Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1258
Views
0
Helpful
3
Replies

What are the parameters in STP that need to be manipulated?

grapevine
Level 1
Level 1

‎06-18-2015 02:43 AM - edited ‎03-08-2019 12:36 AM

What are the parameters in STP that need to be manipulated to create a loop free topology in Layer 2?

Labels:
0 Helpful
3 Replies 3

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎06-18-2015 02:57 AM

 

1- Enable STP ( By default it is enable but just to tell you in case you get the switch were someone has disable the STP).

2- Spanning tree protections:

a- Port-Fast

b-BPDU Guard

c- BPDU Filter

d- Loopguard.

e- UDLD

 

HTH

Regards

Inayath

0 Helpful

InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to InayathUlla Sharieff

‎06-18-2015 03:03 AM

Explanation for the above mentioned mechanism:-

 

 

 

A) BPDU Guard:

Enable per port; error disable the port upon receipt of any BPDU 

 

1) When enabled on interface,  port goes in error-disabled state if BPDU is received

 

Switch(config-if)#spanning-tree bpduguard enable

(note portfast may not be configured)

 

2) Can be enabled on global configuration mode

 

Switch(config)#spanning-tree portfast bpduguard default

 

B) BPDU Filter:

 

Restricts the switch from sending unnecessary BPDUs out access ports.

 

1) When enabled on an individual port, BPDU filtering has the following affects;

 

   > It ignores all BPDUs received.

   > It sends no BPDUs.

 

Switch(cofig-if)#spanning-tree bpdufilter enable

 

2) When enabled globally, BPDU filtering has the following affects;

 

    a) It affects all operational PortFast ports on switches that do not have BPDU filtering configured on the individual ports.

    b) If BPDUs are seen, the port loses its PortFast status, BPDU filtering is disabled, and the STP sends and receives BPDUs on the port as it would with any other STP port on the switch.

    c) Upon startup, the port transmits ten BPDUs. If this port receives any BPDUs during that time, PortFast and PortFast BPDU filtering are disabled.       

 

Switch(config)#spanning-treee portfast bpdufilter  default

C) Root Guard: 

Root Guard is useful in avoiding Layer 2 loops during network anomalies. The Root Guard feature forces an interface to become a designated port to prevent surrounding switches from becoming a root switch. In other words, Root Guard provides a way to enforce the root bridge placement in the network. The Root Guard feature prevents a Designated Port from becoming a Root Port. If a port on which the Root Guard feature receives a superior BPDU, it moves the port into a root-inconsistent state (effectively equal to a listening state), thus maintaining the current Root Bridge status.

 

It can enable on ports other than the root port and on the switches other than root switch using following command.

 

Switch(config)#spanning-tree guard root

 

Detects physical broken physical link in absence of layer 1 electrical  keepalives (Ethernet calls this a link beat).However, sometimes a cable  is intact enough to maintain keepalives, but no to pass data in both  directions. This is unidirectional link.

 

UDLD detects a unidirectional link by sending periodic hellos out to  the interface. It also uses porbes, which must be acknowledged by the  devices on the other end of the link. UDLD operates at Layer 2. The port  is shutdown if a unidirectional link is found.

 

UDLD will not consider a link eligible for disabling until it has seen  a neighbor on the interface already.This prevents it from disabling an  interface when only one end of the link has been configured to support  UDLD.

 

The default UDLD message timer is 7 or 15 seconds (depending on the  platform), allowing it to detect a unidirectional link before STP has  time to transition the interface to forwarding mode

 

UDLD has two modes of operation: 

 

1) Normal mode – UDLD will notice and log a unidirectional link condition, but the interface is allowed to continue operating.

 

2) Aggressive mode – UDLD will transmit 8 additional messages (1 per  second); if none of these are echoed back the interface is placed in the  error-disabled state.

