v5 Written and Lab: Spanning-Tree Protocol Notes
v5 Written:
2.1.f Implement and troubleshoot spanning-tree
2.1.f [i] PVST+ / RPVST+ / MST
2.1.f [ii] Switch priority, port priority, path cost, STP timers
2.1.f [iii] port fast, BPDUguard, BPDUfilter
2.1.f [iv] loopguard, rootguard
v5 Lab:
1.1.f Implement and troubleshoot spanning-tree
1.1.f [i] PVST+ / RPVST+ / MST
1.1.f [ii] switch priority, port priority, path cost, STP timers
1.1.f [iii] port fast, BPDUguard, BPDUfilter
1.1.f [iv] loopguard, rootguard
Documentation:
Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 20 COnfiguing STP, pgs. 21-1 to 20-24
Books:
CCIE Routing and Switching Exam Certification Guide 4th Ed; Chapter 3: Spanning Tree
Protocol, pgs. 63 – 103
Cisco LAN Switching; Chapter 6: Understanding Spanning Tree, pgs. 153 – 200
Cisco LAN Switching; Chapter 7: Advanced Spanning Tree, pgs. 201 – 290
INE:
Spanning-Tree Protocol (STP
– per-VLAN spanning-tree plus (PVST+), IEEE 802.1D
– rapid per-VLAN spanning-tree plus (rapid-PVST+), IEEE 802.1w
– Multiple Spanning Tree Protocol (MSTP)
– Layer 2 link management protocol that provides path redundancy while preventing loops in
the network
– for a Layer 2 Ethernet network to function, only one active path can exist between any
two stations
– multiple active paths cause loops in the network
– uses the spanning-tree algorithm to select one switch as the root of the spanning-tree
Port roles
– root
– designated
– alternate
– backup
Root port
– forwarding port
Designated port
– forwarding port elected for every switched LAN segment
– the switch that has all ports as designated ports is the root switch
Alternate port
– blocked port providing an alternate path to the root bridge
Backup port
– blocked port in a loopback configuration
STP forces redundant data paths into a standby (blocked) state
– if a network segment fails and a redundant path exists, the spanning-tree algorithm
recalculates the spanning-tree topology and activates the standby path
Bridge Protocol Data Units (BPDU)
– unique bridge ID of the root switch
– spanning-tree path cost to the root
– bridge ID of the sending switch
– message age
– identifier of the sending interface
– values for the hello, forward delay, and max-age protocol timers
When two ports on a switch are part of a loop, the spanning-tree port priority and path
cost settings control which port is put in forwarding state and which port is put in the
blocking state
– the path cost value represents the media speed
By default, the switch sends keepalive messages (to detect loopback conditions) only on
interfaces that do not have SFP modules
The spanning-tree topology is controlled by:
– unique bridge ID (switch priority and MAC address) associated with each VLAN
– spanning-tree path cost to the root switch
– the port identifier (port priority and MAC address) associated with each Layer 2
interface
If a switch receives a configuration BPDU that contains superior information (lower bridge
ID, lower path cost, etc) it stores the information for that port
– if the BPDU was received on the root port, it is forwarded to every designated port
If a switch receives a configuration BPDU that contains inferior information, the BPDU is
discarded
A BPDU exchange results in:
– one switch elected as the root switch (the logical center of the spanning-tree topology)
– a root port is selected for each switch (except the root switch)
– the shortest distance to the root switch is calculated for each switch
– a designated switch for each LAN segment is selected
Each switch has a unique bridge ID
– 2 most-significant bytes are used for the switch priority
– the remaining 6 bytes are derived from the switch MAC address
Cisco switches support the IEEE 802.1t spanning-tree extensions
Spanning-tree interface states:
– blocking: the interface does not participate in frame forwarding
– listening: the first transition state after blocking
– learning: the interface prepares to participate in frame forwarding
– forwarding: the interface forwards frames
– disabled: the interface does not participate in spanning-tree
The default switch priority is 32768
When the spanning-tree topology is calculated based on default parameters, the path between
source and destination end stations in a switched network might not be ideal
IEEE 802.1D specifies 17 multicast addresses to be used by different dridbe protcols
– 0x00180C2000000 trhough 0x00180C2000010
– these are static addresses that cannot be removed
– regardless of the spanning-tree state, each switch in the stack receives but does not
forward packets destined for the addresses between 0x180C2000000 and 0x00180C200000F
– if spanning-tree is disabled, the switch forwards these packets as unknown multicast
addresses
PVST+
– IEEE 802.1D
– runs an spanning-tree instance for each VLAN
– uses an aging-timer
– limited to 128 spanning-tree instances
