Configuring Interface STP AttributesReal World Application & Core KnowledgeNow that you are familiar with the basic operat...
reached.. So the question is, is if you have multiple links to a root bridge from a single  switch and each link has the e...
Lab Objectives      Configure BPDUFilter on SW2 interface Fa0/10 then verify it by using BPDU      Guard on SW1 Fa0/10. On...
SW2>enableSW2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW2(config)#interface fa0/10SW...
SW1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW1(config)#interface fa0/10SW1(config-i...
But however if you check over on SW3, you’ll notice that all interfaces have beenshutdown into Err-Disabled state as SW3 h...
SW3>enableSW3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW3(config)#interface range fa...
%LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up%LINK-3-UPDOWN: Interface FastEthernet0/14, changed state t...
Root ID         Priority       24577                   Address            0014.f2d2.4180                   Cost           ...
defaults for spanning tree; the root port will become Fa0/10. Influence spanning-treeto use interface Fa0/11 and do not us...
Bridge ID Priority             32769      (priority 32768 sys-id-ext 1)                   Address            001c.57d8.900...
Upcoming SlideShare
Loading in …5
×

Cisco lab, guide to configure interface stp attributes

749 views
616 views

Published on

Cisco lab, guide to configure interface stp attributes

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
749
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cisco lab, guide to configure interface stp attributes

