add STP toolkit Part 2 BPDU
This commit is contained in:
@@ -29,4 +29,7 @@ tags:
|
||||
[[VLAN (Part 2)]]
|
||||
[[VLAN (Part 3)]]
|
||||
[[DTP - VTP]]
|
||||
[[Protocole Spanning Tree]]
|
||||
[[Protocole Spanning Tree (part1)]]
|
||||
[[Protocole Spanning Tree (part2)]]
|
||||
[[PortFast (STP Toolkit)]]
|
||||
[[BPDU Guard & BPDU Filter (STP Toolkit)]]
|
||||
|
||||
18
21. BPDU Guard & BPDU Filter (STP Toolkit).md
Normal file
18
21. BPDU Guard & BPDU Filter (STP Toolkit).md
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
id: 1779916771-SNCX
|
||||
aliases:
|
||||
- BPDU Guard & BPDU Filter (STP Toolkit)
|
||||
tags: []
|
||||
---
|
||||
|
||||
# BPDU Guard & BPDU Filter (STP Toolkit)
|
||||
|
||||
## Review
|
||||
|
||||
### BPDU Guard
|
||||
|
||||
Automatically disab
|
||||
|
||||
|
||||
BPDU Fileter
|
||||
|
||||
126
21. PortFast (STP Toolkit).md
Normal file
126
21. PortFast (STP Toolkit).md
Normal file
@@ -0,0 +1,126 @@
|
||||
---
|
||||
id: 1779884291-BCDN
|
||||
aliases:
|
||||
- PortFast (STP Toolkit)
|
||||
tags: []
|
||||
---
|
||||
|
||||
# PortFast (STP Toolkit)
|
||||
|
||||
ex:
|
||||
Switch <-> PC
|
||||
|
||||
Listening
|
||||
| 15sec
|
||||
Learning
|
||||
| 15sec
|
||||
Forwarding
|
||||
|
||||
When an end host connects to a switch port, the port becomes up/up but can't send/receive data yet.
|
||||
- It is a *Designated port* but will take 30 seconds before it enters the Forwarding state:
|
||||
- 15 seconds in Listening
|
||||
- 15 seconds in Learning
|
||||
This lead to poor user experience
|
||||
- the user probably doesn't even know [[STP]] exists.
|
||||
- They just know "the internet doesn't work" for 30 seconds when they connect their computer.
|
||||
- This wait is unnecessary, because there is no risk of a Layer 2 loop occuring between a switch/PC
|
||||
|
||||
## The solution
|
||||
|
||||
When portFast is configured on a port, the port immediately enters the Forwardin state when connected
|
||||
to another device.
|
||||
It bypasses Listening/Learning and can send/receive data right away
|
||||
|
||||
You can configure PortFast in two ways
|
||||
|
||||
1. Interface config mode
|
||||
|
||||
```Cisco
|
||||
SW1(config-if)# spanning-tree portfast
|
||||
```
|
||||
|
||||
This enables PortFast only on the individual interface.
|
||||
|
||||
*Even if you configure spanning-tree porfast on a trunk port, it won't be active.*
|
||||
|
||||
2. Global config mode:
|
||||
|
||||
```Cisco
|
||||
SW1(config)# spanning-tree portfast default
|
||||
```
|
||||
|
||||
This enables PorFast on all access ports.
|
||||
|
||||
Connections between switches are almost always trunk links.
|
||||
Connections to end hosts are almost always access links.
|
||||
|
||||
**PortFast should NOT be configured on ports connected to switches or temporary Layer 2
|
||||
loops can occur.**
|
||||
|
||||
## showing result
|
||||
|
||||
```Cisco
|
||||
SW1(config)# show spanning-tree interface g0/1 detail
|
||||
```
|
||||
|
||||
## diabling portfast
|
||||
|
||||
```Cisco
|
||||
SW1(config-if)# spanning-tree portfast disable
|
||||
```
|
||||
|
||||
## Configurating Portfast on trunk port
|
||||
|
||||
In some cases, you might want to enable PortFast on a trunk port:
|
||||
- A port connected to a virtualization server with virtual machines (VMs) in different VLANs.
|
||||
- A port connected to a [[router]] via router on a stick [[ROAS]].
|
||||
|
||||
This can only be cofigured per-port in interface config mode:
|
||||
|
||||
```Cisco
|
||||
SW1(config-if)# spanning tree portfast trunk
|
||||
```
|
||||
|
||||
## PortFast Edge
|
||||
|
||||
In modern Cisco switches, if you use the commands covered in this lecture, the device will automatically
|
||||
add the edge keyword to the configuration.
|
||||
|
||||
```Cisco
|
||||
SW1(config-if)# spanning-tree portfast
|
||||
running-config
|
||||
spanning-tree portfast edge
|
||||
```
|
||||
|
||||
```Cisco
|
||||
SW1(config-if)# spanning tree portfast trunk
|
||||
running-config
|
||||
spanning-tree portfast edge trunk
|
||||
```
|
||||
|
||||
```Cisco
|
||||
SW1(config)# spanning-tree portfast default
|
||||
running-config
|
||||
spanning-tree portfast edge default
|
||||
```
|
||||
|
||||
You can use either version of the commands when configuring PortFast.
|
||||
|
||||
The end result is the same: edge will always be added in the configuraion.
|
||||
|
||||
spanning-tree portfast disable doesn't use the *edge* keyword.
