Assume that STP is in convergence state. What happens if I take a cable and connect switch H directly to root switch A? Root Bridge "sees" that it has a new enabled port and sends a BPDU over it.
Switch H, having received this frame with zero cost, will determine the cost of the route through the new port as 0 + 19 = 19, despite the fact that the cost of its root port is 76. After that, the port of switch H, which was previously in the disabled state, will go through all the transition stages and will switch to transmission mode only after 50 seconds. If other devices are connected to this switch, then all of them will lose connection with the root switch and the network as a whole for 50 seconds.
Switch G does the same, receiving a BPDU frame from switch H with a cost notification of 19. It changes the cost of its assigned port to 19+19= 38 and reassigns it as the new root port, because the cost of its previous Root Port is 57, which greater than 38. At the same time, all stages of port redirection lasting 50 seconds begin again, and, ultimately, the entire network collapses.
Now let's look at what would happen in a similar situation when using RSTP. The root switch will send a BPDU to the H switch that connected to it in the same way, but immediately after that it will block its port. Upon receiving this frame, switch H will determine that this route has a lower cost than its root port, and will immediately block it. After that, H will send a Proposal to the root switch with a request to open a new port, because its cost is less than the cost of the already existing root port. After the root switch agrees with the request, it unblocks its port and sends the Agreement to switch H, after which the latter will make the new port its root port.
At the same time, thanks to the Proposal / Agreement mechanism, the reassignment of the root port will occur almost instantly, and all devices connected to switch H will not lose connection with the network.
By assigning a new Root Port, switch H will turn the old root port into an alternate port. The same will happen with switch G - it will exchange Proposal / Agreement messages with switch H, assign a new root port and block other ports. Then the process will continue in the next network segment with switch F.
Switch F, having analyzed the costs, will see that the route to the root switch through the lower port will cost 57, while the existing route through the upper port costs 38, and will leave everything as it is. Upon learning of this, switch G will block the port facing F and will forward traffic to the root switch along the new GHA route.
Until switch F receives a Proposal/Agreement from switch G, it will keep its bottom port blocked to prevent loops. So you can see that RSTP is a very fast protocol that doesn't create the problems that STP has on the network.
Now let's move on to the commands. You need to enter the global switch configuration mode and select the PVST or RPVST mode using the spanning-tree mode command . Then you need to decide how to change the priority of a particular VLAN. To do this, use the command spanning-tree vlan <VLAN number> priority <value>. From the last video tutorial, you should remember that the priority is a multiple of 4096 and by default this number is 32768 plus the VLAN number. If you have selected VLAN1, then the default priority will be 32768+1= 32769.
Why might you need to change the priority of networks? We know that BID consists of a numerical priority value and a MAC address. The MAC address of the device cannot be changed, it has a constant value, so only the priority value can be changed.
Let's assume that there is a large network where all Cisco devices are connected in a circular pattern. In this case, PVST is activated by default, so the system will select the root switch. If all devices have the same priority, then the switch with the oldest MAC address will take precedence. However, it could be a 10-12 year old legacy switch that doesn't even have the power and performance to "lead" such an extensive network.
At the same time, you may have a newest switch in the network for several thousand dollars, which, due to the higher value of the MAC address, is forced to “submit” to the old switch that costs a couple of hundred dollars. If the old switch becomes the root switch, this indicates a serious network design error.
Therefore, you must go into the settings of the new switch and assign it a minimum priority value, for example, 0. When using VLAN1, the total priority value will be 0 + 1 = 1, and all other devices will always consider it the root switch.
Now imagine such a situation. If the root switch becomes unavailable for some reason, you may want the new root switch to be not just any low priority switch, but a specific switch with better networking features. In this case, the Root Bridge settings use a command that assigns the primary and secondary root switches: spanning-tree vlan <VLAN network number> root <primary/secondary>. The priority value for the Primary switch will be 32768 - 4096 - 4096 = 24576. For the Secondary switch, it is calculated by the formula 32768 - 4096 = 28672.
You do not need to enter these numbers manually - the system will do this for you automatically. Thus, the switch with priority 24576 will be the root switch, and if it is unavailable, the switch with priority 28672, while the priority of all other switches by default is at least 32768. This should be done if you do not want the system to automatically assign the root switch.
