add STP toolkit Part 2 BPDU

This commit is contained in:
shango-wk
2026-05-27 23:22:04 +02:00
parent 6c2b3ce357
commit 994cb382cb
4 changed files with 263 additions and 1 deletions

View File

@@ -29,4 +29,7 @@ tags:
[[VLAN (Part 2)]]
[[VLAN (Part 3)]]
[[DTP - VTP]]
[[Protocole Spanning Tree]]
[[Protocole Spanning Tree (part1)]]
[[Protocole Spanning Tree (part2)]]
[[PortFast (STP Toolkit)]]
[[BPDU Guard & BPDU Filter (STP Toolkit)]]

View File

@@ -0,0 +1,18 @@
---
id: 1779916771-SNCX
aliases:
- BPDU Guard & BPDU Filter (STP Toolkit)
tags: []
---
# BPDU Guard & BPDU Filter (STP Toolkit)
## Review
### BPDU Guard
Automatically disab
BPDU Fileter

View File

@@ -0,0 +1,126 @@
---
id: 1779884291-BCDN
aliases:
- PortFast (STP Toolkit)
tags: []
---
# PortFast (STP Toolkit)
ex:
Switch <-> PC
Listening
| 15sec
Learning
| 15sec
Forwarding
When an end host connects to a switch port, the port becomes up/up but can't send/receive data yet.
- It is a *Designated port* but will take 30 seconds before it enters the Forwarding state:
- 15 seconds in Listening
- 15 seconds in Learning
This lead to poor user experience
- the user probably doesn't even know [[STP]] exists.
- They just know "the internet doesn't work" for 30 seconds when they connect their computer.
- This wait is unnecessary, because there is no risk of a Layer 2 loop occuring between a switch/PC
## The solution
When portFast is configured on a port, the port immediately enters the Forwardin state when connected
to another device.
It bypasses Listening/Learning and can send/receive data right away
You can configure PortFast in two ways
1. Interface config mode
```Cisco
SW1(config-if)# spanning-tree portfast
```
This enables PortFast only on the individual interface.
*Even if you configure spanning-tree porfast on a trunk port, it won't be active.*
2. Global config mode:
```Cisco
SW1(config)# spanning-tree portfast default
```
This enables PorFast on all access ports.
Connections between switches are almost always trunk links.
Connections to end hosts are almost always access links.
**PortFast should NOT be configured on ports connected to switches or temporary Layer 2
loops can occur.**
## showing result
```Cisco
SW1(config)# show spanning-tree interface g0/1 detail
```
## diabling portfast
```Cisco
SW1(config-if)# spanning-tree portfast disable
```
## Configurating Portfast on trunk port
In some cases, you might want to enable PortFast on a trunk port:
- A port connected to a virtualization server with virtual machines (VMs) in different VLANs.
- A port connected to a [[router]] via router on a stick [[ROAS]].
This can only be cofigured per-port in interface config mode:
```Cisco
SW1(config-if)# spanning tree portfast trunk
```
## PortFast Edge
In modern Cisco switches, if you use the commands covered in this lecture, the device will automatically
add the edge keyword to the configuration.
```Cisco
SW1(config-if)# spanning-tree portfast
running-config
spanning-tree portfast edge
```
```Cisco
SW1(config-if)# spanning tree portfast trunk
running-config
spanning-tree portfast edge trunk
```
```Cisco
SW1(config)# spanning-tree portfast default
running-config
spanning-tree portfast edge default
```
You can use either version of the commands when configuring PortFast.
The end result is the same: edge will always be added in the configuraion.
spanning-tree portfast disable doesn't use the *edge* keyword.
## two kind of Portfast
There are two kinds of PortFast:
- edge
- edge is the kind we are covering in this video
- network
- network is used for a feature called Bridge Assurance (not a CCNA topic)
## Review
### PortFast:
Allows switchs ports connected to end hosts to immediately enter the STP Forwarding state.
Bypassing Linstening and Learning

View File

@@ -103,8 +103,123 @@ from the blocking state to the listening state (15 seconds), learning state (15
and then finally the forwarding state. So it can take a total of 50 seconds for a blocking
interface to transition to forwarding
- These timers and transitional states are to make sure that loops aren't accidentally created
by interface moving to forwarding state too soon.
note: A forwarding interface can move directly to a blocking state (there is no worry
about creating a loop by blocking an interface).
A blocking interface cannot move directly to forwarding state, it must go through the
listening and learning states.
```Wireshark
Dst: PVST+ (01:00:0c:cc:cc:cd)
```
PVST = Only ISL trunk enquapsulation
PVST+ = Supports [[802.1Q]]
Regular STP (not Cisco's PVST+)
uses a destination MAC address of 0180.c200.0000
The STP timers on the root bridge determine the STP timers for th entire network.
## Spanning Tree Optional Features (STP Toolkit)
### Portfast
Portfast allows a port to move imediately to the Forwarding state,
bypassing *Listening* and *Learning*.
If used, it must be enabled *only on ports connected to end hosts,*
if enabled on a port connected to another switch it could cause a Layer 2 loop.
```Cisco
SW1(config)#interface g0/2
SW1(config-if)#spanning-tree portfast
```
You can also enable portfast with the command:
```Cisco
SW1(config)#spanning-tree portfast default
```
This enables portfast on all access ports (not trunk ports).
### BPDU Guard
if an interface with BPDU Guard enabled receives a BPDU from another switch,
the interface will be shut down to prevent a loop from forming.
```Cisco
SW1(config)#interface g0/2
SW1(config-if)#spanning-tree bpduguard enable
```
You can also enable portfast with the command:
```Cisco
SW1(config)#spanning-tree portfast bpduguard default
```
### Root Guard
If you enable root guard on an interface, even if it receives a superior BPDU (lower bridge ID)
on that interface , the switch will not accept the new switch as the root bridge.
the interface will be disabled.
### Loop Guard
If you enable loop guard on an interface, even if the interface stops receiving BPDUs, it`will not
start forwarding. The interface will be disabled.
## Spanning Tree Configuration
### Spanning Tree mode
```Cisco
SW1(config)#spanning-tree mode ?
mst multiple spanning tree mode
pvst Per-Vlan spanning tree mode
rapid-pvst Per-Vlan rapid spanning tree mode //default
SW1(config)#spanning-tree mode pvst
```
### Primary Root Bridge
```Cisco
SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#do show spanning-tree
```
The *spanning-tree vlan (vlan-number) root primary* command sets the STP priority to 24576.
if another switch already has a priority lower than 24576, it sets this switch's priority
to 4096 less than the other switch's priority.
### Secondary Root Bridge
```Cisco
SW1(config)#spanning-tree vlan 1 root secondary
SW1(config)#do show spanning-tree
```
The *spanning-tree vlan (vlan-number) root secondary* command sets the STP priority to 28672.
### STP Port Setting
```Cisco
SW1(config)#spanning-tree vlan 1 cost 200
SW1(config)#spanning-tree vlan 1 port-priority 32
```
## Review
- STP state/timers
- STP BPDU
- STP optional features