Aut inveniam viam aut faciam

v5 Written and Lab: Optional Spanning-Tree Features Notes

v5 Written:
2.1.f Implement and troubleshoot spanning-tree
2.1.f [i] PVST+ / RPVST+ / MST
2.1.f [ii] Switch priority, port priority, path cost, STP timers
2.1.f [iii] port fast, BPDUguard, BPDUfilter
2.1.f [iv] loopguard, rootguard

v5 Lab:
1.1.f Implement and troubleshoot spanning-tree
1.1.f [i] PVST+ / RPVST+ / MST
1.1.f [ii] switch priority, port priority, path cost, STP timers
1.1.f [iii] port fast, BPDUguard, BPDUfilter
1.1.f [iv] loopguard, rootguard

Documentation:

Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 22, Configuring Optional Spanning-Tree Features, pgs 22-1 to 22-19

Books:

CCIE Routing and Switching Exam Certification Guide 4th Ed; Chapter

INE:

Port Fast
– immediately brings an interface configured as an access or trunk port to the forwarding

state
– bypasses the listening and learning states
– interfaces should not receive BPDUs

conf t
int fa0/1
spanning-tree portfast

conf t
int fa0/1
spanning-tree portfast trunk

conf t
spanning-tree portfast default

show spanning-tree int fa0/1 portfast

BPDU Guard
– shuts down ports that are in the Port Fast operational state when BPDUs are received
– port is placed in an err-disabled state
– can be configured to shutdown the the VLAN configured on the port instead of the port
– when configured globally, only affects ports in the Port Fast operational state
– can be configured on the interface without enabling Port Fast

conf t
spanning-tree portfast bpduguard default
int fa0/1
spanning-tree portfast

conf t
int fa0/1
spanning-tree bpduguard enable

conf t
errdisable detect cause bpduguard shutdown vlan

BPDU Filter
– prevents interfaces that are in a Port Fast operational state from sending or receiving

BPDUs
– if a BPDU is received, the interface loses its Port Fast operational state and BPDU

filtering is disabled
– when configured globally, only affects ports in the Port Fast operational state
– can be configured on the interface without enabling Port Fast
– enabling BPDU filtering on an interface is the same as disabling spanning tree and can

result in spanning tree loops

conf t
spanning-tree portfast bpdufilter default
int fa0/1
spanning-tree portfast

conf t
int fa0/1
spanning-tree bpdufilter enable

Uplink Fast
– accelerates the choice of a new root port when a link or switch fails or when spanning

tree reconfigures
– the root port transitions to the forwarding state immediately
– does not go through the listening or learning state
– when spanning tree reconfigures the new root port, the other interfaces flood the

network with multicast packets
– the multicast packets include each address learned on the interface
– the multicast traffic can be reduced by reducing the max-update-rate parameter
– Uplink Fast is most useful at the access layer or the edge or the network
– Uplink Fast is not appropriate for backbone devices

conf t
spanning-tree uplinkfast

conf t
spanning-tree uplinkfast max-update-rate

show spanning-tree summary

Backbone Fast
– detects indirect failures in the core of the backbone
– complementary technology to the Uplink Fast feature
– optimizes the maximum-age timer, which controls the amount of time the switch stores

protocol information received on the interface

conf t
spanning-tree backbonefast

show spanning-tree summary

EtherChannel Guard
– detects and EtherChannel misconfiguration between the switch and the connected device
– places the interface in the error-disabled state

conf t
spanning-tree etherchannel guard misconfig

show spanning-tree summary
show interfaces status err-disabled
show etherchannel summary

Root Guard
– configured on switches that are not supposed to be the root switch
– if spanning tree calculations select the switch as the root switch, root guard places

the interface in the root-inconsistent (blocked) state, which prevents the switch from

becoming the root switch or being in the path to the root

conf t
int fa0/1
spanning-tree guard root

Loop Guard
– prevents alternate or root ports from becoming designated ports because of a failure

that leads to a unidirectional link
– the feature is most effective when it is enable on the entire switching network
– prevents alternate and root ports from becoming designated ports
– BPDUs are not sent on alternate or root ports
– in MST mode, BPDUs are not sent on nonboundary ports only if the interface is blocked by

loop guard in all MST instances
– on a boundary port, loop guard blocks the interface in all MST instances

conf t
spanning-tree loopguard default

show spanning-tree active
show spanning-tree mst

Default Optional Spanning-Tree configuration
– Port Fast: globally disabled
– BPDU filtering: globally disabled
– BPDU guard: globally disabled
– Uplink Fast: globally disabled
– Backbone Fast: globally disabled
– EtherChannel Guard: globally ENABLED
– Root Guard: disabled on all interfaces
– Loop Guard: disabled on all interfaces

show spanning-tree active
show spanning-tree detail
show spanning-tree interface fa0/1
show spanning-tree mst interface fa0/1
show spanning-tree summary
show spanning-tree summary totals

Comments are closed.

This entry was posted on Wednesday, June 25th, 2014 at 2:23 pm and is filed under CCIE. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.