Documente Academic
Documente Profesional
Documente Cultură
This lab is designed to demonstrate the operational differences between the three main STP
versions. We will use the same topology for each demonstration as well as explain how each
version of the STP functions.
Basic Configuration
● Ensure all links between switches are trunk ports
802.1D - Traditional Spanning-Tree
Lab Objectives
1. Ensure all switches are running 802.1D Spanning-tree
2. SW1 should be the root bridge for the STP domain
a. Make sure SW1 is most likely to become the root bridge
3. SW4 should be designated bridge on the SW2/SW4 link
4. SW3 should be designated bridge on the SW2/SW3 link
5. Spanning-Tree should detect failures within 10 seconds
6. Switch Ports should only take 10 seconds to transition from Blocking to Forwarding
7. SW2 should immediately fail-over to an alternate link whenever it loses its root port
8. All switches should recover quickly from indirect link failures
9. All switches should not receive any superior BPDUs on all on their designated ports
a. If it does, this port should be disabled from participating in STP
10. All non-designated ports should be blocked if they stop receiving BPDUs
There are three versions of Spanning Tree protocol most Cisco switches support: 802.1D,
802.1w, and 802.1s. 802.1D is the legacy Spanning-Tree Protocol that was first introduced. It is
configured in IOS using the spanning-tree mode pvst command in global configuration mode.
You can verify this configuration using the show spanning-tree command:
The output shows the spanning-tree version as “ieee”, this signifies that traditional STP logic is
being used on the switches.
STP elects a switch to be the root bridge based on the exchange of BPDU information. The
BPDU contains the local switch’s Bridge ID which is comprised of the priority, default 32768,
and MAC address. It also contains the Bridge ID of which switch is believed to be the root
bridge.
Each switch first declares itself to be the root bridge and starts sending BPDUs out of all of their
ports listing themselves as root bridge. Only the switch that sends the best BPDU becomes the
root bridge.
We can examine this process using debug spanning-tree events modified output from this
command displays important information about the initial STP root bridge election:
SW4:
*May 6 13:50:47.035: setting bridge id (which=3) prio 32769 prio cfg 32768 sysid 1
(on) id 8001.aabb.cc00.0400
*May 6 13:50:49.029: STP: VLAN0001 heard root 32769-aabb.cc00.0200 on Et0/1
*May 6 13:50:49.029: supersedes 32769-aabb.cc00.0400
*May 6 13:50:49.029: STP: VLAN0001 new root is 32769, aabb.cc00.0200 on port Et0/1,
cost 100
*May 6 13:50:49.033: STP: VLAN0001 heard root 32769-aabb.cc00.0100 on Et0/2
*May 6 13:50:49.033: supersedes 32769-aabb.cc00.0200
*May 6 13:50:49.033: STP: VLAN0001 new root is 32769, aabb.cc00.0100 on port Et0/2,
cost 100
The debug shows initially, SW4 believed itself to be the root bridge and began sending BPDUs.
It then heard of a new root bridge (32769-aabb.cc00.0200, SW2) which supersedes itself as
root because of its lower Bridge ID. SW4 then elects that new root as the root bridge and
ceases to transmit its own BPDUs. Finally, it receives word of a new root Bridge
(32769-aabb.cc00.0100, SW1) which supersedes SW2 because of a lower Bridge ID. SW4
accepts this as the new root.
The task asks to configure SW1 as the root bridge and to ensure it is most likely to become the
root bridge. This means we should set the priority to the lowest possible value, since it is the first
criteria checked for root bridge election.
This is done using the spanning-tree vlan 1-4094 priority 0 command as follows:
NOTE: debug spanning-tree events was still enabled when executing this command. This
allows you to see the priority taking effect.
After electing the root bridge, each switch must determine its root port, the port that leads
directly to the root bridge. This is done by comparing the path costs for all links in the STP
network leading to the root. The Root bridge originates BPDUs with a cost of 0 out of all of its
ports and this cascades down to the non-root switches. They receive this BPDU and echo it
adding their own cost to the root to the BPDU. The switch gathers all received BPDUs on all
ports and selects the port receiving the lowest cost as Root Port.
After electing root bridge and root ports, the remaining switches need to determine which
non-root ports should be Designated to carry data towards the Root Bridge. These switches are
also responsible for forwarding STP control data (BPDUs) down the STP towards the leaf
switches.
