STP: The Beginning er it’s Layer 2 or Layer 3, we love redundancy. A single in today’s networks just isn’t acceptable. We'll take all the red , but as you'd expect, redundancy works just a bit differently to L3. ting protocols such as EIGRP and OSPF allow us to use seco in to the primary paths, making equal- and unequal-cost load B With routing, we want to use as many of those paths as is at in your ROUTE studies!) er 2, our redundant paths need to be ready for action in ‘Scanned with CamScanneryn there ~ this becomes a lot clearer with ex ity of in the next few sections of the course! So that's all fine, you say, but what about those redundant use every single path from “A” to "B” for switching, as we like The problem at L2 is the possibility of switching loops. Here’s an @} loop where STP 1s not in action Note: Switching loops are sometimes called “bridging loo at don’t have bridges. It’s a legacy term, and we always Vt like to say “old” ‘Scanned with CamScanner‘Scanned with CamScannerMy all three switches have just been tu " With this topology, all three switches wo Fast0/1 interfaces. Before making a forwarding decision "frame, each switch will check its own MAC address table reg source MAC address of the frame. None of the switches have make an entry in their respective MAC tables, listing it as rea _ Now, on to the forwarding decision. None of the switches frame’s destination, Host 3, so each switch will follow the d unknown unicast address - they'll flood the frame out all ports @ ‘on. In our example, the frames will be flooded out Fast0/2 © Just that quickly, without STP, we're about to experience a itch will see the frame just flooded by the other two swite ource MAC address of each flooded frame, which is still ‘Scanned with CamScannerTf you think that’s bad (and it is!), just wait until the other fic! Slowly but surely (don’t call me Shirley), more and more: orwarded by the switches, until the switch is overwhelmed by We have a broadcast storm. In short, switching loops cause three rus: Frames can’t reach their intended destination, either i There's an unnecessary strain put on the switch CPU of bandwidth is unnecessarily sucked up by @ switching loops don't occur ‘Scanned with CamScannertocol Data Units (BPDUs). Bridge Protocol Data Unit Types and The Root B We have two BPDU types to deal with, both of which are multica: own MAC address 01-80-c2-00-00-00. With Topology Change No e name is the recipe, and we'll spend more time with those lat it now, we're going to concentrate on Configuration BPDUs, the & in STP calculations We're going to walk through a root bridge election soon, and ont fed, only the root bridge will oa Configuration BPDUs. ‘Scanned with CamScanneram "feld@haest might not be what we want. Cisco switches have jut when it comes to actual capability, some switch others. In any network, you'll have switches that are more when it comes to processing power and speed. In general, you primary and secondary root bridges are your more powerful switch to leave those roles to chance - or the lowest MAC address! I'll show you exactly how to be deterministic about root bridge. walk through an example of a root bridge election that uses onl jump right in! ‘Scanned with CamScannersate Winn Elongate fredReee fault Root Bridge Election Process rortvaryere wow FreeTutorias.us J Switches are a lot like people. When they first arrive, they annou around them that they are the center of the universe. Unlike some people, the switches get over it. But seriously, folks, Config BPDUs will be exchange between our switch switch is elected root bridge. Using Cisco defaults, the switch with the lo will win that coveted role. i We're about to walk through a root bridge election on a thre we'll take a look at the election from each switch’s point of vi running the default priority of 32768, and the MAC address of ch’s number repeated 12 times. lll three switches are e time, so all three believe they are the root bridge, S ae that fact. ‘Scanned with CamScannerFepfeytiedur network and the root bridge election from SW1’s Tori e BPDU Containing SW2 BID: taal 32768:22-22-22-22-22-22 32768:11-11-11-11-11-11 swi \ BPDU Containing Sw3 BID 