Spanning Tree Protocol: Difference between revisions
No edit summary |
No edit summary |
||
(45 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
''The Spanning Tree Protocol’s purpose is preventing bridging loops and allows a network to quickly recover if the primary path fails. STP was invented by Radia Perlman from the Digital Equipment Corporation. | |||
''Spanning-Tree Protocol is a way to have redundant paths and stop loops from having. All Ethernet networks only work well if there is only one path between two points. Having many different paths will cause loops in a network. This is because frames might be duplicated. The Spanning-Tree protocol will define all switches in the network. The algorithm will automatically change the STP topology by activating or inactivating certain paths, so that only one path will be present between two points. The end-devices do not know if they are connected to one network or many networks.'' | |||
'''Election of the Root Switch''' | |||
The switches in the network gather information with the exchange of data messages. These are called bridge protocol data units (BPDUs). There is an election for a root switch on every LAN segment. To stop loops STP | == '''Election of the Root Switch''' == | ||
''The switches in the network gather information with the exchange of data messages. These are called bridge protocol data units (BPDUs). There is an election for a root switch on every LAN segment. To stop loops STP puts redundant switches ports into a backup state. The root switch is the place where the STP algorithm runs. All other paths not needed to reach the root switch are put in to backup mode'' | |||
Line 14: | Line 16: | ||
'''Root Switch Variables''' | '''Root Switch Variables''' | ||
{| {{table}} | {| {{table}} | ||
| align="center" style="background:# | | align="center" style="background:#f0f0f0;"|'''Variable''' | ||
| align="center" style="background:# | | align="center" style="background:#f0f0f0;"|'''Description''' | ||
|- | |- | ||
| Hello Time||How often a hello is broadcasted to the other switches, so the switch knows the other switches are functioning. | | '''Hello Time'''||How often a hello is broadcasted to the other switches, so the switch knows the other switches are functioning. | ||
|- | |- | ||
| Maximum Age Timer||Defines how long a bridge or switch should wait after the last received hello message before believing that the network topology has changed. | | '''Maximum Age Timer'''||Defines how long a bridge or switch should wait after the last received hello message before believing that the network topology has changed. | ||
|- | |- | ||
| Forward Delay Timer||Time the switch has spent learning/listening before it begins forwarding traffic. | | '''Forward Delay Timer'''||Time the switch has spent learning/listening before it begins forwarding traffic. | ||
|- | |- | ||
| | | | ||
|} | |} | ||
'''Information a BPDU contains''' | |||
== '''Information a BPDU contains''' == | |||
*MAC addresses | *MAC addresses | ||
*Switch priority | *Switch priority | ||
Line 33: | Line 37: | ||
== '''STP Steps''' == | |||
*Elects a root bridge | *Elects a root bridge | ||
**Only one bridge can exist per VLAN | **Only one bridge can exist per VLAN | ||
Line 52: | Line 47: | ||
*Selects the root port for all other switches | *Selects the root port for all other switches | ||
**One port on all switches, that are not root bridges | **One port on all switches, that are not root bridges | ||
**This port is the lowest cost path to the root bridge. | **This port is the lowest cost path to the root bridge. | ||
**If two ports have the same priority, the lowest port number will become the root port. | **If two ports have the same priority, the lowest port number will become the root port. | ||
'''Port Roles''' | |||
{| {{table}} | {| {{table}} | ||
| align="center" style="background:# | | align="center" style="background:#f0f0f0;"|'''Port''' | ||
| align="center" style="background:# | | align="center" style="background:#f0f0f0;"|'''Description''' | ||
|- | |||
| '''Root''' ||The port is on nonroot bridges. It is considered to be the best path. The root port is able to send traffic in the direction of the root bridge. This port will add entries to its MAC address table. There is only one root port per bridge. | |||
|- | |||
| | |||
|- | |||
| | |||
|- | |- | ||
| | | '''Designated''' ||This port is on the root bridge and on the nonroot bridges. There can only be one designated port per segment, unless it’s the root bridge where all the ports are designated ports. If there is more than one switch in the segment, an election will be held. | ||
|- | |- | ||
| | | | ||
|- | |- | ||
| | | | ||
|- | |- | ||
| Disabled ||The port is shutdown. | | '''Nondesignated''' ||The nondesignated port is in the blocking state. It will not add new entries to its MAC address table. | ||
|- | |||
| | |||
|- | |||
| | |||
|- | |||
| '''Disabled''' ||The port is shutdown. | |||
|- | |- | ||
| | | | ||
|} | |} | ||
'''Layer 2 port States''' | '''Layer 2 port States''' | ||
Line 88: | Line 93: | ||
| | | | ||
|- | |- | ||
