Implementing VLAN Trunks
Maintaining Specific VLAN Identification Specifically developed for multi-VLAN interswitch communications Places a unique identifier in each frame Functions at Layer 2
VLAN Trunking
Comparing ISL and 802.1Q ISL 802.1Q Proprietary Nonproprietary Encapsulated Tagged Protocol independent Protocol dependent Encapsulates the old frame in a new frame Adds a field to the frame header Note: The 1900 only supports ISL trunking. ISL is Cisco proprietary. 802.1Q is an IEEE standard. Other trunk types: LANE (VLANSs over ATM) 802.10 (FDDI trunk)
Trunking with ISL Is a Cisco proprietary protocol Supports PVST Uses an encapsulation process Does not modify the original frame
ISL Encapsulation Performed with ASIC Not intrusive to client stations; client does not see the header Effective between switches, and between routers and switches Note: The 1900 only supports ISL trunking. ISL is Cisco proprietary. 802.1Q is an IEEE standard. Other trunk types: LANE (VLANSs over ATM) 802.10 (FDDI trunk)
ISL Encapsulation
Trunking with 802.1Q An IEEE standard Adds a 4-byte tag to the original frame Additional tag includes a priority field Does not tag frames that belong to the native VLAN Supports Cisco IP telephony
The 802.1Q Tagging Process
802.1Q Native VLAN Native VLAN frames are carried over the trunk link untagged.
VLAN Ranges and Mappings Usage 0, 4095 Reserved For system use only 1 Normal Cisco default 2-1001 Normal For Ethernet VLANs Cisco defaults for FDDI and Token Ring 1002-1005 Normal 1025-4094 Extended For Ethernet VLANs only
Trunking Configuration Commands Trunks can be configured statically or via DTP. DTP provides the ability to negotiate the trunking method. Configuring a Trunk switchport trunk switchport mode switchport nonegotiate
Switch Ports and Trunk Ports Command Function switchport mode access Access port Sets the switch port to unconditionally be an access port switchport mode trunk Trunk port Sets the switch port to unconditionally become a trunk port switchport mode dynamic Dynamic port Sets the switch port to dynamically negotiate the status (access or trunk)
Switch Port DTP Modes Mode Function access Unconditionally sets a switch port to access mode, regardless of other DTP functions trunk Sets the switch port to unconditional trunking mode and negotiates to become a trunk link, regardless of neighbor interface mode nonegotiate Specifies that DTP negotiation packets are not sent on the Layer 2 interface dynamic desirable Sets the switch port to actively send and respond to DTP negotiation frames. Default for Ethernet dynamic auto Sets the switch port to respond but not to actively send DTP negotiation frames
Switchport Mode Interactions Dynamic Auto Dynamic Desirable Trunk Access Not recommended Note: Table assumes DTP is enabled at both ends. show dtp interface – to determine current setting
How to Configure Trunking Enter interface configuration mode. Shut down interface. Select the encapsulation (802.1Q or ISL). Configure the interface as a Layer 2 trunk. Specify the trunking native VLAN (for 802.1Q). Configure the allowable VLANs for this trunk. Use the no shutdown command on the interface to activate the trunking process. Verify the trunk configuration.
802.1Q Trunk Configuration Switch(config)#interface fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1,5,11,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk native vlan 99 Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown
Verifying the 802.1Q Configuration Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastEthernet 5/8 switchport Name: fa5/8 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 99 (trunk_only) Trunking VLANs Enabled: 1,5,11,1002-1005 Pruning VLANs Enabled: 2-1001 . . .
Verifying a 802.1Q Dynamic Trunk Link Switch#show running-config interface fastethernet 5/8 Building configuration... Current configuration: ! interface FastEthernet5/8 switchport mode dynamic desirable switchport trunk encapsulation dot1q Switch#show interfaces fastethernet 5/8 trunk Port Mode Encapsulation Status Native vlan Fa5/8 desirable 802.1q trunking 99 Port Vlans allowed on trunk Fa5/8 1,5,11,1002-1005 Port Vlans allowed and active in management domain Fa5/8 1,5,1002-1005 Port Vlans in spanning tree forwarding state and not pruned
ISL Trunk Configuration Switch(config)#interface fastethernet 2/1 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation isl Switch(config-if)#switchport trunk allowed vlan 1-5,1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown
Verifying ISL Trunking Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastethernet 2/1 trunk Port Mode Encapsulation Status Native VLAN Fa2/1 trunk isl trunking 99 Port VLANs allowed on trunk Fa2/1 1-5,1002-1005 Port VLANs allowed and active in management domain Fa2/1 1-2,1002-1005 Port VLANs in spanning tree forwarding state and not pruned
Problem: A Device Cannot Establish a Connection Across a Trunk Link Make sure: The Layer 2 interface mode configured on both ends of the link is valid. The trunk encapsulation type configured on both ends of the link is valid. The native VLAN is the same on both ends of the trunk (802.1Q trunks).