  1. 1. Configuring Interface STP AttributesReal World Application & Core KnowledgeNow that you are familiar with the basic operation of PVST, Rapid-PVST and MST itstime to take another step down the sidewalk of complex avenue. There are severalinterface configuration commands specific to spanning tree on the Cisco CatalystSeries switches. This lab will discuss and demonstrate the following features; STPbpdufilter, STP interface cost, STP interface link-type and STP interface port-priority.Let’s first started with Spanning-Tree BPDUFilter. This feature is quite useful in somescenarios where you do not want send or process received BPDU’s out a particularport on a Cisco switch. The use of this command can however be very dangerous as awrongful configuration can result in a layer two switching loop until spanning-treere-converges based on the new information.An example scenario for using BPDUFilter could be that your corporate policymandates that host ports on the network should never receive BPDU’s from theaccess switches. To abide by this policy BPDUFilter must be enabled. This preventsthe sending and processing received BPDU’s. Take not that in a policy requirementlike this you want to ensure that no rouge switches are connected to the networkwhich is done by BPDU Guard as previously discussed in Lab 4-17 – ConfiguringSwitchport BPDU Guard.The spanning-tree cost interface configuration will statically set the cost of theinterface so that it modifies the spanning-tree root port election process. On a switchwith multiple equal cost links to the root bridge, setting the cost statically on aswitchport can be the tie breaker to determine which port becomes the root port.The spanning-tree link-type interface configuration statically configures the link-typeon a per interface basis. The Rapid in Rapid Spanning Tree Protocol makes thisconcept quite simplistic. By default the link type is derived from a ports duplex. Fullduplex is considered a point to point link whereas half duplex is considered a “shared”medium. So why is Rapid, rapid on rapid-spanning-tree? The old 802.1d standardtook up to 45 seconds to set the port in forwarding mode, whereas 802.1s nowtransitions the port to designated (forwarding) very quickly. If a link-type is set to p2pthen the RSTP does its think and quickly transitions the port into forwarding howeverif the link-type is half-duplex or configured as “shared” in interface configurationmode by using the spanning-tree link-type shared then the switch does nottransition the port quickly. It goes through the entire process of determining ratheror not a port poses a potential layer two network loop.Configuring spanning-tree port-priority in interface configuration mode staticallyconfigures the port-priority used as a tie breaker for switches with multipleredundant links to a particular network segment where the root bridge can behttp://www.router-switch.com/
  2. 2. reached.. So the question is, is if you have multiple links to a root bridge from a single switch and each link has the exact same cost, how does the switch know which link to use as the “root” port? The tie breaker is done by port-priority. If you do a show spanning-tree vlan # you’ll notice that Prio.Nbr is between cost and type. The priority is by default set to 128 on all Catalyst series switches and the Nbr is the port number. For example SW1 and SW2 are connected via Fa0/10, Fa0/11 and Fa0/12. All ports have the same cost so the port-priority will determine which port becomes the root, which in this case Port Fa0/10 will be the root port, Fa0/11 and Fa0/12 will be alternate ports (blocking). Now that you have a basic understanding of some of the STP interface specific configurations you need to familiarize yourself with the following commands below;Command Description This command is executed in interface configuration mode and enablesspanning-tree BPDUFilter which disables sending and processing received BPDUbpdufilter frames on the interface. This command is executed in interface configuration mode and statically sets the interface cost used for manipulating the root path in a givenspanning-tree cost # spanning-tree topology. This command is executed in interface configuration mode and staticallyspanning-tree sets the interface link type. This command manipulates the the portslink-type p2p | shared rapid transition processing. This command is executed in interface configuration mode and statically sets the interface port-priority in spanning-tree to manipulate thespanning-tree election of the root port when multiple equal cost links in a givenport-priority network segment exist. This command is executed in privileged mode to view the currentshow spanning-tree spanning-tree properties on a per vlan basis. Used to view root port,vlan # alternate port(s), cost, port-priority and port-type. Lab Prerequisites If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3. Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s). Configure all switches to run Rapid-PVST. Configure interfaces Fa0/10 and Fa0/11 on both SW1 and SW2 to trunk. Configure interfaces Fa0/13 and Fa0/14 on SW1 to trunk then configure interfaces Fa0/10 and Fa0/11 on SW3 to trunk. Configure interfaces Fa0/13 and Fa0/14 on both SW2 and SW3 to trunk. For this lab you’ll only need to use VLAN 1, so remove all other VLANs and configure SW1 as the root bridge for VLAN 1. http://www.router-switch.com/
  3. 3. Lab Objectives Configure BPDUFilter on SW2 interface Fa0/10 then verify it by using BPDU Guard on SW1 Fa0/10. Once completed remove the BPDUFilter and BPDUGuard before proceeding. Configure SW3 to use Fa0/14 as the root port in the spanning-tree by using manipulating the interface cost; use a cost lower then the default FastEthernet interface cost. Afterward, configure SW2 to use interface Fa0/11 as the root port to SW1. Verify your configuration; once verified remove the interface costs before proceeding. SW3 Interface Fa0/10 is connected to a 10/100Mbps hub then the hub is connected to SW1. Configure the link type accordingly and verify your configuration. Assuming SW2′ s interface Fa0/10 and Fa0/11 are configured with their defaults for spanning tree, the root port will become Fa0/10. Influence spanning-tree to use interface Fa0/11 and do not use the cost command.Lab InstructionStep1. – Configure BPDUFilter on SW2 interface Fa0/10 then verify it by using BPDUGuard on SW1 Fa0/10. Once completed remove the BPDUFilter and BPDUGuardbefore proceeding.To configure bpdufilter you’ll use the spanning-tree bpdufilter enable command ininterface configuration mode as shown below;SW2 con0 is now availablePress RETURN to get started.http://www.router-switch.com/
