You are on page 1of 12


1) Cisco propriteray
2) 1 Active & 1 standby router & 1 or more listening routers
3) use virtual ip add as gateway
4) hello 3 sec & holddown timer 10 sec
5) we can enable preempt manually (standby 1 preempt)
6) multicast at: (ver1), multicast at: (ver2). Both
versions use udp port 1985
7) HSRP is manufactured by cisco for cisco in has hello timer of 3
sec and dead timer of 10 sec.the other version of HSRP is GLBP which is

1) open standard (ietf)
2) 1 master & 1 or more backup routers
3) real ip address can be used (highest ip address of interface)
4) 1 sec & hold-down timer 3 sec
5) By default preempt is enabled
6) multicast at: IP 112
7) VRRP is manufactured by IETF for open vendors in has hello
timer of 1 sec and dead timer of 3 allows you to assign individual
virtual ip on each interface of a routers,incase you limited ip

STP as we know it, keeps the network loop free but at what cost? The
exact cost to you and I is 50 seconds! That is a long, long time in
networking terms. For almost a minute data cannot flow across the
network. In most cases this is a critical issue, especially for important
network services.
To deal with this issue (before the industry standard was ratified) Cisco
added the following features to STP implementation on its switches:
PortFast, BPDUGuard and BPDUFilter
If you have a laptop or a server connected to a switchport then you know

It will not need to listen to BPDUs because it is not a layer 2 device

It will not create loops because it has a single link to the layer 2
Therefore, you can safely disable Spanning Tree on such ports. It is very
important to ensure that such ports never have a STP enabled layer 2
device connected on them (Think port security!) or else a loop or a
breakdown of the network is quite possible. You will even get a warning
message on certain switches stating this when you enable portfast on a
When you configure a switchport as portfast, STP will be disabled on that
port and it will transition to forwarding state when it comes up and will
never be blocked.
The command to configure portfast is spanning-tree portfast:

SwitchA(config)#int fastEthernet0/44
SwitchA(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/44 but will only
have effect when the interface is in a non-trunking mode.
As we learned, Portfast disables STP on a switchport but an important fact
is that a Portfast switchport will keep listening for BDPUs. If someone adds
a switch to a port which has been configured as Portfast, the
consequences will be unpredictable and is some cases disasterous.
To guard against this situation, Cisco provides the BPDUGuard and
BPDUFilter features.
If a switch is plugged into a switchport configured as Portfast, it could
change the STP topology without the administrator knowing and could
even bring down the network. To prevent this, BPDUGuard can be
configured on the switchport. With this configured, if a BPDU is received
on a switchport, it will be put into an error disabled mode and an
administrator will have to bring the port up. This can be configured on the
port using the spanning-tree bpduguard enable command.
When BPDUFilter is configured on a switchport which has been configured
as Portfast, it will cause the port to lose the Portfast status if a BPDU is
received on it. This will force the port to participate in STP convergence.
This is unlike the behavior seen with BPDUGuard where the port is put into
an error disabled mode. BPDUFilter can be enabled on the switchport
using the spanning-tree bpdufilter enable command.

To understand how UplinkFast helps speed up the convergence, consider

the network shown in Figure 6-10. SwitchA is the Root Bridge in the
Figure 6-10 UplinkFast

Now consider the following output from SwitchB

SwitchB#show spanning-tree vlan 5
Spanning tree enabled protocol ieee
Root ID







14 (FastEthernet0/14)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority

32773 (priority 32768 sys-id-ext 5)


Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Role Sts Cost

Prio.Nbr Type

- -

Root FWD 19


Altn BLK 19



SwitchB#show spanning-tree uplinkfast

UplinkFast is disabled
We will use the following debug commands on the switch. is on
These debugs will show us STP events and uplink fast messages. Now lets
shut down port fa0/14 on SwitchB which is currently the root port as per
output given above. Note the time taken for fa0/15 to transition to

forwarding state is 30 seconds. This is faster than the expected 50

seconds because listening and learning time were short in this P2P link
between switches and no other hosts/switches are connected here.
Lets enable UplinkFast on SwitchB and repeat the process:
SwitchB(config)#spanning-tree uplinkfast
SwitchB#show spanning-tree vlan 5
output truncated
Uplinkfast enabled