If you want to see the STP protocol settings, you must use the show spanning-tree summary command. Let's now take a look at all the topics covered today using Packet Tracer. I'm using a 4 2690-switch network topology, it doesn't matter as all Cisco switch models support STP. They are connected to each other so that the network forms a vicious circle.
By default, Cisco devices operate in PSTV+ mode, which means that each port will need no more than 20 seconds to converge. The simulation panel allows you to depict the sending of traffic and view the parameters of the created network.
You can see what an STP BPDU frame is. If you see version 0, then you have STP, because version 2 is used for RSTP. It also shows the Root ID value, which consists of the priority and MAC address of the root switch, and the Bridge ID value equal to it.
These values are equal, since the cost of the route to the root switch for SW0 is 0, therefore, it is the root switch itself. Thus, after switching on the switches, thanks to the use of STP, the Root Bridge was automatically selected and the network started working. You can see that to prevent a loop, the upper port Fa0 / 2 of switch SW2 was set to the Blocking state, but what the orange color of the marker indicates.
Let's go to the SW0 switch settings console and use a couple of commands. The first is the show spanning-tree command, after entering which we will be shown information about the PSTV + mode for VLAN1 on the screen. If we use several VLANs, another block of information will appear at the bottom of the window for the second and subsequent networks used.
You can see that the STP protocol is available under the IEEE standard, which means using PVSTP+. Technically, this is not a .1d standard. It also shows the Root ID information: priority 32769, MAC address of the root device, cost 19, etc. This is followed by the Bridge ID information, which decodes the priority value 32768 +1, and is followed by another MAC address. As you can see, I was mistaken - the SW0 switch is not a root switch, the root switch has a different MAC address given in the Root ID parameters. I think this is due to the fact that SW0 received a BPDU frame with information that some switch on the network has good reason to play the role of root. Now we will consider this.
(translator's note: Root ID is the identifier of the root switch, the same for all devices of the same VLAN operating under the STP protocol, Bridge ID is the identifier of the local switch as part of the Root Bridge, which can be different for different switches and different VLANs).
Another circumstance that indicates that SW0 is not a root switch is that the root switch does not have a Root Port, and in this case there is both a Root Port and a Designated Port that are in the forwarding state. You also see the connection type p2p, or point-to-point. This means that ports fa0/1 and fa0/2 are directly connected to neighboring switches.
If some port were connected to a hub, the connection type would be designated as shared, we will look at this later. If I enter the show spanning-tree summary command to view the summary information, we will see that this switch is in PVSTP mode, followed by a listing of unavailable port functions.
The following shows the status and number of ports serving VLAN1: blocking 0, listening 0, learning 0, there are 2 ports in the forwarding state in STP mode.
Before moving on to switch SW2, let's look at the settings of switch SW1. To do this, we use the same show spanning-tree command.
You can see that the MAC address of the Root ID of switch SW1 is the same as that of SW0, because all devices on the network receive the same address of the Root Bridge device when they converge, since they trust the choice made by the STP protocol. As you can see, SW1 is the root switch, because the Root ID and Bridge ID addresses are the same. In addition, there is a message "this switch is root".
Another sign of a root switch is that it does not have Root ports, both ports are designated as Designated. If all ports are shown as Designated and are in the forwarding state, then you have a root switch.
Switch SW3 contains similar information, and now I am switching to SW2 because one of its ports is in the Blocking state. I use the show spanning-tree command and we see that the Root ID information and priority value are the same as the rest of the switches.
It is further indicated that one of the ports is Alternative. Don't be confused, the 802.1d standard calls it Blocking Port, and in PVSTP a blocked port is always referred to as Alternative. So, this alternative Fa0/2 port is in a blocked state, and the Fa0/1 port acts as the Root Port.
The blocked port is located in the network segment between switch SW0 and switch SW2, so we do not form a loop. As you can see, the switches use a p2p connection because no other devices are connected to them.
We have a network that converges over the STP protocol. Now I will take the cable and directly connect the switch SW2 to the horse switch SW1. After that, all SW2 ports will be indicated by orange markers.
If we use the show spanning-tree summary command, we will see that at first the two ports are in the Listening state, then they go into the Learning state, and after a few seconds into the Forwarding state, while the marker color changes to green. If you now issue the show spanning-tree command, you can see that Fa0/1, which used to be the Root port, has now entered the blocking state and has become known as the Alternative port.