rapid-PVST+
– IEEE 802.1w
– to provide rapid convergence, all dynamically learned MAC address entries are deleted
when a topology change is received
– limited to 128 spanning-tree instances
MSTP
– IEEE 802.1s
– can map multiple VLANs to the same spanning-tree instance
– runs on top of rapid-PVST+
– limited to 65 MST instances
– the number of VLANs that can be mapped to an MST instance is unlimited
Cisco VLAN-bridge spanning-tree is used with the fallback bridging feature (bridge groups),
which forwards non-IP protocols such as DECnet between two or more VLAN bridge domains or
routed ports
– See Chp 51, Configuring Fallback Bridging
Default Spanning-Tree configuration:
– enable state: enabled on VLAN 1
– spanning-tree mode: PVST+
– switch priority: 32768
– spanning-tree port priority: 128
– spanning-tree path cost: 1000Mb/s – 4, 100Mb/s – 19, 10 Mb/s – 100
– spanning-tree VLAN port priority: 128
– spanning-tree VLAN path cost: 1000Mb/s – 4, 100Mb/s – 19, 10 Mb/s – 100
– spanning-tree timers:
– hello time: 2 seconds
– forward-delay: 15 seconds
– maximum-aging time: 20 seconds
– transmit hold count: 6 BPDUs
Switches that are not running spanning-tree still forward BPDUs that they receive so that
the other switches on the VLAN that have a running spanning-tree instance can break loops
– spanning-tree must be running on enough switches to break all of the loops in the
network
conf t
spanning-tree mode { pvst | mst | rapid-pvst }
int fa0/1
spanning-tree link-type point-to-point
clear spanning-tree detected-protocols
show spanning-tree summary
show spanning-tree interface fa0/1
show spanning-tree vlan 1
show spanning-tree detail
spanning-tree vlan root primary
– sets the switch priority to 24576
If the network contains switches that both support and do not support the extended system
ID, it is unlikely that a switch with the extended system ID will become the root switch
The root switch should be a backbone or distribution switch
– do not configure an access switch as the spanning-tree primary root
Use the diameter keyword to specify the Layer 2 network diameter
– the maximum number of switch hops between any two end stations
– the switch changes the hello time, forward-delay time, and maximum-age timer
– can significantly reduce convergence time
conf t
spanning-tree vlan root primary [ diameter < 2 – 7 > [ hello-time 1 – 10 ] ]
show spanning-tree detail
A switch configured as a secondary root sets the switch priority to 28672
conf t
spanning-tree vlan root secondary [ diameter < 2 – 7 > [ hello-time 1 – 10 ] ]
show spanning-tree detail
If a loop occurs, spanning tree uses the port priority when selecting an interface to put
into forwarding state
– higher priority values (lower numerical values)
– if all interfaces have the same priority, spanning tree puts the interface with the
lowest interface number in the forwarding state and blocks all other interfaces
– range from 0 to 240, in increments of 16
– default priority is 128
– 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240
conf t
int fa0/1
spanning-tree port-priority
conf t
int fa0/1
spanning-tree vlan port-priority
show spanning-tree interface fa0/1
show spanning-tree vlan
The spanning-tree cost default value is derived from the media speed of an interface
– a lower path cost represents higher-speed transmission
conf t
int fa0/1
spanning-tree cost
conf t
int fa0/1
spanning-tree vlan cost
show spanning-tree interface fa0/1
show spanning-tree vlan
When configuring switch priority, it is recommended that the following commands are used
– spanning-tree vlan root primary
– spanning-tree vlan root secondary
– priority range is 0 to 61440, in increments of 4096
– 4096, 8297, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248,
57344, 61440
conf t
int fa0/1
spanning-tree vlan priority
show spanning-tree vlan
Hello timer
– controls how often the switch broadcasts hello messages
– range is 1 to 10 seconds
– default is 2 seconds
Forward-delay timer
– controls how long each of the listening and learning states last before the interface
begins forwarding
– range is 4 to 30 seconds
– default is 15 seconds
Maximum-age timer
– controls the amount of time the switch stores protocol information received on an
interface
– range is 6 to 40 seconds
– default is 20 seconds
conf t
spanning-tree vlan hello-time
conf t
spanning-tree vlan forward-delay
conf t
spanning-tree vlan max-age
show spanning-tree vlan
Changing transmit to a higher value can have a significant impact on CPU utilization
– especially in rapid-PVST+
– lowering the value can slow down convergence in certain scenarios
– range is 1 to 20
– default is 6
conf t
spanning-tree transmit hold-count
show spanning-tree detail
show spanning-tree active
show spanning-tree detail
show spanning-tree interface fa0/1
show spanning-tree summary
show spanning-tree summary totals