Summary Trunk links carry traffic from multiple VLANs. ISL is Cisco proprietary and encapsulates the Layer 2 frames. 802.1Q is an IEEE standard for trunking, which implements a 4-byte tag. The 802.1Q native VLANs forward frames without the tag. VLAN numbers have specific ranges and purposes. Various commands are used to configure and verify ISL and 802.1Q trunk links. Allow only required VLANs over the trunk.
Implementing VLAN Trunk Protocol © 2003, Cisco Systems, Inc. All rights reserved. BCMSN 2.0—2-24
Objectives Upon completing this lesson, you will be able to: Define VTP and explain where to use it on a switched network Describe how VTP versions 1 and 2 operate including domains, modes, advertisements, and pruning Configure VTP domains in server, client, and transparent modes Verify the VTP configuration Troubleshoot the VTP configuration
VTP Protocol Features Advertises VLAN configuration information Maintains VLAN configuration consistency throughout a common administrative domain Sends advertisements on trunk ports only Notes: VTP is a Cisco proprietary feature. VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations. A VTP domain (also called a VLAN management domain) is one switch or several interconnected switches sharing the same VTP domain. A switch is configured to be in only one VTP domain. You make global VLAN configuration changes for the domain by using the Cisco IOS command-line interface (CLI), Cisco Visual Switch Manager Software, or Simple Network Management Protocol (SNMP). By default, a 1900 switch is in the no-management-domain state until it receives an advertisement for a domain over a trunk link or you configure a management domain. The default VTP mode is server mode, but VLANs are not propagated over the network until a management domain name is specified or learned. If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and configuration revision number. The switch then ignores advertisements with a different management domain name or an earlier configuration revision number. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP advertisements are transmitted out all trunk connections, including Inter-Switch Link (ISL), IEEE 802.1Q, IEEE 802.10, and ATM LAN Emulation (LANE). If you configure a switch from VTP transparent mode, you can create and modify VLANs, but the changes are not transmitted to other switches in the domain, and they affect only the individual switch.
VTP Modes Creates, modifies, and deletes VLANs Sends and forwards advertisements Synchronizes VLAN configurations Saves configuration in NVRAM Cannot create, change, or delete VLANs Forwards advertisements Synchronizes VLAN configurations Does not save in NVRAM Creates, modifies, and deletes VLANs locally only Forwards advertisements Does not synchronize VLAN configurations Saves configuration in NVRAM Emphasize: Default VTP mode on the Catalyst switches is server. Be careful when adding new switches into an existing network. This is covered in more detail later.
VTP Operation VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change. Layer 2 of 2 Emphasize: The latest revision number is what the switches will synchronize to.
VTP Pruning Increases available bandwidth by reducing unnecessary flooded traffic Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN. Emphasize: VTP prunning provides optimized flooding. Without VTP prunning, station A’s broadcast will be flooded to all switches whether they have any port in the red VLAN or not. Note: VLAN1 can’t be prunned. STP, CDP, VTP updates are sent on VLAN1. All switches in the switched network must support prunning or prunning will be disabled. Each trunk port maintains a state variable per VLAN indicating if the switch has any port assigned to a particular VLAN or not.
All switches in a management domain must run the same version. VTP Versions All switches in a management domain must run the same version.
VTP Configuration Guidelines Configure the following: VTP domain name VTP mode (server mode is the default) VTP pruning VTP password VTP trap Use caution when adding a new switch into an existing domain. Add a new switch in client mode to prevent the new switch from propagating incorrect VLAN information. Notes: All switches in a VTP domain must run the same VTP version. The password entered with a domain name should be the same for all switches in the domain. If you configure a VTP password, the management domain will not function properly if you do not assign the management domain password to each switch in the domain. A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version 1, provided version 2 is disabled on the version 2-capable switch (version 2 is disabled by default). Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are version 2-capable. When you enable version 2 on a switch, all of the version 2-capable switches in the domain must have version 2 enabled. If there is a version 1-only switch, it will not exchange VTP information with switches with version 2 enabled. If there are Token Ring networks in your environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly. Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain. In the lab, all the switches are set to VTP transparent mode.
