Port States: a.

Send & receive BPDUs & Data

b. Record MAC
1. Disabled: Administratively down // In RSTP
1,2,3 Discarding state BPDU Format:
2. Blocking:
1. Protocol ID
a. Receive BPDU but not sent
2. Version id
b. 20 sec
3. BGPDU msg type:
c. Evaluate BPDU to identify whether it
4. Flags
is root port or not
5. Root Bridge
3. Listening:
6. Root Path cost
a. Only if port select as root/designate
7. Sender Bridge ID
b. Send & Receive BPDUs
8. Port ID
c. But not MAC & data
9. Max age
4. Learning:
10. Hello
a. Records MAC address
11. Forward time
5. Forwarding:

RSTP BPDU handlink

Every bridge send bpdus to every hello time
Quick failure detection: 3 consecutive hellos miss, max age time expires.
Accetp inferior bpdus: for backbone fast.
Doesn’t depend upon timer configuration while port moving into forwarding state.
For fast convergence depend on the edge ports and link type:
Edge ports: portfast enabled ports, directly go to forward stat, no tc notification geneaed.
Link Type: automatically derive from duplex mode of a port.
 Full-duplex port assumes to be point-to-point
 Half-duplex port considered as shared port.
 Override by manual configuration.
Rstp achive rapid transistion to the forwarding state on edge ports and on point-to-point links
1. BPDU are Sent Every Hello-Time by by rstp enabled router
2. But in pvst bpdu generate only if it receive bpdu on root port
3. if hellos are not received three consecutive times, max-age expires immediately.
4. Then bridge consider it loses the connectivety to direct bridge.

Root Bridge Election:

1. Lowest Bridge ID
a. Priority + vlan-id
b. 32768, 4096
2. Lowest MAC address

Root Port Election:

1. Lowest cumulative cost to root bridge

a. #sapan cost //manually chage
2. Lowest Upstream bridge-id
3. Lowest port priority (default is 128.x, 0-255)

Influence Root port Election:

1. Port cost:
a. Change local port cost
b. Effects all downstream bridges
2. Port Priority:
a. Effect is b/n 2 switches only
 b. Influence the election of root of the downstream bridge

PortFast:

 Immediately goes to forwarding from blocking.

 TCN never generated.
 If BPDU receives
o global: become Normal STP port
o interface: Stays in portfast
 Can also configure on trunks while connecting to servers.

UplinkFast:

 When Root port fails

 Next lowest cost port is selected.
 Enable on Access switch but not on transit switch

BackboneFast:

 Configure on all switches(core or distribution)

 Check alternate path when Indirect failure occurs
 When root port failed, assume it as a root bridge send bpdu on blocked port.
 After receiving inferior bpdu on blocked port (assume remaining roo & blocked ports as alternative)
o Check the availability of Root Bridge by sending RLQ (Request Link Quiries) on these alternate ports.
o If no ports are blocked it assumes it as root bridge.
o RLQ messages are validated from Root Bridge.
o Max-age time is shortened.

BPDU Guard:

 If bpdu receive port goes into error-disabled state

 Doesn’t detect hubs or unmanaged switche
 Enabled on host ports.

BPDU Filter:

 Blocks incoming and outgoing Configuration BPDUs

 Global:
o Upon startup, the port transmit 10 bpdus, in this time it receive any bpdu, port loses porfast & bpdu
filter.
o If bpdu detected, the port loses it portfast status,
o BPDU filter is disabled & stp send & receive bpdus.
 Interface:
o Ignore all received bpdus & doesn’t send any bpdus.
 Generally used in Service provider networks where switch ports connected to customers.

Root Guard:

 Forces an interface to become designated port to prevent surrounding switches from becoming a root
switch.
 To enforce the root bridge placement in network.
 If superior bpdu received on root guard enabled port, port goes into root inconsistent mode (like listening
state) & doesn’t forward traffic.

Loop Guard:

 Enabled between distribution switches & uplink ports on access switches.

 If bpdus are no longer received port goes into loop inconsistent mode.
  Recovery is automatic.
 If bpdu of particular vlan is not received on trunk port, put the trunk port in inconsistent for that vlan only.
 Loop guard works on non-designated ports doesn’t allow port become designated through the expiration of
max age.
 Never enable root guard & loop guard on same port.
 If enabled root guard is disabled.
 If enabled globally, it is enabled on all point-to-point links (full duplex).
 Protect against STP failures
 No protection against miswiring.
 On an ether channel bundle, if individual link fails, put the entire channel into loop inconstant state.

UDLD:

 Unidirectional links can cause STP loops.

 UDLD detect unidirectional links and shutdown the affected interface.
 Also detect miswiring at the patch panel.
 If enabled, switch periodically transmit UDLD packets.
 If packets not echoed back within a specific time frame, link is flagged as unidirectional, and then put in
error-disabled state.
 Normal mode: if detected, port allows to continue its operation & just generate a syslog message.
 Aggressive mode: if detected, the switch try to re-establish the link. It send message per second upto 8
seconds. In these 8 seconds it doesn’t receive the reply, put the port into error-disabled state.
 Udld reset command to reset the interface.
 On ether channel bundle, UDLD will disable individual failed links, remaining are working condition.

Bridge Assurance:

Loops cuased by

 Unindirectional link
 Device malfunction
 Configuration errors
 External system forwarding (hub or non-stp switch or dual nic server bridging between NIC)

 DUMP

Every bridge (with except to the root) accepts and retains only the best current root bridge information, electing one
root port upstream toward the root bridge.

Bridges then block alternate paths to the root bridge, leaving only the single optimal upstream path and continue
relaying optimal information downstream.

If bridge learns of a better (“superior”) root bridge, on any of its ports, the previous “best” information is erased and
the new one immediately accepted and relayed.

Switches store the most recent STP BPDUs (Bridge Protocol Data Units) with every port that receives them, even
blocked ports. Only the best information is relayed downstream.

Inferior BPDUs may appear when a neighbouring bridge loses its root port having no alternate path and claims itself
the new root for the topology.

DIRECT LINK FAILURE:

If link directly connected to the bridge fails. Failure could be detected in one of 2 ways by
  Signal loss at physical level
 Missing BPDU information for Max_age-Message-age seconds.

Blocking port failure: nothing happens with except to expiring information associated with the failed port.

Designated port Failure: local bridge does nothing. However, downstream bridge may detect the loss of a root port
and start re-converging.

Root port failure: information stored with the root port is invalidated and the bridge attempts to elect new root port
based on stored information. If such port can be found, it is unblocked and transitioned through Listening/Learning
states.

If there are no more root ports left after the link failure, the bridge declares itself as root and starts announcing that
in BPDUs. Downstream bridges will ignore this information until old information expires.

Fore re-convergence:

 Minimum 2 x Forward_time takes, in case when link failure is detected by the physical layer.
 If BPDU aging is used instead, it takes for every bridge
o (Max_age – Message_age) + 2 x Forward_time to adapt to the new topology.
o Maximum time is Max_age + 2 x Forward_time

If BPDU information is coming from the same root bridge, but other metrics change (e.g. a better root cost received
on blocked port), the blocked port receiving the information is promoted to a root and the previous root is blocked. It
takes 2xForward_Time to adapt to this change. However, inferior information from a new root will cause the topology
to stabilize in Max_Age + 2 x Forward_Time.

INDIRECT LINK FAILURE:

It is important to note, that the failed bridge is located upstream toward the current STP root, as downstream
failures do not affect local bridge’s STA computations.

Indirect failures could be of two types:

 Upstream bridge loses all paths to the root,

 or upstream elects a new root port.

Indirect failure, alternate path exists:

If an upstream bridge loses a root port but has alternate path, new root port is elected, and BPDUs continue to flow,
possible with different root path cost. Local bridge receives these BPDUs on either its root port or blocked port.
Based on the new information, it may elect to unblock the blocked port and change the root port. If that does not
happen, no re-convergence is required locally. If the new port is elected, it takes 2xForward_Time to make it
forwarding. The total time to respond to the indirect link failure could be as low as 2xForward_Time if the upstream
bridge detects root port failure in fast manner (carrier loss) or as much as Max_Age+2xForward_Time if the bridges
need expiring original BPDU’s information and unblock alternate port(s).

Indirect path no alternate path exists:

When upstream bridge loses all paths to the root bridge. In this case, the original root bridge information is expired
(immediately or in up to Max_Age seconds) and the upstream declares itself as a new root. Immediately after this it
starts sending inferior BPDUs, declaring itself the new root. The downstream bridge ignores this new information for
the duration of the Max_Age - Message_Age, retaining information about the original root. After this timeout expires,
there are two possible outcomes:
 1. If the local bridge still hears the original root, it will transition the previously blocked port receiving inferior
BPDUs through Listening and Learning states and start relaying current root bridge information. The
previously “upstream” bridge turns into downstream and adapts to the new root port. Convergence takes at
maximum Max_Age+2xForward_Time second so
2. If the local bridge detects loss of the original root by either losing all directly connected root and alternate
ports or expiring the original BPDU information in maximum of Max_Age seconds it may now accept inferior
information. Based on its local priority, it either agrees to the new root information or start announcing
itself, making the previously upstream bridge to adapt. Total convergence time is once again
Max_Age+2xForward_Time seconds.

TOPOLOGY CHANGE: ( mac table aging 300 sec to forwarding delay)

 The bridge that detect a link going forwarding of going down, starts sending TCN BPDUs out of its root port.
It does so every Hello_Interval seconds (configured locally, not learned from the root bridge) and until the
upstream bridge sends a BPDU with TCN Acknowledge bit set.
 Every bridge that receives and acknowledges a TCN BPDU on its
 designated port starts sending TCN BPDU on its root port, until it is in turn
 acknowledged. This process continues upstream until it reaches the root
 bridge.
 o When the root bridge receives and acknowledges the TC BPDU, it sets
 TCN flag in all outgoing Configuration BPDUs sent downstream. The flag
 will be set for the duration of Max_Age+Forward_Time seconds.
 o Every bridge that hears Configuration BPDU with the Topology Change
 (TC) flag set reduces MAC address learning table aging time from the
 default interval (300 seconds) to Forward_Time seconds. This facilitates
 quick information aging and new MAC address learning.

Backbonefast:

Root port fails

Assumes it as root bridge send the bpdus to next bridge

Next bridge recievies these bpdus on blocked port, this is the identification of indiect failure.

This bridge send RLQ on its root port until it gets ack, RLQ received bridge send rlq on its rootport.

Until root bridge is reached and root bridge send positive or negative RLQ information to all designated ports.

All downstream bridges relay this RLQ to downstream. Except RLQ generator bridge.

If it is positive RLQ, move the blocked port into designated port.

Otherwise it loss all paths to root bridge declare itself as root.

RSTP:
Information caching, by storing alternate paths to the root bridge and quickly reusing them when primary path fails.

Every change in local root bridge information is explicitly synchronized with the rest of the topology, by using a
proposal-agreement handshake mechanism.

Only a link going into forwarding state causes the topology change event. Not the loss of cennectivety. At that time
downward neighbour generate TC notificatioin.

Edge link don’t create TCs.

EDGE PORTS DON’T FLUSH WHEN TC RECEIVED.
TCs never cross edge ports.
Link failure closer to root takes longer times

COMMANDS:

Switch_2> (enable) show port spantree

Port(s) Vlan Port−State Cost Priority Portfast Channel_id
−−−−−−−−−−−−−−−−−−−−−−−− −−−− −−−−−−−−−−−−− −−−−− −−−−−−−− −−−−−−−−−− −−−−−−−−−−
1/1 1 not−connected 4 32 disabled 0
1/2 1 not−connected 4 32 disabled 0