L3 Optimizing STP
© Global Knowledge Training LLC
L3-1
Lab 3: Optimizing STP
Objectives In this lab you will enable the second connection between the pod switch and the core switch, and configure it as a trunk. Your switch will then be connected to the core switch by two parallel links, creating a bridging loop. To prevent adverse looping effects, the Spanning Tree Protocol (STP) automatically blocks one of the interfaces for user data; you will examine how STP operates. You will then force your switch to be the primary root bridge for some VLANs, and the secondary root bridge for one VLAN. You will examine and configure some other STP features, and finally configure rapid STP (RSTP). The objectives for this lab are: • Enable the second connection to the core switch as a trunk. • Examine STP operation. • Influence root bridge selection. • Measure STP convergence time. • Examine and implement STP PortFast. • Examine BPDU guard behavior. • Configure and examine RSTP. Important
Substitute your pod number for x and the router number for y in all instructions and commands.
The passwords configured on the devices at this point are: • Console and vty access: username: ccna, password: cisco • enable secret: sanfran
L3-2
© Global Knowledge Training LLC
Lab 3: Optimizing STP
Lab Topology The following diagram illustrates the logical topology used in this lab, along with the IP addresses configured.
Command List The following table lists the commands used in this lab, in alphabetical order.
Cisco IOS Commands Used In This Lab Command
Description
#
Break sequence; use to stop pings.
#configure terminal
Enters global configuration mode.
#copy running-config startupconfig
Saves the running configuration (in RAM) into the startup configuration (in NVRAM).
#debug spanning-tree events
Enables debugging of STP events.
>enable
Enters the EXEC privileged mode.
(config)#end
Terminates configuration mode.
#exit
Exit the current mode and go up one level.
(config)#interface type number
Enters interface configuration mode.
(config)#interface range type number/number - number
Enters interface range configuration mode, to put the same configuration on multiple interfaces simultaneously.
© Global Knowledge Training LLC
L3-3
Lab 3: Optimizing STP
L3-4
#ping [address]
Sends an echo request to the specified address. With no parameters specified, enters extended ping.
#show interface status
Displays status of switch interfaces.
#show interfaces [type number]
Displays info about an interface.
#show running-config
Displays the running configuration.
#show spanning tree [vlan vlan]
Displays spanning tree information, for all or a specified VLAN.
#show spanning tree summary
Displays a summary of spanning tree information on the switch.
#show spanning tree vlan vlan bridge detail
Displays detailed information about the spanning tree on the bridge.
#show spanning tree vlan vlan root detail
Displays detailed information about the spanning tree root.
#show vlan
Displays VLAN information.
#show vlan | include active
Displays information about the active VLANs on the switch.
(config-if)#[no] shutdown
Disables the specified interface. With the no parameter, enables the interface.
(config-if)#[no] spanning-tree bpduguard enable
Enables the BPDU guard feature on the interface. With the no keyword, disables the feature on the interface.
(config-if)#spanning-tree portfast
Enables the PortFast feature on the interface.
(config-if)#spanning-tree portfast trunk
Enables the PortFast feature on the trunked interface.
(config)#spanning-tree mode mode
Selects the STP mode.
(config)#spanning-tree vlan vlan root primary
Makes switch the root for a VLAN.
(config)#spanning-tree vlan vlan root secondary
Makes switch the secondary root for a VLAN.
(config-if)#switchport mode mode
Sets trunking mode of an interface.
(config-if)#switchport trunk allowed vlan vlan-list
Sets VLAN allowed list on an trunk interface.
#undebug all
Turns off all debugging.
© Global Knowledge Training LLC
Lab 3: Optimizing STP
Procedure In this lab you will enable the second connection between the pod switch and the core switch, and configure it as a trunk. Your switch will then be connected to the core switch by two parallel links, creating a bridging loop. To prevent adverse looping effects, the STP automatically blocks one of the interfaces for user data; you will examine how STP operates. You will then force your switch to be the primary root bridge for some VLANs, and the secondary root bridge for one VLAN. You will examine and configure some other STP features, and finally configure RSTP. Note
This lab requires that the previous lab was completed correctly. If you have any doubts, reset to this lab, as described in “Lab 0: Introduction, and Connecting to and Using the Remote Lab Environment”.
Enable the second connection to core switch 1.
Connect to your PxSW and enter configuration mode. Configure the FastEthernet 0/12 connection to the core as a trunk and allow only the pod VLANs 1, 1x, 2x, and 3x on the trunk. Enable the FastEthernet 0/12 interface. (FastEthernet 0/11 is already configured this way.)