32768:33-33-33-33-33-33 = sw3 iving BPDUs from.both SW2 ‘Scanned with CamScanner@ believe it's the root at this point, and the BPDU fro 8 BPDU from SW will ‘Scanned with CamScannerBPDU Containing SW1 BID: 32768:11-11-11-11-11-11 sw3 sw3 BID: 32768:33-33-33-33-33-33 about to develop a massive inferiority cos jt are superior fo that of SW: the best overall BID, and th ize SW1 ‘Scanned with CamScannerPR TE Wag WC eS. fredtaatdlanidge elections never really end. SW1 is currently FT seerrer rk, but if another switch comes along that advertises owitcl Se oun then become the root! Tn our example, SW4 has now come aboard, and is adverts that of SW1. SW4 will advertise this BID via a Configuration BPDU, sees that BPDU, SW1 will then realize it’s no longer the root bridge. take over that role, and SW1 will begin forwarding the Configuration from SW4. These Config BPDUs go out every 2 seconds, so this little time BPDU Containing SW4 BID: 24568:44-44-44-44-44-44 ‘Scanned with CamScannera = FTU se" wmcreeraelaggekample allowed you to see the details of a root bridge production network, that election's already taken place. Therefor } to know how to see the BIDs of your live switches as well as spot bridge election that’s already taken place. For this lab, we'll use network, with the switches trunking on their fast0/11 and fast0/12 ports. Swi. sw2 To see the BID of both the local switch and the root switch for a tun show spanning-tree vian. (Each VLAN will have its own root Swi " alook at the root bridge info for our default VLAN. [Britsnow span: , / Vianooe. spanning t ‘Scanned with CamScannerew Freetutorisas eae a Say ar aehered Root ID Priority 32769 Address ere This bridge is the root COURT et er a oo Tale OMe Galak sa 32769 ated eye. eat aa Part CC oo eae Hello Time 2 sec a Age 20 sec Forward Delay 15 sec a Cel Role Sts Cost tat Leal yd eer eta :bs er) ‘Scanned with CamScanner© Sven GAS a See ne CU aCe TNs spanning Ag rad Pye ed ats 32769 et ae =. Cer er) Fey (Fastethernet0/11) 2 sec Max Age 20 sec Forward Delay 15 sec Caro) 32769 (priority 32768 sys-id-ext 1) : Cora mec 2°sec Max Age 20 sec Forward Delay 15 sec Pd Prio.Nbr Type pry eet ere ML) Scanned with CamScannerHello Time Aging Time 15 There are actually four different ways to tell whether you're on The most obvious is the phrase "This bridge'is the root”, which you'll n only on the root. The other three ways to identify the root switch: The MAC address of the Root ID (the info for the root) and th info for the local switch) is the same. As odd as it sounds, the root bridge will have no root ports the port a switch w ch the root bridge, so the root need one! ‘Scanned with CamScannerPriority 32769 Address 000f.90e2.2540 Cost 19 Port 13 (FastEthernet0/11) Hello Time 2 sec Max Age 20 sec Forward D Bridge ID Priority (priority 32768 sys-id-ext Address 0017, 9466.£780 Max Age 20 Forward Del 2p, ‘Scanned with CamScannerVC met per ‘Site Tok View Hep Free Education For Everyone ’ MneuFreetworiaisus The switch has a root port (Fa0/11) There is a port in blocking mode STP prevents switching loops by putting some ports into block end, STP allows only one path between “Point A” and “Point BY —ima two switches - and disallows the others by putting the minimum) necessary into blocking mode. In our two-switch network, one switches is open and the other is closed, but only one port is mode, rather than the two you might expect. ‘Scanned with CamScannerRoot Port Selection, Path Costs, and Root Path Sa We have the root bridge election process down; now we time examining how that root port on SW2 was selected. Ever switches has an assigned path cost, and that cost is used to arrive al cost for a port. The path cost is assigned to an individual port. This is strictly a loc not advertised to upstream or downstream switches. A port’s Path C cost. The root path cost is a c port to reach the root. The Configu cost increments as that BPDU is forwarded throughout the m These terms will become much clearer after the upcoming € It all begins with t bridge transmitting a Confi cost set to zero. When SW2 receives that BPD! the BPDU was received upon to the root path |. It’s very important to note the root path jed, not sent ‘Scanned with CamScannerRoot Bridge Generates BPDU With Root Path Cost Of Zero a FWO FWo. ‘ ’ The new root path cost is reflected in the BPDU when it's forwarded by S the following example, the root path cost goes from 0 to 19 to 38. | —=/? i Swi sw2 Path Cost for port receiving the BPDU: 19 ‘Scanned with CamScannerThe new root path cost is reflected in the BPDU when it’s the following example, the root path cost goes from 0 to 19 to 38. _ - a swi sw2 port receiving sw3 Path Cost for Path the BPDU: 19 port the. The path cost is locally significant only. Here, SW3 the path cost on SW2’s receiving interface is, nor does it if SW3 will know of any path costs on SW2 or SW3. ‘Scanned with CamScannerTEL a ea ae beet ad 7 aso a lars rh ad ee: Cer er Cost Fr i ae ae eI84 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priorit; 32769 iority 32768 sys-id-ext 1) . 4 Een eM 4 a 2 sec Max Age 20 sec Forward Delay 15 sec Err ary BO ae ad t at ey pry ras pee srs EMT Pr ygts ; 128.14 P2p Od Cad (Coo u tal ane} Bree Scanned with CamScannerard CZ Lze (Resuming connection 7 to sw3 Sw3#show spanning vlan 1 Nee Spanning tree enabled protocol ieee Root ID taClansa 32769 Address eS a eta BPs eu) Lola CSc PCa a CaP ier a es Na Eee Bridge ID ‘Age 20 sec Forward Delay 15 sec Scanned with CamScanneree voy ' 7 the path cost on SW2's receiving interface is, nor does it cz of SW3 will know of any path costs on SW2 or SW3. The see only the cumulative cost, the root path cost. Let’s zip back to our two-switch example for a moment. Fwo BLK, swi Fwo FWD: The incoming root path cost should be the same for both ports o1 port involved here is a FastEthernet port. Let's run show spannin What the deciding factor was. ‘Scanned with CamScannera Sve } Fa0/11 Root FWD 19 128.13 Fa0/12 Altn BLK 19 26.14 The path cost is 19 for each port, but Fast 0/11 was chosen as the Fast 0/12. Why? Here's the process for choosing the root port: First, choose the port receiving the superior BPDU; that is, the B the lowest BID. Fast 0/11 and 0/12 are both receiving BPDUs from SI tie. ¥ Next, choose the port with the lowest root path cost. ports will have a root path cost of 19. (It was zero on SW BPDUs were received by SW2) choose the port receiving ts received their BPD nnn ‘Scanned with CamScannerLet’s head back to our three-switch network and identify the are Fast Ethernet ports with a path cost of 19 , swi Fa 0/2 Fa 0/2: ea Fa 0/3: Root Port Fwo ‘Scanned with CamScannervom _ [. portsion’the root bridge aren't root ports; instead) they'll also be in forwarding mode. Right now, we mode, so STP better put a port or two in blocking mode soon! Speaking of designated ports, we need one of those for the SW2 and SW3. We need one and only one designated port on the ‘Scanned with CamScanneree case that ends up being a shared network segment. swi: Fa 0/2: Fa 0/2: Desg Port Root Port Root Bridge FWD FWD Fa 0/3: Desg Port FWo. Root Port Fwo sw: Non-Root this admittedly unlikely scenario, frames comit ment shared by SW2 and SW3 might cause a swite! ard frames from that host to SW1. That's where switch with the lowest root path cost will have esignated port. . ‘Scanned with CamScanner2 i i et in. The switch with the lowest root path cost will hav become the designated port. : In this scenario, both switches will have the exact same root path co a tiebreaker. The port belonging to the switch with the lowest BID designated port, along with all ports on the root bridge. We saw ear BID is 32768:22-22-22-22-22-22 and SW3's is 32768:33-33-33- port on that shared segment becomes the DP. Here's the final result: ‘Scanned with CamScannerRoot Port Now ‘OP FWwo sw3: Non-Root ‘Scanned with CamScannerTre Mca ton i The Shortest Path Is Not Always The Shortest Path We know the STP path costs are determined by the port speed, a to be familiar with the following values. (These port costs have cha and this is the latest list from Cisco’s website.) This is not a list port speed, but lists the more common speeds you'll bump into on 10 Gbps 2 [1 Gbps a [100 Mbps | 49 [16 Mbps 62 10 Mbps 100 4 Mbps 250 ‘Scanned with CamScannerswi: 100 Mbps Root i o Fa 0/1 Fa 0/2 sw3 If you were asked which of SW3's two ports will becom ‘Scanned