__ o ____
Instead
of running an STP instance for every VLAN, MSTP (Multiple Instance Spanning
Tree Protocol) runs a number of VLAN-independent STP instances. By allowing a
single instance of STP to run for multiple VLANs, MSTP keeps the number of STP
instances to minimum (saving switch resources) while optimizing Layer 2
switching environment (load balancing traffic to different paths for different
VLANs.).
__ o ___
IEEE 802.1s (MST) specification will allow you to associate VLAN
groups to STP instances so you can provide multiple forwarding paths for data
traffic and enable load balancing.
__ o ____
All three switches have the same bridge priority (32768 –
default value) and S1 has the lowest MAC -> S1 is the root bridge and all
traffic must go through it -> Front Line Users (S2) must go through S1 to
reach Server Farm (S3). To overcome this problem, S2 or S3 should become the
root switch and we can do it by changing the bridge priority of S1 to a higher
value (which lower its priority) or lower the bridge priority value (which
higher its priority).
__ o
____
We
know that there will have only one Designated port for each segment (notice
that the two ports of Switch A are on the same segment as they are connected to
a hub). The other port will be in Blocking state. But how does Switch A select
its Designated and Blocking port? The decision process involves the following
parameters inside the BPDU:
* Lowest path cost to the Root
* Lowest Sender Bridge ID (BID)
* Lowest Port ID
* Lowest Sender Bridge ID (BID)
* Lowest Port ID
In
this case, both interfaces of Switch A have the same “path cost to the root”
and “sender bridge ID” so the third parameter “lowest port ID” will be used.
Suppose two interfaces of Switch A are fa0/1 & fa0/2 then Switch A will
select fa0/1 as its Designated port (because fa0/1 is inferior to fa0/2).
Suppose
the port on Link A (named port A) is in forwarding state and the port on Link B
(named port B) is in blocking state. In blocking state, port B still listens to
the BPDUs. If the traffic passing through Link A is too heavy and the BPDUs cannot
reach port B, port B will move to listening state (after 20 seconds for STP)
then learning state (after 15 seconds) and forwarding state (after 15 seconds).
At this time, both port A & port B are in forwarding state so a switching
loop will occur.
__ o
____
A
switch running both MSTP and RSTP supports a built-in protocol migration mechanism
that enables it to interoperate with legacy 802.1D switches. If this switch
receives a legacy 802.1D configuration BPDU (a BPDU with the protocol version
set to 0), it sends only 802.1D BPDUs on that port. An MST switch can also
detect that a port is at the boundary of a region when it receives a legacy
BPDU, an MST BPDU (version 3) associated with a different region, or an RST
BPDU (version 2).
However,
the switch does not automatically revert to the MSTP mode if it no longer
receives 802.1D BPDUs because it cannot determine whether the legacy switch has
been removed from the link unless the legacy switch is the designated switch.
__ o ____
when
the extended system ID feature is enabled - The BID is made up of the bridge
priority (4 bits), the system ID (12 bits), and a bridge MAC address (48 bits).
- The system ID value is the VLAN ID (VID).
In
short, with the use of IEEE 802.1t spanning-tree extensions, some of the bits
previously used for the switch priority are now used for the extended system ID
Only
four high-order bits of the 16-bit Bridge Priority field carry actual priority.
Therefore, priority can be incremented only in steps of 4096. In most cases,
the Extended System ID holds the VLAN ID. For example, if our VLAN ID is 5 and
we use the default bridge priority 32768 then the 16-bit Priority will be 32768
+ 5 = 32773.
Note:
The MAC address is reserved when the extended system ID feature is enabled.
__ o ____
There
are several STP timers, as this list shows:
* Hello - The hello time is the time
between each bridge protocol data unit (BPDU) that is sent on a port. This time
is equal to 2 seconds (sec) by default, but you can tune the time to be between
1 and 10 sec.
* Forward delay – The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.
__ o
____
All ports on root bridge
are designated ports, which are in forwarding state but notice in this case
Switch 15 is the root switch for VLAN 10 -> all ports in VLAN 10 will be in
forwarding state. We cannot say anything about the modes of ports of Switch 15
in other VLANs.
__ o
____
STP
has been implemented in the network. Switch SW_A is the root switch for the
default VLAN. To reduce the broadcast domain, the network administrator decides
to split users on the network into VLAN 2 and VLAN 10. The administrator issues
the command spanning-tree vlan 2 root primary on switch SW_A. What will happen as a
result of this change?