PxSW#configure terminal PxSW(config)#interface fastethernet 0/12 PxSW(config-if)#switchport mode trunk PxSW(config-if)#switchport trunk allowed vlan 1,1x,2x,3x PxSW(config-if)#no shutdown PxSW(config-if)#end
Note
2.
In the switchport trunk allowed vlan command you cannot put spaces in the list of VLAN numbers.
On your switch, verify that the FastEthernet 0/1, 0/2, 0/9, 0/10, 0/11 and 0/12 interfaces are “connected” and that the FastEthernet 0/1, 0/11, and 0/12 interfaces are listed as “trunk”.
PxSW#show interfaces status Port Name Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/9 Fa0/10
© Global Knowledge Training LLC
Status connected connected notconnect notconnect notconnect notconnect notconnect notconnect connected connected
Vlan trunk 3x 1 1 1 1 1 1 1x 2x
Duplex a-full a-full auto auto auto auto auto auto a-half a-half
Speed a-100 a-100 auto auto auto auto auto auto a-100 a-100
Type 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX 10/100BaseTX
L3-5
Lab 3: Optimizing STP Fa0/11 Fa0/12 PxSW#
connected connected
trunk trunk
a-full a-full
a-100 10/100BaseTX a-100 10/100BaseTX
If any interfaces are not in the correct state, troubleshoot and fix the issue. 3.
Determine which VLANs are active on your switch.
PxSW#show vlan | include active 1 default 1x VLAN1x 2x VLAN2x 3x VLAN3x PxSW#
active active active active
Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/9 Fa0/10 Fa0/2
You should see four active VLANs: 1, 1x, 2x, and 3x (where x is your pod number).
Examine STP operation 4.
Your switch is now connected to the core switch by two parallel links, creating a bridging loop. To prevent adverse looping effects, STP automatically blocks one of the interfaces for user data. Display a summary of the STP status on the switch.
PxSW#show spanning-tree summary Switch is in pvst mode Root bridge for: VLAN001x, VLAN002x, VLAN003x Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------VLAN0001 1 0 0 2 3 VLAN001x 0 0 0 4 4 VLAN002x 0 0 0 4 4 VLAN003x 0 0 0 4 4 ---------------------- -------- --------- -------- ---------- ---------4 vlans 1 0 0 14 15 PxSW#
Note that the output indicates that the STP is in “pvst mode”. PVST is per-VLAN spanning tree; this mode indicates that standard STP (IEEE 802.1d) is running, on a per-VLAN basis, such that every VLAN has its own spanning tree, each with its own root bridge. 5.
Examine the STP information for VLAN 1 on your switch.
PxSW#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address fcfb.fbb0.0400
L3-6
© Global Knowledge Training LLC
Lab 3: Optimizing STP
Bridge ID
Cost Port Hello Time
19 11 (FastEthernet0/11) 2 sec Max Age 20 sec
Priority Address Hello Time Aging Time
32769 (priority 32768 sys-id-ext 1) 2401.c70f.4d80 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec
Interface ------------------Fa0/1 Fa0/11 Fa0/12
Role ---Desg Root Altn
Sts --FWD FWD BLK
Cost --------19 19 19
Prio.Nbr -------128.1 128.11 128.12
Forward Delay 15 sec
Type -------------------------------P2p P2p P2p
PXSW#
Notice there are two sets of information: the first set is about the root bridge for this VLAN, and the second set is about this bridge (your switch PxSW) for this VLAN The priorities of the root bridge and this bridge are displayed. Important
The sample outputs in this step and in the remainder of this lab were taken from Pod 6 but have been edited to be for a generic Pod x. However, the spanning-tree priorities have not been edited. The priority has two components as illustrated in bridge ID example in this step: the “priority” of 32768, plus the “sys-id-ext”, which is really the VLAN number and is 1 in this case. For pod-specific VLANs (1x, 2x, and 3x), there is no deterministic way to edit the first priority number, so it was left at the Pod 6 value.