Configuring a VTP Server Switch(config)#vtp server Configures VTP server mode Switch(config)#vtp domain domain-name Specifies a domain name Switch(config)#vtp password password Sets a VTP password Layer 2 of 2 Note: The two commands shown in the slide can also be combined into one command: vtp domain switchlab transparent Switch(config)#vtp pruning Enables VTP pruning in the domain
Configuring a VTP Server (Cont.) Switch#configure terminal Switch(config)#vtp server Setting device to VTP SERVER mode. Switch(config)#vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)#end
Verifying the VTP Configuration Switch#show vtp status Switch#show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49 Switch#
Verifying the VTP Configuration (Cont.) Switch#show vtp counters Switch#show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 5
Problem: VTP Not Updating Configuration on Other Switches Make sure switches are connected through trunk links. Make sure the VTP domain name is the same on the appropriate switches. Check that the switch is not in VTP transparent mode. Verify the same password used on all switches in the VTP domain.
Summary VTP is used to distribute and synchronize information about VLANs configured throughout a switched network. If you use VTP in your network, you must decide whether to use VTP version 1 or version 2. Verify the supervisor support for VTP before making your decision. When a network device is in VTP server mode, you can change the VLAN configuration and have it propagate throughout the network. Use show commands to verify the VTP configuration. Problems with VTP configuration can frequently be traced to improperly configured trunk links, domain names, VTP modes, or passwords.
Propagating VLAN Configurations with VTP
The VTP Domain Group of switches that exchange VLAN information VLANs administered centrally at a chosen switch
The VTP Protocol Advertises VLAN configuration information Maintains VLAN configuration consistency throughout a common administrative domain Sends advertisements on trunk ports only
VTP Modes Server (default mode) Client Transparent Creates, modifies, and deletes VLANs Sends and forwards advertisements Synchronizes VLAN configurations Saves configuration in NVRAM Client Cannot create, change, or delete VLANs Forwards advertisements Synchronizes VLAN configurations Does not save in NVRAM Transparent Creates, modifies, and deletes local VLANs Forwards advertisements Does not synchronize VLAN configurations Saves configuration in NVRAM
VTP Pruning Uses bandwidth more efficiently by reducing unnecessary flooded traffic Example: Station A sends broadcast; broadcast flooded only toward any switch with ports assigned to the red VLAN Emphasize: VTP prunning provides optimized flooding. Without VTP prunning, station A’s broadcast will be flooded to all switches whether they have any port in the red VLAN or not. Note: VLAN1 can’t be prunned. STP, CDP, VTP updates are sent on VLAN1. All switches in the switched network must support prunning or prunning will be disabled. Each trunk port maintains a state variable per VLAN indicating if the switch has any port assigned to a particular VLAN or not. Pruning Disabled Pruning Enabled
VTP Operation VTP advertisements are sent as multicast frames. VTP servers and clients are synchronized to the latest revision number. VTP advertisements are sent every 5 minutes or when there is a change.
VTP Configuration Commands Configuring VTP vtp domain vtp mode vtp password Verifying VTP show vtp status show vtp counters
Configuring a VTP Management Domain Configure each switch in the following order to avoid dynamic learning of the domain name: VTP password VTP domain name (case sensitive) VTP mode (server mode is the default)
Configuring and Verifying VTP Switch#show vlan brief Displays a list of current VLANs Sets the VTP password Switch(config)#vtp password password_string Switch(config)#vtp domain domain_name Sets the VTP domain name Switch(config)#vtp mode Sets the VTP mode to server, client, or transparent Switch# show vtp status Displays the current settings for VTP
Verifying the VTP Configuration Switch#show vtp status Switch#show vtp status VTP Version : 2 Configuration Revision : 28 Maximum VLANs supported locally : 1005 Number of existing VLANs : 17 VTP Operating Mode : Client VTP Domain Name : BCMSN VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 10.1.1.1 at 8-12-05 15:04:49 Switch#
Verifying the VTP Configuration (Cont.) Switch#show vtp counters Switch#show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisements received : 0 Summary advertisements transmitted : 997 Subset advertisements transmitted : 13 Request advertisements transmitted : 3 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 5
Adding a Switch to an Existing VTP Domain Ensure a new switch has VTP revision 0 before adding it to a network.
