STP (Spanning Tree Protocol) It prevents a network from frame looping by putting some interfaces in forwarding state & some interfaces in blocking state. Whenever two or more switches are connected with each other for redundancy purpose loop can occur. STP Protocol is used to prevent the loop. STP is layer 2 Protocol & by default it is enabled on switches.
Figure 1 STP
LOOP Problem
STP – IEEE 802.1D (Open Standard). RSTP – 802.1W (IEEE) MST – IEEE 802.1S (Multiple Spanning Tree) PVST – Cisco Proprietary (Per Vlan Spanning Tree) PVST+ - Cisco Proprietary RPVST – Cisco Proprietary
CST (Common Spanning Tree)- All Vlan will participate in the single instance number. IST (Inter Spanning Tree)- For different-different Vlans different-different instances number. If we don’t use STP, these problems will occur on the network: (i) (ii)
Broadcast Storms High Processor Utilization
STP (Spanning Tree Protocol) (iii) (iv)
Mac Table instability Multiple Frame Transmission
STP Tasks 1. Elect Root Bridge 2. Elect Designated Port 3. Elect Root Port
Root Bridge- A switch which has best bridge ID (Lower Best) Bridge ID is a combination of Switch priority and its MAC addresses. It is 8 bytes ID. It contains 2 bytes priority Plus 6 bytes MAC.
Figure 2 Root
Bridge
Switches by default Priority is 32768. We can change the priority between 0-65535. MAC- Each Switch has a supervisor engine. Supervisor engine has a MAC pool, the pool contain 1024 MAC addresses. When a switch wants to create Bridge ID, it borrows MAC from MAC Pool.
STP (Spanning Tree Protocol) Designated Port- They are those ports which advertise lowest cost BPDUs. DP sends BPDUs towards the Non Root Bridge. Root Port – A port which receives lowest cost BPDUs. Shortest path to Root Bridge. Cost – An integer value. It is used for DP & RP election.
Ethernet Standard
Cost
10 Mbps 100 Mbps 1 Gbps 10 Gbps
100 19 4 2
BPDU (Bridge Protocol Data Unit) Switches sends hello to each other. This hello is called hello BPDU (in every 2 sec).
Types of BPDU 1. Configuration BPDU (Root to Non-root) 2. TCN BPDU (Topology Change Notification) – Non-root to Root
Configuration BPDU Contents 1. Protocol ID (always 0) 2. Version (always 0) 3. Message Type 4. Flag 5. Root Bridge ID 6. Root Cost 7. Sender Bridge ID 8. Sender Port Priority 9. Max-Age 10. Message Age 11. Hello 12. Forward delay
TCN Contents 1. Protocol ID 2. Version 3. Message Type
STP (Spanning Tree Protocol)
Root bridge, after every 2 sec sends configuration BPDU. The root bridge always sends 0 cost BPDUs.
Requirements for Root Bridge 1. Lower Bridge Priority 2. Lower Mac Address. (Note: Rood Bridge Always Generates 0 Cost BPDU.)
Requirements for DP and RP 1. 2. 3. 4. 5.
Lower Bridge ID (Only for DP, Between Root & Non Root) Lower Cost | For DP & RP Lower Sender Bridge ID | B/W Root – Non Root Lower Sender Port Priority | Non Root – Non Root Lower Sender Port ID
(Note: All Ports of Root Bridge are DP. Every non root bridge must have at least one root port.)
Root Bridge Election When we start the switches then each switch consider itself as a root, and sends BPDU to its all ports. When a switch receives a superior BPDU then it accepts the neighbor switch as a root, which is sending superior BPDU. (Note: Superior means lower priority.)
Figure 3
STP (Spanning Tree Protocol)
Figure 4
DP, RP & Blocking port selection method 1. Lower cost to Root Bridge 2. Lower Sender Bridge ID 3. Lower Port ID (Port Priority 128 + Port number)
STP Port States 1. 2. 3. 4. 5.
Disable Blocking Listening Learning Forwarding
1. Disable – It means port is administratively shut down. 2. Blocking – It means neither a port is sending data nor receiving data, but still it is receiving BPDU. 3. Listening – It means a port is Preparing for forwarding state without learning MAC. 4. Learning – It means a port is preparing for forwarding state with learning MAC. 5. Forwarding – It means a port is sending or receiving Data along with BPDU.