You can also examine the STP bridge detail on your switch. PxSW#show spanning-tree vlan 1 bridge detail VLAN0001 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 2401.c70f.4d80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec PxSW#
You can also examine just the STP root detail information for VLAN 1 on your switch. PxSW#show spanning-tree vlan 1 root detail VLAN0001 Root ID Priority 24577 Address fcfb.fbb0.0400 Cost 19 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec PxSW#
© Global Knowledge Training LLC
Forward Delay 15 sec
L3-7
Lab 3: Optimizing STP
6. Telnet to the core switch (its address is 172.16.1.7 and its vty password is cisco) and examine the STP information for VLAN 1. (Note that the show spanning-tree vlan 1 root detail command is not available to you in user mode on the core switch.) When you are finished, exit the telnet. PxSW#telnet 172.16.1.7 Trying 172.16.1.7 ... Open
User Access Verification Password:cisco core-sw>show spanning-tree vlan 1
VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577 Address fcfb.fbb0.0400 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID
Priority Address Hello Time Aging Time
Forward Delay 15 sec
24577 (priority 24576 sys-id-ext 1) fcfb.fbb0.0400 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec
core-sw>exit
The core switch’s output indicates that “This bridge is the root”. Can you tell why this switch became the root bridge? The switch with the lowest bridge ID becomes the root bridge. The bridge ID is the priority (which includes the VLAN number) and the MAC address. Notice that the core switch has a lower priority for VLAN 1 (it was configured to be this way!); it is 24577, whereas we saw in the previous step that the pod switch priority is 32769. Therefore the core switch becomes the root bridge for VLAN 1. 7.
The priority of the core switch has not been changed for the other VLANs, so the MAC address will determine the switch that is the root for those VLANs. Determine which switch is the root for VLANs 1x, 2x, and 3x by examining the STP root detail information for each of them.
PxSW#show spanning-tree vlan 1x root detail VLAN001x Root ID Priority 32784 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec
PxSW#show spanning-tree vlan 2x root detail VLAN002x Root ID Priority 32794 Address 2401.c70f.4d80
L3-8
© Global Knowledge Training LLC
Lab 3: Optimizing STP This bridge is the root Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec
PxSW#show spanning-tree vlan 3x root detail VLAN003x Root ID Priority 32804 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec
Which switch is the root for these VLANs? In the example outputs, PxSW is the root for all three of these VLANs. 8.
Examine the spanning tree status for VLAN 1 on your switch again.
PxSW#show spanning-tree vlan 1
VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address fcfb.fbb0.0400 Cost 19 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Bridge ID
Priority Address Hello Time Aging Time
Interface ------------------Fa0/1 Fa0/11 Fa0/12
Role ---Desg Root Altn
Forward Delay 15 sec
32769 (priority 32768 sys-id-ext 1) 2401.c70f.4d80 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD BLK
Cost --------19 19 19
Prio.Nbr -------128.1 128.11 128.12
Type -------------------------------P2p P2p P2p
PxSW#
For VLAN 1 you can see that the Root ID and Bridge ID’s address fields are different, indicating that your switch is not the root for VLAN 1 (because the core switch is the root). You can also observe the current settings for the various timers. You can see the two components of your switch’s priority: the “priority” of 32768, plus the “sys-id-ext”, which is really the VLAN number and is 1 in this case. You can also see that FastEthernet 0/1 and 11 are forwarding (FWD), and FastEthernet 0/12 is blocked (BLK). That’s because FastEthernet 0/1 is the designated port for the segment connecting the switch to PxR1, and FastEthernet 0/11 is the switch’s root port. The FastEthernet 0/12 link runs parallel to the link from FastEthernet 0/11, and was blocked to prevent looping. Why did FastEthernet 0/11 win the battle? Because the path costs are equal (both are 19), but the port identifiers (port numbers) are not and the lowest (11 in this case) wins. What about FastEthernet 0/2,
© Global Knowledge Training LLC
L3-9
Lab 3: Optimizing STP
0/9, and 0/10? Those ports don’t show up in the VLAN 1 section, because they are on other VLANs. 9.
Now, look at the spanning tree status for VLAN 1x and note which ports are included and what their status is.