| '''Listening'''||According to the amount of BPDUs spanning tree tells this port it is able to forward traffic. | | '''Listening'''||According to the amount of BPDUs spanning tree tells this port it is able to forward traffic. This port is getting BPDUs, it’s also making it's own BPDUs to tell other switches that it preparing to forward frames. The default time in this state is 15 seconds (Forward Delay) | ||
|- | |- | ||
| | | | ||
Line 104: | Line 109: | ||
| | | | ||
|} | |} | ||
[[File:Km1.jpg ]] | |||
''Rapid spanning tree is an enhanced version of STP. It most cases it performs considerably better. RSTP works similar to STP; however, it has only three port states.'' | |||
== '''RSTP Port States''' == | |||
{| {{table}} | |||
| align="center" style="background:#f0f0f0;"|'''Port''' | |||
| align="center" style="background:#f0f0f0;"|'''Description''' | |||
|- | |||
| '''Discarding'''||The port discards frames and is not forwarding traffic to prevent layer 2 loops. | |||
|- | |||
| | |||
|- | |||
| '''Learning'''||Data frames are accepted and new MAC addresses entries are added. | |||
|- | |||
| | |||
|- | |||
| '''Forwarding''' ||The topology of the port determines the topology of STPT the port is able to forward traffic. | |||
|- | |||
| | |||
|} | |||
== '''RSTP Port Roles''' == | |||
{| | |||
| align="center" style="background:#f0f0f0;"|'''Port Role''' | |||
| align="center" style="background:#f0f0f0;"|'''Description''' | |||
|- | |||
| '''Root'''||The port is on nonroot bridges. It is considered to be the best path. The root port is able to send traffic in the direction of the root bridge. This port will add entries to its MAC address table. There is only one root port per bridge. | |||
|- | |||
| | |||
|- | |||
| '''Designated'''||This port is on the root bridge and on the nonroot bridges. All switch ports are designated ports. There can only be one designated port per segment, unless it’s the root bridge where all the ports are designated ports. If there is more than one switch in the segment, an election will be held. | |||
|- | |||
| | |||
|- | |||
| '''Alternate'''||The alternative port is a port that has an alternative path toward the root bridge. The alternative port does the job of the discarding state. The alterative port is on a non-designated switch. The alternative port will take over forwarding traffic if the designated port fails. | |||
|- | |||
| | |||
|- | |||
| '''Backup'''||A backup port is a switch port on a designated switch that is the backup to for the segment for that designated switch. The backup switch will have a higher port ID then the designated port. | |||
|- | |||
| | |||
|- | |||
| '''Disabled'''||This port does not participate in STP. | |||
|- | |||
| | |||
|} | |||
'''This command is used to set the swtich as the root bridge for certain VLANS''' | |||
Kevins-switch1> set spantree root 1,200-204 | |||
VLANs 1,200-204 bridge priority set to 8189. | |||
VLANs 1,200-204 bridge max aging time set to 20. | |||
VLANs 1,200-204 bridge hello time set to 2. | |||
VLANs 1,200-204 bridge forward delay set to 15. | |||
Switch is now the root switch for active VLANs 1,200-204. | |||
Kevins-switch1> | |||
'''Use this command to enable portfast on access ports that do not require forward delay.''' | |||
Kevins-switch1> set spantree portfast 3/1-24 enable | |||
Warning: Spantree port fast start should only be enabled on ports connected | |||
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to | |||
a fast start port can cause temporary spanning-tree loops. Use with caution. | |||
Spantree ports 3/1-24 fast start enabled. | |||
Kevins-switch1> | |||
'''To show spanning tree information specific to a certain VLAN, use this command followed by the VLAN number''' | |||
Kevins-switch1> show spantree 1 | |||
VLAN 1 | |||
spanning-tree enabled | |||
spanning-tree type ieee | |||
Designated Root 00-10-0d-b1-78-00 | |||
'''Use this command on all access ports to prevent rouge switches becoming the root bridge.''' | |||
Kevins-switch1(config)#interface FastEthernet 0/5 | |||
Kevins-switch1(config-if)#spanning-tree bpduguard enable | |||
== '''Trouble Shooting Spanning Tree''' == | |||
'''Unidirectional link failure''' | |||
This can occur when I two-way link becomes a one-way link, similar to a duplex mismatch configuration. The port may able to send BPDUs, but not receive them. Using the “set udld aggressive-mode” command will put the port into err-disable state if this occurs. | |||
'''Frame Corruption''' | |||
While frame corruption isn’t common, it can still be a serious issue. This is usually caused by bad/incorrect cable or a cable that is too long. The BPDUs are not being received the port is put in the incorrect state and a loop may occur. | |||
'''Resource Errors''' | |||
If for any reason the CPU of a switch is over used or not functioning properly, there exists the possibility that it will be unable to send out BPDUs. | |||
'''PortFast-related Errors''' | |||
If a port that is a hub or switch accidently get PortFast enabled on it, a loop will form. This is because the forward delay will not occur. | |||
==''' Flex Links '''== | |||