with CamScannerIf you were asked which of SW3’s two ports will become its really easy to say Fast 0/1. It would also be really wrong. SW3-to-SW1 root path cost: 100 (One 10 Mbps link) SW3-to-SW2-to-SW1 root path cost: 38 (Two 100 Mbps' ecco or your server room, make sure to doubl Some of the network maps I’ve looked at over the yeal ‘Scanned with CamScannerSPF PUNCH 7" Changing A Port's Path Cost We'll verify our port path cost changes with show spanning- we need only the information at the bottom of that command's output it edit the "Root ID” and “Bridge ID" fields from the output. Let's verify! W2¢show spanning vlan 1 Let's say we want Fa0/12 to be the root. Lowering its path cost to 9 should do it BPDUs on this inet ‘Scanned with CamScannerIn the following lab, all VLANs are using the top trunk (Fa 0/11 on b ince that’s the open one. We're just wasting the other path! We and 20 to continue to use the top path, but VLANs 30 and 40 should use th k (Fa 0/12 on both switches). This is per-VLAN load balancing, and ct load balancing, it’s better than sending all our traffic across ing the other trunk as strictly a backup. Requirements: VLANs 10 and 20: Use Fast 0/11 VLANs 30 and 40: Use Fast 0/12 ‘Scanned with CamScannerw2#show spannin r 1 09:41:21.601: %SYS-5-CONFIG_I: Configured from console by \2#show spanning vlan 10 VLANOO10 Spanning tree enabled govenss) ar alana EvzA Address Pree El yer et ti) Cost 19 eda SE Me Gr thas alee) Hello Time 2 sec Max Age 20 sec Forward Delay 15 se Root ID Bridge ID MC ae yaw SW2#, Jat lans / 32768 sys-id-ext 10) Pel or) Ce LS Forward Delay 15 sec rn me ‘Scanned with CamScannerFad/12 Altn BLK 19 ISw2#show spanning vlan 20 NVLANOO20 SEMA Mer) Lees ar Root ID alah g 3278 ON Fee Pere ce Port 13 (Fi 11) Hello Time 2 sec sec Forward Delay 15 sec Bridge ID Priority sys-id-ext 20) Xo) Hello Time 2 Forward Delay 15 sec rn med Role Scanned with CamScannerTe ae) sw2#show spanning vlan 30 QE) eer meu ees Root ID Priority 32798 Co Cee Ly Cost ES 14 (12) iZae4 hae Lae eS Bridge ID Priority Se er Psibesto ec Forward Delay 15 sec TL LC eta Co Scanned with CamScannerEyer Root LRN 9 Fry ee ed) Sw2#show spanning vlan 40 mente Tani Mee Mar ME yao soloo dM LL) Root ID iamclah sd EPs y Co ooo Cer er ly ort a9 i4 (Fastethernet0/12) COUNT Mn CMe eC Y SP aU BN el a Bridge ID Priority Bry Sa aa) No PCa ) sec Forward Delay 15 sec Aging Time ae CO sts cost Prio.Nbr Type ieee altn sre Uae Ltt) ire ‘Scanned with CamScanner‘Let's quickly review those STP port states. The disabled STP port state is a little odd in that you port in the output of show spanning vian. Cisco does consider t STP state, so we will as well! A disabled port is simply a administratively shut down. A disabled port isn’t forwarding frames: 4 disabled port isn’t even officially running STP port rt goes into blocking ihe port still can’t do much - no fram: mo dynamic learning of MAC addresses. About the only thing a B is accept BPDUs from neighboring switches starts the transition from. blockingyit ). ai ‘Scanned with CamScannerRoot FWD 19 Altn BLK 19 When a port starts the transition from blocking to fo ‘enters is listening mode (LIS) SW2¥ show spanning vlan Fa0/1 Fa0/12 The obvious questio: A listening port is li Nand a listening port can send BPDUs as allowing the port to pi bridge election. A port is listening land as a result the port can’t learn MAC addresses HAs the transition continue oes from listening to leat ‘Scanned with CamScannerpUrL Catt Ciearit MAL uur esses. ition continues, the port goes from listening to, arning port isn’t forwarding fran learning MAC addres fo the switch’s MAC address » learning mode arding mode, ForW and receive BPDUSy@ ‘Scanned with CamScannerRemember that list we used for root port selection? First, choose the port receiving the superior BPDU. Tie? Then choose the port with the lowest root path cost. Still tied? Then choose the port receiving the BPDU with the lot BID. Still tied? Ch est sender Port IL Weah, that one! That port ID is a combination of the port priorityal During that lab, we had the following ports sending BPDUs on Swi swe. ‘Scanned with CamScannerpw spanning vlan 1 Interface Role Sts Cost We can change the