Role Sts Cost

Prio.Nbr Type

- -

Root FWD 3019

128.14 P2p
Altn BLK 3019
128.15 P2p

SwitchB(config)#int fa0/14
*Mar 2 22:28:23.300: STP: VLAN0005 new root port Fa0/15, cost 3019
*Mar 2 22:28:23.300: STP FAST: UPLINKFAST: make_forwarding on
VLAN0005 FastEthernet0/15 root port id new: 128.15 prev: 128.14
*Mar 2 22:28:23.300: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0005
FastEthernet0/15 moved to Forwarding (UplinkFast).
*Mar 2 22:28:23.300: STP: UFAST: removing prev root port Fa0/14
VLAN0005 port-id 800E
*Mar 2 22:28:25.216: %LINK-5-CHANGED: Interface FastEthernet0/14,
changed state to administratively down
*Mar 2 22:28:25.300: STP: VLAN0005 sent Topology Change Notice on
*Mar 2 22:28:26.216: %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet0/14, changed state to down
SwitchB(config-if)#do show spanning-tree vlan 5

output truncated
Uplinkfast enabled

Role Sts Cost

Prio.Nbr Type

- -

Root FWD 3019

128.15 P2p

Note the time taken for fa0/15 to transition to forwarding is less than a
second! From 30 seconds downtime to less than a second with UplinkFast
enabled. Now that you have seen the difference it makes, let us define
what exactly it does.
If a switch has multiple links towards the root bridge, then UplinkFast
marks the redundant link as an Alternate Port and brings it up quickly in
case the Root Port fails. This is possible because blocked ports keep
listening for BDPUs.
Cisco recommends caution when using UplinkFast. You should enable it
only on switches that have blocked ports.

UplinkFast works by finding alternate ports for directly connected links.
Similarly BackboneFast works on finding an alternate path when an
indirect link to the root port goes down. To understand how BackboneFast
works, consider the network shown in Figure 6-11. SwitchA is the Root
Bridge here and Fa0/20 on SwitchD in the root port.
If SwitchC looses connection to SwitchA, it will advertise itself as the root
bridge to SwitchD. SwitchD will compare previous known information with
the new information and will learn that SwitchC has lost connection with
SwitchA. Since the new BPDU states that a designated switch (SwitchC) is
now the root bridge, this BDPU is known as inferior BDPU.
Eventually SwitchD will receive a BDPU from SwitchB stating the SwitchA
is still the Root Bridge and SwitchD will now mark fa0/17 as the root port
instead of fa0/20. This is because the information from SwitchB matches

the exisiting information on SwitchD. BackboneFast ensure a quick failover

as soon as the inferior BPDU is received. It saves roughly 20 seconds out
of the 50 seconds of convergence time.
The spanning-tree backbonefast command can be used in the global
configuration mode to enable BackBoneFast as shown below:
Figure 6-11 BackboneFast

Collision domain
A collision domain is, as the name implies, a part of a network where
packet collisions can occur. A collision occurs when two devices send a
packet at the same time on the shared network segment. The packets
collide and both devices must send the packets again, which reduces
network efficiency. Collisions are often in a hub environment, because
each port on a hub is in the same collision domain. By contrast, each port
on a bridge, a switch or a router is in a separate collision domain.
The following example illustrates collision domains.

As you can see, we have 6 collision domains.

TIP remember, each port on a hub is in the same collision domain. Each
port on a bridge, a switch or router is in a seperate collision domain.
Broadcast domain
A broadcast domain is a domain in which a broadcast is forwarded. A
broadcast domain contains all devices that can reach each other at the
data link layer (OSI layer 2) by using broadcast. All ports on a hub or a
switch are by default in the same broadcast domain. All ports on a router
are in the different broadcast domains and routers don't forward
broadcasts from one broadcast domain to another.
The following example clarifies the concept.