- This
command sets the switch to become root for a given VLAN. It works by lowering
the priority of the switch until it becomes root. Once the switch is root, it
will not prevent any other switch from becoming root. In particular, if the
current root bridge is greater than 24576 then our switch will drop to 24576.
If the current root bridge is less than 24576, our new bridge priority will be
(Priority value of the current root bridge – 4096).
This
command does not affect other VLAN so SW_A will remain root for the default
VLAN -> is correct.
Note: This command is not shown in a Catalyst switch
configuration because the command is actually a macro executing other switch
commands.
__ o ____
The
command “spanning-tree vlan 1 root secondary” sets its bridge ID to a value
which is higher than the current root bridge but lower than other switches in
the network -> If the current root bridge fails, Sw1 will become the root
bridge.
If no
priority has been configured, every switch will have the same default priority
of 32768. Assuming all other switches are at default priority, the spanning-tree
vlan vlan-id root primary command sets a value of 24576. Also,
assuming all other switches are at default priority, the spanning-tree
vlan vlan-id root secondary command sets a value of 28672.
In this question, the bridge priority of Sw1 is 28673, not 28672
because the extended system ID (indicated as sys-id-ext) is 1, indicating this
is the STP instance for VLAN 1. In fact, the bridge priority is 28672.
__ o ____
On the basis of the output
of the show spanning-tree inconsistentports command, which statement about
interfaces FastEthernet 0/1 and FastEthernet 0/2 is true?
Answer: They
have been configured with the spanning-tree guard root command.
Explanation:
We can
configure the root guard feature to prevent unauthorized switches from becoming
the root bridge. When you enable root guard on a port, if that port receives a
superior BPDU, instead of believing the BPDU, the port goes into a
root-inconsistent state. While a port is in the root-inconsistent state, no
user data is sent across it. However, after the superior BPDUs stop, the port
returns to the forwarding state.
For example, in the
topology above suppose S1 is the current root bridge. If a hacker plugs a
switch on S3 which sends superior BPDUs then it will become the new root
bridge, this will also change the traffic path and may result in a traffic jam.
By enabling root guard on S1 port which is connected to S3 port, if
spanning-tree calculations cause an interface to be selected as the root port,
the interface transitions to the root-inconsistent (blocked) state instead to
prevent the hacker’s switch from becoming the root switch or being in the path
to the root.
__ o ____
About RSTP
port roles:
The root
port is the switch port on every nonroot bridge that is the chosen path to the
root bridge. There can be only one root port on every switch. The root port
assumes the forwarding state in a stable active topology.
__ o ____
How are STP timers and state transitions affected when a
topology change occurs in an STP environment?
- If a
switch stops receiving Hellos, it means that there is a failure in the network.
The switch will initiate the process of changing the Spanning-tree topology.
The process requires the use of 3 STP timers:
* Hello - the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.
* Forward delay – the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.
* Max age – maximum length of time a BPDU can be stored without receiving an update.. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.
Max
Age is the time that a bridge stores a BPDU before discarding it.
Switches
(Bridges) keep its MAC address table entries for 300 seconds (5 minutes, known
as aging time), by default. When a network topology change happens, the Switch
(Bridge) temporarily lowers the aging time to the same as the forward delay
time (15 seconds)
to relearn the MAC address changes happened because of topology change.
This
is important because normally only after five minutes an entry is aged out from
the MAC address table of the switch and the network devices could be
unreachable for up to 5 minutes. This is known as a black hole because frames
can be forwarded to a device, which is no longer available.
Notice
that shortening the aging time to 15 seconds does not flush the entire table,
it just accelerates the aging process. Devices that continue to “speak” during
the 15-second age-out period never leave the bridging table.
Therefore in this question,
to be clearer answer C should state “The default aging time for MAC address
entries will be reduced to forward_delay time for a period of the max age timer plus
the forward delay interval.”
__ o ____
The
command spanning-tree guard root is configured on interface Gi0/0 on
both switch S2 and S5. The global configuration command spanning-tree
uplinkfast has
been configured on both switch S2 and S5. The link between switch S4 and S5
fails. Will Host A be able to reach Host B?
- Yes. Traffic will
pass from switch S6 to S2 to S1
First
we should understand about UpLinkFast.
Suppose
S1 is the root bridge in the topology above. S3 is connected to S1 via two
paths: one direct path and another goes through S2. Suppose the port directly
connected to S1 is root port -> port connected to S2 will be in Blocking
state. If the primary link goes down, the blocked port will need about 50
seconds to move from Blocking -> Listening -> Learning -> Forwarding
to be used.
