Webinar On STP CCNP Enterprise 30-10-2020

Welcome to Webinar on
STP and RSTP
30-10-2020-5PM
1
Prepared by: Jagdish Rathod Mail: jagdishrj01@gmail.com Mo: 7259459745/8779606604
Trainer Profile
Work Experience : (5 Years of Experience in MNC as a Network Engineer)
Trained More than 25000 people CCNA,CCNP(R&S) and CCNA,CCNP(SP), CCNA,CCNP (Enterprise), Security, Palo Alto, Checkpoint, AWS,
Python
Recently worked with Dimension Data Indian Pvt Ltd

• Deployed many projects in Deutsche Bank.
• Working as a Both Implementation and Trouble Shooting Engineer.
Certificate Examinations
• CCIE (Written - Certified) (R&S)
• CCNP Certified (Cisco Certified Network Professional) (Cisco ID- CSCO12744986) (R & S)
• CCNA Certified (Cisco Certified Network Associate) (Cisco ID- CSCO12744986) (R & S)
• CCNA (SP) Training completed
• CCNP (SP) Training Completed
• CCNA (Enterprise) training completed
• CCNP (Enterprise) training completed
• CCNA (Security) Training Completed
• CCNP (Security) Training completed
• Amazon AWS (Training Completed)
• Python core, advance and Automation training completed
• Palo Alto Training Completed
• Check point Training Completed 2
STP & RSTP
3
Webinar Objectives
• Enterprise Network Design

• VLAN Introduction
• Trunking with 802.1Q
• VTP
• STP
4
Bridging loops
• Redundant link between switches provides redundancy.

• Also possibility to create loops when switches do broadcasts.
1. Broadcast storms
2. Mac-table instability
3. Multiple frame transmissions
5
Bridging loops (solution)
► Only one link between switches ( no redundancy)

► Shutdown extra link temporarily
° Manually ( shutdown command)
° Automatically block extra links ( done by STP)
6
STP
► STP stop the loops which occurs when you have multiple links between switches
► STP stops Broadcast Storms, Multiple Frame Copies & Database instability.
► STP is a open standard (IEEE 802.1D)
► STP is enabled by default on all Cisco Catalyst switches
7
How STP Works
STP uses the Spanning-Tree Algorithm (SPA) to create a topology database of the
network. To prevent loops, SPA places some interfaces in forwarding state and some
interfaces in blocking state. All switches in a network elect a root bridge. All working
interfaces on the root bridge are placed in forwarding state.
8
What is Bridge Protocol Data Unit (BPDU) frame
• The Spanning Tree Protocol (STP) enabled switches in a redundant Local Area
Network (LAN) need to exchange information between each other for Spanning Tree
Protocol (STP) to work properly.
• Bridge Protocol Data Units (BPDUs) are messages exchanged between the switches
inside an interconnected redundant Local Area Network (LAN). Bridge Protocol Data
Units (BPDUs) frames contain information regarding the Switch ID, originating switch
port, MAC address, switch port priority, switch port cost etc.
• Bridge Protocol Data Units (BPDUs) frames are sent out as multicast messages
regularly at multicast destination MAC address 01:80:c2:00:00:00
• When Bridge Protocol Data Units (BPDUs) are received, the Switch uses a
mathematical formula called the Spanning Tree Algorithm (STA) to know when there
is a Layer 2 Switch loop in network and determines which of the redundant ports
needs to be shut down.
9
Select Root Bridge
The spanning-tree algorithm follows these steps:

1. Elects a root bridge
2. Elects a root port for each nonroot switch
3. Elects a designated port for each segment
4. Ports transition to forwarding or blocking state
10
How to Elect Root Bridge?
All Bridges (Switches) are assigned a numerical value called bridge priority. The Bridge
priority value is used to find the Bridge ID.
The Bridge ID. is made from two values.
• The Switch Priority, which is a numerical value defined by IEEE 802.1D, which is equal
to 32,768 by default.
• The MAC Address of the Switch.
If all the Switches in your Local Area Network (LAN) are configured with the default
Switch Priority (32,768), the Switch MAC address will become the decisive factor in
electing the Root Bridge. The Bridge with the lowest MAC Address is then elected as
Root Bridge.
11
What is a RP, DP, NDP?
• A Root Port is the port on the Switch with the least cost from the "Switch" to the
Root Bridge.
• A Designated Port is the port on a "Local Area Network (LAN) segment" with the
least cost to the root bridge.
• The other end of a Designated Port is called as Non Designated Port (marked as
NDP), if it is NOT a Root Port. Non Designated Port will be always in Blocking State,
to avoid Layer 2 Switching loops.
• Remember, a Root Port can never be a Designated Port and also there cannot be
any Root Port on a Root Bridge. All the ports on a Root Bridge are Designated Ports.
12
Select Root Bridge (Cont.)
13
Bandwidth & Cost
14
Different Port States
15
Disabled State
A port in the disabled state does not participate in frame forwarding or the operation
of STP because a port in the disabled state is considered non-operational.
Blocking State
The Switch Ports will go into a blocking state at the time of election process, when a
switch receives a BPDU on a port that indicates a better path to the Root Switch (Root
Bridge), and if a port is not a Root Port or a Designated Port.
A port in the blocking state does not participate in frame forwarding and also discards
frames received from the attached network segment. During blocking state, the port is
only listening to and processing BPDUs on its interfaces. After 20 seconds, the switch
port changes from the blocking state to the listening state.
16
Listening State
After blocking state, a Root Port or a Designated Port will move to a listening state. All
other ports will remain in a blocked state. During the listening state the port discards
frames received from the attached network segment and it also discards frames
switched from another port for forwarding. At this state, the port receives BPDUs from
the network segment and directs them to the switch system module for processing.
After 15 seconds, the switch port moves from the listening state to the learning state.
17
Learning State
A port changes to learning state after listening state. During the learning state, the port
is listening for and processing BPDUs . In the listening state, the port begins to process
user frames and start updating the MAC address table. But the user frames are not
forwarded to the destination. After 15 seconds, the switch port moves from the
learning state to the forwarding state
18
Forwarding State
A port in the forwarding state forwards frames across the attached network
segment. In a forwarding state, the port will process BPDUs , update its MAC
Address table with frames that it receives, and forward user traffic through the
port. Forwarding State is the normal state. Data and configuration messages are
passed through the port, when it is in forwarding state.
19
What is extended system id in stp
The Bridge Priority value and the Extended System ID extension together make up a 16
bit (2-byte) value. The Bridge Priority making up the left most bits, is a value of 0 to
61440. The Extended System ID is a value of 1 to 4095 corresponding to the respective
VLAN participating in STP.
20
Spanning-Tree Operation
The spanning-tree algorithm follows these steps:

1. Elects a root bridge
2. Elects a root port for each nonroot switch
3. Elects a designated port for each segment
4. Ports transition to forwarding or blocking state
21
How STP works
1 Selecting the Root Bridge

2 Selecting the Root Port
3 Selecting Designated port & Non Designated port
22
How STP works
1) Selecting the Root Bridge

► The bridge with the Best (Lowest) Bridge ID.
► Bridge ID = Priority + MAC address of the switch ( least is best)
► Out of all the switches in the network, one is elected as a root bridge that becomes the
focal point in the network. (8192)
23
How STP works

► The bridge with the Best(Lowest) Bridge ID.
► Bridge ID = Priority +MAC address of the switch ( least is best)
► Default priority on cisco switches = 32768 ► Show version (to verify base mac-address)
24
How STP works

► The bridge with the Best(Lowest) Bridge ID.
► Bridge ID = Priority +MAC address of the switch ( least is best)
► Default priority on cisco switches = 32768
► Show version (to verify base mac-address)
► Every LAN will have only one Root Bridge
► and all the remaining switches will be considered as Non-root Bridges.
25
How STP works
26
How STP works
2) Selecting the Root Port:

► Shortest path to the Root bridge
► Every Non-root Bridge looks the best way to go Root-bridge
27
How STP works
Root port selection based on Cost

► least cost (Speed)
► For every non-root bridge there is only one root port.
28
How STP works

• least cost (Speed)
• For every non-root bridge there is only one root port.
29
How STP works

 least cost (Speed)
30
How STP works

 least cost (Speed)
31
How STP works
Select the designation port and non designation port

► Lowest Root Path Cost.
► Lowest Senders Bridge ID.
► Lowest Senders Port ID
32
How STP works
Root bridge - central switch all the traffic forwarded from PcA to PcB
33
BPDU
► All switches exchange information through what is called as Bridge Protocol Data Units (BPDUs)
► BPDUs are sent every 2 sec and dead = 20 sec
► A BPDU contains information regarding ports, switches, port priority and addresses.
34
STP Convergence
STP port states

► Blocking - 20 Sec or No Limits
► Listening - 15 Sec
► Learning - 15 Sec
► Forwarding - No Limits.
► Disable - No Limits.
35
Lab: verifying spanning-tree
# Show Spanning-tree
36
TASK: Find Root Bridge and alternate port (BLK)
37
38
39
TASK: • To verify the STP convergence process shutdown the SW1 eth0/1 port and verify with Show
spanning-tree
Swl(config)#int eth0/1
Swl(config-if)#shutdown
Once eth0/1 interface of SW1 or SW2 goes down, the alternate port f0/1 (SW3) comes to forwarding
after delay of 50 sec
• BLK 20 sec
• LSN 15 sec
• LRN 15 sec
Swl(config)#int f0/1
Swl(config-if)#shutdown
SW1# Sh spanning tree
40
TASK: Configure eth0/1 port of SW1 back to normal state (no shutdown)
Swl(config)# int eth0/1

Swl(config-if)# no shutdown
• SW2 eth0/0goes back to BLK state

• SW1-/eth0/1 comes back to normal forward state after 30 sec delay (15 sec LSN ,15 sec LRN)
SW1# Show spanning tree
41
TASK:
• Configure SW2 to be the Root Bridge for Vlan1 by changing the Priority value
• Verify the STP port states changes once we change the Root bridge
Configuring Spanning Tree

To change the STP priority value, use the following:
Switch2 (config)# spanning-tree vlan <vlan_no> < priority value>
Switch2 (config)# spanning-tree vlan1 priority 0
42
43
By default STP is enabled for all active VLANs and on all ports of a switch. STP should remain
enabled in a network to prevent bridging loops from forming.
• However, you might find that STP has been disabled in some way. If an entire instance of STP has
been disabled, you can reenable it with the following global configuration command:
Switch(config)# spanning-tree vlan vlan-id
• if STP has been disabled for a specific VLAN on a specific port, you can reenable it with the
following interface configuration command:
Switch (config-if)# spanning-tree vlan vlan-id
44
LAB: Tuning STP (cost/proirity/Timers)
45
LAB: Tuning STP (cost/proirity/Timers)
46
TASK:
• Connect Swl and sw2 as per the digram on eth0/1, eth0/0 ports.
• Configure swl to be the root bridge for all vlans (also future vlan).
• Find what the root ports and Designated and blocking ports.
47
48
SW1 (config)#spanning-tree vlan1-4094 root primary
• As per the default configurations sw2 eth0/1 goes in to blocking state based on stp
root port, and designtated port conditions.
TASK: • Configure SW2 to ensure that eth0/1should be in forwarding state

( eth0/0 in to blocking)
SW2(config)#int eth0/1
SW2(config-if)#spanning-tree cost 4
SW2(config-if)# end
49
50
51
TASK :• Remove the cost configured in the previous task;

• Ensure that you do the same cost by making changes other than SW2.( on swl)
SW2(config-if)#no spanning-tree cost 4
SW2(config-if)# end
52
53
SWl(config-if)#spanning-tree port-priority ?
<0-240> port priority in increments of16
SWl(config-if)#spanning-tree port-priority 0
SW1(config-if)#end
54
55
TASK: Changing STP timers

• Configure the root bridge so that switches generate Spanning-Tree hello packets every 3
seconds.
• When a new port becomes active, it should wait 20 seconds before transitioning to
the forwarding state.
• If the switches do not hear a configuration message within10 seconds, they should
attempt reconfiguration.
• This configuration should affect all currently active VLANs and any additional
VLANs created in the future.
56
57
Downstream devices from the root bridge inherit the timers configured on the root.
SW1(config)#spanning-tree vlan1-4094 hello-time 3
SW1(config)#spanning-tree vlan1-4094 forward-time10
SW1(config)#spanning-tree vlan1-4094 max-age10
SW1(config)#end
58
59
60
Hierarchical Campus Model
61
❖ Default root bridge election: priority + BaseMac
❖ Recommended to Select high speed Switch to be elected as Root Bridge
Change Priority Value *:• Priority values can be only multiples of 4096
SW-i(config)#spanning-tree vlan 1 priority 1000
% Bridge Priority must be in increments of 4096.

% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152
53248 57344 61440
62
STP: Selecting Root Bridge
SW-A(config)#spanning-tree vlan 1 priority 0

SW-B(config)#spanning-tree vlan 1 priority4096
OR
SW-A(config)#spanning-tree vlan 1 root Primary

SW-B(config)#spanning-treevlan 1 root Secondary
NOTE:
•Primary reduces priority by 8192 from default priority
•secondary reduces priority 4096 from default priority
63
LAB: Per VLAN STP
TASK: • Connect four switches as per the diagram.