PxSW#show spanning-tree vlan 1x VLAN001x Spanning tree enabled protocol ieee Root ID Priority 32784 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID
Priority Address Hello Time Aging Time
Interface ------------------Fa0/1 Fa0/9 Fa0/11 Fa0/12
Role ---Desg Desg Desg Desg
Forward Delay 15 sec
32784 (priority 32768 sys-id-ext 1x) 2401.c70f.4d80 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD FWD FWD
Cost --------19 19 19 19
Prio.Nbr -------128.1 128.9 128.11 128.12
Type -------------------------------P2p Shr P2p P2p
PxSW#
For VLAN 1x, you should see that FastEthernet 0/9 is listed (it’s the designated port for the segment between the switch and PC1), as well as FastEthernet 0/1, 0/11, and 0/12. Why do these three ports appear for both VLANs? Because they are trunks! 10. Similarly you can examine the spanning tree status for VLANs 2x and 3x. PxSW#show spanning-tree vlan 2x VLAN002x Spanning tree enabled protocol ieee Root ID Priority 32794 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID
Priority Address Hello Time Aging Time
Interface ------------------Fa0/1 Fa0/10 Fa0/11 Fa0/12
Role ---Desg Desg Desg Desg
Forward Delay 15 sec
32794 (priority 32768 sys-id-ext 2x) 2401.c70f.4d80 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD FWD FWD
Cost --------19 19 19 19
Prio.Nbr -------128.1 128.10 128.11 128.12
Type -------------------------------P2p Shr P2p P2p
PxSW#
L3-10
© Global Knowledge Training LLC
Lab 3: Optimizing STP
For VLAN 2x, you should see that FastEthernet 0/10 is listed (it’s the designated port for the segment between the switch and PC2), as well as the trunks FastEthernet 0/1, 0/11, and 0/12. PxSW#show spanning-tree vlan 3x VLAN003x Spanning tree enabled protocol ieee Root ID Priority 32804 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID
Priority Address Hello Time Aging Time
Interface ------------------Fa0/1 Fa0/2 Fa0/11 Fa0/12
Role ---Desg Desg Desg Desg
Forward Delay 15 sec
32804 (priority 32768 sys-id-ext 3x) 2401.c70f.4d80 2 sec Max Age 20 sec Forward Delay 15 sec 300 sec Sts --FWD FWD FWD FWD
Cost --------19 19 19 19
Prio.Nbr -------128.1 128.2 128.11 128.12
Type -------------------------------P2p P2p P2p P2p
PxSW#
For VLAN 3x, you should see that FastEthernet 0/2 is listed (it’s the designated port for the segment between the switch and PxR2), as well as the trunks FastEthernet 0/1, 0/11, and 0/12.
Configure primary and secondary root bridges In this section you will force your switch to be the primary root bridge for your pod VLANs: VLANs 1x, 2x, and 3x, and to be the secondary root bridge for VLAN 1. The core switch is already configured to be the primary root bridge for VLAN 1. Note
Depending on the MAC addresses of your switch and the core switch, this configuration may not change which switch is the root bridge for your pod VLANs. However, the root bridge selection will no longer be dependent on what the MAC addresses happen to be.
11. Make your switch the primary root for VLANs 1x, 2x, and 3x. PxSW#configure terminal PxSW(config)#spanning-tree vlan 1x root primary PxSW(config)#spanning-tree vlan 2x root primary PxSW(config)#spanning-tree vlan 3x root primary
12. Make your switch the secondary root for VLAN 1. PxSW(config)#spanning-tree vlan 1 root secondary
© Global Knowledge Training LLC
L3-11
Lab 3: Optimizing STP
13. Examine the STP status on your switch for all of the VLANs, and compare it to the information you obtained earlier. Verify that the root bridge is as you expect for each VLAN. PxSW#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address fcfb.fbb0.0400 Cost 19 Port 11 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec VLAN001x Spanning tree enabled protocol ieee Root ID Priority 24592 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec VLAN002x Spanning tree enabled protocol ieee Root ID Priority 24602 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec VLAN003x Spanning tree enabled protocol ieee Root ID Priority 24612 Address 2401.c70f.4d80 This bridge is the root Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec
Forward Delay 15 sec
Forward Delay 15 sec
Forward Delay 15 sec
PxSW#
Notice that your switch is the root for VLANs 1x, 2x, and 3x (and it says so), with a priority of well below the default of 32,768. Your switch is not the root for VLAN 1 because its priority is higher than the root bridge (the core switch) for this VLAN.