STP (Spanning Tree Protocol) STP Timers 1. 2. 3. 4. 5.
Hello – 2 sec Max Age – 20 sec Forward Delay 15 sec Listening 15 sec Learning 15 sec
Hello– It is used to send Hello BPDU. Default time 2 sec Max Age– This time is used to store the best BPDU when a root port goes down. Forward Delay– It is that time which is spent by a port in listening state and learning state. (Conversion time till forwarding state.)
STP Convergence Time is 52 Sec 1. 2. 3. 4. 5.
Max age – 20 sec Listening – 15 sec Learning – 15 sec BPDU - 2 Sec Total - 52 Sec
PVST Convergence Time is 32 Sec (Note: Cisco switches by default uses PVST (Per VLAN Spanning Tree). It doesn’t use max age) 1. 2. 3. 4. 5.
Listening - 15 sec Learning - 15 sec BPDU - 2 sec Total - 32 Sec Max-age always related to superior BPDU.
Types of Topology Changes 1. Direct Topology Change (32 sec) 2. in-Direct Topology Change (52 sec) 3. in-sufficient Topology Change 1. Direct Topology Change- When a root port of a non-root bridge goes down then it will be direct topology change for this non-root bridge. 2. In-direct Topology Change- When an indirect link goes down that will called as in-direct link failure.
STP (Spanning Tree Protocol) 3. In-sufficient Topology Change- When an access port goes up or down then switch sends TCN BPDUs. These changes are called in-sufficient topology change.
Convergence Mechanism
Port Fast- A feature that puts a port directly in forwarding state when it becomes physically active.
(Note: Two types of Port fast 1. Globally 2. Interface Always applied on access port.)
1. 2. 3. 4.
Uplink Fast- A feature it enable non root switches to put their alternate port (Blocking port) directly in forwarding state, when their root port goes down. (In case of Direct Link Failure, it will work) It sends multicast updates 0100-0CCd-CDCD It sends 150 packet per/sec Priority will change 32768 – 49152 3000 cost will add per link cost (Note: If you will change the priority then uplink fast will not work. With using uplink fast load balancing will not possible.)
Figure 5
STP (Spanning Tree Protocol) 
Backbone Fast- A feature which prevents your network from inferior BPDU. (We use this for in case of indirect link failure) When an indirect link failure occurs in a topology then switch will receive inferior BPDUs. Due to max-age timer of superior BPDU Switch will not take any action on inferior BPDUs until and unless its max-age timer expire. To reduce this timer we enable back bone fast on all switches in the network. (Note: Backbone fast will remove max age time. Now total convergence time will 32 sec. Using backbone fast we save 20 sec (Max-Age).)
Inferior BPDU When a Switch announces itself as a root in the presence of root, these BPDUs are called inferior BPDU. When we enable back bone fast and a switch root port goes down now this switch will not send inferior BPDUs. It will send RLQ (Root Link Query) to neighbor Switch.
Figure 6
STP (Spanning Tree Protocol) Sw1#sh cdp neighbor Sw4 – 21/22 Sw3 – 19/20 Sw2 – 23/24 Sw1#sh spanning-tree 0012.7ffc.cw80 Sw2#sh spanning-tree 0012.4383. E200 Sw3#sh spanning-tree 0017.9581.3a00 Sw4#sh spanning tree 0012.0106.6f00
Figure 7
Sw1#sh spanning-tree 19/20 - DP, 21 – Root, 22/23/24 Alt Blk Sw2#sh spanning-tree 19 – Root, 20 – Alt Blk, 21/22/23/24 – DP Sw3#sh spanning-tree 19/20/21/22/24 – Blk, 23 – RP Sw4#sh spanning-tree All port DP
STP (Spanning Tree Protocol) Now here we can see Sw4 is the root bridge. Now we are going to make sw1 as a root bridge. Sw1 (config) #spanning-tree vlan 1 priority ? 0 to 61440 Sw1 (config) #spanning-tree vlan 1 priority 0 We can use the value multiply of 4096 Sw1#sh spanning-tree Now if we want to make sw1 as Root Bridge for all the vlans Sw1 (config) #spanning-tree vlan 1 – 4094 priority 0 Now switch 1 is the root bridge for all the vlans. To remove Sw1 (config) #no spanning-tree vlan 1 – 4094 priority 0 If we want to see particular vlan 1 information Sw1#sh spanning-tree vlan 1 Sw1#sh spanning-tree vlan 2 Now here if we want to load balancing of root bridges Now if we have sw1 and sw2 is a good configuration switches. I want to make sw1 work as a root bridge 1 for vlan 1 to 5. And Sw2 work as root-bridge 2 for vlan 6 to 10 If incase sw1 goes down then sw2 will become root-bridge for all the switches. If sw2 goes down then sw1 become root-bridge Sw1 (config) #spanning-tree vlan 1 -5 root primary Sw1 (config) #spanning-tree vlan 6 -10 root secondary Sw2 (config) #spanning-tree vlan 1 -5 root secondary Sw2 (config) #spanning-tree vlan 6 -10 root primary Sw2#sh spanning-tree vlan 6
