Friday, July 31, 2009

STP (It's a big one)

I know what your thinking....gee, more spanning tree. But I guess it is a pretty big switching topic, and a huge part of this exam. So we need to drill into as much detail as possible. Here are the states that spanning tree goes through:
  1. Disabled
  2. Blocking - no forwarding, no receiving, no mac address learning, just BPDU acceptance
  3. Listening - listens for BPDU's, sends BPDU's - no mac updates or frame work done yet
  4. Learning - learns mac address, not forwarding frames
  5. Forwarding - Forwards/receives frames, bpdu's, and updates mac table
Timers...oh timers within STP. Dont change them all willy-nilly. Change them on the root bridge, and it will update non-roots via bpdu's of the change.
Hello times, orginates configuration bpdu's; default is 2 seconds
Forward delay is the length of learning/listening stages; default is 15 seconds
Max age is the aging time of superior switches bpdu's; default is 20 seconds

Commands that I saw:
(config)spanning-tree vlan [id] hello-time [seconds]
(config)spanning-tree vlan [id] max-age [seconds]
(config)spanning-tree vlan [id] forward-time [seconds]
(config)spanning-tree vlan [id] root [primary, secondary]
show interface [type] [number] switchport
interface - spanning-tree vlan [id - id] port-priority [number] - on root bridge
(config)spanning-tree uplinkfast (priority becomes 49152, cost is updated by +3000)
show spanning-tree [uplinkfast, backbonefast]
(config)spanning-tree backbonefast (cuts convergence time to 30 seconds by eliminating max-age-time)
(interface) spanning-tree guard root (root-guard; ignores superior bpdu's by going int root-inconsistent state)
show spanning-tree inconsistent-ports (to show ports blocking superior bpdu's)

(24576) when greater than (- 4096) when less than - root id for bridge
24596 priority secondary bridge
Topology change notification bpdu's are generated when a port goes into forwarding mode...or from forwarding/learning to blocking mode...

portfast of course allows a switch to go directly from blocking to forwarding mode. It is suitable for ports where 1 host is connected.
(interface) - spanning-tree portfast ***ports with 1 host connected***
(config)spanning portfast default (enables portfast on ALL interfaces)

uplinkfast - reduces stp "convergence" time from 50 seconds to around 1-3 seconds on trunk lines between switches. It is enabled globally, and for all vlans. Should be done between access and distribution layer switches; not between distro and core layers.

Backbonefast should be enabled on ALL switches in the network. This is so all switches can respond to RLQ's, or root link queries.

BPDU guard actually shuts down a port in an err-disabled state if a bpdu comes in on that particular ports.
(config)spanning-tree portfast bpduguard default (sets it on ALL ports running portfast)
(interface)spanning-tree bpduguard [enable/disable]

BPDU filtering stops the port from going into an err-disabled state when it receives a bpdu. Enabled globally a port running portfast will STOP running portfast if a BPDU is received. Enabled at the interface level the bpdu's will simply be ignored and dropped.
(config)spanning-tree portfast bpdufilter default
(interface)spanning-tree bpdufilter [enable/disable]
show spanning-tree summary totals (pretty good to see what you have running or enabled)
show spanning-tree interface [type num] detail

No comments:

Post a Comment