Measure STP convergence time 14. Connect to PxR1. In order to measure the STP convergence time, start a string of pings from PxR1 to the TFTP server. To do this, use the extended ping feature of IOS: Just type ping without specifying a destination (you must be in privileged mode to do this). The router will respond by asking for additional information. Answer the questions as follows (the “Repeat count” of a million is not a typo, you want a good long string of pings, and pings are cheap!): PxR1#ping Protocol [ip]: Target IP address: 172.16.1.1
L3-12
© Global Knowledge Training LLC
Lab 3: Optimizing STP Repeat count [5]: 1000000 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000000, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (this goes on and on …)
15. Leave the pings running, and shut down the switch’s FastEthernet 0/11 interface. This is the interface that is currently forwarding for VLAN 1. PxSW#configure terminal PxSW(config)#interface fastethernet 0/11 PxSW(config-if)#shutdown
16. After the switch’s FastEthernet 0/11 goes down, look at PxR1’s console output. You should see an interruption of the stream of pings (it should change from !’s to dots, and then back to !’s). Count the number of dots (missed pings). Number of missed pings: Since the default ping timeout is 2 seconds, double the number of missed pings to get the STP convergence time in seconds. STP convergence time: ____________________________seconds Based on previous experience with STP on these switches, the expected convergence time is around 30 seconds. 17. With the pings from PxR1 still running, bring the switch’s FastEthernet 0/11 interface back up, leave config mode, and again examine the output on PxR1. PxSW(config-if)#no shutdown PxSW(config-if)#end
18. What happened to PxR1’s pings after the switch’s FastEthernet 0/11 came back up? Count the number of dots (missed pings). Note that you may have to wait a bit for the display to catch up to the output, in order to see the missed pings. Number of missed pings: Since Cisco’s implementation of ping uses a two-second timeout, double the number of missed pings to get the STP convergence time in seconds. STP convergence time: ____________________________seconds Interestingly, gaining additional connectivity (by bringing a preferred interface on line) can result in a temporary connectivity loss! For this reason, some people consider STP to be a “broken” protocol, and avoid it when possible.
© Global Knowledge Training LLC
L3-13
Lab 3: Optimizing STP
19. Stop the pings on PxR1 using the break sequence. PxR1#
Examine and implement STP PortFast In this section you will examine how the PortFast feature can help improve STP. The PortFast feature causes an interface to skip the listening and learning state, and go directly to the forwarding state. It is only appropriate to use this feature on an interface that is connected to a non-switch device, such as PC1, PC2, and your pod routers. 20. First, shutdown the FastEthernet 0/9 interface on PxSW; this interface connects to PC1. PxSW#configure terminal PxSW(config)#interface fa0/9 PxSW(config-if)#shutdown PxSW(config-if)#end
21. Using STP event debugging is another way to see how long it takes for an interface to come up after you enable it. Enable debugging of STP events on your switch. PxSW#debug spanning-tree events
22. Enable the FastEthernet 0/9 interface on PxSW and examine the debug output. Wait until the interface is in the forwarding state. PxSW#configure terminal PxSW(config)#interface fa0/9 PxSW(config-if)#no shutdown PxSW(config-if)#exit *Mar 1 06:27:55.878: STP: VLAN001x Fa0/9 -> listening PxSW#(config-if)# *Mar 1 06:27:56.960: STP: VLAN001x Topology Change rcvd on Fa0/9 PxSW#(config-if)# *Mar 1 06:27:57.866: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state t o up *Mar 1 06:27:58.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/9, changed state to up PxSW#(config-if)# *Mar 1 06:28:10.885: STP: VLAN001x Fa0/9 -> learning PxSW#(config-if)# *Mar 1 06:28:25.892: STP[1x]: Generating TC trap for port FastEthernet0/9 *Mar 1 06:28:25.892: STP: VLAN001x Fa0/9 -> forwarding
Notice how long it takes between the time that the interface goes into the listening state to the time it goes into the forwarding state. It should take approximately 30 seconds. 23. As mentioned, it is only appropriate to use this feature on an interface that is connected to a non-switch device, such as PC1, PC2, and your pod routers. First enable PortFast on the FastEthernet 0/1 interface on PxSW; this is a trunk interface so the trunk parameter is required on the command. PxSW(config)#interface fa0/1 PxSW(config-if)#spanning-tree portfast trunk PxSW(config-if-)#exit
L3-14
© Global Knowledge Training LLC
Lab 3: Optimizing STP
24. Enable PortFast on the FastEthernet 0/2, 0/9 and 0/10 interfaces on PxSW. PxSW(config)#interface fa0/2 PxSW(config-if-)#spanning-tree portfast PxSW(config-if-)#exit PxSW(config)#interface fa0/9 PxSW(config-if-)#spanning-tree portfast PxSW(config-if-)#exit PxSW(config)#interface fa0/10 PxSW(config-if-)#spanning-tree portfast PxSW(config-if-)#exit
25. Perform the test again: Shutdown the FastEthernet 0/9 interface and then enable it. Examine the debug output. PxSW(config)#interface fa0/9 PxSW(config-if)#shutdown PxSW(config-if)#no shutdown PxSW(config-if)#end *Mar 1 06:34:18.222: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state t o down PxSW#(config-if)# *Mar 1 06:34:18.256: set portid: VLAN001x Fa0/9: new port id 8009 *Mar 1 06:34:18.256: STP: VLAN001x Fa0/9 ->jump to forwarding from blocking *Mar 1 06:34:18.826: STP: VLAN001x heard root 33474-001c.573e.0e00 on Fa0/9 *Mar 1 06:34:18.826: STP: VLAN001x Topology Change rcvd on Fa0/9 PxSW#(config-if)# *Mar 1 06:34:20.244: %LINK-3-UPDOWN: Interface FastEthernet0/9, changed state t o up *Mar 1 06:34:21.250: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/9, changed state to up
Notice that the interface jumps into the forwarding state immediately; it now takes less than a second.
