Sunday, December 31, 2017

Cisco CCNP:300-115 - 1.6 Configure and verify spanning tree: 1.6.a PVST+, RPVST+, MST

Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.


      - The switch creates up to 128 spanning-tree instances
      - One spanning-tree instance is allowed per VLAN
      - PVST+ is based on IEEE 802.1D standard
      - Rapid per-VLAN spanning-tree plus (rapid-PVST+) based on IEEE 802.1w standard
      - Switch stack appears as a single spanning-tree mode to the rest of the network
      - All stack members use the same bridge ID
      - In a switch stack, one member is elected as the stack root switch
      - The stack root switch contains the outgoing root port


    Default state of spappning tree is enabled
      - Enabled
      - Spanning-tree mode PVST+
      - Switch Priority 32768
      - Port Cost 4 -> 1000 Mb/s
                19 -> 100 Mb/s
                100 -> 100 Mb/s
      - Spanning-tree VLAN priority 128
      - Spannint-tree timers
              - Hello Time -> 2 seconds
              - Forward Delay -> 15 seconds
              - Maximum aging -> 20 seconds
              - Transmit Hold -> 6 BPDUs



    STP Overview
      - Layer 2 link management protocol
      - Enabled by default
      - Provides path redundancy while preventing loops in the network
      - Roles are assigned to each port based on the role of the port in the active topology

      - Port states
          - Root: Forwarding port elected for the spanning tree topology
          - Designated: forwarding port elected for every switch segment
          - Alternate: Blocked port providing alternate path to the root bridge
          - Backup: Blocked port in a loopback configuration

      - The which which has all of its ports as either designated or backup role is the root switch
      - The switch which has at least 1 of its port in the designated role is called the designated switch
      - Redundant data paths are forced into standy (blocked) state
      - Spanning Tree frame are called Bridge Protocol Data Units (BPDU)
      - BPDU contains information about the sending switch and its port.
      - Information included in BPDU are:
            - switch and mac-addresses
            - switch priority
            - Port priority
                - Represents the location of a port in the network topology
                - Port priority range is from 0-240
                - Done in increments of 16, eg. 0,16,32,48, ...., 208,224,240
                - Default is 128
            - path cost
                - Represents media speed
                - Cost is used when selecting an interface to put in forwarding state when a loop occurs
                - Lower cost wins
                - If all interfaces have the same cost value the interface with the lowest interfance wins and goes into forwarding state
                - Cost goes from 1 to 200,000,000
            - VLAN Priority
                - ranges from 0 - 61440
                - Incremetns of 4096




      - The four pieces of information identifed above are used to elect the root switch and the root port for the switched network
      - The four pieces of information identifed above are used to elect the root port and designated port for each switched segment
      - Port priority and path cost control which port is put in forward and block states when a looped link is encountered
     
      - Port identifier is made up of port priority and its MAC address
      - When switches are powered up, each operates as a root switch
      - Configuration BPDU are sent out all ports
      - Configuration BPDUs contain the following:
          - Unique bridge ID of the switch the sending switch thinks is the root
          - Spanning-tree path cost to the root
          - The bridge ID of the sending switch
          - Message age
          - The identifier of the sending interface
          - Values for the hello, forward delay and max-age control timers

      - BPDUs that contain lower bridge ID, lower path cost, etc are considered to be superior
      - When superior BPDUs are received on the root port of the switch, the switch forwards them with an updated message to all of the designated switch LANs
      - Inferior BPDUs are discarded
      - Basically inferior information is discarded and superior information is propogated
      - The switch with the lowest numerical priority value for each VLAN is considered the root switch.
      - Lowest numerical priority is highest priority. Highest priority wins
      - If all switches are configured with default priority, the switch with the lowest MAC address wins
      - Switch priority is found in the most significant bits of the bridge ID

      - A root port is selected for each switch except the root switch
      - root port provides the best path (lowest cost) when forwarding packets to the root switch