STP (Spanning Tree Protocol) When we add primary keyword, then switch will decrease the priority from 32768 to 24576 Sw2#sh spanning-tree vlan 6 When we add secondary keyword, then it will make its own priority 28672 automatically Sw2#spanning-tree vlan 1 Now if Sw1 is down, then Sw2 would become root bridge for all (1 to 10) vlans. If Sw2 goes down then Sw1 will become root-bridge for (1 to 10) Vlans Now if incase Sw3 will make its own priority 0 then, it would become the root bridge for all the vlans. Primary or Secondary keywords would not work. Now here for the safe side, we can set the priority 0 for vlan 1 to 5 and for 6 to 10 we will set the priority 4096 on Sw1 On Sw2 we will set the priority for 1 to 5 vlans 4096, and for 6 to 10 we will set 0. Now first we remove the previous commands. When we remove primary and secondary command, Sw4 will become the root bridge. Sw4#sh spanning-tree vlan 1 Sw1 (config) #spanning-tree vlan 1 – 5 priority 0 Sw1 (config) #spanning-tree vlan 6 – 10 priority 4096 Sw2 (config) #spanning-tree vlan 1 – 5 priority 4096 Sw2 (config) #spanning-tree vlan 6 – 10 priority 0 Suppose here if we want to make int 22 as root port. For that either we can increase the int 21s cost or we can decrease the cost of int 22. Sw1 (config) #int fa0/21 Sw1 (config-if) #spanning-tree vlan 1 cost 20 Sw1#sh spanning-tree vlan 1 Root port is 22 By default 100 MB links priority is 19, we increased the cost of 21s link. Again here we will make it default Sw1 (config) #int fa0/21 Sw1 (config-if) #no spanning-tree vlan 1 cost 20
STP (Spanning Tree Protocol) We can change the port priority also Sw4 (config) #int fa0/22 Sw4 (config-if) #spanning-tree vlan 1 port priority ? Sw4 (config-if) #spanning-tree vlan 1 port priority 112 Sw1#debug spanning-tree events When an access port goes up it takes 32 sec to start forwarding data, to stop this delay we can use Port Fast. We can enable this command globally or on a particular interface also Sw1 (config) #int fa0/12 Sw1 (config-if) #spanning-tree portfast We can use range also Sw1 (config) #int range fa0/1 – 18 Sw1 (config-if-range) #spanning-tree portfast Globally Sw1 (config) #spanning-tree portfast default Now here we will enable UplinkFast. It’s a globally enabled command. Sw1 (config) #spanning-tree UplinkFast Backbone Fast
Figure 8
STP (Spanning Tree Protocol) Sw2#debug spanning-tree events Sw3 (config) #int fa0/19 Sw3 (config-if) #shut Now we can see on Sw2 after 20 sec wait & then listening and learning state. Sw3 (config) #int fa0/19 Sw3 (config-if) #no shut Sw3 (config) #spanning-tree backbonefast Sw2 (config) #spanning-tree backbonefast Sw1 (config) #spanning-tree backbonefast Sw3 (config) #int fa0/19 Sw3 (config-if) #shut Sw3 (config-if) #no shut Now again we can see all the events on sw2 switch To change the Hello Timer Sw1 (config) #spanning-tree vlan 1 hello-time ? Between 1 to 10 To change forward Timer Sw1 (config) #spanning-tree vlan 1 forward-time ? Between 4 to 30 (int STP per vlan) To change Max-age Timer Sw1 (config) #spanning-tree vlan 1 max-age ? Between 6 to 40 Sw1#sh spanning-tree vlan 1
Figure 9
STP (Spanning Tree Protocol) To Stop Spanning –tree protocol Sw1 (config) no spanning-tree vlan 1 How to check the Root bridges through command line Sw1#sh spanning-tree Sw1#sh cdp neighbor Sw2#sh spanning-tree vlan 1 Sw2#sh spanning-tree root Now here we will make Switch 1 as a root bridge. Sw1 (config) #spanning-tree vlan 1 root priority? If we provide 1 here then we will see some warning. Bridge priority must be in increments of 4096. Now we check the by default priority Sw1#sh spanning-tree vlan 1 Sw2#sh spanning-tree int fa0/24 detail Here we will see Path cost 0 Sw2#sh spanning-tree int fa0/19 detail Path cost 19 128.19 128 is priority & 19 is port cost Sw2#sh spanning-tree int fa0/19 detail For Vlan 1 it is designated forwarding. Sw3#sh spanning-tree int fa0/19 detail Now here we want, if the primary root will down then secondary root will comes up. On Switch 2 Sw2 (config) #spanning-tree vlan 1 root secondary Sw2#sh run |be spann
