From 994cb382cb59cb322363c456f59446739ec01da2 Mon Sep 17 00:00:00 2001 From: shango-wk Date: Wed, 27 May 2026 23:22:04 +0200 Subject: [PATCH] add STP toolkit Part 2 BPDU --- 00. Jeremy's IT LAB CCNA course.md | 5 +- 21. BPDU Guard & BPDU Filter (STP Toolkit).md | 18 +++ 21. PortFast (STP Toolkit).md | 126 ++++++++++++++++++ 21. Protocole Spanning Tree (part2).md | 115 ++++++++++++++++ 4 files changed, 263 insertions(+), 1 deletion(-) create mode 100644 21. BPDU Guard & BPDU Filter (STP Toolkit).md create mode 100644 21. PortFast (STP Toolkit).md diff --git a/00. Jeremy's IT LAB CCNA course.md b/00. Jeremy's IT LAB CCNA course.md index 4b730b3..71ef95e 100644 --- a/00. Jeremy's IT LAB CCNA course.md +++ b/00. Jeremy's IT LAB CCNA course.md @@ -29,4 +29,7 @@ tags: [[VLAN (Part 2)]] [[VLAN (Part 3)]] [[DTP - VTP]] -[[Protocole Spanning Tree]] +[[Protocole Spanning Tree (part1)]] +[[Protocole Spanning Tree (part2)]] +[[PortFast (STP Toolkit)]] +[[BPDU Guard & BPDU Filter (STP Toolkit)]] diff --git a/21. BPDU Guard & BPDU Filter (STP Toolkit).md b/21. BPDU Guard & BPDU Filter (STP Toolkit).md new file mode 100644 index 0000000..3a5a254 --- /dev/null +++ b/21. BPDU Guard & BPDU Filter (STP Toolkit).md @@ -0,0 +1,18 @@ +--- +id: 1779916771-SNCX +aliases: + - BPDU Guard & BPDU Filter (STP Toolkit) +tags: [] +--- + +# BPDU Guard & BPDU Filter (STP Toolkit) + +## Review + +### BPDU Guard + +Automatically disab + + +BPDU Fileter + diff --git a/21. PortFast (STP Toolkit).md b/21. PortFast (STP Toolkit).md new file mode 100644 index 0000000..fb71d71 --- /dev/null +++ b/21. PortFast (STP Toolkit).md @@ -0,0 +1,126 @@ +--- +id: 1779884291-BCDN +aliases: + - PortFast (STP Toolkit) +tags: [] +--- + +# PortFast (STP Toolkit) + +ex: +Switch <-> PC + +Listening + | 15sec +Learning + | 15sec +Forwarding + +When an end host connects to a switch port, the port becomes up/up but can't send/receive data yet. +- It is a *Designated port* but will take 30 seconds before it enters the Forwarding state: + - 15 seconds in Listening + - 15 seconds in Learning +This lead to poor user experience +- the user probably doesn't even know [[STP]] exists. +- They just know "the internet doesn't work" for 30 seconds when they connect their computer. +- This wait is unnecessary, because there is no risk of a Layer 2 loop occuring between a switch/PC + +## The solution + +When portFast is configured on a port, the port immediately enters the Forwardin state when connected +to another device. +It bypasses Listening/Learning and can send/receive data right away + +You can configure PortFast in two ways + +1. Interface config mode + +```Cisco +SW1(config-if)# spanning-tree portfast +``` + +This enables PortFast only on the individual interface. + +*Even if you configure spanning-tree porfast on a trunk port, it won't be active.* + +2. Global config mode: + +```Cisco +SW1(config)# spanning-tree portfast default +``` + +This enables PorFast on all access ports. + + Connections between switches are almost always trunk links. + Connections to end hosts are almost always access links. + +**PortFast should NOT be configured on ports connected to switches or temporary Layer 2 +loops can occur.** + +## showing result + +```Cisco +SW1(config)# show spanning-tree interface g0/1 detail +``` + +## diabling portfast + +```Cisco +SW1(config-if)# spanning-tree portfast disable +``` + +## Configurating Portfast on trunk port + +In some cases, you might want to enable PortFast on a trunk port: +- A port connected to a virtualization server with virtual machines (VMs) in different VLANs. +- A port connected to a [[router]] via router on a stick [[ROAS]]. + +This can only be cofigured per-port in interface config mode: + +```Cisco +SW1(config-if)# spanning tree portfast trunk +``` + +## PortFast Edge + +In modern Cisco switches, if you use the commands covered in this lecture, the device will automatically +add the edge keyword to the configuration. + +```Cisco +SW1(config-if)# spanning-tree portfast +running-config +spanning-tree portfast edge +``` + +```Cisco +SW1(config-if)# spanning tree portfast trunk +running-config +spanning-tree portfast edge trunk +``` + +```Cisco +SW1(config)# spanning-tree portfast default +running-config +spanning-tree portfast edge default +``` + +You can use either version of the commands when configuring PortFast. + +The end result is the same: edge will always be added in the configuraion. + +spanning-tree portfast disable doesn't use the *edge* keyword. + + +## two kind of Portfast + +There are two kinds of PortFast: +- edge + - edge is the kind we are covering in this video +- network + - network is used for a feature called Bridge Assurance (not a CCNA topic) + +## Review + +### PortFast: +Allows switchs ports connected to end hosts to immediately enter the STP Forwarding state. +Bypassing Linstening and Learning diff --git a/21. Protocole Spanning Tree (part2).md b/21. Protocole Spanning Tree (part2).md index 90ff6fe..8d64363 100644 --- a/21. Protocole Spanning Tree (part2).md +++ b/21. Protocole Spanning Tree (part2).md @@ -103,8 +103,123 @@ from the blocking state to the listening state (15 seconds), learning state (15 and then finally the forwarding state. So it can take a total of 50 seconds for a blocking interface to transition to forwarding +- These timers and transitional states are to make sure that loops aren't accidentally created +by interface moving to forwarding state too soon. + + note: A forwarding interface can move directly to a blocking state (there is no worry + about creating a loop by blocking an interface). + A blocking interface cannot move directly to forwarding state, it must go through the + listening and learning states. + +```Wireshark +Dst: PVST+ (01:00:0c:cc:cc:cd) +``` + +PVST = Only ISL trunk enquapsulation +PVST+ = Supports [[802.1Q]] + +Regular STP (not Cisco's PVST+) +uses a destination MAC address of 0180.c200.0000 + +The STP timers on the root bridge determine the STP timers for th entire network. + +## Spanning Tree Optional Features (STP Toolkit) + +### Portfast + +Portfast allows a port to move imediately to the Forwarding state, +bypassing *Listening* and *Learning*. + +If used, it must be enabled *only on ports connected to end hosts,* +if enabled on a port connected to another switch it could cause a Layer 2 loop. + +```Cisco +SW1(config)#interface g0/2 +SW1(config-if)#spanning-tree portfast +``` + +You can also enable portfast with the command: + +```Cisco +SW1(config)#spanning-tree portfast default +``` + +This enables portfast on all access ports (not trunk ports). + +### BPDU Guard + +if an interface with BPDU Guard enabled receives a BPDU from another switch, +the interface will be shut down to prevent a loop from forming. + +```Cisco +SW1(config)#interface g0/2 +SW1(config-if)#spanning-tree bpduguard enable +``` + +You can also enable portfast with the command: + +```Cisco +SW1(config)#spanning-tree portfast bpduguard default +``` + +### Root Guard + +If you enable root guard on an interface, even if it receives a superior BPDU (lower bridge ID) +on that interface , the switch will not accept the new switch as the root bridge. +the interface will be disabled. + +### Loop Guard + +If you enable loop guard on an interface, even if the interface stops receiving BPDUs, it`will not +start forwarding. The interface will be disabled. + +## Spanning Tree Configuration + + +### Spanning Tree mode + +```Cisco +SW1(config)#spanning-tree mode ? + mst multiple spanning tree mode + pvst Per-Vlan spanning tree mode + rapid-pvst Per-Vlan rapid spanning tree mode //default + +SW1(config)#spanning-tree mode pvst +``` + +### Primary Root Bridge + +```Cisco +SW1(config)#spanning-tree vlan 1 root primary + +SW1(config)#do show spanning-tree +``` + +The *spanning-tree vlan (vlan-number) root primary* command sets the STP priority to 24576. +if another switch already has a priority lower than 24576, it sets this switch's priority +to 4096 less than the other switch's priority. + +### Secondary Root Bridge + +```Cisco +SW1(config)#spanning-tree vlan 1 root secondary + +SW1(config)#do show spanning-tree +``` + +The *spanning-tree vlan (vlan-number) root secondary* command sets the STP priority to 28672. + +### STP Port Setting + +```Cisco +SW1(config)#spanning-tree vlan 1 cost 200 +SW1(config)#spanning-tree vlan 1 port-priority 32 + +``` + ## Review + - STP state/timers - STP BPDU - STP optional features