CONMUTACIN Y RUTEO II

Clase 12. PVSTP&MSTP

Alberto Arellano A. Ing. Msc.

aarellano@espoch.edu.ec
CCNA CCNP - CCSP

Ciscos RSTP is Rapid PVST+

PortFast
Forwarding
Learning
Blocking
ListeningState
State
State

Powered
On

Im adding
any
addresses on
this port to
my MAC
Address
Table.

Host powered on.

Port moves from blocking state immediately to listening state (15
seconds).
Determines where switch fits into spanning tree topology.
After 15 seconds port moves to learning state (15 seconds).
Switch learns MAC addresses on this port.
After 15 seconds port moves to forwarding state (30 seconds total).

Configuring Portfast
Access2(config)#interface range fa 0/10 - 24
Access2(config-if-range)#switchport mode access
Access2(config-if-range)#spanning-tree portfast
OR
Access2(config)#spanning-tree portfast default

Warning: PortFast should only be enabled on ports that are connected

to a single host.
If hubs or switches are connected to the interface when PortFast is
enabled, temporary bridging loops can occur.
If a loop is detected on the port, it will move into Blocking state.

Problem: Unexpected BPDUs

BPDU

Blocking and
now listening
to BPDUs

X
Portfast

Forwards
BPDUs to
other
switches.
STP Reconvergence?

Even though PortFast is enabled, the interface will listen for BPDUs.
A port configured with PortFast will go into blocking state if it receives a Bridge
Protocol Data Unit (BPDU).
This could lead to false STP information that enters the switched network and
causes unexpected STP behavior.
Newly connected switch could advertise itself as the root.
BPDU Guard: Developed to protect integrity of switch ports with PortFast enabled
but also keeps maintains STP integrity by disallowing unauthorized switches.
5

Solution: BPDU Guard

Err-Disable,
Shutdown

BPDU

|
No BPDUs sent

Portfast &
BPDU Guard

Distribution1(config)#interface range fa 0/10 - 24

Distribution1(config-if-range)#spanning-tree bpduguard enable
When the BPDU guard feature is enabled on the switch, STP shuts down PortFast
enabled interfaces that receive BPDUs instead of putting them into a blocking state.
Errdisable: Port must be manually re-enabled or automatically recovered via timers.
BPDU guard will also keep switches added outside the wiring closet by users from
impacting and possibly violating Spanning Tree Protocol.
6

Root Guard
Protect

Protect

Potential Root
Potential Root

Root Guard prevents a switch from becoming the root bridge.

Typically access switches

Configured on switches that connect to this switch.

Root Guard
UplinkFast must
be disabled
because it
cannot be used
with root guard.

Distribution1(config)#interface fa 0/3
Distribution1(config-if-range)#spanning-tree
Distribution1(config)#interface gig 0/2
Distribution1(config-if-range)#spanning-tree
Distribution2(config)#interface fa 0/3
Distribution2(config-if-range)#spanning-tree
Distribution2(config)#interface gig 0/1
Distribution2(config-if-range)#spanning-tree

guard root
guard root
guard root
guard root

Access2(config)#no spanning-tree uplinkfast

8

Root Guard
Root
Guard

STP
I will
Inconsistent
now transition to
listening
State no
sate,
traffic
then
is learning
state, passed.
then forwarding sate.

Superior
BPDU

I no longer
want to be
root. I have
beento
I want
reconfigured
be root
to be a nonbridge!
root
bridge.

This message appears after root guard blocks a port:

%SPANTREE-2-ROOTGUARDBLOCK: Port 0/3 tried to become
non-designated in VLAN 1. Moved to root-inconsistent
state

UplinkFast

Uplinkfast allows access layer switches that have redundant links to

multiple distribution switches the ability to converge quickly when a
link has failed.

10

UplinkFast

Unblock G 1/1 skips

listening and learning
and goes directly to
forwarding

Root

UplinkFast must have direct knowledge of the link failure in order to move a blocked
port into a forwarding state.
When Access 1 detects a link failure on the currently active link, the root port (a direct
link failure), UplinkFast unblocks the blocked port on Access 1 and transitions it to the
forwarding state without going through the listening and learning states
If Root Port fails, next-lowest path cost is unblocked and used without delay
This switchover occurs within 1 second.
11

UplinkFast

Access1(config)#spanning-tree uplinkfast

Uplinkfast is enabled for the entire switch and all VLANs.