|
||||
|
||||
|
||||
## two kind of Portfast
|
||||
|
||||
There are two kinds of PortFast:
|
||||
- edge
|
||||
- edge is the kind we are covering in this video
|
||||
- network
|
||||
- network is used for a feature called Bridge Assurance (not a CCNA topic)
|
||||
|
||||
## Review
|
||||
|
||||
### PortFast:
|
||||
Allows switchs ports connected to end hosts to immediately enter the STP Forwarding state.
|
||||
Bypassing Linstening and Learning
|
||||
@@ -103,8 +103,123 @@ from the blocking state to the listening state (15 seconds), learning state (15
|
||||
and then finally the forwarding state. So it can take a total of 50 seconds for a blocking
|
||||
interface to transition to forwarding
|
||||
|
||||
- These timers and transitional states are to make sure that loops aren't accidentally created
|
||||
by interface moving to forwarding state too soon.
|
||||
|
||||
note: A forwarding interface can move directly to a blocking state (there is no worry
|
||||
about creating a loop by blocking an interface).
|
||||
A blocking interface cannot move directly to forwarding state, it must go through the
|
||||
listening and learning states.
|
||||
|
||||
```Wireshark
|
||||
Dst: PVST+ (01:00:0c:cc:cc:cd)
|
||||
```
|
||||
|
||||
PVST = Only ISL trunk enquapsulation
|
||||
PVST+ = Supports [[802.1Q]]
|
||||
|
||||
Regular STP (not Cisco's PVST+)
|
||||
uses a destination MAC address of 0180.c200.0000
|
||||
|
||||
The STP timers on the root bridge determine the STP timers for th entire network.
|
||||
|
||||
## Spanning Tree Optional Features (STP Toolkit)
|
||||
|
||||
### Portfast
|
||||
|
||||
Portfast allows a port to move imediately to the Forwarding state,
|
||||
bypassing *Listening* and *Learning*.
|
||||
|
||||
If used, it must be enabled *only on ports connected to end hosts,*
|
||||
if enabled on a port connected to another switch it could cause a Layer 2 loop.
|
||||
|
||||
```Cisco
|
||||
SW1(config)#interface g0/2
|
||||
SW1(config-if)#spanning-tree portfast
|
||||
```
|
||||
|
||||
You can also enable portfast with the command:
|
||||
|
||||
```Cisco
|
||||
SW1(config)#spanning-tree portfast default
|
||||
```
|
||||
|
||||
This enables portfast on all access ports (not trunk ports).
|
||||
|
||||
### BPDU Guard
|
||||
|
||||
if an interface with BPDU Guard enabled receives a BPDU from another switch,
|
||||
the interface will be shut down to prevent a loop from forming.
|
||||
|
||||
```Cisco
|
||||
SW1(config)#interface g0/2
|
||||
SW1(config-if)#spanning-tree bpduguard enable
|
||||
```
|
||||
|
||||
You can also enable portfast with the command:
|
||||
|
||||
```Cisco
|
||||
SW1(config)#spanning-tree portfast bpduguard default
|
||||
```
|
||||
|
||||
### Root Guard
|
||||
|
||||
If you enable root guard on an interface, even if it receives a superior BPDU (lower bridge ID)
|
||||
on that interface , the switch will not accept the new switch as the root bridge.
|
||||
the interface will be disabled.
|
||||
|
||||
### Loop Guard
|
||||
|
||||
If you enable loop guard on an interface, even if the interface stops receiving BPDUs, it`will not
|
||||
start forwarding. The interface will be disabled.
|
||||
|
||||
## Spanning Tree Configuration
|
||||
|
||||
|
||||
### Spanning Tree mode
|
||||
|
||||
```Cisco
|
||||
SW1(config)#spanning-tree mode ?
|
||||
mst multiple spanning tree mode
|
||||
pvst Per-Vlan spanning tree mode
|
||||
rapid-pvst Per-Vlan rapid spanning tree mode //default
|
||||
|
||||
SW1(config)#spanning-tree mode pvst
|
||||
```
|
||||
|
||||
### Primary Root Bridge
|
||||
|
||||
```Cisco
|
||||
SW1(config)#spanning-tree vlan 1 root primary
|
||||
|
||||
SW1(config)#do show spanning-tree
|
||||
```
|
||||
|
||||
The *spanning-tree vlan (vlan-number) root primary* command sets the STP priority to 24576.
|
||||
if another switch already has a priority lower than 24576, it sets this switch's priority
|
||||
to 4096 less than the other switch's priority.
|
||||
|
||||
### Secondary Root Bridge
|
||||
|
||||
```Cisco
|
||||
SW1(config)#spanning-tree vlan 1 root secondary
|
||||
|
||||
SW1(config)#do show spanning-tree
|
||||
```
|
||||
|
||||
The *spanning-tree vlan (vlan-number) root secondary* command sets the STP priority to 28672.
|
||||
|
||||
### STP Port Setting
|
||||
|
||||
```Cisco
|
||||
SW1(config)#spanning-tree vlan 1 cost 200
|
||||
SW1(config)#spanning-tree vlan 1 port-priority 32
|
||||
|
||||
```
|
||||
|
||||
## Review
|
||||
|
||||
|
||||
- STP state/timers
|
||||
- STP BPDU
|
||||
- STP optional features
|
||||
|
||||
Reference in New Issue
Block a user