• Find the Root bridge,root ports, alternate ports in the topology
64
LAB: Per VLAN STP
65
LAB: Per VLAN STP
66
LAB: Per VLAN STP
67
LAB: Per VLAN STP
68
LAB: Per VLAN STP
• In this example, SW1 is the root Bridge and you can verify the root ports and
alternate ports in the above outputs
• As per your topology it can vary as it based onMac- address (vary from switch to
switch)
TASK: • Configure the links connecting between switches as Trunk links

• Configure VTP on all Four switches to synchronize the vlan information
• Create vlan10,20,30,40 on SW1 and ensure that it sync with other switches
69
LAB: Per VLAN STP
ON SW1, SW2. SW3, SW4

SWx(config)#int range f0/20 - 22
SWx(config-if-range)#switchport trunk encapsulation dotlq
SWx(config-if-range)#switchport mode trunk
SWx(config)#vtp domain CCIE
Show interface trunk on all switches
70
LAB: Per VLAN STP
71
LAB: Per VLAN STP
SW1(config)#vlan10
SWl(config-vlan)#vlan 20
SW1(config-vlan)#vlan 30
SW1(config-vlan)#exit
72
LAB: Per VLAN STP
73
LAB: Per VLAN STP
TASK: • Configure SW1 should be the Root Bridge for VLAN10,20 and Backup for VLAN
30,40
• Configure SW2 should be the Root Bridge for VLAN 30,40 and Backup for VLAN10,20
Note: • By default here SW1 will be the root bridge for all vlan as the priority value is
same, and Swl is having the least MAC address of all ( this may vary in your labs)
74
LAB: Per VLAN STP
TASK: • at this moment SW1 is root switch for all vlans
75
LAB: Per VLAN STP
TASK: • at this moment SW1 is root switch for all vlans
76
LAB: Per VLAN STP
You can configure a Catalyst switch to become the root bridge using one of two
methods,
1. Manually setting the bridge priority value
Switch(config)# spanning-tree vlan <vlan-list> priority <bridge-priority>
2. Causing the would-be root bridge switch to choose its own priority, based on some
assumptions about other switches in the network using primary and secondary
options. You can accomplish this with the following command:
Switch(config)# spanning-tree vlan <vlan-id> root {primary | secondary}
77
LAB: Per VLAN STP
• The bridge-priority value defaults to 32,768, but you can also assign a value of 0 to
65,535.
• If STP extended systemID is enabled (default is most switches),the default bridge-
priority is 32,768 plus the VLAN number.
• In that case, the value can range from 0 to 61,440, but only as multiples of 4096. A
lower bridge priority is preferable.
• If the current root priority is less than that,the local switch sets its priority to 4096
less than the current root For the secondary root bridge, the root priority is set to an
artificially low value of 28,672.
78
LAB: Per VLAN STP
OnSWl
SW1(config)#spanning-tree vlan10,20 priority 0
SW1(config)#spanning-tree vlan 30,40 priority 4096
OR
SWl(config)#spanning-tree vlan10,20 root primary
SWl(config)#spanning-tree vlan 30.40 root secondary
On SW2
SW2(config)#spanning-tree vlan 30,40priority 0
SW2(config)#spanning-tree vlan10,20 priority 4096
OR
SW2(config)#spanning-tree vlan 30,40 root primary
SW2(config)#spanning-tree vlan 10.20 root secondary
79
LAB: Per VLAN STP
TASK: • Check SW1 will be primary root for vlan 10 and 20 and not root bridge for vlan 30 and 40. But SW2 will be the
primary root switch for vlan 30,40 and not root for vlan 10, 20.
80
LAB: Per VLAN STP
81
LAB: Per VLAN STP
82
LAB: Per VLAN STP
primary root switch for vlan 30,40 and not root for vlan 10, 20. (Check the port status also.)
83
Spanning Tree Root Port selection
1. Select the port connected to the path with the lowest accumulated Spanning Tree
Path Cost to the Root Bridge as the Root Port, when a Non-Root Switch has multiple
paths to reach the Root Switch.
84
2. If multiple paths are available to reach the Root Bridge with the same
accumulated Spanning Tree Path Cost in a Non-Root Switch, select the port
connected to the neighbor switch which has the lowest Switch ID value as the Root
Port.
85
3. If all the multiple paths go through the same neighboring switch to reach the Root
Bridge, Non-Root Switch will select the local port which receives the lowest port
Spanning Tree Port Priority value from neighbor Switch as the Root Port.
86
4. If the received Spanning Tree Port Priority value values are the same between the
connecting ports to reach the Root Bridge, Non-Root Switch will select the port which
receives the lowest physical port number from neighbor Switch as the Root Port.
87
Types of Spanning-Tree Protocols
Spanning-tree standards:
• IEEE 802.1D: The legacy standard for bridging and STP
- CST: Assumes one spanning-tree instance for the entire bridged network,
regardless of the number of VLANs
88
Types of Spanning-Tree Protocols (Cont.)
• PVST+: A Cisco enhancement of STP that provides a separate IEEE 802.1DIEEE

802.1D is the MAC Bridges standard, which includes bridging and spanning tree,
among others. It is standardized by the 802.1 working group. 802.1D spanning-
tree instance for each VLAN that is configured in the network
89
Types of Spanning-Tree Protocols (Cont.)
• 802.1s (MSTP): Maps multiple VLANs into the same spanning-tree instance
• 802.1w (RSTP): Improves convergence over 1998 STP by adding roles to
ports and enhancing BPDU exchanges
• Rapid PVST+: A Cisco enhancement of RSTP using PVST+
90
Comparison of Spanning-Tree Protocols
91
92
What is EtherChannel
• EtherChannel is a port link aggregation technology developed by Cisco, which

provides fault-tolerant high-speed links between Switches, Routers, and Servers.
• EtherChannel technology allows multiple physical Ethernet links (Fast Ethernet or
Gigabit Ethernet) to combine into one logical channel.
❖ Up to 8 links can be used to combine in to one logical link.

❖ Etherchannel can be configured as layer 2 or layer 3.
❖ EtherChannel load balances traffic over all the links in the bundle.
❖ Port-channel is the logical instance of the physical interfaces
93
Introducing EtherChannel
• When multiple links aggregate on a switch, congestion occurs.

• One solution is to increase uplink speed, but that solution cannot scale
indefinitely.
• Another solution is to multiply uplinks, but loop prevention mechanisms disable
some ports.
94
Introducing EtherChannel (Cont.)
 The following are the characteristics of EtherChannel:

• Logical aggregation of links between switches
• High bandwidth
• Load sharing across links
• One logical port to STP
• Redundancy
95
Some guidelines for EtherChannels
• All ports must be the same speed and duplex.

• All ports in the bundle should be enabled.
• all bundle ports in the same VLAN, or make them all trunks.
• If they are trunks, they must all carry the same VLANs and use the same trunking mode
• Interfaces in the channel do not have to be physically next to each other or on the same
module.
• Assign an IP address to the logical Port Channel interface, not the physical ones, if using a
Layer 3 EtherChannel.
• The configuration you apply to the Port Channel interface affects the entire EtherChannel.
• The configuration you apply to a physical interface affects only that interface
96
Some guidelines for EtherChannels
• All ports must be the same speed and duplex.

• All ports in the bundle should be enabled.
• all bundle ports in the same VLAN, or make them all trunks.
• If they are trunks, they must all carry the same VLANs and use the same trunking mode
• Interfaces in the channel do not have to be physically next to each other or on the same
module.
• Assign an IP address to the logical Port Channel interface, not the physical ones, if using a
Layer 3 EtherChannel.
• The configuration you apply to the Port Channel interface affects the entire EtherChannel.
• The configuration you apply to a physical interface affects only that interface
97
EtherChannel Protocols
• There are two protocols used for negotiating EtherChannel and Link Aggregation.
We can configure Etherchannel in three ways in Cisco Switches.
1- Port Aggregation Protocol (PAgP) - Cisco Proprietary protocol
2- IEEE Link Aggregation Protocol (LACP) - Industry Standard
3- Manual Etherchannel Configuration - Without using any negotiation protocol
listed above
98
Port Aggregation Protocol (PAgP) Modes
• Auto Mode: Auto mode in Port Aggregation Protocol (PAgP)) does not initiate the
negotiation, but responds to Port Aggregation Protocol (PAgP) packets initiated by
other end. Auto mode in Port Aggregation Protocol (PAgP) does not start Port
Aggregation Protocol (PAgP) packet negotiation
• Desirable mode: Desirable mode in Port Aggregation Protocol (PAgP) initiates the
negotiation and tries to form EtherChannel with other end.
99
Port Aggregation Protocol (PAgP) Modes (Cont.)
• If you are using Port Aggregation Protocol (PAgP) for EtherChannel

negotiation, EtherChannel will be formed only if two ends are
configured under following modes.
100
Link Aggregation Control Protocol (LACP)
• Active Mode: Active Mode in Link Aggregation Control Protocol (LACP) initiates the
negotiation and tries to form EtherChannel with other end.
• Passive Mode: Passive Mode in Link Aggregation Control Protocol (LACP) does not
initiate the negotiation, but responds to Link Aggregation Control Protocol (LACP)
packets initiated by other end.
101
Link Aggregation Control Protocol (LACP) (Cont.)
Passive Mode in Link Aggregation Control Protocol (LACP) does not start Link
Aggregation Control Protocol (LACP) packet negotiation.
102
EtherChannel "on" mode
• EtherChannel "on" mode makes the interface into an EtherChannel without any
negotiation protocols like Port Aggregation Protocol (PAgP) or Link Aggregation
Control Protocol (LACP). When using a EtherChannel "on" mode, EtherChannel
will be created only when another interface group in EtherChannel "on" mode.
103
EtherChannel "on" mode (Cont.)
• Switch interfaces exchange Port Aggregation Protocol (PAgP) packets only with
partner interfaces configured in the auto or desirable modes. Switch interfaces
exchange Link Aggregation Control Protocol (LACP) packets only with partner
interfaces configured in the active or passive modes. Interfaces configured in the
"on" Channel mode do not exchange Port Aggregation Protocol (PAgP) or Link
Aggregation Control Protocol (LACP).
104
Configure EtherChannel
• All interfaces within an EtherChannel must have the same configuration :

• Speed and duplex
• Mode (access or trunk)
• Native and allowed VLANs on trunk ports
• Access VLAN on access ports
105
Configure EtherChannel Port Aggregation Protocol (PAgP)
106
Configure EtherChannel Port Aggregation Protocol (PAgP) (Cont..)
Step 1: Configure Pagp protocol on SW1

SWl(config)# interface range FastEthernet0/1 - 4
SW1(config-if-range)# channel-group 1 mode desirable
SW1(config-if-range)# channel protocol pagp
SW1(config-if-range)# exit
107
Configure EtherChannel Port Aggregation Protocol (PAgP) (Cont..)
Step 2: Configure Pagp protocol on SW2

SW2(config)# interface range FastEthernet0/1 -4
SW2(config-if-range)# channel-group 1 mode desirable
SW2(config-if-range)# channel protocol pagp
108
Verify EtherChannel
Step 3: Verify interface status.

SW1#show interfaces port-channel 1
Port-channel 1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000d.bd27.b713 (bia 000d.bd27.b713)
MTU 1500 bytes, BW 500000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
.
.
109
Verify EtherChannel (Cont.)
Step 4: Display a one-line summary per channel group.

SW1#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
…..
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------
1 Po1(SU) PAgP Fa0/1(P) Fa0/2(P) Fa0/3(P) Fa0/4(P)
SW1#
110
Step 5: Display port channel information.

SW1#show etherchannel port-channel
Channel-group listing:
----------------------
Group: 1
----------
Port-channels in the group:
---------------------------
Port-channel: Po1
------------
Age of the Port-channel = 00d:00h:05m:15s
Logical slot/port = 2/1 Number of ports = 4
GC Prepared
= 0x00000000 HotStandByMail:
by: Jagdish Rathod
portjagdishrj01@gmail.com
= null Mo: 7259459745/8779606604
111
Protocol = PAGP
Port Security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Fa0/1 Desirable-Sl 0
Time since last port bundled: 00d:00h:05m:15s Fa0/2 112
Configure EtherChannel Link Aggregation Control Protocol (LACP)

Configure EtherChannel Link Aggregation Control Protocol (LACP) (Cont..)
Step 1: Configure Lacp protocol on SW1

SW1(config-if-range)# channel-group 1 mode Active
SW1(config-if-range)# channel protocol lacp
114
Configure EtherChannel Link Aggregation Control Protocol (LACP)
(Cont..)
Step 2: Configure Lacp protocol on SW2
SW2(config-if-range)# channel-group 1 mode Active
SW2(config-if-range)# channel protocol lacp
115
Verify EtherChannel
Step 3: Verify interface status.

SW1#show interfaces port-channel 1
Port-channel 1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 000d.bd27.b713 (bia 000d.bd27.b713)
MTU 1500 bytes, BW 500000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
.
.
116
Step 4: Display a one-line summary per channel group.

SW1#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
…..
Group Port-channel Protocol Ports
------+-------------+-----------+----------------------------------------------
1 Po1(SU) LACP Fa0/1(P) Fa0/2(P) Fa0/3(P) Fa0/4(P)
SW1#
117
Step 5: Display port channel information.

SW1#show etherchannel port-channel
Channel-group listing:
----------------------
Group: 1
----------
Port-channels in the group:
---------------------------
Port-channel: Po1
------------
118
Protocol = LACP
Port Security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
Time since last port bundled: 00d:00h:05m:19s Fa0/2
SW1#
119
EtherChannels Load Balancing
Switch(config)#port-channeIload-balance ?
• dst-ip Dst IP Addr
• dst-mac DstMac Addr
• src-dst-ip Src XOR Dst IP Addr
• src-dst-mac Src XOR Dst Mac Addr
• src-ip Src IP Addr src-mac
• Src Mac Addr
120
LAB : Configruing Ether-Channel Using Pagp Protocol Negotiation
121
LAB : Configruing Ether-Channel Using Pagp Protocol Negotiation
TASK • Configure the Four links (f0/20 - 23) should appear as one logical link
• Ports should negotiate using Cisco Proprietary method.
SW1
SW1(config)#int range f0/20 – 23
SW1(config-if-range)#channel-protocol pagp
SW1(config-if-range)#channel-group10 mode desirable
SW2
SW2(config)#int range f0/20 - 23
SW2(config-if-range)# channel-protocol pagp
SW2(config-if-range)# channel-group10 mode auto
122
LAB : Configruring Ether-Channel Using Pagp Protocol Negotiation
123
124
TASK: Configure the Portchannel 10 interface asTrunk link.

SWl(config)# int port-channel 10
SW1(config-if)# switchport trunk encapsulation dotlq
SW1(config-if)# switchport mode trunk
SW1(config-if)# exit
SW2(config)# int port-channel 10

SW2(config-if)# switchport trunk encapsulation dotlq
SW2(config-if)# switchport mode trunk
SW2(config-if)# exit
125
• Any changes applied on the port channel automatically effect on all the physical interfaces
• Port channel will work as long as at least one interface in the group is up and running
126
Layer 3 Ether-Channel
• In order to configure layer 3 port channel interface, the member ports must be configured
with no switchport command before using port-channel commands.
• If the channel-group command is issued before the no switchport command on the
physical interfaces, the logical port-channel interface will be created as the default of Layer
2, and this cannot be changed afterward.
• To fix this problem, simply issue the no switchport command before the channelgroup
command.
• If configured properly, the state of the port-channel from the show etherchannel summary
command should show RU for routed and in use.
127
STP Link Convergence
128
Spanning tree Portfast
❖ helps speed up network convergence on access ports.

❖ Cisco-proprietary enhancement to Spanning Tree.
❖ Port Fast causes a port to enter the spanning-tree forwarding state immediately,
bypassing the listening and learning states.
NOTE:
❖ PortFast should be used only when connecting a single end station to a switch port.
❖ If you enable PortFast on a port connected to another networking device, such as a
switch, you can create network loops
129
Portfast Configuration
Portfast on specific ports

(conflg)# interface range fo/1– 4
(config-if) spanning-tree portfast
OR
Portfast on all access ports globally using one command

(config)#spanning-tree portfast default
130
LAB: STP Portfast
131
LAB: STP Portfast
TASK:
• Connect 3 PC in the LAN as per the Diagram.
• Shutdown the ports on Switch &reconfigure No shutdown and observer the ports going through
LSN & LRN stages of STP process before they come to FWD...
Switch(config)#int range fast0/1-4

Switch(config-if-range)# shutdown
Switch(config-if-range)# no shutdown
132
LAB: STP Portfast
133
LAB: STP Portfast
• All the ports connecting to end devices go through listening and Learning states by default
before they comes to Forwarding State
• This is the default STP Loop prevention mechanism on switches
• Here we want these access ports to bypass the LSN, LRN stages and transition to FWD
immediately
• To do this we configure portfast on these ports ( used only on access ports)
Switch(config)#int range ethe0/0-3

Switch(config-if-range)#spanning-tree portfast
134
LAB: STP Portfast
• All the ports connecting to end devices go through listening and Learning states by
default before they comes to Forwarding State
• This is the default STP Loop prevention mechanism on switches
• Here we want these access ports to bypass the LSN, LRN stages and transition to FWD
immediately
• To do this we configure portfast on these ports ( used only on access ports)
135
LAB: STP Portfast
TO verify
Switch(config)#interface fast0/1
Switch(config-if-range)#shutdown
Switch(config-if-range)#no shutdown
136
LAB: STP Portfast
Once port fast configured on the interfaces all the ports transitions to Forwarding
immediately without LSN, LRN states.
TASK: • Configure Switch to ensure that all future access ports should bypass LSN, LRN
states using single command.
Switch(config)#spanning-tree portfast default

Switch(config)#end
To Verity Connect some end devices on portfO/5 - 6 to verify
137
LAB: STP Portfast
138
Loss of BPDU Trouble shooting of BPDU
139
BPDU Guard – On port fast –if bpdu received put in error disable mode
140
BPDU Guard – On port fast –if bpdu received put in error disable mode
141
BPDU Guard (port fast – bpdu received – put port in error disable mode)
❖ BPDU Guard prevents loops if another switch is attached to a Portfast port.

❖ Puts port into an error-disabled state (basically, shut down) if a BPDU is received on the interface
❖ STP Instance will not be disable
(config)# interface fo/I

(config-if)# spanning-tree portfat
(config-if)# spanning-tree bpduguard enable
BPDUGuard on all access ports globally using one command
OR
(config)# spanning-tree portfast bpduguard default
142
BPDU Guard verification
(config)# interface fO/2

(config-if)# spanning-tree portfast
(config-if)# spanning-tree bpduguard enable
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernetO/2 with BPDU Guard enabled.

Disabling port. %PM-4-ERR_DISABLE: bpduguard error detected on Fao/2, putting Fao/2 in err-disable
state
SWi#show interface status err-disabled
• The port is err-disabled has to be manually re-enabled via shut/no shut.
143
LAB: BPDU Guard:
TASK:
• Connect link between SW1 and SW2 eth0/0 and shutdown all remaining ports.
• Configure SW2 eth0/0 as layer 3 ports to test BPDU guard feature.
• Enable BPDU Gaurd and portfast feature on SW1.
144
LAB: BPDU Guard:
SW2(config-if)#no switchport
SW2(config-if)#ip address10.0.0.1 255.0.0.0
SW2(config-if)#exit
SWl(config)#vlan 10
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan10
SW1(config-if)#spanning-tree portfast
SW1(config-if)#spanning-tree bpduguard enable
SW1(config-if)#exit
145
LAB: BPDU Guard:
SWl#show spanning-tree interface eth0/0 detail
146
LAB: BPDU Guard:
TASK: Reconfigure eth0/0 port on sw2 back to layer 2 port ( adding switchport)
SW2(config-if)#switchport
SW2(config-if)#exit
147
LAB: BPDU Guard:
TASK: Configure eth-0/0 port back to layer 3 port and ensure that port comes back up.
SW2(config-if)#int eth0/0
SW2(config-if)#exit
SW2(config)#do sh ip int br Interface IP-Address
SW2(config)#int fO/19
SW2(config-if)#shutdown
SW2(config-if)#no shutdown
SW2(config-if)#end
SW2#sh ip int brief Interface
Port will be up 148

LAB: BPDU Guard:
TASK:
• Configure Err-disable recovery for BPDU GAURD such that port should come up automatcially after 60
sec of err-disable state.
SW1(config)#errdisable recovery cause bpduguard

SW1(config)#errdisable recovery interval 60
SW1(config)#exit
SWl#sh errdisable recovery
149
BPDU Filter
150
BPDU Filtering (NO BPDU - STP disable) – Not used in LIVE Env.
151
LAB: BPDU filter (interface level)
•BPDU Filter is used to terminate the STP domain, but it has a different functionality:
• it can also be configured globally or at the interface level.
• However, behavior is different based on this; this was not the case For BPDU Guard, this had the same
functionality regardless of how it was enabled.
•When configured at the interface level, BPDU Filter silently drops all received inbound BPDUs and does
not send any outbound BPDUs on the port.
•There is no violation option for BPDU Filter, so the port never goes into err-disabled state.
• BPDU Filter needs to be carefully enabled at the port level, because it will cause permanent loops if on
the other end of the link a switch is connected and the network is physically looped; in this case, STP will
not be able to detect the loop and the network will become unusable within seconds.
152
BPDU Filtering (NO BPDU - STP disable) – Not used in LIVE Env.
BPDU Guard – port error disable

BPDU Filter – STP Disable
(config)# spanning-tree portfast bpdufilter default
❖ If a Portfast interface receives any BPDUs, it is taken out of Portfast status.

❖ The interfaces still send some BPDUs at the link-up
(config)# interface fo/2

(config-if)# spanning-tree bpdufilter enable
❖ The interface doesn't send any BPDU and ignores the received ones.
❖ The port is not shutdown and this basically disables spanning-tree on the interface.
153
154
TASK:
• Connect link between SW1 and SW2 fO/1 and shutdown all remaining ports.
• Configure sw2 fO/1 as layer 3 ports to test BPDU guard feature.
• Enable BPDU Gaurd and portfast feature on swl.
SW2(config-if)#exit
SW1(config)#vlan10
SWl(config-if)#switchport mode access
SWl(config-if)#switchport access vlan10
SW1(config-if)#spanning-tree bpdufilter enable 155
Prepared by: Jagdish Rathod
SW1(config-if)#exit Mail: jagdishrj01@gmail.com Mo: 7259459745/8779606604
156
TASK: Configure SW2 eth0/0 as layer 2 ports so that it can start sending BPDU
SW2(config-if)#switchport
SW2(config-if)#end
157
TASK:
BPDU global configuration mode:
• Remove the Bpdu filter on the interface and enable it globally.
• Configure portfast on eth0/0 on Swl for verification.
SW2(config)# int eth0/1

SW2(config-if)# no switchport
SW2(config-if)# ip address10.0.0.1 255.0.0.0
SW2(config-if)#end
SW1(config-if)#no spanning-tree bpdufilter enable
SW1(config-if)#exit
SW1(config)#spanning-tree portfast bpdufilter default
SW1(config)#end
158
Root Guard – No Old switch will be root - "root-inconsistent"
159
Root Guard
160
Root Guard
161
Root Guard
•prevents the wrong switch from becoming the SpanningTree root.

•If a Root Guard port receives a superior BPDU that might cause it to become a root port, the port is
put into "root-inconsistent" state and does not pass traffic through it.
•If the port stops receiving these BPDUs, it automatically re-enables itself
(config)# interface fO/19

(config-if)# spanning-treeguardroot
Ports disabled by root guard can be viewed with
# show spanning-tree inconsistentports
162
Root Guard
163
Configuring Root Guard
(config)# interface eth0/1

(config-if)# spanning-tree guardroot
Ports disabled by root guard can be viewed with
# show spanning-tree inconsistentports
164
LAB : ROOT GUARD
• Root Guard is similar to the BPDU Guard feature in the manner in which it is used to detect STP packets and
disable the interface they were received on.
• The difference between them is that with Root Guard, the interface is only logically disabled (via Root
Inconsistentstate) if a superior BPDU is received on the port with Root Guard enabled.
• Root Inconsistentstate is similar to blocking state, in that BPDUs are not sent outbound but accepted inbound,
and of course all received frames are dropped.
• The switch automatically recovers the port from Root Inconsistentand starts negotiating the new port state and
role, as soon as superior BPDUs are no longer received inbound.
• A superior BPDU indicates a better cost to the root bridge than what is currently installed.
• Therefore, in terms of design, this feature is used to prevent a rogue device from announcing itself as the new
root bridge and possibly implementing a layer 2 man-in-the-middle attack. Root Guard can be enabled only at the
port level and basically prevents a Designated port from becoming Non-Designated.
• You will want to configure this functionality on the Root Bridge itself.
• Verify that Root Guard is enabled for all VLANs, for example on FastEthernetO/19 port.
165
LAB : ROOT GUARD
166
LAB : ROOT GUARD
TASK: • Configure SW1 so that STP logically blocks Ethernet links connected to SW2 if any of port on SW2
tries to become Root Bridge for any VLAN.
167
LAB : ROOT GUARD
168
LAB : ROOT GUARD
• In this lab here, SW1 is the default root bridge. Configure SW1 to use the prority value of 4096 to ensure
that SW1 should become Root Bridge.
SW1(config)#spanning-tree vlan1priority 4096
SW1(config)#exit
169
LAB : ROOT GUARD
TASK: • Configure SW1 so that STP logically blocks Ethernet links connected to SW2 if any of port on SW2
tries to become Root Bridge for any VLAN
SW1(config-if)#spanning-tree guard root
SW1(config-if)#exit
170
LAB : ROOT GUARD
Although Root Guard is enabled at the port level, it works on a per-VLAN basis.
TASK: Testing Root guard
• Configure sw2 with prority value of 0 to ensure that SW2 sends superior BPDU to swl
SW2 (config)#spanning-tree vlan1 priority 0
171
LAB : ROOT GUARD
SW1 no longer sends BPDUs outbound on its Root Inconsistentport,
172
LAB : ROOT GUARD
TASK: Remove the priority configuration on SW2 and ensuure that sw2 uses the default proirity values
SW2 (config) #no spanning-tree vlan1 priority 0
173
LAB : ROOT GUARD
When superior BPDUs are no longer received, SW1 will start to send BPDUs outbound on the ports to
negotiate the STP state and role.
174
Protecting against sudden loss of BPDU
175
Loop Guard
176
Unidirectional link failure
• links for which one of the two transmission paths on the link has failed, but not both.
• This can happen as a result of miscabling, cutting one fiber cable, unplugging one fiber or
other reasons.
•no longer receives STP BPDUs
• Still link forwards Traffic.
• blocking port from the alternate or backup port becomes designated and moves to a
forwarding state. This situation creates a loop. This is called a unidirectionallink
Solution:
•Loopguard
•UDLD
177
LOOPGAURD
Stops the loops which can occur because of unidirectional link failures. prevents switch ports from
wrongly moving from a blocking to a forwarding state when a unidirectional link exists in the network
178
Loop Guard Configuration
On all point to point links

(config-if)#spanning-tree guard loop default
OR
On Specific links
(config)#interface eth0/1
(config-if)#spanning-tree guard loop
Loopguard automatically re-enables the port if it starts receiving BPDU again

179
UDLD
180
Unidirectional Link Detection
•Do the same job as loop guard

•Designed more specific for fiber ports ( can also work for UTP)
•detects a unidirectional link by sending periodic hellos out to the interface.
•It also uses probes, which must be acknowledged by the device on the other end of the link.
UDLD has two modes: normal and aggressive.
Normal mode: the link status is changed to Undetermined State if the hellos are not returned.
Aggressive mode: the port is error-disabled if a unidirectional link is found. Aggressive mode is
the recommended way to configure UDLD
181
Unidirectional Link Detection
To enableUDLD on all fiber-optic interfaces, use the following command:

(config)# udld[enable I aggressive]
Note :
Although this command is given at global config mode,it applies only to fiber ports.
To enable UDLD on non fiber ports, give the same command at interface config mode.
To control UDLD on a specific fiber port, use the following command:
(config-if)# udld port {aggressive I disable}
To reenable all interfaces shut by UDLD, use the following:
# udld reset
To verify UDLD status, use the following:
# show udld interface
182
UDLP & loop guard
183
Err-Disable & Err-disable recovery
❖ the port is automatically disabled by the switch operating system software because of an
error condition that is encountered on the port.
❖ When a port is error disabled, it is effectively shut down and no traffic is sent or received on
that port.
The port LED is set to the color orange
#Show interfacesgigabitethernet 4/1 status
# show interfacegigabit4/1
184
Err-disable recovery
Reasons for error disable state :

• Duplex Mismatch
• Loopback Error
• Link Flapping (up/down)
• Port Security Violation
• Unicast Flooding
• UDLD Failure
• Broadcast Storms
• BPDU Guard
185
Err-disable recovery
1.To recover a port that is in an Errdisable state, administrator must access the
switch and configure the specific port with shutdown' followed by the 'no
shutdown' command.
. Use Err-disable recovery option
186
Errdisable recovery
• choose the type of errors that automatically reenable the ports after a
specified amount of time.
#show errdisable recovery
(Config)#errdisable recovery cause bpduguard

(Config)#errdisable recovery interval120
Errdisable autorecovery
To enable the Errdisable auto recovery feature for all supported reasons
(config)# errdisable recovery cause all
187
Errdisable recovery
• show interfaces status err-disabled

■ Shows which local ports are involved in the errdisabled state. Show errdisable
recovery
■ Shows the time period after which the interfaces are enabled for errdisable
conditions. Show errdisable detect
■ Shows the reason for the errdisable status
188
All in One
189
STP Flavours
• RSTP, PVSTP,CST, MSTP
190
191
States
192
States
193
Direct Topology Change – STP Convergence(802.1d)
194
Indirect Topology Change – STP Convergence(802.1d)
195
BPDU Packets
196
BPDU Packets - TCN
197
STP Convergence - Indirect- link failure
198
STP Convergence - Direct- link failure
199
Spanning-tree Uplink-fast / Backbone-fast
❖ Legacy / Cisco proprietary enhancement to speed up the convergence.

Uplink-fast
❖ BLK -> FWD Immediately if direct-link fails ( instead of 30sec)
Backbone-fast
❖ BLK -> FWD 30sec if direct-link fails ( instead of 50 sec)
200
Spanning-tree uplink-fast
201
Spanning-tree Backbonefast
❖ Legacy / Cisco proprietary feature

❖ Backbone Fast can reduce the maximum convergence delay only from 50 to 30 seconds.
202
Rapid STP (RSTP) 802.1 w
203
204
Rapid Port Roles
205
RSTP Synchronization
206
Changes in BPDU
207
❖ 802.1W is a standards way of speeding STP convergence.

❖ Inbuilt features of portfast, uplinkfast, backbonefast, BPDUfilter
❖ Path Calculation remains same as STP.
(config)#spanning-tree mode rapid-pvst
208
• SWA assumes its port is designated and sends out a proposal.

• SWB will agree to this proposal.
209
210
211
212
RSTP port States
• Comparing 802.id and 802.1W Port States

STP Port State Equivalent RSTP Port State
Disabled - Discarding
Blocking - Discarding
Listening - Discarding
Learning - Learning
Forwarding - Forwarding
• Discarding - Frames are dropped, no addresses are learned, (link down /

blocking/during sync)
• Learning - Frames are dropped, but addresses are learned.
• Forwarding- Frames are forwarded
213
RSTP port roles
214
RSTP port roles (Contd)
Alternate port:
❖ A backup to the root port
❖ Less desirable path to the root
❖ Operates in discarding state.
❖ Same as uplinkfast ( legacy)
215
Backup port:
❖ The backup port applies only when a single switch has two links to the same Segment
(collision domain).
❖ To have two links to the same collision domain, the switch must be attached to a hub. A
backup to the designated port Multiple links attached to the same network segment
❖ Activates if primary designated fails
216
Edge port:
❖ Equivalent to portfast in STP.
❖ Connected only to an end user .
❖ Maintain edge status as long as no BPDU received (with BPDU filter) .
217
BPDU Difference in RSTP
• In regular STP, BPDUs are originated by the root and relayed by each switch.
• In RSTP, each switch originates BPDUs, whether or not it receives a BPDU on its root port.
PVST is done by Rapid PVST+ on Catalyst switches.
• Hello= 2 sec , Dead = 6 sec
218
RSTP port costs
219
STP : Selecting root port

❖ Default root bridge election : priority + Base Mac
❖ Recommended to Select high speed Switch to be elected as Root Bridge
Change Priority Value

Priority values can be only multiples of 4096

% Bridge Priority must be in increments of 4096
220

% Bridge Priority must be in increments of 4096
221
STP : Selecting Root Bridge
SW-A(config)#spanning-tree vlan 1 priority 0

SW-B(config)#spanning-tree vlan 1 priority 4096
OR
SW-A(config)#spanning-tree vlan 1 root Primary
SW-B(config)#spanning-tree vlan 1 root Secondary
NOTE:
□ Primary reduces priority by 8192 from default priority
□ secondary reduces priority 4096 from default priority
222
Per -VLAN STP
• Every VLAN runs a separate STP instance by default.

• Provides load sharing
• More overhead
SW-A(config)#spanning-tree vlan 10,20,30 root primary

SW-A(config)#spanning-tree vlan 40,50,60 root secondary
SW-B(config)#spanning-tree vlan 10,20,30 root secondary
SW- B(config)#spanning-tree vlan 40,50,60 root primary
223
PVST& PVST+ differences
• Cisco proprietary. (PVST supports only ISL) PVST+ allows interoperability between CST
and PVST in Cisco switches and support the IEEE 802.1Q standard
224
Common STP (CST)
• Runs on spanning-tree instance for all VLANs

• reduces CPU load.
• No load sharing.
225
Multiple Spanning Tree ( MST)
• Allows several VLANs to be mapped to single instance of STP reduces number of

spanning-tree instances (processing overhead). Provide load sharing ( separate Root
Bridges)
• Instance 1 maps to VLANs 1-500

226
Multiple Spanning Tree ( MST)
• Started as Cisco's MISTP

• Originally standard defined in IEEE 802.1s
• instance handles multiple VLANs that have the same Layer 2 topology

227
MSTP Regions
• collection of switches that have the same MST configuration comprises an MST region
1. Instance name (32 bytes)
2. Revision number (two bytes)
3. VLAN to STP instance mappings
228
MSTP Configuration
SW1 /SW2 ( on all switches)

SWx(config)#spanning-tree mode mst
SWx(config)# spanning-tree mst configuration
SWx(config-mst)# revision i
SWx(config-mst)# nameCCIE
SWx(config-nist)# instance 1 vlan 10,20,30
SWx(config-nist)# instance 2 vlan 40,50,60
SWx(config-mst)# exit
229
MSTP Configuration
SWl(config)#spanning-tree mst 1 root primary

SWi(config)#spanning-tree mst 2 root secondary
SW2 (config)#spanning-tree mst 2 root primary
SW2 (config)#spanning-tree mst 1 root secondary
NOTE:
• an instance must have the same MST name and revision number
• If not matches then they are considered as different instances and not the same, even if the
instances contain
the same vlans
230
Intra vs Inter Region
Intra Region
• Details of the region are known within the
region
• VLAN to STPIs are manually defined
• Undefined VLANs fall into CIST (MST o)
Inter Region
• Details between regions are not known
• Different regions see each other as virtual
bridges
• Result is simplified Inter-Region calculation
• Intra-region MSTIs are collapsed into CIST
231
MST Interoperability
• MST is backwards compatible with legacy CST and PVST+

• Behaves like Inter-Region MST
• CST Root must be within MST domain
232
LAB: MSTP (MULT1LPLE SPANN1NG-TREE)
233
MSTP (MULT1LPLE SPANN1NG-TREE)
TASK:
• Configure manual trunk between swl and sw2 connected links
• Configure vtp to synchronize the vlan information between two switches
• Create vlan 10, 20,30, 40 on any one of the switch
SW1/SW2
SWx(config)#int range fO/23 - 24
SWx(config-if-range)#switchport trunk encapsulation dotlq
SWx(config-if-range)#switchport mode trunk
SWx(config-if-range)#switchport nonegotiate
SWx(config-if-range)#end
SWx(config)#vtp domain CCIE
234
MSTP (MULT1LPLE SPANN1NG-TREE)
SW1 or SW2
SW1(config)#vlan 10
SWl(config-vlan)#vlan 40
SW1(config-vlan)#end
SWl#sh spanning-tree vlan 10
235
Contact Details
Name : Jagdish J. Rathod

Calling No. : 8779606604
Whatsup No.: 7259459745
Linkdin Profile:
https://www.linkedin.com/in/jagdish-rathod-836b9559/
YouTubeChannel:
https://www.youtube.com/channel/UCSIt8Wocol4RhUy4EVp2pfg?view_as=subscri
ber
236
Thank You
237

Webinar On STP CCNP Enterprise 30-10-2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Webinar On STP CCNP Enterprise 30-10-2020

Uploaded by

Copyright:

Available Formats

Welcome to Webinar on

STP and RSTP

Recently worked with Dimension Data Indian Pvt Ltd

• Enterprise Network Design

• Redundant link between switches provides redundancy.

► Only one link between switches ( no redundancy)

The spanning-tree algorithm follows these steps:

The spanning-tree algorithm follows these steps:

1 Selecting the Root Bridge

1) Selecting the Root Bridge

1) Selecting the Root Bridge

1) Selecting the Root Bridge

2) Selecting the Root Port:

Root port selection based on Cost

Root port selection based on Cost

Root port selection based on Cost

Root port selection based on Cost

Select the designation port and non designation port

STP port states

TASK: Find Root Bridge and alternate port (BLK)

TASK: Find Root Bridge and alternate port (BLK)

TASK: Find Root Bridge and alternate port (BLK)

Swl(config)# int eth0/1

• SW2 eth0/0goes back to BLK state

SW1# Show spanning tree

Configuring Spanning Tree

Switch(config)# spanning-tree vlan vlan-id

Switch (config-if)# spanning-tree vlan vlan-id

SW1 (config)#spanning-tree vlan1-4094 root primary

TASK: • Configure SW2 to ensure that eth0/1should be in forwarding state

TASK :• Remove the cost configured in the previous task;

TASK: Changing STP timers

❖ Default root bridge election: priority + BaseMac

❖ Recommended to Select high speed Switch to be elected as Root Bridge

SW-i(config)#spanning-tree vlan 1 priority 1000

% Bridge Priority must be in increments of 4096.

SW-A(config)#spanning-tree vlan 1 priority 0

SW-A(config)#spanning-tree vlan 1 root Primary

TASK: • Connect four switches as per the diagram.

TASK: • Configure the links connecting between switches as Trunk links

ON SW1, SW2. SW3, SW4

SWx(config)#vtp domain CCIE

Show interface trunk on all switches

TASK: • at this moment SW1 is root switch for all vlans

TASK: • at this moment SW1 is root switch for all vlans

1. Manually setting the bridge priority value

Switch(config)# spanning-tree vlan <vlan-list> priority <bridge-priority>

Switch(config)# spanning-tree vlan <vlan-id> root {primary | secondary}

• PVST+: A Cisco enhancement of STP that provides a separate IEEE 802.1DIEEE

• EtherChannel is a port link aggregation technology developed by Cisco, which

❖ Up to 8 links can be used to combine in to one logical link.

• When multiple links aggregate on a switch, congestion occurs.

 The following are the characteristics of EtherChannel:

• All ports must be the same speed and duplex.

• All ports must be the same speed and duplex.

• If you are using Port Aggregation Protocol (PAgP) for EtherChannel

• All interfaces within an EtherChannel must have the same configuration :

Step 1: Configure Pagp protocol on SW1

Step 2: Configure Pagp protocol on SW2

Step 3: Verify interface status.

Step 4: Display a one-line summary per channel group.

Step 5: Display port channel information.

Prepared by: Jagdish Rathod Mail: jagdishrj01@gmail.com Mo: 7259459745/8779606604