STP (Spanning Tree Protocol)
Figure 10
Now here if we connect one more link on 23 port, then by default 23 would be the root port but if we decrease the priority of 24 then it would become root port. Sw2 (config) #int fa0/24 Sw2 (config-if) #spanning-tree vlan 1 cost 140 Sw2#sh spanning-tree vlan 1 Sw2#sh spanning-tree int fa0/23 detail Now we will change the port priority SW1 (config) # int f0/24 Sw1 (config-if) # spanning-tree vlan 1 port priority 120 We will get some warning message here Port Priority in increments of 16 is required Sw1 (config-if) #spanning-tree vlan 1 port priority 112 Sw2#sh spanning-tree int fa0/23 detail Sw2#sh spanning-tree int fa0/24 detail Here we can see port id is 112. To create a root port manually
STP (Spanning Tree Protocol) Manually change the cost Switch (config) #int fa0/22 Switch (config-if) #spanning-tree cost 10 Switch#sh spanning-tree We can see 22 is now root port. Because previously its cost was 19, when we decrease the cost then it would become root port. Another criteria is Port Priority We will change the sender’s port priority Switch1 (config) #int fa0/22 Switch1 (config-if) #spanning tree port priority 16 Switch4 #sh spanning-tree Here we can see 22 is root port To remove above command Switch1 (config-if) #no spanning tree port priority 16 To change the Hello Timer Sw1 (config) #spanning-tree vlan 1 hello time? We can select from 1 to 10 sec To change Max-age Sw1 (config) #spanning-tree vlan 1 max-age? We can select here between 6 to 40 sec To change the forward delay timer Sw1 (config) #spanning-tree vlan 1 forward-time? Between 4 to 30 sec By default cisco switches runs PVST. Per Vlan Spanning Tree Protocol Switch#sh vlan brief By default we can see only one Vlan. This is Vlan 1
STP (Spanning Tree Protocol) Switch#sh spanning tree One vlan, one instance Single instance for single Vlan Switch (config) #vlan 1 – 10 Switch #sh spanning-tree We can see here now 10 vlan instances Switch#debug spanning-tree events If we are using STP & connection is lost then we will get the connection after 52 sec. If we use PVST then we will get the connection after 32 sec. Switch4 (config) #int fa0/21 Switch4 (config-if) #shut down Switch4#debug spanning-tree events We can see here the listening and learning time Switch4 (config) #int fa0/21 Switch4 (config-if) #no shut down Now we will implement uplink fast SW4 #sh spanning-tree Before enabling the uplink fast , Priority is 32768 Sw4 (config) #spanning-tree UplinkFast max-update-rate? 0 to 32000 By default are 150 packets per sec. We can increase it also. Command for enabling uplink fast is Sw4 (config) #spanning-tree UplinkFast Sw4#sh spanning-tree After enabling the uplink fast we can see here the priority will change. Previously it was 32768, now it is 49152
STP (Spanning Tree Protocol) And 3000 will added on each links cost. Uplink Fast is applied for all the Vlans. Uplink Fast is a feature which enables non root switch to put there alternate port directly in forwarding state when there root port goes down. Before enabling Uplink fast we were getting delay of 32 sec. If uplink fast is working then port will up instantly. Backbone Fast Switch (config) #spanning-tree BackboneFast Switch#sh spanning-tree BackboneFast BackboneFast is enabled Port Fast Switch# int fa0/ 22 Switch (config-if) #shut Switch (config-if) # no shut Switch (config-if) #do sh spanning-tree Here we will see first listening and then learning state 15 sec for listening and 15 sec for learning then it will come in forwarding state. On access port there is no need to listening and learning. We can enable portfast globally or locally. Switch# int fa0/ 1 Switch (config-if) #spanning-tree portfast Switch (config-if) #do sh spanning-tree Switch (config-if) #shutdown Switch (config-if) #no shut Switch (config-if) #do sh spanning-tree Now here we will see port is direct in forwarding state, no listening no learning. Port fast is applied on Access port. Uplink fast is applied on Non root switches. Backbone fast is applied on all the switches.