''Flex links is an alternative to STP. This is achieved by having a backup link or Flex link associated with each other. The Flex links can be on the same switch or another on the stack. When ever one of the pairs is forwarding the other is in standby mode.'' | |||
[[File:Flex.gif]] | |||
''' Flex Links Guidelines ''' | |||
* You can configure only a single Flex Links backup link for any active link. | |||
* A interface can only be part of one pair; so it must me active of standby, if it is a Flex Link | |||
* None of the single links can be part of a EtherChannal pair, but you could configure two port-channels as Flex Links and you can also congigure a port-channel and a physical link as a interface as a Flex Link. | |||
* STP is disabled on Flex Link ports. This is true even if VLANs are present on the port and configured for STP. | |||
Kevins-SW# configure terminal | |||
Kevins-SW(conf)# interface fastethernet0/1 | |||
Kevins-SW(conf-if)# switchport backup interface fastethernet0/2 | |||
Kevins-SW(conf-if)# end | |||
Kevins-SW# show interface switchport backup | |||
Switch Interface Backup Pairs: | |||
Active Interface Backup Interface State | |||
..................................................................... | |||
FastEthernet0/1 FastEthernet0/2 Active Up/Backup Standby |
Latest revision as of 05:10, 2 May 2012
The Spanning Tree Protocol’s purpose is preventing bridging loops and allows a network to quickly recover if the primary path fails. STP was invented by Radia Perlman from the Digital Equipment Corporation.
Spanning-Tree Protocol is a way to have redundant paths and stop loops from having. All Ethernet networks only work well if there is only one path between two points. Having many different paths will cause loops in a network. This is because frames might be duplicated. The Spanning-Tree protocol will define all switches in the network. The algorithm will automatically change the STP topology by activating or inactivating certain paths, so that only one path will be present between two points. The end-devices do not know if they are connected to one network or many networks.
Election of the Root Switch
The switches in the network gather information with the exchange of data messages. These are called bridge protocol data units (BPDUs). There is an election for a root switch on every LAN segment. To stop loops STP puts redundant switches ports into a backup state. The root switch is the place where the STP algorithm runs. All other paths not needed to reach the root switch are put in to backup mode
Root Switch Variables
Variable | Description |
Hello Time | How often a hello is broadcasted to the other switches, so the switch knows the other switches are functioning. |
Maximum Age Timer | Defines how long a bridge or switch should wait after the last received hello message before believing that the network topology has changed. |
Forward Delay Timer | Time the switch has spent learning/listening before it begins forwarding traffic. |
Information a BPDU contains
- MAC addresses
- Switch priority
- Port priority
- Port cost
STP Steps
- Elects a root bridge
- Only one bridge can exist per VLAN
- Designated ports send and receive traffic and configuration trafic called BPDUs
- The switch with the lowest priority will become the root bridge
- Selects the root port for all other switches
- One port on all switches, that are not root bridges
- This port is the lowest cost path to the root bridge.
- If two ports have the same priority, the lowest port number will become the root port.
Port Roles
Port | Description |
Root | The port is on nonroot bridges. It is considered to be the best path. The root port is able to send traffic in the direction of the root bridge. This port will add entries to its MAC address table. There is only one root port per bridge. |
Designated | This port is on the root bridge and on the nonroot bridges. There can only be one designated port per segment, unless it’s the root bridge where all the ports are designated ports. If there is more than one switch in the segment, an election will be held. |
Nondesignated | The nondesignated port is in the blocking state. It will not add new entries to its MAC address table. |
Disabled | The port is shutdown. |
Layer 2 port States
Port | Description |
Blocking | The port is non-designated and does not forward taffic. The BPDU’s that the port gets are used to determine the root bridge. The maximum age of this state is 20 seconds by default (max age). |
Listening | According to the amount of BPDUs spanning tree tells this port it is able to forward traffic. This port is getting BPDUs, it’s also making it's own BPDUs to tell other switches that it preparing to forward frames. The default time in this state is 15 seconds (Forward Delay) |
Learning | The port is getting ready to participate in forwarding traffic. It begins to populate the CAM, or MAC address table. The default time for this state is 15 seconds. (Forward delay). |
Forwarding | The port is forwarding traffic and sending and receiving BPDUs |
Disabled | The port does not forward traffic or is part of STP. |
Rapid spanning tree is an enhanced version of STP. It most cases it performs considerably better. RSTP works similar to STP; however, it has only three port states.
