10-15-2012 12:34 PM - edited 03-07-2019 09:28 AM
Hi All,
I've read through the "Understanding and Configuring Spanning-Tree Protocol" document in full.
It is great for explaining what STP is - let me explain my current situation.
We're getting new hardware in our shop, and I've been tasked with configuring the new switch the same as the old switch.
When I look in the config I see only 3 lines:
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
If I go into priv exec mode, and do a "show spanning-tree" I can see the Root ID / Bridging ID and the priority / address / port / etc, for each VLAN in the switch.
Where the document looses me is what I have to do on the NON-root switch configuration wise??
In this case I can tell the switch is not the root switch .. and I think there is something to be done per port or globally but I'm not sure.
Looking forward to any insight into this issue.
Thanks in advance!
10-15-2012 12:51 PM
Hello Alan,
When I look in the config I see only 3 lines:
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
The spanning-tree mode pvst command is the default - it activates the legacy 802.1D STP in each VLAN. All Cisco switches by default run this so-called per-VLAN STP (PVST). The second command can be safely ignored - it influences the way BPDUs are generated in software and sent out but on more recent switches, I do not recall this command being actually available. The third command configures the STP to include the VLAN number into the Bridge ID so that even with no additional configuration, STP instances in individual VLANs have unique Bridge IDs (this is an IEEE requirement). In fact, this command cannot be removed.
So out of these three commands, you shouldn't actually need to enter any of them on the new switch because these commands are present by default.
Where the document looses me is what I have to do on the NON-root switch configuration wise??
In this case I can tell the switch is not the root switch .. and I think there is something to be done per port or globally but I'm not sure.
I suggest making sure that the new non-root switch does not become accidentally the root via using the command
spanning-tree vlan 1-4094 priority 61440
Additionally, I suggest configuring the access ports as PortFast ports, allowing them to become Forwarding as soon as they are connected:
spanning-tree portfast default
Apart from these commands, there is nothing required on a non-root switch. Multiple aspects of STP could be tuned but to have it simply running, you do not need to perform any additional configuration.
Best regards,
Peter
10-15-2012 01:05 PM
HI Alan,
Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN configured in the network. It uses ISL Trunking and allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. Since PVST treats each VLAN as a separate network, it has the ability to load balance traffic (at layer-2) by forwarding some VLANs on one trunk and other Vlans on another trunk without causing a Spanning Tree loop.
How to configure PVST:
spanning-tree mode pvst spanning-tree extend system-id spanning-tree backbonefast spanning-tree vlan 10,30,100 priority 8921spanning-tree vlan 20,40,200 priority 16384follow this document(First part of doc):http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00807b0670.shtml#PVST
RegardsPlease rate if it helps.
10-16-2012 08:55 AM
@Sandeepchoudhary21
Thanks for your quick response and succinct information!
The first two lines look solid, I'm not sure the significance of the 'spanning-tree backbonefast', could you explain why this is needed?? Again the goal is to not add anything additional to the configuration, but to keep it as close to what it is now.
@Peter_Paluch
I really appreciate you going into depth and explaining a lot of the conceptual stuff for helping me understand STP better as well as offering commands to execute. My question is: 'spanning-tree portfast default' . How can I verify if my switch configuration is using that at present? As in the above response to Sandeep, I don't particularly want to add in anything that isn't already there (for better or for worse).
PortFast sounds cool - to check my understanding, normally you have to define if a port will forward in the event a loop occurs, wheras if you set all the ports to portfast by default you don't have to do anything to each individual port??
-------------------------------------
It's looking like my config will be the following, pending the two responses:
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan x priority 61440
10-16-2012 09:29 AM
Hi Alan,
Backbonefast helps to detect the indirect link failures. See this guide for details and examples:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800c2548.shtml
You can check the portfast configuration either globally:
Switch# show spanning-tree summary totals Root bridge for: none. PortFast BPDU Guard is enabled UplinkFast is disabled BackboneFast is disabled Spanning tree default pathcost method used is short
or per interface:
Switch# show spanning-tree interface fa0/3 detail
Port 3 (FastEthernet0/3) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.2. Designated root has priority 8192, address 0001.96a0.2c00 Designated bridge has priority 28673, address 0009.b7aa.9c80 Designated port id is 128.2, designated path cost 19 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 70, received 2 The port is in the portfast mode Root guard is enabled
About "spanning-tree portfast default" comman you are right - it sets portfast for all interfaces.