Uplinkfast keeps track of all possible paths to the Root
Bridge.

12

States and timers - CSTP

Blocking
Loss of BPDU detected
Max-age = 20 sec

Blocking
When link first
comes up

Listening
Forward delay = 15 sec
Learning
Forward delay = 15 sec
Forwarding

Hello timer 2 sec for

sending BPDUs.
Up to 50 sec from
broken link to
forwarding again.

Rapid Spanning Tree Protocol (802.1w)

The immediate hindrance of STP is convergence.

Depending on the type of failure, it takes anywhere from 30 to 50
seconds, to converge the network.
RSTP helps with convergence issues that plague legacy STP.
14

Rapid Spanning Tree Protocol

Much faster to converge.
Same BPDU structure, puts 2 in
version field.
Sends BPDUs every 2 seconds.
Different port roles and states.
Does not use timers in the same
way.
3 missed BPDUs taken to mean
loss of the link. (6 seconds)

Port states
Operational

STP

RSTP

Enabled

Blocking

Discarding

Enabled

Listening

Discarding

Enabled

Learning

Learning

Enabled

Forwarding

Forwarding

Disabled

Disabled

Discarding

RSTP port roles

Root and designated ports as before.

Alternate port
takes over if
Des port fails.

Rapid PVST Implementation Commands

Switch(config)# spanning-tree mode rapid-pvst

To revert back to the default PVST+ using traditional 802.1D:

Switch(config)# spanning-tree mode pvst

18

Rapid PVST - Lab

S00(config)#spanning-tree vlan 10 root primary

S00(config)#spanning-tree vlan 20 root secondary
S11(config)#spanning-tree vlan 20 root primary
S11(config)#spanning-tree vlan 10 root secondary
19

Multiple Spanning Tree Protocol 802.1s

Instance 1 maps to VLANs 1500
Instance 2 maps to VLANs 5011000

Multiple Spanning Tree (MST) extends the IEEE 802.1w RST algorithm to multiple
spanning trees.
The main purpose of MST is to:
Reduce the total number of spanning-tree instances to match the physical topology of
the network
Thus reduce the CPU cycles of a switch.
Allows the network administrator to configure the exact number of instances.
PVST+ runs a single instance of STP for each VLAN and does not take into
consideration the physical topology.
May have 1,000 VLANs but only 2 different topologies (2 different Root Bridges).
PVST+ will still create 1,000 instances of STP
MST, on the other hand, uses a minimum number of STP instances to match the
number of physical topologies present.
May have 1,000 VLANs but only 2 different topologies (2 different Root Bridges).
MST will let you specify only 2 instances of STP.
20

MST Regions

MST Region is a group of switches placed under a common administration (like an AS).
In most networks a single MST region is sufficient.
A single MST Region can handle 15 STP instances (topologies).
Within a region, all switches must run the instance of MST as defined by:
MST configuration name (32 characters)
MST configuration revision number ( 0 to 65,535)
MST instance-to-VLAN mapping table (4,096 entries)
MST was designed to work with all forms of STP.
IST (Internal Spanning Tree) instance runs to work out a loop-free topology inside the
MST Region.
IST presents the entire MST region as a single virtual switch (bridge) to the CST (802.1D)
outside.
21

Configuring and Verifying MST

STP configuration that you will

perform in this section.
VLANs 2 and 3 are mapped into
MST instance 1.
VLANs 4 and 5 are mapped into
MST instance 2.

All three switches are configured with PVST+

Four user-created VLANs: 2, 3, 4, and 5.
SW1 is configured as the root bridge for VLANs 2 and 3.
SW2 is configured as the root bridge for VLANs 4 and 5.
22

Current RSTP

SW3# show spanning-tree summary

Switch is in pvst mode
Root bridge for: none
<... output omitted ...>
Name
Blocking Listening Learning Forwarding STP Active
--------- -------- --------- -------- ---------- ---------VLAN0001
1
0
19
0
20
VLAN0002
1
0
2
0
3
VLAN0003
1
0
2
0
3
VLAN0004
1
0
2
0
3
VLAN0005
1
0
2
0
3
--------- -------- --------- -------- ---------- ---------5 vlans
5
0
27
0
32

23

Configuring and
Verifying MST

SW1(config)# spanning-tree mst configuration

SW1(config-mst)# name ESPOCH
SW1(config-mst)# revision 1
-------SW2(config)# spanning-tree mst configuration
SW2(config-mst)# name ESPOCH
SW2(config-mst)# revision 1
--------SW3(config)# spanning-tree mst configuration
SW3(config-mst)# name ESPOCH
SW3(config-mst)# revision 1

An STP instance is created for each VLAN with PVST+.