RSTP Port States
Port | Description |
Discarding | The port discards frames and is not forwarding traffic to prevent layer 2 loops. |
Learning | Data frames are accepted and new MAC addresses entries are added. |
Forwarding | The topology of the port determines the topology of STPT the port is able to forward traffic. |
RSTP Port Roles
Port Role | Description |
Root | The port is on nonroot bridges. It is considered to be the best path. The root port is able to send traffic in the direction of the root bridge. This port will add entries to its MAC address table. There is only one root port per bridge. |
Designated | This port is on the root bridge and on the nonroot bridges. All switch ports are designated ports. There can only be one designated port per segment, unless it’s the root bridge where all the ports are designated ports. If there is more than one switch in the segment, an election will be held. |
Alternate | The alternative port is a port that has an alternative path toward the root bridge. The alternative port does the job of the discarding state. The alterative port is on a non-designated switch. The alternative port will take over forwarding traffic if the designated port fails. |
Backup | A backup port is a switch port on a designated switch that is the backup to for the segment for that designated switch. The backup switch will have a higher port ID then the designated port. |
Disabled | This port does not participate in STP. |
This command is used to set the swtich as the root bridge for certain VLANS
Kevins-switch1> set spantree root 1,200-204 VLANs 1,200-204 bridge priority set to 8189. VLANs 1,200-204 bridge max aging time set to 20. VLANs 1,200-204 bridge hello time set to 2. VLANs 1,200-204 bridge forward delay set to 15. Switch is now the root switch for active VLANs 1,200-204. Kevins-switch1>
Use this command to enable portfast on access ports that do not require forward delay.
Kevins-switch1> set spantree portfast 3/1-24 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning-tree loops. Use with caution. Spantree ports 3/1-24 fast start enabled. Kevins-switch1>
To show spanning tree information specific to a certain VLAN, use this command followed by the VLAN number
Kevins-switch1> show spantree 1 VLAN 1 spanning-tree enabled spanning-tree type ieee Designated Root 00-10-0d-b1-78-00
Use this command on all access ports to prevent rouge switches becoming the root bridge.
Kevins-switch1(config)#interface FastEthernet 0/5 Kevins-switch1(config-if)#spanning-tree bpduguard enable
Trouble Shooting Spanning Tree
Unidirectional link failure This can occur when I two-way link becomes a one-way link, similar to a duplex mismatch configuration. The port may able to send BPDUs, but not receive them. Using the “set udld aggressive-mode” command will put the port into err-disable state if this occurs.
Frame Corruption While frame corruption isn’t common, it can still be a serious issue. This is usually caused by bad/incorrect cable or a cable that is too long. The BPDUs are not being received the port is put in the incorrect state and a loop may occur.
Resource Errors If for any reason the CPU of a switch is over used or not functioning properly, there exists the possibility that it will be unable to send out BPDUs.
PortFast-related Errors If a port that is a hub or switch accidently get PortFast enabled on it, a loop will form. This is because the forward delay will not occur.
Flex Links
Flex links is an alternative to STP. This is achieved by having a backup link or Flex link associated with each other. The Flex links can be on the same switch or another on the stack. When ever one of the pairs is forwarding the other is in standby mode.
Flex Links Guidelines
- You can configure only a single Flex Links backup link for any active link.
- A interface can only be part of one pair; so it must me active of standby, if it is a Flex Link
- None of the single links can be part of a EtherChannal pair, but you could configure two port-channels as Flex Links and you can also congigure a port-channel and a physical link as a interface as a Flex Link.
- STP is disabled on Flex Link ports. This is true even if VLANs are present on the port and configured for STP.
Kevins-SW# configure terminal Kevins-SW(conf)# interface fastethernet0/1 Kevins-SW(conf-if)# switchport backup interface fastethernet0/2 Kevins-SW(conf-if)# end Kevins-SW# show interface switchport backup Switch Interface Backup Pairs: Active Interface Backup Interface State ..................................................................... FastEthernet0/1 FastEthernet0/2 Active Up/Backup Standby