Examine BPDU guard behavior In this section you will examine the behavior of the BPDU guard feature. This feature is typically used on an interface that is configured with the PortFast feature; it puts the interface into an error disabled state if a bridge protocol data unit (BPDU) is received. BPDUs are sent by switches, so if one is received on an interface that should not be connected to a switch (since it is configured for PortFast), there is a problem. In this section you will configure it on interfaces that are connected to a switch, to see the feature working. 26. Enable the BPDU guard feature on the FastEthernet 0/11 and FastEthernet 0/12 interfaces on PxSW; these interfaces connect to the core switch. PxSW#configure terminal PxSW(config)#interface range fa0/11 - 12 PxSW(config-if-range)#spanning-tree bpduguard enable PxSW(config-if-range)#end
© Global Knowledge Training LLC
L3-15
Lab 3: Optimizing STP
27. Examine the debug output *Mar 1 06:37:42.619: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/11 with BPDU Guard enabled. Disabling port. *Mar 1 06:37:42.619: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/11, put ting Fa0/11 in err-disable state *Mar 1 06:37:42.627: STP: VLAN0001 new root port Fa0/12, cost 19 *Mar 1 06:37:42.627: STP: VLAN0001 Fa0/12 -> listening *Mar 1 06:37:42.627: STP[1]: Generating TC trap for port FastEthernet0/11 *Mar 1 06:37:42.627: STP[1x]: Generating TC trap for port FastEthernet0/ PxSW#(config-if-range)#11 *Mar 1 06:37:42.627: STP[2x]: Generating TC trap for port FastEthernet0/11 *Mar 1 06:37:42.627: STP[3x]: Generating TC trap for port FastEthernet0/11 *Mar 1 06:37:42.636: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/12 with BPDU Guard enabled. Disabling port. *Mar 1 06:37:42.636: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/12, put ting Fa0/12 in err-disable state
Notice that the BPDU guard feature immediately disables the Fa0/11 interface; it was the one that was forwarding. The Fa0/12 interface takes over, but then it is immediately disabled too, because a BPDU was received from the core switch. 28. Examine the state of the FastEthernet 0/11 and FastEthernet 0/12 interfaces. PxSW#show interface fa0/11 FastEthernet0/11 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 2401.c70f.4d8b (bia 2401.c70f.4d8b) PxSW#show interface fa0/12 FastEthernet0/12 is down, line protocol is down (err-disabled) Hardware is Fast Ethernet, address is 2401.c70f.4d8c (bia 2401.c70f.4d8c)
Both interfaces are err-disabled. 29. To enable the interfaces again, remove the BPDU guard feature, shutdown and then enable the interfaces. PxSW#configure terminal PxSW(config)#interface range fa0/11 - 12 PxSW(config-if-range)#no spanning-tree bpduguard enable PxSW(config-if-range)#shutdown PxSW(config-if-range)#no shutdown PxSW(config-if-range)#end
30. Examine the state of the FastEthernet 0/11 and FastEthernet 0/12 interfaces again. PxSW#show interface fa0/11 FastEthernet0/11 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 2401.c70f.4d8b (bia 2401.c70f.4d8b) PxSW#show interface fa0/12 FastEthernet0/12 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 2401.c70f.4d8c (bia 2401.c70f.4d8c)
Both interfaces should be up/up. L3-16
© Global Knowledge Training LLC
Lab 3: Optimizing STP
31. Turn off all debugging on PxSW. PxSW#undebug all
Configure RSTP 32. Configure your switch for Rapid Spanning Tree Protocol (IEEE 802.1w). (The core switch is already enabled for RSTP.) PxSW#configure terminal PxSW(config)#spanning-tree mode rapid-pvst
33. Examine the STP configuration on your switch. PxSW#show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 24577
The display should say “Spanning tree enabled protocol rstp”, indicating that your switch is running RSTP (IEEE 802.1w). 34. Display the switch’s running config: PxSW#show running-config Building configuration... ! spanning-tree mode rapid-pvst