Kind Regards,
Ivan Shirshin
**Please grade this post if you find it useful.
10-16-2012 10:17 AM
Hello Alan,
You are heartily welcome!
My question is: 'spanning-tree portfast default' . How can I verify if my switch configuration is using that at present?
Check the show spanning-tree summary and look for the line saying:
Portfast Default is enabled
In addition, the spanning-tree portfast default applies only to access ports, i.e. trunks are automatically ignored by this setting (it is assumed that a trunk leads to another switch while an access port connects to an end device). Whether a particular port is operating in PortFast mode can be verified using the show spanning-tree interface interface portfast command, e.g.:
Switch#s how spanning-tree int gi0/1 portfast
VLAN0001 enabled
If a PortFast-enabled port receives a BPDU, it becomes a normal port (i.e. the PortFast will be disabled on that port) until it is disconnected and reconnected again.
PortFast sounds cool - to check my understanding, normally you have to define if a port will forward in the event a loop occurs, wheras if you set all the ports to portfast by default you don't have to do anything to each individual port??
The global-level spanning-tree portfast default applies only to access ports as explained earlier. However, once you accept this fact then the rest of what you say is correct: as this command applies globally to all access ports, you do not need to configure PortFast on them individually.
Best regards,
Peter
10-17-2012 07:19 AM
Thanks again everyone for your thorough responses. I'll address the last two comments as one since they relate to the same topic.
I executed show spanning-tree summary, and it yielded the following results:
#show spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0100
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 18 18
VLAN0100 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
2 vlans 0 0 0 19 19
So it looks like it is not enabled now. If I'm understanding the output properly though it's got all 18 active ports forwarding, so .. utilizing 'spanning-tree portfast default' would essentially give the same functionality - except that from now it would be automatic rather than a static assignment?
Pending this information, this is what I'm looking at so far for the config in the new switch:
(VLAN0100 doesn't appear to be used?? so I don't think I'll be adding it in the new config)
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 61440
spanning-tree portfast default
How does that look? Does this match the capability of how the current switch is configured now? I am very greatful for this community and all the knowledge it affords, thanks again for the help.
10-17-2012 01:05 PM
HI Alan,
I hope you got all points which u required by the awesom explantion of Peter and Ivan.
spanning-tree portfast default
An interface with PortFast mode enabled is moved directly to the spanning-tree forwarding state when linkup occurs without waiting for the standard forward-time delay. It’s a global command to set all the switch interface to STP portfast. When you issue the command you will received a warning to disable manually portfast on interface connected to hub, bridge and switch, because if not this will cause a temporary bridging loop.
or
The simple explanation is that PortFast will immediately transition a port to the forwarding state and not attempt to detect a switching loop unless a BPDU is received on the port with PortFast enabled. So plugging in multiple links on hubs, switches or bridges to the network can temporary switching loops.
Another major advantage of PortFast is that a TCN (Topology Change Notification) is not generated by spanning-tree each time a port goes up or down. This conserves resources as spanning-tree does not have to reprocess the tree every time a TCN is generated.
I think you are right on your spot.
Just go ahead.
Regards
Please rate if it helps.
10-17-2012 01:21 PM
Excellent guys, I've gone ahead with my previous posted configuration. I've graded each reply appropriately, but am not sure the etiquette on these forums when it comes to marking a correct answer.
In this case the answer was constructed by everyone replying. Is there a way to distribute correct answers or I'm assuming there is only one person I can grant this option?
Let me know what most people do in this situation, I don't want to do anything off color.
Kindest Regards,
ALAN
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: