Nexus 1 06 STP Ba

Nexus Technology Labs Classical Ethernet Switching
STP Bridge Assurance

Last updated: April 11, 2013
Task
Configure the links between N7K1, N7K2, N5K1, and N5K2 as port channels and 802.1q trunk links as follows: Use Port-Channel 1 on the F ports between N7K1 and N7K2. Use Port-Channel 2 between N7K1 and N5K1. Use Port-Channel 3 between N7K1 and N5K2. Use Port-Channel 4 between N7K2 and N5K1. Use Port-Channel 5 between N7K2 and N5K2. Use Port-Channel 6 between N5K1 and N5K2. Disable all other ports. Create VLANs 10, 20, 30, 40, 50, and 60 on N7K1 and N7K2. Create VLANs 10, 20, and 30 on N5K1. Create VLANs 40, 50, and 60 on N5K2. Configure N7K1 as the STP root bridge for all VLANs. Configure all trunk links as STP port type network.
Configuration
N 5 K 1 : f e a t u r el a c p ! v l a n1 0 , 2 0 , 3 0 ! i n t e r f a c eE t h e r n e t 1 / 3-5 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p6m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 1 / 6-7 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k
FEEDBACK
c h a n n e l g r o u p2m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 1 / 8-9 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p3m o d ea c t i v e N 5 K 2 : f e a t u r el a c p ! v l a n4 0 , 5 0 , 6 0 ! i n t e r f a c eE t h e r n e t 1 / 3-5 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p6m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 1 / 6-7 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p5m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 1 / 8-9 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p3m o d ea c t i v e N 7 K 1 : f e a t u r el a c p ! v l a n1 0 , 2 0 , 3 0 , 4 0 , 5 0 , 6 0 ! s p a n n i n g t r e ev l a n1 0 , 2 0 , 3 0 , 4 0 , 5 0 , 6 0p r i o r i t y4 0 9 6 ! i n t e r f a c eE t h e r n e t 2 / 1-2 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p1m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 2 / 3-4 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p2m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 2 / 5-6 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p3m o d ea c t i v e N 7 K 2 :
f e a t u r el a c p ! v l a n1 0 , 2 0 , 3 0 , 4 0 , 5 0 , 6 0 ! i n t e r f a c eE t h e r n e t 2 / 1-2 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p1m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 2 / 3-4 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p5m o d ea c t i v e ! i n t e r f a c eE t h e r n e t 2 / 5-6 s w i t c h p o r tm o d et r u n k s p a n n i n g t r e ep o r tt y p en e t w o r k c h a n n e l g r o u p4m o d ea c t i v e
Verification