STP (Spanning Tree Protocol) If we will change the default priority then uplink fast will not work. Switch (config) #spanning-tree vlan 1-4096 priority 0
Figure 11
R1 (config) #int fa0/0 R1 (config-if) #no shut Sw1#sh int trunk Sw2#sh cdp neighbor Sw1 (config) #int fa0/1 Sw1 (config-if) #shut Sw1 (config-if) #no shut Sw1#sh spanning-tree vlan 1 Sw1 (config) #spanning-tree portfast default Globally enabled Sw1 (config) #int fa0/1 Sw1 (config-if) #shut Sw1 (config-if) #no shut Sw1#sh spanning-tree vlan 1
STP (Spanning Tree Protocol) If we use inter vlan routing then we will enable portfast on trunk link Sw1 (config) #int fa0/1 Sw1 (config-if) #spanning-tree portfast trunk To enable BPDU Guard Sw1 (config) #spanning-tree portfast BPDU guard If we want to enable BPDU Guard per interface Sw1 (config) #int fa0/1 Sw1 (config-if) #spanning-tree BPDU enable Sw1#sh spanning-tree summary R1 (config) #bridge 1 protocol IEEE R1 (config) #int fa0/0 R1 (config-if) #bridge-group 1 Sw1#sh int status Sw1 (config) #int fa0/1 Sw1 (config-if) #shut Sw1 (config-if) #no shut Error disables recovery for BPDU Guard Sw1 (config) #errdisable recovery cause bpduguard Sw1 (config) #errdisable recovery interval? R1 (config) #int fa0/0 R1 (config-if) #no bridge-group 1 R1 (config-if) #no bridge 1 protocol IEEE Sw1#sh int status Sw1 (config) #no spanning-tree portfast bpdu guard default Sw1 (config) #int fa0/1 Sw1 (config-if) #spanning-tree BPDU guard disable Sw1 (config-if) #spanning-tree portfast default Sw1#sh spanning-tree int fa0/1 portfast Sw1 (config) #spanning-tree portfast BPDU filter default To run on interfaces Sw1 (config) #int fa0/1 Sw1 (config-if) #spanning-tree BPDU filter enable
STP (Spanning Tree Protocol) Sw1#sh spanning-tree summary Sw1#sh spanning-tree int fa0/1 detail R1 (config) #bridge 1 protocol IEEE R1 (config) #int fa0/0 R1 (config-if) #bridge-group 1 Sw1#sh int status Sw1#sh spanning-tree int fa0/1 detail Sw1 (config) #int fa0/0 Sw1 (config-if) #spanning-tree bpdu filter enable Sw1 (config-if) #shut Sw1 (config-if) #no shut Sw2 (config) #spanning-tree uplinkfast This command will use Globally Sw1 (config) #spanning-tree backbone fast Sw2 (config) #spanning-tree backbone fast Sw3 (config) #spanning-tree backbone fast Sw2 (config) #spanning-tree vlan 1 max-age ? Sw2 (config) #spanning-tree vlan 1 forward time STP Show Commands Switch#sh spanning-tree Switch#show spanning-tree blockedports Switch#show spanning-tree inconsistentports