port priority of fast 0/12 to make it lower tl 9/11 for some VLANs, while leaving it the same for others. This i WEANs 10 and 20 use the trunk connecting fast0/12 on each switehy land 40 will continue to use the default VLAN Jse Fast 0/12 Use Fast o/aa ‘Scanned with CamScannere timers are so important, you'll see them twice when Vian! (That's not the real reason, but you will see them twice.) SW1#¥show spanning Hello Time sec Max Age 20 ‘Scanned with CamScannerDesg FWD 19 defines how often the root bridge will o 2 seconds. arward Delay is the length of the listening and learning STP. 5 seconds for each individual stage Maximum Age (Max Age) is how long a switch will retain the’ ents before discarding it. Default setting: 20 seconds. hose are important values t o ut why do we see eaamm Eput? The first set of timers is found in the Root ID fieldaam mis actually used by the root and all switches that rece lpriginated with that particular root. The second seem D field, and those are t itch’s setting for Set) frankly, those timers under Bridge ID do not ‘Scanned with CamScannerSet the forward delay Set the hello interval for max-age Set the max age interval for priority Set the bridge priority for the root ‘onfigure switch as root (SW (config) #spanning vlan 1 Hello ? <1-10> number of seconds between Sil (confic) + 5 (config) #spanning vlan 1 forward Q> number of seconds ‘Scanned with CamScannerr SeRiey vies tsa 7 <6-40> maximum number of seconds the information in ‘SW1 (config) #spanning vlan 1 max-age 25 Verify with show spanning vian Swi tshow Max Age 25 sec Max Age 25 sec Foi ‘Scanned with CamScannerHello Time 5 sec Max Age 25 sec Aging Time 300 _ On the root bridge, we expect the timers in the Root ID identical. What about the downstream, non-root switch? SW2#show spani VLANOOO1 Spanning t Root ID tEthernet0/i1) Max Age 25 sec Hello Time Max Age 20 sec Aging Tine use are the ones Mi ‘Scanned with CamScannerSelection: Be Deterministic If we leave STP totally alone, a single switch is going to be e single VLAN in our network. That might not be so bad, network topology, but that default root switch selection Switch with the tM, fel e igoing to work for We can eithe OF we can spre is while another With that second opt like. If you have 20 VLANs. It this lab, I did a ted VLANs 1( we'll be adding a 5 ‘Scanned with CamScannerswi Root for All VLANs (1,10,20,30 We'd like SW2 t leaving SW1 the ANS iandi0. W k ith the s tree vian rook Right now, SW2 is ‘Scanned with CamScannerone and done! That command dynamically lowered the priority to the | SW2 wins the root bridge election for VLAN 20. We'll do the same for VLA SW2(config)#spanning vlan 30 root primary MswWetshow spanning vlan 30 VLANOO3! ‘Spanning tree en, Boot ID Priority Address 17.9466.£ This bridge is the root ‘Scanned with CamScannerTm sure you noticed the secondary option with this command. If you | certain switch to take over as root bridge if the current root goes down, Fi ing vian root secondary. That command will adjust the switch’s priority € make it the backup root switch, but not enough to make it the unconditions Let's see that in action. Right now, SW2 is the root for VLAN 20 and 30) fun We've added a third switch to the lab. We'll concentrate on those ‘Scanned with CamScanner‘Scanned with CamScannerpanning viar TD Priori both have the default priority is lower than that of 9001", so nothing afte oot in SW2’s absence ‘Scanned with CamScanner‘Scanned with CamScannerTt does indeed! SW2 will take that role back over once it’s back onlir ‘Scanned with CamScannerary root when it €oi isto its secondary root status for VLAN 20. Jf 10, you'te fine right now, but what W switch might have a lower MA network, I would hardcode. SV ‘Scanned with CamScannerainly good enough to make it the root, but where exactly did that priority come 2 It depends... Current root priority greater than 24576? Priority of new root is 24576 (| the VLAN ID in this case, since system extension ID is running) Current root priority less than 24576? Subtract 4096 from that root prio and you have the new root priority! for this switch to become the primary / secon is method a tad complicated ~ ‘Scanned with CamScanner