Measure RSTP convergence time 35. To measure the RSTP convergence time, start another million pings running from PxR1 to the TFTP server (172.16.1.1): PxR1#ping Protocol [ip]: Target IP address: 172.16.1.1 Repeat count [5]: 1000000 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000000, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (this goes on and on …)
36. Leave the pings running, and shut down the switch’s FastEthernet 0/11 interface. PxSW#configure terminal PxSW(config)#interface fastethernet 0/11 PxSW(config-if)#shutdown
© Global Knowledge Training LLC
L3-17
Lab 3: Optimizing STP
37. After the switch’s FastEthernet 0/11 goes down, you might see an interruption on the stream of pings (shift from !’s to dots, and back to !’s). Count the number of missed pings. Number of missed pings: Since the default ping timeout is 2 seconds, double the number of missed pings to get the RSTP convergence time in seconds. RSTP convergence time: ____________________________seconds How does this compare with the previous result? 38. With the pings from PxR1 still running, bring the switch’s FastEthernet 0/11 interface back up. PxSW(config-if)#no shutdown
39. What happened to PxR1’s pings after the switch’s FastEthernet 0/11 came back up? Count the number of dots (missed pings). Number of missed pings: Double the number of missed pings to get the RSTP convergence time in seconds. RSTP convergence time: ____________________________seconds How does this compare to the time for regular STP? What is your opinion of RSTP versus STP? 40. Stop the pings from R1 using the break sequence: PxR1#
Save the configurations 41. Save all of your pod device configurations to startup-config. PxSW#copy running-config startup-config PxR1#copy running-config startup-config PxR2#copy running-config startup-config
Lab Complete
L3-18
© Global Knowledge Training LLC
Lab 3: Optimizing STP
Completed Configuration Your configuration should be similar to the example below. PC1 has address 10.1.x.10, with subnet mask 255.255.255.0. Its default gateway is set to 10.1.x.1. PC2 has address 10.2.x.20, with subnet mask 255.255.255.0. Its default gateway is set to 10.2.x.1. Note
These example configurations include no shutdown commands on some interfaces and the crypto key generate rsa modulus 1024 command. You will not see these commands in the output of the show running-config command. In the PxSW configuration you will also see more detail in the crypto pki certificate section in the output of the show running-config command.
PxSW: version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PxSW ! boot-start-marker boot-end-marker ! enable secret 5 $1$MwWB$mlGhntn.NW88DZkZ6Bu5E0 ! username ccna secret 5 $1$4ply$OXbD45OeKajioPlV5EHdQ0 no aaa new-model system mtu routing 1500 vtp mode transparent ! ! no ip domain-lookup ip domain-name cisco.com ! crypto key generate rsa modulus 1024 ! crypto pki trustpoint TP-self-signed-3339668864 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3339668864 revocation-check none rsakeypair TP-self-signed-3339668864 ! ! crypto pki certificate chain TP-self-signed-3339668864 certificate self-signed 01 nvram:IOS-Self-Sig#5.cer !
© Global Knowledge Training LLC
L3-19
Lab 3: Optimizing STP ! ! ! spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 1 priority 28672 spanning-tree vlan 1x,2x,3x priority 24576 ! vlan internal allocation policy ascending ! vlan 1x name VLAN1x ! vlan 2x name VLAN2x ! vlan 3x name VLAN3x ! ip ssh version 2 ! ! ! ! ! interface FastEthernet0/1 switchport trunk allowed vlan 1,1x,2x,3x switchport mode trunk spanning-tree portfast trunk ! interface FastEthernet0/2 switchport access vlan 3x spanning-tree portfast ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 switchport access vlan 1x spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 2x spanning-tree portfast ! interface FastEthernet0/11 switchport trunk allowed vlan 1,1x,2x,3x switchport mode trunk !
