<Jeremy's IT Lab> Day 21: STP (Part 2)

 

STP Status:

• Blocking: (Non- designated port)
• Listening: 15 sec by default (can be changed by Forward Delay Timer), (Root/ Designated Port)
• Learning: 15 sec by default (can be changed by Forward Delay Timer), (Root/ Designated Port)
• Forwarding: (Root/ Designated Port)
• Disabled: all X

STP Port State	Send/ Receive BPDUs	Frame forwarding (reg traffic)	MAC Address learning	Stable/Transitional
Blocking	NO/ YES	NO	NO	Stable
Listening	YES/ YES	NO	NO	Transitional
Learning	YES/ YES	NO	YES	Transitional
Forwarding	YES/ YES	YES	YES	Stable
Disabled	NO/ NO	NO	NO	Stable

 

STP Timers:

• Hello: every 2 sec Root Bridge sends
• Forward Delay: 15 sec in each listening/learning process
• Max Age: 20 sec(10* hello), if root port doesn't receive BPDU in 20 sec, change STP topology, time takes 50 sec blocking to forwarding state(20 sec no hello,  (choose backup port), 15 sec listening, 15 sec learning)

STP optional features:

• Portfast: allows port to move immediately. (only access port connected to end hosts)
• BPDU Guard: receive BPDU from another switch, int shutdown to prevent loop from forming (accidentally config switch in edge ports), if cmd default, effects on all portfast-enabled ports
• BPDU Filter: Stops port from sending BPDUs or processing received BPDU
• (optional) Root Guard: not accept new switch as a root bridge
• (optional) Loop Guard: stop receive BPDU, turns to disabled state

 

- BPDU Guard:

-> protects from unauthorized switches being connected (by error-disabled)

-> re-enabled when err-disabled occured:

  (1) Manual: shutdown then no shutdown

  (2) Automatic: ErrDisable Recovery OR errdisable recovery cause bpdugurad

 

- BPDU Filter:

-> prevents port from sending BPDUs

-> 2 Method of config:

  (1) Per-port(interface): spanning-tree bpdufilter enable , ignore any BPDUs receives (out of STP parmanently)

  (2) Default(global): spanning-tree portfast [edge] bpdufilter default (prefer), once receive BPDU, filter disabled and operates as a normal STP port(send BPDU again) -> will detected error by BPDU Guard afterwards

 

- Root Guard: 

-> Optimal traffic flow(minimize latency, congestion), Stability and reliability

-> prevent superior BPDUs(lowest root ID) from switches outside of your control

-> If receive superior, it becomes Broken (BLN)/ Root inconsistent (ROOT_Inc)

-> Stop receiving superior, it will automatically recover

 

-Loop Guard:

-> Loop Guard protects against unexpected loss of BPDUs. (SW bug, HW issue)

-> unidirectional link is transmission occurs in only one direction

-> Works only with Point-to-Point links

 

** loop guard and root guard are mutually exclusive

 

* Modern NW set rapid-PVST by default

* STP Port ID = Port priority (default 128, 0x80...)+ port number

 

STP Configuring:

- Config Primary Root brige

//SW3(confg)#spanning-tree vlan 1 root primary

## set current switch as a root brige (set priority number as the lowest)

- Config Secondary

//SW2(confg)#spanning-tree vlan 2 secondary

->STP Load-Balancing: set different Root Bridge for different VLAN

 

//CLI

//Portfast

SW1(config)#interface g0/2

SW1(config-if)#spanning-tree portfast (edge)

##set portfast if port access port

SW1(config)# spanning-tree portfast (edge) default

##set portfast for all access port

SW1#show spanning-tree interface g0/1 detail

## edge/ network

SW1(config-if)#spanning-tree portfast disable --> not use edge keyword

## unable port

SW1(config-if)#spanning-tree portfast  (edge) trunk

##only configured per-port in interface config mode(e.g. server connecting)

 

 

//BPDU Guard

SW1(config)#interface g0/2

SW1(config-if)#spanning-tree bpduguard enable

##set bpdu guard

SW1(config)#spanning-tree portfast bpduguard default

##set bpdu guard on all portfast-enabled interfaces

SW1(config-if)#spanning-tree bpduguard disable

 

//Root Guard

SW1(config)#spanning-tree guard root

##enable root guard

 

//Loop Guard

SW1(config-if)#spanning-tree guard loop

SW1(config)#spanning-tree loopguard default

SW1(config-if)#spanning-tree guard non

##disable function