To
shorten the downtime, a feature called Uplink Fast can be used. When the
primary (root) link fails, another blocked link can be brought up immediately
for use. When UplinkFast is enabled, it is enabled for the entire switch and
all VLANs. It cannot be enabled for individual VLANs.
In
this question, the Root Guard feature has been enabled on Gi0/0 of S2 & S5
so these two Gi0/0 ports cannot be root ports and cannot forward traffic ->
the link between S2 & S6 must be used.
Note:
The idea of Uplink Fast is based on blocked ports which are possible to become
a root port. Therefore the Uplink Fast feature is not
allowed on the root bridge ->
S2 & S5 cannot be root bridges in this case.
__ o ____
Common
Spanning Tree only uses one spanning-tree instance for all VLANs in the network.
Rapid
Spanning Tree Protocol (RSTP; IEEE 802.1w) can be seen as an evolution of the
802.1D standard more than a revolution. The 802.1D terminology remains primarily
the same. Most parameters have been left unchanged so users familiar with
802.1D can rapidly configure the new protocol comfortably.
Per-VLAN
spanning tree protocol plus (PVST+) is a Cisco proprietary protocol that
expands on the Spanning Tree Protocol (STP) by allowing a separate spanning
tree for each VLAN. Cisco first developed this protocol as PVST, which worked
with the Cisco ISL trunking protocol, and then later developed PVST+ which
utilizes the 802.1Q trunking protocol. PVST+ allows interoperability between
CST and PVST in Cisco switches.
RSTP
significantly reduces the time to reconverge the active topology of the network
when changes to the physical topology or its configuration parameters occur.
RSTP supports Edge Ports (similar to PortFast), UplinkFast, and BackboneFast
for faster network reconvergence. Rapid Spanning Tree Protocol (RSTP) can also
revert back to 802.1D STP for interoperability with older switches and existing
infrastructures.
Multiple
Spanning Tree can map one or more VLANs to a single STP instance. Multiple
instances of STP can be used (hence the name MST), with each instance
supporting a different group of VLANs. For example, instead of creating 50 STP
separate STP instances for 50 VLANs, we can create only 2 STP instances – each
for 25 VLANs. This helps saving switch resources.
__ o _____
MST maps multiple VLANs that have the same traffic flow
requirements into the same spanning-tree instance. The main enhancement
introduced by MST raises the problem, however, of determining what VLAN is to
be associated with what instance. More precisely, based on received BPDUs,
devices need to identify these instances and the VLANs that are mapped to the
instance.
An example of configuring MST on a switch is shown below:
Configuration
|
Description
|
Switch(config)#
spanning-tree mode mst
|
Turn on MST (and RSTP)
on this switch
|
Switch(config)#
spanning-tree mst configuration
|
Enter MST configuration
submode
|
Switch(config-mst)#
name certprepare
|
Name MST instance
|
Switch(config-mst)#
revision 5
|
Set the 16-bit MST
revision number. It is not incremented automatically when you commit a new
MST configuration.
|
Switch(config-mst)#instance
1 vlan 5-10
|
Map instance 1 with
respective VLANs (VLAN 5 to 10)
|
Switch(config-mst)#instance
2 vlan 11-15
|
Map instance 2 with
respective VLANs (VLAN 11 to 15)
|
Note: To be part of a common MST region, a group of switches
must share the same configuration attributes. In particular, the configuration name (or region name – 32 bits),
revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree
instances) need to be the same for all the switches within the same region.
__ o ____
By default, all VLANs are assigned to MST instance 0. Instance 0
is known as the Internal Spanning-Tree (IST), which is reserved for interacting
with other Spanning-Tree Protocols (STPs) and other MST regions.
__ o ____
In STP 802.1D, a non-root bridge only generates BPDUs when it
receives one on the root port. But in RSTP 802.1w, a bridge sends a BPDU with
its current information every hello-time seconds (2 by default), even if it does not receive any from the
root bridge. Also, on a given port, if hellos are not received three
consecutive times, protocol information can be immediately aged out (or if
max_age expires). Because of the previously mentioned protocol modification,
BPDUs are now used as a keep-alive mechanism between bridges. A bridge
considers that it loses connectivity to its direct neighbor root or designated
bridge if it misses three BPDUs in a row. This fast aging of the information
allows quick failure detection. If a bridge fails to receive BPDUs from a
neighbor, it is certain that the connection to that neighbor is lost. This is
opposed to 802.1D where the problem might have been anywhere on the path to the
root.
__ o ____
The bpdufilter option feature is used to globally enable BPDU
filtering on all Port Fast-enabled interfaces and this prevent the switch
interfaces connected to end stations from sending or receiving BPDUs.