Summary Switches in a VTP domain share VLAN information. VTP advertises VLAN information. VTP operates in one of three modes: server, client, or transparent. VTP Pruning uses available bandwidth more efficiently. VTP uses a specific process to distribute and synchronize VLAN information between switches. Various commands are used to configure and verify VTP operation on a switch. VTP commands should be applied in a particular order. Specific steps should be followed when adding a new switch to an existing VTP domain.
Correcting Common VLAN Configuration Errors
Issues with 802.1Q Native VLAN Native VLAN frames are carried over the trunk link untagged. A native VLAN mismatch will merge traffic between VLANs.
802.1Q Native VLAN Considerations Native VLAN must match at ends of trunk; otherwise, frames will “leak” from one VLAN to another. By default, the native VLAN will be VLAN1. Avoid using VLAN1 for management purposes. Eliminate native VLANs from 802.1Q trunks by making the native VLAN an “unused” VLAN.
Explaining Trunk Link Problems Trunks can be configured statically or autonegotiated with DTP. For trunking to be autonegotiated, the switches must be in the same VTP domain. Some trunk configuration combinations will successfully configure a trunk, some will not. Will any of the above combinations result in an operational trunk?
Resolving Trunk Link Problems When using DTP, ensure that both ends of the link are in the same VTP domain. Ensure that the trunk encapsulation type configured on both ends of the link is valid. On links where trunking is not required, DTP should be turned off. Best practice is to configure trunk and nonegotiate where trunks are required.
Common Problems with VTP Configuration Updates not received as expected VTP domain and password must match. Missing VLANs Configuration has been overwritten by another VTP device. Too many VLANs Consider making VTP domain smaller.
Example of New Switch Overwriting an Existing VTP Domain New switch not connected VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 6 VTP Operating Mode : Server VTP Domain Name : building1
Example of New Switch Overwriting an Existing VTP Domain (Cont.) New switch connected VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Client VTP Domain Name : building1 VTP Version : 2 Configuration Revision : 2 Maximum VLANs supported locally : 1005 Number of existing VLANs : 7 VTP Operating Mode : Server VTP Domain Name : building1
Implementing VTP in the ECNM Plan VTP domain boundaries. Have only one or two VTP servers. Configure a VTP password. Manually configure the VTP domain name on all devices. When setting up a new domain: Configure VTP client switches first so that they participate passively. When cleaning up an existing VTP domain: Configure passwords on servers first because clients may need to maintain current VLAN information until the server is verified as complete.
Summary 802.1Q native VLAN can cause security issues. Configure the native VLAN to be an “unused” VLAN. Some trunk link configuration combinations can result in problems on the link. Best practice is to configure trunks statically rather than with DTP. Misconfiguration of VTP can give unexpected results. Make only one or two VTP servers; keep the remainder as clients.
Implementing Spanning Tree Protocol
Transparent Bridging A switch has the same characteristics as a transparent bridge.
Redundant Topology Server/host X Router Y Segment 1 Segment 2 Slide 1 of 1 Purpose: Emphasize: Layer 2 has no mechanism (like a TTL) to stop loops. Redundant topology eliminates single points of failure Redundant topology causes broadcast storms, multiple frame copies, and MAC address table instability problems
Host X sends a Broadcast Broadcast Storms Server/host X Router Y Segment 1 Broadcast Switch A Switch B Slide 1 of 3 Purpose: Emphasize: Broadcast frames are flooded. Segment 2 Host X sends a Broadcast
Host X sends a Broadcast Broadcast Storms Server/host X Router Y Segment 1 Broadcast Switch A Switch B Slide 2 of 3 Purpose: Emphasize: Segment 2 Host X sends a Broadcast
Broadcast Storms Server/host X Router Y Segment 1 Switch A Broadcast Switch B Slide 3 of 3 Purpose: Emphasize: Layer 2 has no TTL mechanism to stop looping frames. Segment 2 Switches continue to propagate broadcast traffic over and over
Multiple Frame Copies Host X sends an unicast frame to router Y Server/host X Router Y Segment 1 Switch A Switch B Slide 1 of 2 Purpose: Emphasize: This slide assumes Router Y Mac address has not been learned by Switch A and Switch B yet so the unknown unicast frame to Router Y will be flooded. Segment 2 Host X sends an unicast frame to router Y Router Y MAC address has not been learned by either switch yet
Multiple Frame Copies Host X sends an unicast frame to Router Y Server/host X Router Y Segment 1 Unicast Unicast Switch B Switch A Slide 2 of 2 Purpose: Emphasize: Segment 2 Host X sends an unicast frame to Router Y Router Y MAC Address has not been learned by either Switch yet Router Y will receive two copies of the same frame
MAC Database Instability Server/host X Router Y Segment 1 Unicast Unicast Port 0 Port 0 Switch A Switch B Port 1 Port 1 Slide 1 of 2 Purpose: Emphasize: This slide assumes Router Y Mac address has not been learned by Switch A and Switch B yet so the unknown unicast frame to Router Y will be flooded. Segment 2 Host X sends an unicast frame to Router Y Router Y MAC Address has not been learned by either Switch yet Switch A and B learn Host X MAC address on port 0
MAC Database Instability Server/host X Router Y Segment 1 Unicast Unicast Port 0 Port 0 Switch A Switch B Port 1 Port 1 Slide 2 of 2 Purpose: Emphasize: Segment 2 Host X sends an unicast frame to Router Y Router Y MAC Address has not been learned by either Switch yet Switch A and B learn Host X MAC address on port 0 Frame to Router Y is flooded Switch A and B incorrectly learn Host X MAC address on port 1
Preventing Bridging Loops Bridging loops can be prevented by disabling the redundant path.