  4. 4. SW2>enableSW2#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW2(config)#interface fa0/10SW2(config-if)#spanning-tree bpdufilter enableTo verify that BPDUFilter is operating properly you can enable BPDUGuard on SW1interface Fa0/10 then bounce the interface. As previously stated in the labBPDUFilter prevents transmitting and processing received BPDU’s on a particular port.Since no BPDU’s will be sent out SW2 interface Fa0/10 then SW1 Fa0/10 will not shutdown as BPDU’s wont be detected as shown below;SW1 con0 is now availablePress RETURN to get started.SW1>enablehttp://www.router-switch.com/
  5. 5. SW1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW1(config)#interface fa0/10SW1(config-if)#spanning-tree bpduguard enableSW1(config-if)#shutdownSW1(config-if)#%LINK-5-CHANGED: Interface FastEthernet0/10, changed state toadministratively down%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10,changedstate to downSW1(config-if)#no shutSW1(config-if)#%LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to upSW1(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10,changedstate to upSW1(config-if)#exitSW1(config)#exitAs shown above you can see that the interface Fa0/10 did not go into err-disabledstate as no BPDU’s were received since Fa0/10 on SW2 is configured to filter BPDU’s(Not send them).http://www.router-switch.com/
  6. 6. But however if you check over on SW3, you’ll notice that all interfaces have beenshutdown into Err-Disabled state as SW3 has detected a loop in the network.Ethernet by default sends a loopback keepalive out each interface every ten seconds.If this keepalive is received back on the same interface the the interface goes intoErr-Disabled mode as a physical topology loop has been detected.This occurs due to spanning-tree not blocking that interface and forwarding all trafficout the interface. Since this happens frames loop back around in the network andSW3 detects it.You’ll need to remove BPDUGuard off SW1 Fa0/10 and BPDUFilter off SW2 Fa0/10,then bounce interfaces fa0/10, fa0/11, fa0/13 and fa0/14 on SW3 as shown belowbefore proceeding as they are in Err-Disabled state;SW1(config)#interface fa0/10SW1(config-if)#no span bpduguard enableSW1(config-if)#endSW1#SW2(config)#interface fa0/10SW2(config-if)#no span bpdufilterSW2config-if)#endSW2#SW3 con0 is now availablePress RETURN to get started.http://www.router-switch.com/
  7. 7. SW3>enableSW3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW3(config)#interface range fa0/10 , fa0/11 , fa0/13, fa0/14SW3(config-if-range)#shutdownSW3(config-if-range)#%LINK-5-CHANGED: Interface FastEthernet0/10, changed state toadministratively down%LINK-5-CHANGED: Interface FastEthernet0/11, changed state toadministratively down%LINK-5-CHANGED: Interface FastEthernet0/13, changed state toadministratively down%LINK-5-CHANGED: Interface FastEthernet0/14, changed state toadministratively downSW3(config-if-range)#no shutdownSW3(config-if-range)#%LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to up%LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to uphttp://www.router-switch.com/
  8. 8. %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up%LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to upSW3(config-if-range)#endSW3#Step3. – SW3 Interface Fa0/10 is connected to a 10/100Mbps hub then the hub isconnected to SW1. Configure the link type accordingly and verify your configuration.As discussed in the Lab core knowledge section; link-type on Rapid Spanning TreeProtocol determines rather or not the interface is rapidly transitioned into forwardingstate or not. To configure link type on a particular interface use the spanning-treelink-type command followed by the link type point-to-point or shared as shownbelow;SW3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW3(config)#int fa0/10SW3(config-if)#spanning-tree link-type sharedSW3(config-if)#endSW3#%SYS-5-CONFIG_I: Configured from console by consoleSW3#To verify the link-type of a particular interface use the show spanning-tree vlan# command as shown below;SW3#show spanning-tree vlan 1VLAN0001 Spanning tree enabled protocol rstphttp://www.router-switch.com/
  9. 9. Root ID Priority 24577 Address 0014.f2d2.4180 Cost 19 Port 10 (FastEthernet0/10) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0014.a964.2e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 secInterface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- ---------------------------Fa0/10 Root FWD 19 128.10 ShrFa0/11 Altn BLK 19 128.11 P2pFa0/13 Desg FWD 19 128.13 P2pFa0/14 Desg FWD 19 128.14 P2pSW3#Step4. – Assuming SW2’s interface Fa0/10 and Fa0/11 are configured with theirhttp://www.router-switch.com/
  10. 10. defaults for spanning tree; the root port will become Fa0/10. Influence spanning-treeto use interface Fa0/11 and do not use the cost command.To complete this objective you’ll need to change the port priority number as costcannot be changed. The lowest priority number port wins the root port election if allcosts on the redundant links to the root bridge are equal as shown below;SW1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.SW1(config)#interface fa0/11SW1(config-if)#spanning-tree port-priority 64SW1(config-if)#endSW1#%SYS-5-CONFIG_I: Configured from console by consoleSW1#To verify that the priority does manipulate the root port selection on SW2 to Fa0/11instead of Fa0/10 use the show spanning-tree vlan #command as shown below;SW2#show spanning-tree vlan 1VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address 0014.f2d2.4180 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sechttp://www.router-switch.com/
  11. 11. Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001c.57d8.9000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 secInterface Role Sts Cost Prio.Nbr Type------------------- ---- --- --------- -------- ---------------------------Fa0/10 Altn BLK 19 128.12 P2pFa0/11 Root FWD 19 128.13 P2pSW2#Keep in mind that the port-priority is propagated from switch to switch via BPDU’s.So when you want influence a traffic transit path you must configure the port-priorityon the advertising switch. In this case, SW1 is advertising two traffic paths to the rootbridge, but interface Fa0/11 is now advertising a better port priority and thereforewill be selected as the root port on SW2.http://www.router-switch.com/

×