add STP toolkit Part 2 BPDU

This commit is contained in:
shango-wk
2026-05-27 23:22:04 +02:00
parent 6c2b3ce357
commit 994cb382cb
4 changed files with 263 additions and 1 deletions

View File

@@ -103,8 +103,123 @@ from the blocking state to the listening state (15 seconds), learning state (15
and then finally the forwarding state. So it can take a total of 50 seconds for a blocking
interface to transition to forwarding
- These timers and transitional states are to make sure that loops aren't accidentally created
by interface moving to forwarding state too soon.
note: A forwarding interface can move directly to a blocking state (there is no worry
about creating a loop by blocking an interface).
A blocking interface cannot move directly to forwarding state, it must go through the
listening and learning states.
```Wireshark
Dst: PVST+ (01:00:0c:cc:cc:cd)
```
PVST = Only ISL trunk enquapsulation
PVST+ = Supports [[802.1Q]]
Regular STP (not Cisco's PVST+)
uses a destination MAC address of 0180.c200.0000
The STP timers on the root bridge determine the STP timers for th entire network.
## Spanning Tree Optional Features (STP Toolkit)
### Portfast
Portfast allows a port to move imediately to the Forwarding state,
bypassing *Listening* and *Learning*.
If used, it must be enabled *only on ports connected to end hosts,*
if enabled on a port connected to another switch it could cause a Layer 2 loop.
```Cisco
SW1(config)#interface g0/2
SW1(config-if)#spanning-tree portfast
```
You can also enable portfast with the command:
```Cisco
SW1(config)#spanning-tree portfast default
```
This enables portfast on all access ports (not trunk ports).
### BPDU Guard
if an interface with BPDU Guard enabled receives a BPDU from another switch,
the interface will be shut down to prevent a loop from forming.
```Cisco
SW1(config)#interface g0/2
SW1(config-if)#spanning-tree bpduguard enable
```
You can also enable portfast with the command:
```Cisco
SW1(config)#spanning-tree portfast bpduguard default
```
### Root Guard
If you enable root guard on an interface, even if it receives a superior BPDU (lower bridge ID)
on that interface , the switch will not accept the new switch as the root bridge.
the interface will be disabled.
### Loop Guard
If you enable loop guard on an interface, even if the interface stops receiving BPDUs, it`will not
start forwarding. The interface will be disabled.
## Spanning Tree Configuration
### Spanning Tree mode
```Cisco
SW1(config)#spanning-tree mode ?
mst multiple spanning tree mode
pvst Per-Vlan spanning tree mode
rapid-pvst Per-Vlan rapid spanning tree mode //default
SW1(config)#spanning-tree mode pvst
```
### Primary Root Bridge
```Cisco
SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#do show spanning-tree
```
The *spanning-tree vlan (vlan-number) root primary* command sets the STP priority to 24576.
if another switch already has a priority lower than 24576, it sets this switch's priority
to 4096 less than the other switch's priority.
### Secondary Root Bridge
```Cisco
SW1(config)#spanning-tree vlan 1 root secondary
SW1(config)#do show spanning-tree
```
The *spanning-tree vlan (vlan-number) root secondary* command sets the STP priority to 28672.
### STP Port Setting
```Cisco
SW1(config)#spanning-tree vlan 1 cost 200
SW1(config)#spanning-tree vlan 1 port-priority 32
```
## Review
- STP state/timers
- STP BPDU
- STP optional features