RETIRED! Exam
Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network.
During the process of Spanning-Tree Algorithm execution, some redundant ports need to be blocked. This is required to avoid bridging loops. To choose which port to use for forwarding frames, and which port to block, the following three components are used by the Spanning-Tree Protocol:
1. Path Cost: The port with lowest path cost is placed in the forwarding mode. Other ports are placed in blocking mode.
2. Bridge ID: If the path costs are equal, then the bridge ID is used to determine which port should forward. The port with the lowest Bridge ID is elected to forward, and all other ports are blocked
3. Port ID: If the path cost and bridge ID are equal, the Port ID is used to elect the forwarding port. The lowest port ID is chosen to forward. This type of situation may arise when there are parallel links, used for redundancy.
During the process of Spanning-Tree Protocol execution, Root switch (say, switch A) is elected first. Next, the switch closest to the root switch is selected. This switch is known as Designated switch or Parent switch (say switch B). The frames are forwarded to the root switch(A) through the designated switch(B). Now the lowest cost port on a switch (say switch C) is selected. This is known as the Root port. A Root Port is the port on a switch that has the lowest cost path to the Root Bridge. All Non-Root Switches will have one Root Port. Here, switch B is the designated switch for switch C and switch A is known as the root switch for switch C. Note that switch C is connected to the root switch (A) through its designated switch (B).
All switches participating in STP exchange information with other switches in the network through messages, known as, Bridge Protocol Data Units (BDPUs). BPDUs are sent out at a frequency of 2 seconds on every port.
The command "show spanningtree" includes information about the following:
1. VLAN number
2. Root bridge priority, MAC address
3. Bridge timers (Max Age, Hello Time, Forward Delay)
A switch, participating in Spanning-Tree protocol, passes through the following states:
1. Blocked state: This is the initial state. All ports are put in a blocked state to prevent bridging loops.
2. Listen state: This is the second state of switch ports. Here all the ports are put in listen mode. The port can listen to frames but can't send. The period of time that a switch takes to listen is set by "fwd delay" .
3. Learn state: Learn state comes after Listen state. The only difference is that the port can add information that it has learned to its address table. The period of time that a switch takes to learn is set by "fwd delay".
4. Forward state: A port can send and receive data in this state. Before placing a port in forwarding state, Spanning-Tree Protocol ensures that there are no redundant paths or loops.
5. Disabled state: This is the state when the switch port is disabled. A switch port may be disabled due to administrative reasons or due to switch specific problems
STP is enabled on every port on Cisco switches, by default. It is preferred to leave it enabled, so that bridging loops don't occur. STP can be disabled selectively on any specific port by issuing the command:
Switch #set spantree disable <mod-number>/<port-number>
Ex: Switch#set spantree disable 2/4
The above command disables STP on port 4 of module 2.
When a bridge starts up, the bridge ID is set as root ID. That is, it considers itself as the root bridge. However, while exchanging BDPUs, if it comes across a BDPU that has a bridge ID lower than its own, then the bridge corresponding to the BDPU is considered as root bridge, and this information is propagated.
The bridge ID consists of the following:
1. 2-byte priority: The default value on Cisco switches is 0X8000 (32,768), lower the priority, higher the chances of becoming a root bridge.
2. MAC address: The 6 byte MAC address of the bridge. Lower the MAC address, higher the chances of becoming a root bridge.
Spanning Tree Protocol (STP) 802.1d is used to prevent routing loops. Cisco Catalyst 5000 series switches, use BDPUs (Bridge Protocol Data Units) to determine the spanning tree topology. STP uses a Tree Algorithm (STA) to prevent loops, resulting in a stable network topology.
Internally, STP assigns to each bridge (or switch) port a specific role. The port role defines the behavior of the port from the STP point of view. Based on the port role, the port either sends or receives STP BPDUs and forwards or blocks the data traffic.
