N.B. All configurations are based off the lab build seen in the introduction post.
Spanning Tree. For something that is so simple in theory, it can drive network techs crazy and cause confusion.
Like many technologies it has its different flavours with some being proprietary to Cisco and others part of the 802.1D standard. What probably makes this a must-know for the lab is it can be tweaked/optimised on a per-switch, per-vlan or even per-port level and I would expect some tasks to be around configuring and troubleshooting that. I’m hesitant to get into the nitty gritty of Spanning-Tree so I’ll try and keep it fairly high level. That and I only have 2 switches in this lab so it could be tricky to play around with.
Spanning-tree (STP) is a layer 2 protocol and essentially facilitates efficient movement of the packets around your network whilst preventing and loops occurring when someone plugs the wrong lead in.
STP is communicated between switches via BPDU packet exchanges. Each switch then calculates the most efficient path to the root switch based on the cost per port. In a chained, star topology your end switches won’t know the full path back to the root but each switch in the path will learn from its neighbour and the path is formed on a per-switch basis which has its positives and negatives.
All switches are STP roots by default and they run through an election process that will see the oldest switch gain superiority due to having the oldest MAC Address. This can be manipulated through setting the switch priority values.
The default mode is Per Vlan Spanning-Tree (PVST) which allows each VLAN can have its own STP root. Handy if you want traffic to follow one path for some VLANs and a different path for others.
(From Cisco documentation – See link at end)
PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions.
It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
The PVST+ provides Layer 2 load-balancing for the VLAN on which it runs. You can create different logical topologies by using the VLANs on your network to ensure that all of your links are used but that no one link is oversubscribed. Each instance of PVST+ on a VLAN has a single root switch. This root switch propagates the spanning-tree information associated with that VLAN to all other switches in the network. Because each switch has the same information about the network, this process ensures that the network topology is maintained.
Rapid PVST+—This spanning-tree mode is the same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. To provide rapid convergence, the Rapid PVST+ immediately deletes dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for dynamically learned MAC address entries.
Rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only minimal extra configuration. The benefit of Rapid PVST+ is that you can migrate a large PVST+ install base to Rapid PVST+ without having to learn the complexities of the Multiple Spanning Tree Protocol
(MSTP) configuration and without having to reprovision your network. In Rapid PVST+ mode, each VLAN runs its own spanning-tree instance up to the maximum supported.
MSTP—This spanning-tree mode is based on the IEEE 802.1s standard. You can map multiple VLANs to the same spanning-tree instance, which reduces the number of spanning-tree instances required to support a large number of VLANs. The MSTP runs on top of the RSTP (based on IEEE 802.1w), which
provides for rapid convergence of the spanning tree by eliminating the forward delay and by quickly transitioning root ports and designated ports to the forwarding state. In a switch stack, the cross-stack rapid transition (CSRT) feature performs the same function as RSTP. You cannot run MSTP without
RSTP or CSRT.
Spanning Tree Ports
These are critical to understand and troubleshooting will revolve around knowing what you’re looking at.
Root—A forwarding port elected for the spanning-tree topology. This port will be facing the root on your switch and forwarding traffic in that direction.
Designated—A forwarding port elected for every switched LAN segment
Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree
Backup—A blocked port in a loopback configuration
Spanning Tree States
Equally critical as your interface may be in one of these states and you’ll need to troubleshoot – show spanning-tree interface <#>. When a link is plugged in, the ports transition through the states below as BPDUs are exchanged.
Blocking—The interface does not participate in frame forwarding.
Listening—The first transitional state after the blocking state when the spanning tree decides that the interface should participate in frame forwarding.
Learning—The interface prepares to participate in frame forwarding.
Forwarding—The interface forwards frames.
Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port
You can tell a port to skip this process and come up instantly through the spanning-tree portfast interface command which I originally applied to my Trunk ports. This will result in the switch forwarding immediately. To test, I removed this command and shut down the Trunk link on Rip-3560-1 then no shut again.
The result after a few seconds showed the port as Designated as frames are sent through and the port state is Listening as BPDU packets are exchanged with Rip-3560-2.
And after the negotiations had complete, the interface has set the port role as Root (forwarding all VLANs to Rip-3560-2) and the port is in a Forwarding state.
As seen above, Rip-3560-1 has ended up forwarding all its frames to Rip-3560-2 even though I set it up first. Rip-3560-2 is older and if I perform a show spanning-tree summary on both switches I can quickly see that it has become the root for all the VLANs even though my “WAN” link is on Rip-3560-1.
I’ve also set up Rip-3560-1 as the gateway for all the VLANs so having the root set as Rip-3560-2 means traffic is inefficiently being sent to the wrong switch. In a small setup like this it is not critical but all traffic could be traversing Rip-3560-2 for no reason. This will only be exacerbated by more switches being introduced to the network. My “WAN” link is also on Rip-3560-1 as well so I’d prefer any traffic destined for the WAN traverse that switch rather than go the long way.
I can set an individual VLAN with the command spanning-tree vlan <#> root primary.
Alternatively I can set it for all VLANs (and will) through the command spanning-tree vlan <range/selection> priority <priority>. Now this priority has to be an increment of 4096 and needs to also be less than the aforementioned default of 32768. The lower the priority, the more important it is.
Spanning-tree works out cost based on link speed. This has had to be adjusted over time but we’ll be dealing with the latter column.
Now this part is completely useless in a 2 switch setup but pretending you have a large network, you may want to manipulate traffic to go via one particular path. This is useful in setups like this which I will expect in the CCIE lab when they ask you to manipulate traffic for VLAN 5 to go directly to switch A from switch D as opposed to going via Switch B which is the lowest path-cost.
To alter this you can change the VLAN cost per-port through the command spanning-tree vlan <x> cost <x>. I’ve shown this on Rip-3560-2 even though it makes no difference in this small setup. The cost increases from 19 (100Mbit/s as per the table above) to 50. This is verified through the show commands again.
- Make Switch A the root for VLANs 1-200 and switch B the root for VLANs 201-1000.
- Ensure extended VLANs are enabled across all switches.
- Make sure all traffic to the root goes via port <#> on Switch A (cost manipulation).
- Make sure all switch trunks come up instantly upon connecting rather than going through BPDU exchanges.