Five VLANs translate into five STP instances.
SW1 and SW2 also run the same number of running STP instances as SW3.
All three switches are in the same MST region, ESPOCH, and same revision, 1.
24

SW1(config)# spanning-tree mst configuration

SW1(config-mst)# instance 1 vlan 2,3
SW1(config-mst)# instance 2 vlan 4,5
SW1(config-mst)# end
SW2(config)# spanning-tree mst configuration
SW2(config-mst)# instance 1 vlan 2,3
SW2(config-mst)# instance 2 vlan 4,5
SW2(config-mst)# end
SW3(config)# spanning-tree mst configuration
SW3(config-mst)# instance 1 vlan 2,3
SW3(config-mst)# instance 2 vlan 4,5
SW3(config-mst)# end

Map VLANs 2 and 3 to MST instance 1.

Map VLANs 4 and 5 to MST instance 2
25

SW1(config)# spanning-tree mst 1 root primary

SW1(config)# spanning-tree mst 2 root secondary

Configure SW1 as primary root bridge for MST instance 1 and secondary root
for instance 2
26

SW2(config)#
SW2(config)#
--------SW1(config)#
----------SW2(config)#
----------SW3(config)#

spanning-tree mst 1 root secondary

spanning-tree mst 2 root primary
spanning-tree mode mst
spanning-tree mode mst
spanning-tree mode mst

Configure SW2 as secondary root bridge for MST instance 1 and primary root
for instance 2.
Change STP mode to MST on all three switches
27

SW3# show spanning-tree summary

Switch is in mst mode (IEEE Standard)
<... output omitted ...>
Name
Blocking Listening Learning Forwarding STP Active
---------- -------- --------- -------- ---------- ---------MST0
0
0
0
24
24
MST1
0
0
0
4
4
MST2
0
0
0
4
4
--------- -------- --------- -------- ---------- ---------3 msts
0
0
0
32
32

MST runs three instances: the default MSTI0 and the two you configured
(MSTI1 and MSTI2).
28

SW3(config)# spanning-tree mst configuration

SW3(config-mst)# show current
Current MST configuration
Name
[CCNP]
Revision 1
Instances configured 3
Instance Vlans mapped
-------- ----------------------------------------------------------0
1,6-4094
1
2-3
2
4-5
---------------------------------------------------------------------

MST configuration on SW3

VLANs 2 and 3 are mapped to MSTI1 .
VLANs 4 and 5 are mapped to MSTI2.
All other VLANs are mapped to MSTI0 or IST.
29

MST
Example 2

Enables MST
Distribution1(config)# spanning-tree mode mst
Distribution1(config)# spanning-tree mst configuration
Distribution1(config-mst)# name region1
Configure Region
and MST instances
Distribution1(config-mst)# revision 10
Distribution1(config-mst)# instance 1 vlan 10, 30, 100
Distribution1(config-mst)# instance 2 vlan 20, 40, 200
Distribution1(config-mst)# exit
Configure Root Bridge
Distribution1(config)# spanning-tree mst 0-1 root primary
Distribution1(config)# spanning-tree mst 2 root secondary
30

MST
Example 2

Enables MST
Distribution2(config)# spanning-tree mode mst
Distribution2(config)# spanning-tree mst configuration
Distribution2(config-mst)# name region1
Configure Region
and MST instances
Distribution2(config-mst)# revision 10
Distribution2(config-mst)# instance 1 vlan 10, 30, 100
Distribution2(config-mst)# instance 2 vlan 20, 40, 200
Distribution2(config-mst)# exit
Configure Root Bridge
Distribution2(config)# spanning-tree mst 2 root primary
Distribution2(config)# spanning-tree mst 0-1 root secondary
31