Spanning Tree Algorithm (STA) Part of 802.1d standard Simple principle: Build a loop-free tree from some identified point known as the root. Redundant paths allowed, but only one active path. Developed by Radia Perlman
The Spanning Tree Algorhyme by Radia Perlman I think that I shall never see A graph more lovely than a tree. A tree whose crucial property Is loop-free connectivity. A tree that must be sure to span. So packets can reach every LAN. First , the root must be selected. By ID, it is elected. Least cost paths from root are traced. In the tree, these paths are placed. A mesh is made by folks like me, Then bridges find a spanning tree.
Bridge Protocol Data Unit BPDUs provide for the exchange of information between switches.
Root Bridge Selection
The STP Root Bridge Reference point One root per VLAN Maintains topology Propagates timers
Extended System ID in Bridge ID Field Bridge ID Without the Extended System ID Bridge ID with the Extended System ID
802.1D 16-bit Bridge Priority Field Using the Extended System ID Only four high-order bits of the 16-bit Bridge Priority field carry actual priority. Therefore, priority can be incremented only in steps of 4096, onto which will be added the VLAN number. Example: For VLAN 11: If the priority is left at default, the 16-bit Priority field will hold 32768 + 11 = 32779. 4 bits 12 bits Priority VLAN Number 20 215 Priority Values (Hex) Priority Values (Dec) 0 0 1 4096 2 8192 . . . . 8 (default) 32768 . . F 61440
Configuring the Root Bridge Switch(config)#spanning-tree vlan 1 root primary This command forces this switch to be the root. Switch(config)#spanning-tree vlan 1 root secondary This command configures this switch to be the secondary root. Or Switch(config)#spanning-tree vlan 1 priority priority This command statically configures the priority (in increments of 4096).
Spanning Tree Protocol Root Bridge Selection Which switch has the lowest bridge ID?
Spanning-Tree Operation One root bridge per network One root port per nonroot bridge One designated port per segment Nondesignated ports are blocked
Four-Step Spanning-Tree Decision Process Lowest root BID Lowest path cost to root bridge Lowest sender BID Lowest port ID
Spanning Tree Port States Spanning tree transitions each port through several different states.
Local Switch Root Port Election
Spanning-Tree Path Cost
Spanning Tree Protocol Root Port Selection Fast Ethernet RP Ethernet SW X is the root bridge SW Y needs to elect a root port Which port is the root port on SW Y? FastEthernet total cost = 0 + 19 Ethernet total cost = 0 + 100
Spanning Tree Protocol Designated Port Selection Fast Ethernet RP DP DP Ethernet Switch X is the root bridge. All ports on the root bridge are designated ports. Do all segments have a designated port?
STP Root Bridge Selection Example Which bridge will be the root bridge?
STP Root Port Selection Example Which ports will be root ports?
STP Designated Port Selection Example Which port becomes the designated port on segment 3?
Example: Layer 2 Topology Negotiation
Spanning Tree Protocol The Spanning Tree Protocol (IEEE 802.1d) specifies an algorithm to be used to maintain a loop-free spanning tree of links between bridges. ID=20 ID=40 ID=10 ID=75 ID=80 The spanning tree algorithm finds a spanning tree starting from a root node. To begin, each bridge must have a unique numeric ID. Typically this is the MAC address plus a priority.