The different port roles are given below:
1. Designated: One designated port is elected per link (segment). The designated port is the port closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic towards the root bridge. In an STP converged network, each designated port is in the STP forwarding state. The switch with the lowest cost to reach the root, among all switches connected to a segment, becomes a DP (Designated Port) on that switch. If the cost is tied (that is two or more switches have the same cost), the switch with the lowest bridge ID will have the DP (the switch on which DP is elected is called Designated Switch or Designated Bridge). Bridge ID: Priority + MAC address
2. Root: A bridge can have only one root port. The root port is the port that leads to the root bridge. In an STP converged network, the root port is in the STP forwarding state. All bridges except the root bridge will have a root port.
3. Alternate: Alternate ports lead to the root bridge, but are not root ports. The alternate ports maintain the STP blocking state.
4. Backup: This is a special case when two or more ports of the same bridge (switch) are connected together, directly or through shared media. In this case, one port is designated, and the remaining ports block. The role for this port is backup.
PVST (Per VLAN Spanning Tree): implementation has one instance of STP running for each VLAN. Therefore, when there are 32 VLANs in the bridge network, there will be 32 instances of STP running. Also, each VLAN has a unique root, path cost etc. corresponding to that VLAN.
Rapid Spanning Tree Protocol (RSTP): is based on the IEEE standard 802.1w. The standard has evolved from its predecessor 802.1D. 802.1w has the advantage of faster convergence over 802.1D. RSTP defines port states according to what the port does with the incoming frames.
The allowed port states are as given below:
a. Discarding: The incoming frames are discarded. No MAC addresses are learned.
b. Learning: The incoming frames are dropped, but MAC addresses are learned.
c. Forwarding: The incoming frames are forwarded according to the learned MAC addresses.
Two switch features available with Cisco switches for preventing un-intentional BPDUs are:
a. bpdu guard: Here if any BPDU (superior or not) is received on a port configured with BPDU guard, the port is immediately put into errdisable state. The port is effectively shutdown and it must either be enabled manually or by use of a timeout function. By default, it is disabled on all ports. To enable BPDU guard use the command at interface configuration mode:
switch(config-if)# spanning-tree bpduguard enable
A port that is shutdown will continue to be in errdisable state even if the BPDUs are no longer received. It is recommended to use bpdu guard on all ports that have portfast enabled. The protection is useful for access layer nodes where the end user computers are expected to be connected.
b. root guard : When configured at the interface level, BPDU Guard shuts the port down as soon as the port receives a superior BPDU. By default, it is disabled on all switch ports. To enable root guard, use the command:
switch(config-if)#spanning-tree guard root
The command is used at port level, loop guard is disabled by default on all switch ports.
c. Unidirectional Link Detection (UDLD) - The UDLD protocol allows devices connected through media such as fiber-optic or twisted-pair Ethernet to monitor the physical configuration of the cables and detect when a unidirectional link exists. If a unidirectional link is detected, UDLD shuts down the affected port and send out an alert.
UDLD has two modes of operation.
1. Normal mode: Allows the port to operate even after detection of a uni-directional port. A syslog message is generated to alert the administrator.
2. Aggressive mode: Soon after a uni-directional port is detected, an attempt is made to verify the link. If the verification process fails, the link is immediately placed in errdisable state.
By default, UDLD is disabled on a switch. UDLD can be used either on interface basis or globally. To enable UDLD, use the following global configuration command:
Switch(config)#udld {aggressive | enable | message time <seconds>}
Use "aggressive" keyword to enable "aggressive" mode.
Message time <seconds> can be set to any value between 7 seconds and 90 seconds. This is the time period that the switch port echos messages to the neighboring port to find whether the link is operation or not
he following are true about bundling ports using EtherChannel:
1. The bundled ports must have identical Spanning Tree settings
2. The bundled ports must have the same speed, duplex, and Ethernet media.
3. The bundled ports must belong to the same VLAN if not used as VLAN trunk.
4. If the bundled ports represent a VLAN trunk, then they must have same native VLAN, and each port should have same set of VLANs in the trunk.
The STP ensures that timers are set on a switch, so that the bridging loops are avoided and the network is stable.
Default timer values are as below:
1.Hello time: 2 seconds
2. Maximum time (max age): 20 seconds
3. Forward delay (fwd delay): 15 seconds.
These default values are assigned based on the assumption that the switch diameter is 7. The diameter can have values from 2 to 7.