Note: The spanning-tree
portfast bpdufilter default global
configuration command can be overridden by the spanning-tree bdpufilter enable command in interface mode.
___ o _____
You can use PortFast on switch or trunk ports connected to a
single workstation, switch, or server to allow those devices to connect to the
network immediately, instead of waiting for the port to transition from the
listening and learning states to the forwarding state. Also, PortFast can be
used for both STP and RSTP.
BPDU guard can be enabled without PortFast. But what will happen
if the PortFast and BPDU guard features are configured on the same port? Well,
at the reception of BPDUs, the BPDU guard operation disables the port that has
PortFast configured. The BPDU guard transitions the port into errdisable state,
and a message appears on the console
2000 May 12 15:13:32
%SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port. Disabling 2/1
2000
May 12 15:13:32 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1 |
__ o _____
In general, Loop Guard is configured on non-designated ports
(blocking or root ports) and it prevents them from becoming designated ports
when the current designated ports stop sending BPDUs.
Root Guard should be configured on designated ports and prevents
them from becoming root ports. Therefore Root Guard is incompatible with Loop
Guard.
PortFast
should be placed on ports configured as access ports while Loop Guard should be
placed on trunk ports -> we can use the “switchport mode trunk” without interfering
with the operation of Loop Guard.
__ o ____
If any BPDU is received on a port where BPDU guard is enabled,
that port is put into the err-disable state immediately. The port is shut down
in an error condition and must be either manually re-enabled or automatically
recovered through the errdisable timeout function.
Note: A port that has PortFast enabled also has BPDU guard
automatically enabled. By combining PortFast & BPDU guard we have a port
that can quickly enter the Forwarding state from Blocking state and
automatically shut down when receiving BPDUs.
__ o ____
Each
BPDU includes the hello, forward delay, and max age STP timers. An IEEE bridge
is not concerned about the local configuration of the timers value. The IEEE
bridge considers the value of the timers in the BPDU that the bridge receives.
Effectively, only a timer that is configured on the root bridge of the STP is
important. If you lose the root, the new root starts to impose its local timer
value on the entire network. So, even if you do not need to configure the same
timer value in the entire network, you must at least configure any timer
changes on the root bridge and on the backup root bridge.
__ o _____
MST maps multiple VLANs into a spanning tree instance, with each
instance having a spanning tree topology independent of other spanning tree
instances. This architecture provides multiple forwarding paths for data
traffic, enables load balancing, and reduces the number of STP instances
required to support a large number of VLANs. MST improves the fault tolerance
of the network because a failure in one instance (forwarding path) does not
affect other instances (forwarding paths).
Note: RSTP is automatically turned on along with MST (the
“spanning-tree mode mst” in global configuration mode will turn on both RSTP
& MST)
__ o ____
The concept of edge port basically corresponds to the PortFast
feature. An edge port directly transitions to the forwarding state, and skips
the listening and learning stages. An edge port that receives a BPDU
immediately loses edge port status and becomes a normal spanning tree port.
__ o ____
About
port BPDU Guard and BPDU filtering:
- When
globally enabled, BPDU port-guard and BPDU filtering apply only to PortFast
enabled ports.
- When a
BPDU is received on a BPDU port-guard enabled port, the interface goes into the
err-disabled state.
__ o ____
When a Switch (Bridge) discovers topology change, it generates a
TCN (Topology Change Notification) BPDU (Bridge Protocol Data Unit) and sends
the TCN BPDU on its root port. The upstream Switch (Bridge) responds back the
sender with TCA (Topology Change Acknowledgment) BPDU (Bridge Protocol Data
Unit) and TCA (Topology Change Acknowledgment) BPDU (Bridge Protocol Data Unit).
The upstream Switch (Bridge) (bridge which received the TCN BPDU) generates
another TCN BPDU and sends out via its Root Port. The process continues until
the Root Switch (Bridge) receives the TCN BPDU.
When the Root Switch (Bridge) is aware that there is a topology change in the
network, it starts to send out its Configuration BPDUs with the topology change
(TC) bit set. Configuration BPDUs are received by every Switch (Bridge) in the
network and all bridges become aware of the network topology change.
The switch never generates a TCN when a port configured for
PortFast goes up or down -> it means no TC will be created for PortFast (or
Edge Port).
__ o ____
A non-edge port that transitions to the forwarding state will
generate an RSTP topology change notification.
__ o ____
ENJOY LEARNING
0 comments:
Post a Comment