Spanning Tree Algorithm Each node maintains three pieces of information for each port: R = ID of current root node d = distance from root node N = closest upstream node (closer to root node) Denote this as (R, d, N): (Root-ID, dist, NextNode) 20 (20,0,-) (40,0,-) (40,0,-) 40 10 (10,0,-) (40,0,-) (10,0,-) (75,0,-) (75,0,-) (80,0,-) 75 80 (80,0,-) Initially each node designates itself as the root node!
Spanning Tree Algorithm Nodes send out spanning tree updates on each port. For example, node 40 would send out the updates shown at right. 20 (40,0,40) 40 10 (40,0,40) (40,0,40) 75 80
Spanning Tree Algorithm Other nodes would also send configuration updates. The figure at right shows the updates sent by nodes 10 and 75. 20 40 10 (10,0,10) (10,0,10) (75,0,75) 75 80 (75,0,75)
Spanning Tree Algorithm When a node receives an updates from another node, it updates its own port information if: update identifies a root node with a smaller ID update identifies a root node with same ID but smaller distance root node and distance are same, but sending node has a smaller ID 20 (20,0,-) (20,1,20) (10,1,10) 40 10 (10,0,-) (40,0,-) (10,0,-) (40,1,40) (10,1,10) (75,0,-) 75 80 (75,1,75) During the first iteration, the links would update their link information like this.
Spanning Tree Algorithm After a node receives configuration updates, it selects the best configuration and discards the others. 20 (20,0,-) (20,1,20) (10,1,10) 40 10 (10,0,-) (40,0,-) (10,0,-) (40,1,40) (10,1,10) (75,0,-) 75 80 (75,1,75)
Spanning Tree Algorithm When a node receives a configuration message which contains a smaller root ID, then it knows that it is not the root node. So, it stops generating its own configuration messages and only forwards received messages (with distance incremented and upstream node modified). 20 (20,0,-) (10,1,10) 40 10 (10,0,-) (10,0,-) (40,1,40) (10,1,10) 75 80 After 1 iteration, nodes 40, 75, and 80 know that they are not the root node. Node 20 still thinks it is the root.
Spanning Tree Algorithm On the next iteration, nodes that realize they are not the root forward root updates to other nodes. 20 (10,1,40) (10,1,10) 40 10 (10,0,-) (10,0,-) (10,1,40) (10,1,80) (10,1,10) 75 80 (40,1,75) Nodes 40 and 80 forward root updates. Node 75 also forwards an update to node 80, but node 80 discards it.
Spanning Tree When the updates stabilize, only the root node is generating configuration messages. Other nodes are forwarding messages only over links which are part of the spanning tree -- called a designated bridge. Links not on the spanning tree are not used to forward frames; such links are said to be blocked. 20 (10,2,40) (10,1,10) 40 10 (10,0,-) (10,0,-) (10,2,40) (10,1,10) 75 80 blocked link: not used When algorithm stabilizes, the active links form a spanning tree.
Spanning Tree Properties 20 1. In a connected network, a loop-free spanning tree always exists. 2. The spanning tree algorithm will always stabilize on a loop-free tree after at most (#nodes) iterations. 3. The spanning tree may not be the most efficient path. 4. Spanning tree cannot route around a congested link. 40 10 75 80 The spanning tree may not be the most efficient path between nodes.
Example
Example
Exercise
Exercise
Exercise
Enhancements to STP PortFast Per VLAN Spanning Tree+ (PVST+) Rapid Spanning Tree Protocol (RSTP) Multiple Spanning Tree Protocol (MSTP) MSTP is also known as Multi-Instance Spanning Tree Protocol (MISTP) on Cisco Catalyst 6500 switches and above Per VLAN Rapid Spanning Tree (PVRST)
Describing PortFast
Configuring PortFast Configuring Verifying spanning-tree portfast (interface command) or spanning-tree portfast default (global command) enables PortFast on all nontrunking ports Verifying show running-config interface fastethernet 1/1
IEEE Documents IEEE 802.1D - Media Access Control (MAC) bridges IEEE 802.1Q - Virtual Bridged Local Area Networks IEEE 802.1w - Rapid Reconfiguration (Supp. to 802.1D) IEEE 802.1s - Multiple Spanning Tree (Supp. to 802.1Q) IEEE 802.1t - Local and Metropolitan Area Network: Common Specifications
Summary Transparent bridges require no client configuration. A bridge loop may occur when there are redundant paths between switches. A loop free network eliminates redundant paths between switches. The 802.1D protocol establishes a loop-free network. The root bridge is a reference point for STP. Each STP port will host a specific port role. Enhancements now enable STP to converge more quickly and run more efficiently.