L3-20
© Global Knowledge Training LLC
Lab 3: Optimizing STP interface FastEthernet0/12 switchport trunk allowed vlan 1,1x,2x,3x switchport mode trunk ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 172.16.1.1x3 255.255.255.0 no shutdown ! ip default-gateway 172.16.1.1x1 ip http server ip http secure-server logging esm config ! line con 0 exec-timeout 60 0 logging synchronous login local line vty 0 4 exec-timeout 60 0 logging synchronous login local transport input ssh line vty 5 15 exec-timeout 60 0 logging synchronous login local transport input ssh ! end
© Global Knowledge Training LLC
L3-21
Lab 3: Optimizing STP
PxR1: version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PxR1 ! boot-start-marker boot-end-marker ! ! enable secret 4 NUtXpRU892oGmKT2hPuxM6rMJlDMKfYF3czf8T.rrWA ! no aaa new-model ! ip cef ! ! ! ! ! ! no ip domain lookup ip domain name cisco.com ipv6 unicast-routing ipv6 cef multilink bundle-name authenticated ! ! ! ! license udi pid CISCO2901/K9 sn FTX170480E4 ! crypto key generate rsa modulus 1024 ! username ccna secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY ! ! ip ssh version 2 csdb tcp synwait-time 30 csdb tcp idle-time 3600 csdb tcp finwait-time 5 csdb tcp reassembly max-memory 1024 csdb tcp reassembly max-queue-length 16 csdb udp idle-time 30 csdb icmp idle-time 10 csdb session max-session 65535 ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0
L3-22
© Global Knowledge Training LLC
Lab 3: Optimizing STP no ip address speed auto duplex auto no shutdown ! interface GigabitEthernet0/0.1 encapsulation dot1Q 1 native ip address 172.16.1.1x1 255.255.255.0 ipv6 address 2001:DB8:10:x::1/64 no shutdown ! interface GigabitEthernet0/0.1x encapsulation dot1Q 1x ip address 10.1.x.1 255.255.255.0 ip access-group 100 in ipv6 address 2001:DB8:1:x::1/64 no shutdown ! interface GigabitEthernet0/0.2x encapsulation dot1Q 2x ip address 10.2.x.1 255.255.255.0 ip access-group 100 in ipv6 address 2001:DB8:2:x::1/64 no shutdown ! interface GigabitEthernet0/0.3x encapsulation dot1Q 3x ip address 10.3.x.1 255.255.255.0 ipv6 address 2001:DB8:3:x::1/64 no shutdown ! interface GigabitEthernet0/1 ip address 192.168.xx.1 255.255.255.0 shutdown speed auto duplex auto ipv6 address autoconfig ! interface Serial0/0/0 no ip address shutdown ! interface Serial0/0/1 no ip address shutdown ! router ospf 1 router-id 1.1.x.1 network 10.1.x.0 0.0.0.255 area 0 network 10.2.x.0 0.0.0.255 area 0 network 10.3.x.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 network 192.168.xx.0 0.0.0.255 area 0 ! ip forward-protocol nd ! no ip http server no ip http secure-server
© Global Knowledge Training LLC
L3-23
Lab 3: Optimizing STP ! ! access-list 100 deny tcp host 10.1.x.10 host 192.168.xx.3 eq telnet access-list 100 deny tcp host 10.2.x.20 host 192.168.xx.3 eq telnet access-list 100 permit ip any any ipv6 route ::/0 GigabitEthernet0/1 2001:DB8:168:xx::3 ! ! ! control-plane ! ! ! line con 0 exec-timeout 60 0 logging synchronous login local line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 exec-timeout 60 0 logging synchronous login local transport input ssh line vty 5 15 exec-timeout 60 0 logging synchronous login local transport input ssh ! scheduler allocate 20000 1000 ! end
PxR2: version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PxR2 ! boot-start-marker boot-end-marker ! ! enable secret 4 NUtXpRU892oGmKT2hPuxM6rMJlDMKfYF3czf8T.rrWA ! no aaa new-model ! ip cef
L3-24
© Global Knowledge Training LLC
Lab 3: Optimizing STP ! ! ! ! ! ! no ip domain lookup ip domain name cisco.com ipv6 unicast-routing ipv6 cef multilink bundle-name authenticated ! ! ! ! license udi pid CISCO2901/K9 sn FTX170480EA ! crypto key generate rsa modulus 1024 ! username ccna secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY ! ! ip ssh version 2 csdb tcp synwait-time 30 csdb tcp idle-time 3600 csdb tcp finwait-time 5 csdb tcp reassembly max-memory 1024 csdb tcp reassembly max-queue-length 16 csdb udp idle-time 30 csdb icmp idle-time 10 csdb session max-session 65535 ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.3.x.2 255.255.255.0 speed auto duplex auto ipv6 address 2001:DB8:3:x::2/64 no shutdown ! interface GigabitEthernet0/1 no ip address shutdown speed auto duplex auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1
© Global Knowledge Training LLC
L3-25
Lab 3: Optimizing STP no ip address shutdown ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.3.x.1 ! ipv6 route ::/0 GigabitEthernet0/0 2001:DB8:3:x::1 ! ! ! control-plane ! ! ! line con 0 exec-timeout 60 0 logging synchronous login local line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 exec-timeout 60 0 logging synchronous login local transport input ssh line vty 5 15 exec-timeout 60 0 logging synchronous login local transport input ssh ! scheduler allocate 20000 1000 ! end
L3-26
© Global Knowledge Training LLC