In the picture above we have three broadcast domains, since all ports on a

hub or a switch are in the same broadcast domain, and all ports on a
router are in a different broadcast domain.

Collision Domain
A term collision is described as an event that usually happens on an
Ethernet network when we use a "Shared Media" to connect the devices in
an Ethenrnet network. A "Shared Media" is a type of connecting media
which is used to connect different network devices, where every device
share the same media. Example: 1) Ethernet Hubs, 2) Bus Topology
In a "Shared Media" there are no separate channels for sending and
recieving the data signals, but only one channel to send and recieve the
data signals.
We call the media as shared media when the devices are connected
together using Bus topology, or by using anEthernet Hub. Both are halfduplex, means that the devices can Send OR Recieve data signals at same
time. Sending and recieving data signals at same time is not supported.
Collisions will happen in an Ethernet Network when two devices
simultaneously try to send data on the Shared Media, since Shared Media
is half-duplex and sending and recieving is not supported at same time.
Please refer CSMA/CD to learn how Ethernet avoid Collision.
Collisions are a normal part of life in an Ethernet network when Ethernet
operates in Half-duplex and under most circumstances should not be
considered as a problem.
A Collision Domain is any network segment in which collisions can happen
(usually in Ethernet networks). In other words, a Collision Domain consists
of all the devices connected using a Shared Media (Bus Topolgy or
using Ethernet Hubs) where a Collision can happen between any device at
any time.

For Example, if "Computer A" send a data signal to "Computer X" and
"Computer B" send a data signal to "Computer Y", at same instance, a
Collision will happen.
As the number of devices in a collision domain increases, chances of
collisions are also more. If there is more traffic in a collision domain, the
chances of collisions are also more. More collisions will normally happen
with a large number of network devices in a Collision domain.
Increased collisions will result in low quality network where hosts spending
more and more time for packet retransmission and packet processing.
Usually switches are used to segment (divide) a big Collision domain to
many small collision domains. Each port of an Ethernet Switch is operating
in a separate Collision domain.
In other words, Collision cannot happen between two devices which are
connected to different ports of a Switch.
No need to worry much about collision and related network problems now
because we are not using Network Hubs to connect our devices. Ethernet
Network Hubs are replaced with Ethernet Network Switches long way

Broadcast Domain
Broadcast is a type of communication, where the sending device send a
single copy of data and that copy of data will be delivered to every device
in the network segment. Brodcast is a required type of communication
(Example: ARP and DHCP) and applications are dependent on Broadcast to
A Broadcast Domain consists of all the devices that will receive any
broadcast packet originating from any device within the network segment.

In above picture, "Computer A" is sending a broadcast and switch will

forward it to every ports and all the switchs will get a copy of broadcast
packet. Every switch will flood the broadcast packet to all the ports.
Router also will get a copy of broadcast packet, but the Router will not
forward the packet to the next network segment.
As the number of devices in the Broadcast Domain increases, number of
Broadcasts also increases and the quality of the network will come down
because of the following reasons.
1) Decrease in available Bandwidth: Large number of Broadcasts will
reduce the available bandwidth of network links for normal traffic because
the broadcast traffic is forwarded to all the ports in a switch.

2) Decrease in processing power of computers: Since the computers

need to process all the broadcast packets it recieve, a portion of the
computer CPU power is spent on processing the broadcast packets.
Normally a Broadcast packet is relevent to a particular computer and for
example,DHCPDISCOVER message is relevent only for a DHCP Server. For
other computers DHCPDISCOVER is irrelevant and they will drop the
packet after processing). This will reduce the processing power of
computers in a Broadcast domain.
By design, Routers will not allow broadcasts from one of its connected
network segment to cross the router and reach another network segment.
The primary function of a Router is to segment (divide) a big broadcast
domain in to multiple smaller broadcast domains.