root secondary
SW4 selects a different root port from Fa0/2 to Fa0/1. This happens because the path cost back to the root bridge is better via SW2 (0+19=19) against path cost 0
SW3 does NOT selects a different root port because its the last tie breaker and in this case it didn't need to use the tiebreaker.
SPEED
STP COST
10 Mbps
100
100 Mbps
19
1 Gbps
4
10 Gbps
2