      - On a switch stack, the following sequence is used to select a root port.
          - Lowest root bridge ID -> lowest path cost to the root switch -> lowest designated bridge ID -> lowest designated path cost -> lowest port ID
      - Only one outgoing port on the stack is selected as the root port. The remaining switches in the stack becomes designated switches
      - Path cost is used to calculate the shortest distance to the root switch
      - A designated switch for each VLAN is selected
      - The port which connects to the designated switch to the LAN is called the designated port

      - The unique bridge ID is made up of extended system ID, switch priority and spanning-tree allocated MAC address

      - Configuring a high priority value reduces the chances of a switch becoming the root
      - Configuring a lower priority value, increases the chances of a switch becoming the root

      - Spanning tree interface states are as follows:
        - blocking:
                  - No participation in frame forwarding
                  - Interfaces always enter the blocking state after inititalization
                  - Frames received on the interface are discarded
                  - Does not learn addresses
                  - Receives BPDU
        - Listening:
                  - first state as it transitions from blocking
                  - Interface will participate in spanning-tree
                  - Discard frames received on the interface
                  - Does not learn addresses
                  - Receives BPDUs
        - Learning
                  - preprating to participate in frame forwarding
                  - Discard frames received on the interfaces
                  - Learns addresses
                  - Receives BPDUs
        - Forwarding:
                  - forwarding of frames
                  - Learns addresses
                  - Receives BPDUs


        - Disabled:
                  - Not participating in spanning tree. Possible shutdown port, no link or no spanning-tree instance running on the port
                  - Discards frames received on the interface
                  - Does not learn addresses
                  - Does not receive BPDUs

      - Interface transition states
          - blocking -> [listening|disabled] -> [learning|disabled] -> [forwarding|disabled] -> forwarding -> disabled
     

    - When all switches in the spanning-tree have the same settings, the swich with the lowest MAC address becomes the root
    - You should aim to make the fastest link the root port

      - Spanning Tree Modes
          -  PVST+
                - Based on 802.1D
                - Default spanning-tree mode on all ethernet port based VLANs
                - Runs on each VLAN on the switch
                - Provides L2 load balancing
                - Each instance has a single root switch on a VLAN
          -  Rapid PVST+
                - Same as PVST+, except it uses rapid convergence
                - Based on 802.1w standard
                - uses the same configuration as PVST
                - Allows for fast convergence of spanning tree
                - Eliminates the forward delay
                - Quickly trnaisitions root ports and designated ports for to forwarding state
                - Cannot run MSTP without RSTP or CSRT


          -  MSTP
                - Based on 802.1s standard
                - Can map multiple VLANs to the same spanning-tree instance
                - Runs on RSTP (Based on 802.1w)
                - Most common deployment is the backbone and distribution layers

      - in PVST+ or rapid-PVST+ mode there can be up to 128 spanning-tree instances
      - in MSTP mode, there can be up to 65 MST instances
      - Number of VLANs which can be mapped to MST is unlimited
      - Common-tree (CST) root must be inside the MST backbone
      - PVST+ switch cannot be connect to multiple MST regions

      - All stack members run the same version of spanning tree

      - STP and trunking
          - The standard requires only one spanning-tree instance for all VLANs
          - Cisco switches maintains one spanning per VLAN instance
          - When a Cisco switch is connected to a non-Cisco switch PVST+ is used. The switches may use PVST+ if enabled
          - PVST+ is automatically enabled on IEE802.1Q trunks


    - Caution: Switches that are not running spanning tree still forwards BPDUs that  are received

    - To force a switch to become the root, use:
        SW2(config)#spanning-tree vlan 30 root primary

    - When the above command is issues, the switch sets it priority to 24576, if this value will cause it to become the root
    - If an existing switch has a priority lower than 24576, the root switch sets it priority to 4096 less than the other switch value to become the root
    - The root switch for each spanning-tree instance should be a backbone or distribution switch.
    - Do not configure an access switch as the spanning-tree primary root

References:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvlan.html

No comments:

Post a Comment