The Fa0/3 port, to which the root switch cable is connected, has become the Root port, and the Fa0/2 port has become the designated Designated port. Let's take another look at the ongoing process of convergence. I will disconnect the SW2-SW1 cable and return to the previous topology. You can see that the SW2 ports first block and turn orange again, then sequentially go through the Listening and Learning states and end up in the Forwarding state. In this case, one port turns green, and the second, connected to the SW0 switch, remains orange. The convergence process took quite a long time, such are the costs of the STP work.
Now let's take a look at how RSTP works. Let's start with the SW2 switch and enter the spanning-tree mode rapid-pvst command in its settings. This command has only two parameter options: pvst and rapid-pvst, I use the second one. After entering the command, the switch switches to RPVST mode, you can check this with the show spanning-tree command.
At the beginning, you see a message stating that we now have the RSTP protocol working. Everything else remained unchanged. Then I have to do the same for all other devices, and this completes the RSTP setup. Let's look at how this protocol works the way we did for STP.
I again cable the switch SW2 directly to the root switch SW1 - let's see how fast the convergence occurs. I type the show spanning-tree summary command and see that two switch ports are in the Blocking state, 1 is in the Forwarding state.
You can see that the convergence happened almost instantly, so you can see how much faster RSTP is than STP. Next, we can use the spanning-tree portfast default command, which will put all ports on the switch into portfast mode by default. This is relevant if most of the switch ports are Edge ports directly connected to hosts. If we have some non-Edge port, we set it back to spanning-tree mode.
To configure work with VLAN, you can use the spanning-tree vlan <number> command with the priority parameters (sets the switch priority for spanning-tree) or root (sets the switch as root). We use the spanning-tree vlan 1 priority command, specifying any multiple of 4096 in the range from 0 to 61440 as the priority. In this way, you can manually change the priority of any VLAN.
You can issue the spanning-tree vlan 1 root command with either primary or secondary options to configure the primary or backup root port for a particular network. If I use spanning-tree vlan 1 root primary, this port will be the primary root port for VLAN1.
I will enter the show spanning-tree command, and we will see that this switch SW2 has a priority of 24577, the MAC addresses of the Root ID and Bridge ID are the same, which means that now it has become the root switch.
You can see how fast the convergence and switch roles happened. Now I will cancel the main switch mode with the no spanning-tree vlan 1 root primary command, after which its priority will return to the previous value of 32769, and the role of the root switch will again go to SW1.
Let's see how portfast works. I will enter the command int f0 / 1, go to the settings for this port and use the spanning-tree command, after which the system will prompt the parameter values.
Next, I use the spanning-tree portfast command, which can be entered with the options disable (disables portfast for this port) or trunk (enables portfast for this port, even in trunk mode).
If you enter spanning-tree portfast, then the function will simply turn on on this port. The spanning-tree bpduguard enable command must be used to enable the BPDU Guard feature, the spanning-tree bpduguard disable command disables this feature.
I will quickly tell you one more thing. If for VLAN1 the interface of switch SW2 in the direction of SW3 is blocked, then with other settings for another VLAN, for example, VLAN2, the same interface can become the root port. Thus, the system can implement a traffic load balancing mechanism - in one case, this network segment is not used, in the other, it is used.
I will show what happens when we have a shared interface when we connect a hub. I will add a hub to the diagram and connect it to the SW2 switch with two cables.
The show spanning-tree command will display the following picture.
Fa0/5 (lower left port of the switch) becomes the backup port, and port Fa0/4 (lower right port of the switch) becomes the assigned designated port. The type of both ports is common, or shared. This means that the hub-switch interface segment is a shared network.
Thanks to the use of RSTP, we got a separation into alternative and backup ports. If we switch the SW2 switch to pvst mode with the spanning-tree mode pvst command, we will see that the Fa0 / 5 interface has switched to the Alternative state again, because now there is no difference between the backup port and the alternative port.
It was a very long lesson, and if you do not understand something, I advise you to review it again.
Thank you for staying with us. Do you like our articles? Want to see more interesting content? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of entry-level servers, which was invented by us for you: (available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper? Only here in the Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $99! Read about
Source: habr.com