The tasks ask to make sure SW3 is the designated switch on the SW2/SW3 segment and SW4
is the designated switch on the SW2/SW4 segment. Because all switches have the same cost
to the root bridge, these tasks can be accomplished by setting the priority lower than SW2 on
SW3 and SW4 using the spanning-tree vlan 1-4094 priority 28671 command.
SW2#sh span
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1
Address aabb.cc00.0100
Cost 100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 100 128.1 Shr
Et0/1 Altn BLK 100 128.2 Shr
Et0/2 Altn BLK 100 128.3 Shr
Now SW2 is blocking on E0/1 and E0/2, meaning SW3 and SW4 has been elected as the
Designated Bridge for those segments.
The root bridge transmits the configuration BPDUs out all its ports every hello time seconds at
which point it sets the Message Age to 0. This configuration BPDU is received by the
downstream bridges on their root ports. The downstream bridges increment the Message Age
and forward the BPDU out their designated ports.
When a non-Designated port receives a BPDU, this BPDU is stored and the Message Age is
incremented every second until it reaches an upper boundary. This upper boundary is the Max
Age time. Once the stored BPDU’s Message Age reaches the Max Age time, the BPDU is
discarded and the switch begins the topology change procedures.
All non-Root switches use the Hello and Max Age time configured by the current root bridge.
The default Max Age is 20 seconds and the default Hello timer is 2 seconds. In order to speed
detection to 10 seconds instead of 20 we need to change the Max Age time on the Root bridge
itself using the spanning-tree vlan 1-4094 max-age 10 command. We can verify the setting
use the show spanning-tree command.
When STP decides to move a port from Blocking state to Forwarding state, it cannot do so
directly. The port must go through two intermediate states the Listening and Learning states.
The amount of time the port spends in these states is controlled by the Forward Delay timer
which has a default of 15 seconds.
First, the port transitions from Blocking to Listening. In this state the port can send and receive
BPDUs but not transmit data. After spending Forward Delay time seconds in this state it
transitions to the Learning state. Here the port begins learning MAC addresses. Finally, after
another Forward Delay time seconds expires, the port becomes Forwarding and is able to
participate in the STP topology.
Using the default of 15 seconds, it will take a port a total of 30 seconds to transition from
blocking to forwarding when the switch begins the transition.The task requires to reduce this to
only 10 seconds. All switches in the STP network use the Root Bridge’s advertised Forward
Delay time as their own. To influence this time we need to configure the spanning-tree vlan
1-4094 forward-time 5 command. With this change the port will spend 5 seconds in listening
and 5 seconds in learning state before forwarding totalling 10 seconds.
Here is partial output from debug spanning-tree events on SW2 showing a port transitioning
from blocking to forwarding using the default timer (15 seconds). First, the switch determines the
new root port should be e0/2 and then it transitions it through the states.
SW2#
*May 6 22:55:45.205: STP: VLAN0001 new root port Et0/2, cost 200
*May 6 22:55:45.205: STP: VLAN0001 Et0/2 -> listening
*May 6 22:56:00.207: STP: VLAN0001 Et0/2 -> learning
*May 6 22:56:15.215: STP: VLAN0001 Et0/2 -> forwarding
SW2#
*May 6 23:03:04.020: STP: VLAN0001 new root port Et0/2, cost 200
*May 6 23:03:04.020: STP: VLAN0001 Et0/2 -> listening
*May 6 23:03:09.028: STP: VLAN0001 Et0/2 -> learning
*May 6 23:03:14.033: STP: VLAN0001 Et0/2 -> forwarding
In the event of a link failure on the root port, the switch must transition one of its blocking ports
to be the new root port. However, detecting such failures can take up to 20 seconds (with
default timers). After this, the switch must then move the new root port through the Listening
and Learning states before it can become fully operational, a process that can take up to 30
seconds (with default timers).
If the switch is guaranteed to be a leaf node switch, meaning no other switch uses it to transit to
the root, there is little reason to wait for the Max Age timer and move the new root port into
forwarding state. The switch can bring its alternate root port up immediately. To do this, the
switch must prematurely age out the BPDU on its old root port and transition the new root port
directly to the forwarding state (bypassing Listening and Learning).