Spanning-tree Bridge Assurance is an STP enhancement to help prevent against unidirectional links, and to also automatically prune unneeded VLANs from trunk links. Like STP Loopguard or UDLD, STP Bridge Assurance uses a keepalive, the STP BPDU in this case, to make sure that both ends of the link can both send and receive packets. Unlike UDLD, though, this keepalive is on a per-VLAN basis (or per-STP instance basis in the case of MST). The advantage of using this feature is that it not only prevents against unidirectional links, but has a behavior similar to VTP pruning, which means that you do not need to manually edit the trunking allowed list to remove unneeded VLANs off trunks. Bridge Assurance is configured by setting the spanning-tree port-type network at the link level. In the below output on N7K1, we see that VLAN 10 is not forwarding toward N5K2 on PortChannel 3, and that VLAN 40 is not forwarding toward N5K1 on Port-Channel 2. Note that in addition to the port being in the blocking state, it is denoted as Bridge Assurance Inconsistent. This essentially means that when N7K1 sent a BPDU keepalive for VLAN 10 out Po3, it did not receive a response back in. The end result is that the VLAN is blocked, and hence pruned.
N 7 K 1 1 #s h o ws p a n n i n g t r e ev l a n1 0 V L A N 0 0 1 0 S p a n n i n gt r e ee n a b l e dp r o t o c o lr s t p R o o tI D P r i o r i t y A d d r e s s 4 1 0 6 6 8 b d . a b d 7 . 6 0 4 1
T h i sb r i d g ei st h er o o t H e l l oT i m e 2 s e c M a xA g e2 0s e c F o r w a r dD e l a y1 5s e c B r i d g eI D P r i o r i t y A d d r e s s 4 1 0 6 ( p r i o r i t y4 0 9 6s y s i d e x t1 0 )
6 8 b d . a b d 7 . 6 0 4 1
H e l l oT i m e 2 s e c M a xA g e2 0s e c F o r w a r dD e l a y1 5s e c I n t e r f a c e P o 1 P o 2 P o 3 D e s gF W D1 D e s gF W D1 D e s gB K N * 1 1 2 8 . 4 0 9 6N e t w o r kP 2 p 1 2 8 . 4 0 9 7N e t w o r kP 2 p 1 2 8 . 4 0 9 8N e t w o r kP 2 p* B A _ I n c R o l eS t sC o s t P r i o . N b rT y p e
------
N 7 K 1 1 #s h o ws p a n n i n g t r e ev l a n4 0 V L A N 0 0 4 0 S p a n n i n gt r e ee n a b l e dp r o t o c o lr s t p R o o tI D P r i o r i t y A d d r e s s 4 1 3 6 6 8 b d . a b d 7 . 6 0 4 1
T h i sb r i d g ei st h er o o t H e l l oT i m e 2 s e c M a xA g e2 0s e c F o r w a r dD e l a y1 5s e c B r i d g eI D P r i o r i t y A d d r e s s 4 1 3 6 ( p r i o r i t y4 0 9 6s y s i d e x t4 0 )
6 8 b d . a b d 7 . 6 0 4 1
H e l l oT i m e 2 s e c M a xA g e2 0s e c F o r w a r dD e l a y1 5s e c I n t e r f a c e P o 1 P o 2 P o 3 D e s gF W D1 D e s gB K N * 1 D e s gF W D1 1 2 8 . 4 0 9 6N e t w o r kP 2 p 1 2 8 . 4 0 9 7N e t w o r kP 2 p* B A _ I n c 1 2 8 . 4 0 9 8N e t w o r kP 2 p R o l eS t sC o s t P r i o . N b rT y p e
------
If a new VLAN is added, Bridge Assurance automatically reacts to it by either pruning or unpruning the VLAN, depending on whether the keepalive is received bi-directionally, as seen below.
N 7 K 1 1 #c o n ft E n t e rc o n f i g u r a t i o nc o m m a n d s ,o n ep e rl i n e . E n dw i t hC N T L / Z . N 7 K 1 1 ( c o n f i g ) #v l a n1 0 0 N 7 K 1 1 ( c o n f i g v l a n ) #e n d N 7 K 1 1 #2 0 1 3M a r 21 7 : 4 1 : 5 6N 7 K 1 1l a s tm e s s a g er e p e a t e d1t i m e 2 0 1 3M a r 21 7 : 4 1 : 5 6N 7 K 1 1% S T P 2 B R I D G E _ A S S U R A N C E _ B L O C K :B r i d g eA s s u r a n c eb l o c k i n gp o r tp o r t c h a n n e l 1V L A N 0 1 0 0 . 2 0 1 3M a r 21 7 : 4 1 : 5 6N 7 K 1 1% S T P 2 B R I D G E _ A S S U R A N C E _ B L O C K :B r i d g eA s s u r a n c eb l o c k i n gp o r tp o r t c h a n n e l 2V L A N 0 1 0 0 . 2 0 1 3M a r 21 7 : 4 1 : 5 6N 7 K 1 1% S T P 2 B R I D G E _ A S S U R A N C E _ B L O C K :B r i d g eA s s u r a n c eb l o c k i n gp o r tp o r t c h a n n e l 3V L A N 0 1 0 0 .
After the VLAN is configured on the other side of a trunk link, BA unblocks it.
N 7 K 2 1 #c o n f i gt E n t e rc o n f i g u r a t i o nc o m m a n d s ,o n ep e rl i n e . E n dw i t hC N T L / Z . N 7 K 2 1 ( c o n f i g ) #v l a n1 0 0 N 7 K 2 1 ( c o n f i g v l a n ) #e n d N 7 K 2 1 # N 7 K 1 1 # 2 0 1 3M a r 21 7 : 4 2 : 2 4N 7 K 1 1% S T P 2 B R I D G E _ A S S U R A N C E _ U N B L O C K :B r i d g eA s s u r a n c eu n b l o c k i n gp o r tp o r t c h a n n e l 1V L A N 0 1 0 0 .
This automatic pruning behavior can also be verified by checking the VLANs forwarding on the trunk links through the s h o wi n t e r f a c et r u n k command, as shown below.
N 5 K 1 #s h o wi n t e r f a c et r u n k|b e g i nF o r w a r d i n g P o r t E t h 1 / 3 E t h 1 / 4 E t h 1 / 5 E t h 1 / 6 E t h 1 / 7 E t h 1 / 8 E t h 1 / 9 P o 2 P o 3 P o 6 < s n i p > N 5 K 2 #s h o wi n t e r f a c et r u n k|b e g i nF o r w a r d i n g P o r t S T PF o r w a r d i n g n o n e n o n e n o n e n o n e n o n e n o n e n o n e 1 , 1 0 , 2 0 , 3 0 1 , 1 0 , 2 0 , 3 0 1 S T PF o r w a r d i n g -
E t h 1 / 3 E t h 1 / 4 E t h 1 / 5 E t h 1 / 6 E t h 1 / 7 E t h 1 / 8 E t h 1 / 9 P o 3 P o 5 P o 6 < s n i p > N 7 K 1 1 #s h o wi n t e r f a c et r u n k|b e g i nF o r w a r d i n g P o r t E t h 1 / 1 E t h 1 / 2 E t h 2 / 1 E t h 2 / 2 E t h 2 / 3 E t h 2 / 4 E t h 2 / 5 E t h 2 / 6 P o 1 P o 2 P o 3 < s n i p > N 7 K 2 1 #s h o wi n t e r f a c et r u n k|b e g i nF o r w a r d i n g P o r t E t h 1 / 1 E t h 1 / 2 E t h 2 / 1 E t h 2 / 2 E t h 2 / 3 E t h 2 / 4 E t h 2 / 5 E t h 2 / 6 P o 1 P o 4 P o 5 < s n i p > n o n e n o n e n o n e n o n e n o n e n o n e n o n e n o n e 1 , 1 0 , 2 0 , 3 0 , 4 0 , 5 0 , 6 0 1 n o n e S T PF o r w a r d i n g n o n e n o n e n o n e n o n e n o n e n o n e n o n e n o n e 1 0 , 2 0 , 3 0 , 4 0 , 5 0 , 6 0 1 , 1 0 , 2 0 , 3 0 4 0 , 5 0 , 6 0 S T PF o r w a r d i n g n o n e n o n e n o n e n o n e n o n e n o n e n o n e 1 , 4 0 , 5 0 , 6 0 1 , 4 0 , 5 0 , 6 0 1
^ back to top
Disclaimer (http://www.ine.com/feedback.htm) | Privacy Policy (http://www.ine.com/resources/) Inc., All Rights Reserved (http://www.ine.com/about-us.htm)
2013 INE

Nexus 1 06 STP Ba

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Nexus 1 06 STP Ba

Încărcat de

Drepturi de autor:

Formate disponibile

Nexus Technology Labs Classical Ethernet Switching

STP Bridge Assurance

S-ar putea să vă placă și