 

UDLD can be enabled globally for all fiber interfaces, or per-interface

 

Global command but it applies only to fiber ports

 

Switch(config)# udld { enable | aggressive | message time }

 

The UDLD message time can be from 7 to 90 seconds

 

To enable udld for non fiber port enable same command on interface mode

 

Switch(config-if)# udld { enable | aggressive | disable }

 

To disable UDLD on a specific fiber port, use the following command:

 

Switch(config-if)# udld disable

 

To disable UDLD on a specific non-fiber port, use the following command:

 

Switch(config-if)#no udld enable

 

To re-enable all interfaces shut by UDLD, use the following:      

 

Switch#udld reset

 

To verify UDLD status, use the following:  

 

Switch#show udld interface

 

 

Fast UDLC:

 

Like UDLD, Fast UDLD is used to detect and disable P2P LAN links that have failed at L2 for any number of reasons and are unable to exchange FDX traffic.  Shorter keep-alive timers are used to detect failures.  Use of short timers in any protocol needs to be approached with caution.  As the timer interval is reduced, the chance of false-positives increase, especially as traffic load on the link or CPU load on the system increases.Release 12.2(33)SXI4 and later releases support fast UDLD.By default Fast UDLD is disable.Please Refer to hyperlink for Fast UDLD .

 

 

Configuring Fast UDLD on a Port

 

1) To Configures the fast UDLD probe message interval on a port use "udld fast-hello interval" command under interface mode.

 

2) By default, fast UDLD error-disables ports with unidirectional links. You can globally enable fast UDLD to report unidirectional links with a message displayed on the console instead of error-disabling ports with unidirectional links.

 

To enables fast UDLD error reporting use "udld fast-hello error-reporting" command under config mode.

 

3) Verification:

 

To displays fast UDLD configuration and operational state use "show udld fast-hello" command.

 

To  reset all LAN ports that have been shut down by UDLD, use "udld reset" command under exec mode.

 

E) Loop guard:

 

Loop guard prevents form loop which occurs as result of blocking port transiting to forwarding state.

If no BPDU are received on a blocked port for a specific length of time. Loop guard puts that port into “loop inconsistent” blocking state. Loop Guard automatically re-enables the port if it starts receiving BPDUs again. It is most effective when enabled in the entire switched network in conjunction with UDLD.

 

When implementing Loop Guard, you should be aware of the following implementation guidelines;

 

    1) Loop Guard cannot be enabled on a switch that also has Root Guard enabled

    2) Loop Guard does not affect Uplink Fast or Backbone Fast operation

    3) Loop Guard must be enabled on point-to-point links only

    4) Loop Guard operation is not affected by the Spanning Tree timers

    5) Loop Guard cannot actually detect a unidirectional link

    6) Loop Guard cannot be enabled on Port Fast or Dynamic VLAN ports

 

To enable Loop Guard for all point-to-point links on the switch, use the following command: 

 

Switch(config)# spanning-tree loopguard default

 

To enable Loop Guard on a specific interface, use the following:

 

Switch(config-if)# spanning-tree guard loop

HTH

regards

Inayath

************** Please do not forget to rate all usefull posts ****************

 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎06-18-2015 06:36 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

What are the parameters in STP that need to be manipulated to create a loop free topology in Layer 2?

Generally none, as that's the whole purpose of STP (i.e. to support a loop free L2 topology).

There are, however, many additional options, many of which Inayath has listed, to "improve" aspects of STP operation, one of the most popular, of those he listed, is enabling Portfast on edge ports.

One option that's often important to set, is which bridge will be the "root" and secondary root, for optimal performance.

There are also additional (advanced) tuning options, for impacting STP operation dealing with timers and link priorities.

As Inayath also mentioned, STP is often enabled by default, but on Cisco equipment, that's often pvst, and rapid-pvst is "better".  I.e. you'll often want to change the STP being used.

When working with L2 equipment, different devices should be running the same or compatible STP (which can be an issue with mixed vendors' equipment).

0 Helpful
Customers Also Viewed These Support Documents