Uplinkfast is a feature that can speed this process. Uplinkfast makes note of all blocking ports
on the switch that can be used as alternatives to the root bridge. It calculates the best of these
ports and uses it as a spare in case the current root port fails. When the root port fails or
receives an inferior BPDU (signalling an indirect failure in the STP topology) Uplinkfast can
immediately bring the new root port up without waiting.
This is configured using the spanning-tree uplinkfast command in global configuration mode.
After doing so, the switch will automatically set its priority and port cost values artificially high in
an attempt to discourage any other switch in the network from using it as a transit switch.
SW2(config)#spanning-tree uplinkfast
SW2(config)#
*May 6 23:13:28.102: setting bridge id (which=1) prio 49153 prio cfg 49152 sysid 1
(on) id C001.aabb.cc00.0200
SW2#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1
Address aabb.cc00.0100
Cost 3100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 49153 (priority 49152 sys-id-ext 1)
Address aabb.cc00.0200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 5 sec
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 3100 128.1 Shr
Et0/1 Altn BLK 3100 128.2 Shr
Et0/2 Altn BLK 3100 128.3 Shr
!Notice the log message indicating the new priority value being configured. Also note the
!artificially high values for port cost in the show spanning-tree output.
If we simulate a failure of SW2’s root port we can see Uplinkfast take effect using the debug
spanning-tree events debug:
SW2(config)#int e0/0
SW2(config-if)#shut
SW2(config-if)#
*May 6 23:17:05.460: STP: VLAN0001 new root port Et0/2, cost 3200
*May 6 23:17:05.460: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0001 Ethernet0/2 moved
to Forwarding (UplinkFast).
8. All switches should recover quickly from indirect link failures
An indirect failure in STP is the loss of a root port for another switch that is not the local switch.
Such a failure is detected whenever STP receives an inferior BPDU on any port. This is a result
of the process that occurs whenever a switch loses connectivity to the root bridge. The switch
experiencing the failure will begin to announce itself as root bridge out of all of its ports.
Using traditional STP, the switch receiving the inferior BPDU would have to wait for the Max Age
time before transitioning its port or recalculating the STP topology. The Backbonefast feature
allows the switch to actively try to find a new suitable root port without waiting for the Max Age
to expire.
First, when the switch receives an inferior BPDU, it will send RLQ messages out all of its
non-designated ports in an attempt to locate an alternate path to the root bridge. Once a
suitable path is found, the switch will expire the BPDU on the current root and begin to bring the
new port up.
Backbonefast is configured using the spanning-tree vlan backbonefast command and can be
verified using the show spanning-tree summary command.
SW4(config)#spanning-tree backbonefast
SW4#sh spanning-tree summary
Without backbonefast:
SW4#
*May 13 12:32:15.862: STP: VLAN0001 heard root 28673-aabb.cc00.0300 on Et0/0
*May 13 12:32:17.791: STP: VLAN0001 heard root 28673-aabb.cc00.0300 on Et0/0
*May 13 12:32:19.798: STP: VLAN0001 heard root 28673-aabb.cc00.0300 on Et0/0
*May 13 12:32:21.798: STP: VLAN0001 heard root 28673-aabb.cc00.0300 on Et0/0
*May 13 12:32:23.801: STP: VLAN0001 heard root 28673-aabb.cc00.0300 on Et0/0
*May 13 12:32:23.859: STP: VLAN0001 Et0/0 -> listening
*May 13 12:32:28.860: STP: VLAN0001 Et0/0 -> learning
*May 13 12:32:33.869: STP: VLAN0001 Et0/0 -> forwarding
With backbonefast:
SW4#
*May 13 12:30:07.632: STP: VLAN0001 heard root 28673-aabb.cc00.0300 on Et0/0
*May 13 12:30:07.632: STP: VLAN0001 Et0/0 -> listening
*May 13 12:30:12.632: STP: VLAN0001 Et0/0 -> learning
*May 13 12:30:17.637: STP: VLAN0001 Et0/0 -> forwarding
In the first example, SW4 ignores the inferior BPDU from SW3 before moving it’s E0/0 port
listening. In the second, as soon as it hears the inferior BPDU it transitions to listening.
9. All switches should not receive any superior BPDUs on all designated
ports
In the same way a non-designated port receiving an inferior BPDU causes a topology change
event, if any port that receives a superior BPDU a topology change event will occur. In
particular, this will cause the switch to re-evaluate the location of its root port. This can be
extremely devastating to the STP environment in certain situations.
The Root Guard feature is designed to mitigate this threat. When a port is configured with Root
Guard it is automatically put in a root inconsistent state whenever it begins to receive superior
BPDUs. When the superior BPDUs cease, the port is put back into normal forwarding state.
This feature is best deployed on designated ports on the switch. Designated ports are ports that
face away from the root bridge and as such should never become root ports.
To complete this task, configure spanning-tree guard root on all ports on SW1 as follows:
When a superior BPDU is received on the port the following actions take place:
SW1#
*May 7 02:12:34.983: STP: VLAN0001 heard root 1-aabb.cc00.0300 on Et0/1
*May 7 02:12:34.983: supersedes 4097-aabb.cc00.0100
*May 7 02:12:34.983: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port
Ethernet0/1 on VLAN0001.
SW1#
*May 7 02:22:22.911: %SPANTREE-2-ROOTGUARD_UNBLOCK: Root guard unblocking port
Ethernet0/1 on VLAN0001.
An essential part of STP operation relies on the successful receipt and transmission of BPDUs.
If there is a failure in the STP process whereby it is not possible for a port to send and receive
BPDUs it can cause non-designated ports to go into the designated state erroneously, forming a
bridging loop.
This is most common on fiber interfaces where there is a separate send and receive fiber for
transmission. This situation is prevented by using the STP Loop guard feature. Loop guard can
be enabled globally where it applies to all non-designated ports. If the ports stop receiving
BPDUs, they are placed in a loop inconsistent state and will be enabled again whenever BPDUs
are again received.
This feature is enabled globally using the spanning-tree loopguard default command or per
interface using the spanning-tree guard loop command.
For this task, use the global version of this command. This way the feature is enabled on
non-designated ports automatically. The following is log messages demonstrating loopguard in
action.
When a port in loop inconsistent state begins to receive BPDUs normally, it will automatically
bring the port back up by going through the normal listening and learning states.
Basic Configuration
● Retain configurations from previous section. They will be converted to 802.1w.
Lab Objectives
1. Ensure all switches run RSTP
2. Ensure all ports on all switches take advantage of the RSTP enhancements
3. Remove all unnecessary configuration from the switched network
Some of the main enhancements provided by RSTP surround how port states are determined
and how BPDUs are relayed.
In 802.1D, a switch needed to wait for its neighboring switch to exchange BPDUs to determine a
port state. With 802.1w, the switch undergoes a Synchronization process which causes it to first
block all of its non-edge ports. The switch then transmits proposal messages out the new port to
its neighboring switch.
When a switchport comes up in RSTP, the default port role and state is designated discarding.
The proposal is simply a BPDU with a proposal bit set and is sent out from its designated
discarding port. Using the proposal, the local switch asserts that its port should be designated
on the segment.
The neighboring switch receives this proposal and evaluates it against its own stored BPDU. If
the received proposal BPDU is better than its stored BPDU, the switch will set that port to root
and transition its remaining non-edge ports into a discarding state. It will then respond with an
agreement back to its neighboring switch that sent the proposal, allowing the remote switch to
set its port to designated. The switch must then use the sync operation to determine which of its
remaining non-edge ports should be designated.
If the received proposal is worse than its stored BPDU the switch transmits its own proposal with
the better BPDU causing the neighbor to block its port.
The synchronization process completes whenever all non-edge ports on the switch are either
designated or blocking.
RSTP is further enhanced by changing the way BPDUs are relayed. In 802.1D, BPDUs were
forwarded by the Root Bridge and then relayed by each non-root bridge down the STP until
reaching the leaf switches.
With RSTP, each switch originates its own BPDUs every hello time seconds independently. This
mechanism allows BPDUs to be used as a keepalive mechanism between switches. As such, a
switch knows it should continually receive BPDUs from its designated bridge every 2 seconds
by default. If the switch ceases to receive these messages for 3 hello periods, it declares the
neighbor down and begins the reconvergence process.
In 802.1D, this reaction was not possible because failure to receive BPDU could have been
caused anywhere on the path to the root. In RSTP, the switch knows the failure was caused by
its directly-connected neighbor.
If SW2 were to suddenly stop receiving BPDUs on its root port, this failure would be detected
quickly as follows:
SW2#
*May 13 14:01:57.554: RSTP(1): Et0/0 rcvd info expired
*May 13 14:01:57.554: RSTP(1): updt roles, information on root port Et0/0 expired
*May 13 14:01:57.554: RSTP(1): Et0/2 is now root port
*May 13 14:01:57.554: RSTP(1): Et0/0 blocked by re-root
*May 13 14:01:57.554: RSTP(1): Et0/0 is now designated
RSTP introduces the concept of port types. There are three port types:
1. Point-to-Point
2. Shared
3. Edge
Only ports that are point-to-point or edge benefit from the rapid convergence features of RSTP.
Shared ports are still subject to the inefficiencies of 802.1D traditional Spanning-tree.
Cisco switches try to automatically detect the port type using a crude mnemonic. If the port is
full-duplex, then it is considered point-to-point. If it is half-duplex, it is considered shared. A port
that has the portfast feature enabled is considered an edge port.
It is possible to manually change the port type using the spanning-tree link-type
[point-to-point | shared] command. This command can manually set the port to shared or
point-to-point.
For this task, ensure all of the switch ports are point-to-point type as follows:
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 1
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
Uplinkfast
RSTP incorporates the Uplinkfast and Backbonefast as a result of its rapid operation. This is
accomplished in two ways.
● Discarding: Switch receives BPDUs only and drops all other traffic
● Learning: Switch sends and receives BPDUs while populating its MAC table
● Forwarding: Switch can forward normal frames and send/receive BPDUs as needed
In addition to the port states, ports also have a port role as defined here:
● Root: Port with the lowest cost towards the root bridge. This port receives the best
BPDU on the switch.
● Designated: Port with the best BPDU on the segment. Used to send BPDUs down the
STP
● Alternate: A port with the next-best cost to the Root Bridge and can be brought up
immediately if the current Root Port fails.
● Backup: Port with the next-best BPDU on the segment and is used to backup a
designated port.
These new port roles allow RSTP to pre-calculate backup paths to the root as is done using the
Uplinkfast feature. Additionally, RSTP can also pre-calculate ports to backup Designated ports
on a shared segment.
In the following example, the same failure on SW2 is simulated. First, the show spanning-tree
output on SW2 shows E0/1 as SW2’s Alternate port. When E0/0, its current root port, is shut
down, the SW2 immediately brings E0/2 to forwarding state.
SW2#sh span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 1
Address aabb.cc00.0100
Cost 100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 100 128.1 P2p
Et0/1 Altn BLK 100 128.2 P2p
Et0/2 Altn BLK 100 128.3 P2p
SW2#
*May 13 15:14:07.552: RSTP(1): updt roles, root port Et0/0 going down
*May 13 15:14:07.552: RSTP(1): Et0/2 is now root port
*May 13 15:14:07.557: STP[1]: Generating TC trap for port Ethernet0/2
As seen from the debug outputs of debug spanning-tree events, SW2 immediately brings its
alternate port E0/2 online. In RSTP, a topology change occurs whenever a switch moves a
blocking port to forwarding. This occurs when SW2 brings its E0/2 port to forwarding.
When a topology change occurs, SW2 sends BPDUs with the TC bit set out all of its designated
ports. This BPDU is immediately propagated to the downstream switches and causes them to
flush their MAC address tables. SW2 will do this for TcWhile time period which is set to the Hello
time.
In 802.1D, when a topology change occurs, SW2 would’ve sent a BPDU with the TCN bit set
out of its root port. This would be received by its upstream neighbor that will acknowledge with a
BPDU with the TCA bit set back to SW2. The message would reach the root bridge which would
send BPDUs with the TC bit set. Then bridges would reset their CAM table aging time to
Forward Delay time.
This simple change in RSTP speeds the process of aligning the MAC address tables to the new
change in the topology.
Backbonefast
In 802.1D spanning-tree, when a switch received an inferior BPDU it would wait for the stored
BPDU for that port to reach Max Age time before reacting to the new inferior BPDU.
Backbonefast alleviated this requirement by having the switch react immediately to the receipt
of inferior BPDUs using RLQ messages to verify connectivity to the root bridge.
RSTP immediately reacts to receipt of an inferior BPDU. This negates the need for the
backbonefast enhancement. When an inferior BPDU is received on any port, RSTP begins the
reconvergence process. This is because receipt of an inferior BPDU points to a failure
somewhere in the STP domain and needs to be corrected.
The following simulates a failure of SW3’s root port. First show spanning-tree verifies SW3’s
port status. Then SW3’s e0/1 port is shut down. This causes it to believe it is the root of the STP
domain and send inferior BPDUs out of its designated ports declaring it is the root bridge. SW4
and SW2 immediately react to this information and send their superior BPDU to SW3.
SW3#sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 1
Address aabb.cc00.0100
Cost 100
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address aabb.cc00.0300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Root FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
SW3(config)#int e0/1
SW3(config-if)#shut
*May 13 14:12:55.651: RSTP(1): updt roles, root port Et0/1 going down
*May 13 14:12:55.651: RSTP(1): we become the root bridge
*May 13 14:12:55.652: RSTP(1): Et0/1 not in sync
*May 13 14:12:55.667: RSTP(1): updt roles, received superior bpdu on Et0/2
*May 13 14:12:55.667: RSTP(1): Et0/2 is now root port
*May 13 14:12:55.667: RSTP(1): syncing port Et0/0
*May 13 14:12:55.667: RSTP(1): synced Et0/2
*May 13 14:12:55.667: STP[1]: Generating TC trap for port Ethernet0/2
*May 13 14:12:55.667: RSTP(1): updt roles, received superior bpdu on Et0/0
*May 13 14:12:55.667: RSTP(1): Et0/0 is now root port
*May 13 14:12:55.668: RSTP(1): Et0/2 blocked by re-root
*May 13 14:12:55.668: RSTP(1): synced Et0/0
*May 13 14:12:55.668: RSTP(1): Et0/2 is now alternate
802.1s Multiple Spanning-Tree
Basic Configuration
● Retain configurations from previous section. They will be converted to 802.1s.
● Add VLANs 10, 20, 30 and 40 to all switches in the spanning-tree domain
○ You can do this using VTP or through manual configuration
Lab Objectives
1. All switches should run the least number of STP instances possible
2. Configure traffic engineering for VLANs
○ Configure SW1 as the root for VLAN 1, 10, and 20
○ Configure SW3 as the root for VLAN 30 and 40
Solutions and Explanation
1. All Switches Should Run the Least Number of STP Instances Possible
One major shortcoming of 802.1D and 802.1w STP is that all decisions to block or forward a
port apply to all traffic transiting that port. In the above examples, when SW1 was made the root
of the STP, the links between non-root switches had to be negotiated to block all traffic and
alternate paths are not used.
Another shortcoming of 802.1D and 802.1w STP is there can only be one root bridge. The root
bridge is the most important switch in the network because all decisions regarding blocking or
forwarding of individual links are based on which switch is the root bridge.
In environments with VLANs, these restrictions severely limit how traffic can be engineered
because a port in 802.1D and 802.1w will be blocking or forwarding for all VLANs. A design
where different switches are root bridge for different VLANs is not possible.
For this reason, Cisco developed Per-VLAN Spanning-Tree (PVST) and Per-VLAN
Spanning-Tree Plus (PVST+). Instead of running one instance of spanning tree for all VLANs,
Cisco switches run a separate instance for each VLAN. Similarly, Cisco developed Rapid
Per-VLAN Spanning-Tree (RPVST+) which is PVST+ with the RSTP enhancements. PVST+ is
enabled by default on older switch platforms. Some newer switch platforms enable RPVST+ by
default. PVST+ is enabled using the spanning-tree mode pvst command. RPVST+ is enabled
using the spanning-tree mode rapid-pvst command.
The downside of this enhancement is that each instance of STP in R/PVST+ requires
processing power and memory to compute and maintain state. A BPDU is sent and received for
all VLANs configured. If there are 100 VLANs configured in the network then there are 100
instances for each VLAN. You can see these processes using the show spanning-tree and
show spanning-tree interface commands when you configure multiple vlans:
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 1
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 10 (priority 0 sys-id-ext 10)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 20
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 20 (priority 0 sys-id-ext 20)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
VLAN0030
Spanning tree enabled protocol rstp
Root ID Priority 30
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 30 (priority 0 sys-id-ext 30)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
VLAN0040
Spanning tree enabled protocol rstp
Root ID Priority 40
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 40 (priority 0 sys-id-ext 40)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
Et0/2 Desg FWD 100 128.3 P2p
VLAN0040
Spanning tree enabled protocol rstp
Root ID Priority 40
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Bridge ID Priority 40 (priority 0 sys-id-ext 40)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 10 sec Forward Delay 5 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg LRN 100 128.1 P2p
Et0/1 Desg LRN 100 128.2 P2p
Et0/2 Desg LRN 100 128.3 P2p
Notice how each VLAN configured shows up with a separate instance. This behavior cannot be
disabled in IOS.
If traffic engineering for multiple VLANs is not desired, there is no need to run a separate
instance for each VLAN configured on the switch. Instead, it is more efficient to run a single
instance for all VLANs. This is where 802.1s MST comes in.
MST allows the switch to calculate the STP for a single instance and apply it to multiple VLANs.
Switches participate in a single MST region that is defined by a name, how many instances of
STP the region runs, and which VLANs are mapped to those instances.
The following outlines basic configuration for the switched network to run a single instance for
all VLANS:
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 2000000 128.1 P2p
Et0/1 Desg FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p
The first step is to configure the MST region. This information should be configured consistently
on all switches. The region is named CCIE and has revision number 1. The output of show
spanning-tree and show spanning-tree interface e0/0 shows a single instance of
Spanning-Tree called MST0. By default all VLANs are mapped to this instance.
With this configuration the topology is running the most efficient STP configuration. MST uses
RSTP enhancements within its region and we have mapped all VLANs to a single instance
because we do not require traffic engineering.
With MST configured separate instances can be created for different VLAN groups. These
Instances can have different root bridges and other spanning-tree parameters. In this task,
VLANs 1, 10, and 20 should use SW1 as the root bridge thus they can be grouped into a single
Instance with SW1 as the root. VLANs 30 and 40 should use SW3 as the root bridge and can be
grouped in a separate Instance with SW3 as the root.
The easiest way to accomplish this is to move VLAN 30 and 40 into a new Instance we will call
Instance 1 in the spanning-tree mst configuration configuration mode. Then use the
spanning-tree mst 0 priority 0 command on SW1 and the spanning-tree mst 1 priority 0
command on SW3.
NOTE: The MST configuration command portion needs to be performed on all Switches.
!Before applying the configuration we can examine the current configuration using
!the show current command in mst configuration mode.
SW1(config-mst)#show current
Current MST configuration
Name [CCIE]
Revision 1 Instances configured 1
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-4094 !By default all VLANs are assigned to MST Instance 0
-------------------------------------------------------------------------------
!Similarly, we can examine the current configuration using the show pending command
!in mst configuration mode.
SW1(config-mst)#show pending
Pending MST configuration
Name [CCIE]
Revision 1 Instances configured 2
Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-29,31-39,41-4094
1 30,40 !VLANs 30 and 40 have been moved into a new instance
-------------------------------------------------------------------------------
SW1(config-mst)#exit !Exiting the configuration commits the pending changes
SW1(config)#spanning-tree mst 0 priority 0
We can verify the configuration using the show spanning-tree command output:
SW1#show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 0
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 0 (priority 0 sys-id-ext 0)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 2000000 128.1 P2p
Et0/1 Desg FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 1
Address aabb.cc00.0300
Cost 2000000
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 2000000 128.1 P2p
Et0/1 Root FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p
SW3#show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 0
Address aabb.cc00.0100
Cost 0
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address aabb.cc00.0300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 2000000 128.1 P2p
Et0/1 Root FWD 2000000 128.2 P2p
Et0/2 Altn BLK 2000000 128.3 P2p
MST1
Spanning tree enabled protocol mstp
Root ID Priority 1
Address aabb.cc00.0300
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1 (priority 0 sys-id-ext 1)
Address aabb.cc00.0300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 2000000 128.1 P2p
Et0/1 Desg FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p
Notice that now there are two separate instances of Spanning-tree running each rooted at a
different switch. Instance 0 is rooted at SW1 and Instance 1 is rooted at SW3. This is the
primary difference and enhancement MST has over traditional 802.1D and 802.1w STP.
The show spanning-tree mst | section vlans mapped command can be used to verify the
VLANs to instance mappings.
If you use the show spanning-tree mst [instance number] command you can see more
detailed information about how MST is operating within the region. These details are outside the
scope of this lab.