227 lines
6.9 KiB
Markdown
227 lines
6.9 KiB
Markdown
---
|
|
id: 1778913634-WEMK
|
|
aliases:
|
|
- Protocole Spanning Tree (part2)
|
|
tags: []
|
|
---
|
|
|
|
# Protocole Spanning Tree (part2)
|
|
|
|
## Spanning Tree Port State
|
|
|
|
| STP Port State | Stable/Transitional |
|
|
| -------------- | --------------- |
|
|
| Blocking | Statble |
|
|
| Listening | Transitional |
|
|
| Learning | Transitional |
|
|
| Forwarding | Stable |
|
|
| Disabled | Stable |
|
|
|
|
- Root/Designated ports remain stab;e in Forwarding state.
|
|
- Non-designated ports remain stabl in a Blocking state.
|
|
- Listening and Learning are transitional states which are passed through when an interface is
|
|
activated, or when a *Blocking* port must transition to a Forwarding state due to a change in the
|
|
network topology
|
|
|
|
### Blocking state
|
|
|
|
- Non designated ports are in a Blocking state
|
|
- Interfaces in a Blocking state are effectively disabed to prevent loops.
|
|
- Interfaces in a Blocking stae do not send/receive regular naetwork traffic.
|
|
- Interfaces in a Blocking state receive STP BPDUs.
|
|
- Interfaces in a Blocing state do NOT forward STP BPDUs.
|
|
- Interfaces in a Blocking state do NOT learn [[MAC]] addresses.
|
|
|
|
### Listening state
|
|
|
|
- After the Blocking state interfaces with the Designated or Root role enter Listening state.
|
|
- Only Designated or Root ports enter the Listening state (Non-designated ports are always Blocking)
|
|
- The Listening state is 15 seconds long by default. This is determined by the *orward delay* timer.
|
|
- An interface in the listening state ONLY forwards/receives STP BPDUs.
|
|
- An interface in the Listening state does NOT send/receive regular traffic
|
|
- An interface in the Listening state does NOT Learn MAC addresses from regular traffic that
|
|
arrives on the interface
|
|
|
|
### Learning state
|
|
|
|
- After the Listeing state, a Designated or ROOT port will enter Learning state.
|
|
- The Learning state is 15 seconds long by default. This is determined by the Forward delay
|
|
timer ( the same timer is used for both the Listening and Learning states).
|
|
- An interface in the Learning state ONLY sends/receives STP BPDUs.
|
|
- An interface in the Learning state learns MAC addresses from regular traffic that arrives on
|
|
the interface.
|
|
|
|
### Forwarding state
|
|
|
|
- Root and designated ports are in a Forwarding state.
|
|
- A port in the Forwarding state operate as normal
|
|
- A port in the Forwarding state sends/receives BPDUs.
|
|
- A port in the Forwarding state sends/receives normal traffic.
|
|
- A port in the Forwarding state learns MAC addresses.
|
|
|
|
### summary
|
|
|
|
|
|
| STP Port State |Send/Receive BPDUs | Frame forwarding | Mac address learning| Stable/Transitional |
|
|
| -------------- |----|----|----| --------------- |
|
|
| Blocking | No/Yes| NO | NO | Statble |
|
|
| Listening | Yes/Yes| NO | NO | Transitional |
|
|
| Learning | Yes/Yes| NO | Yes | Transitional |
|
|
| Forwarding | Yes/Yes| Yes | Yes | Stable |
|
|
| Disabled | NO/NO| NO | NO | Stable |
|
|
|
|
|
|
note: Switches do not forward the BPDUs out of their root ports and non-designated ports,
|
|
only their designated ports
|
|
|
|
## STP timers
|
|
|
|
### Hello
|
|
|
|
How often the root bridge sends hello BPDUs
|
|
duration: 2 sec
|
|
|
|
### Forward delay
|
|
|
|
How long the switch will stay in the Listening and Learning states (each stae is 15 seconds
|
|
= total 30 seconds)
|
|
duration: 15sec
|
|
|
|
### Max Age
|
|
|
|
How long an interface will wait after ceasing to receive Hello BDPUs to change the STP topology
|
|
duration: 20 sec (10*hello)
|
|
|
|
- If another BPDU i received before the max age timer counts down to 0, the time will reset to 20
|
|
seconds and no changes will ocur.
|
|
|
|
- If another BPDU is not received the max age timer counts down to 0 and the switch will
|
|
reevaluate its STP choices, including root bridge, and local root, designated, and non-designated ports
|
|
|
|
- if a non-designated port is selected to become a designated or root port, it will transition
|
|
from the blocking state to the listening state (15 seconds), learning state (15 seconds),
|
|
and then finally the forwarding state. So it can take a total of 50 seconds for a blocking
|
|
interface to transition to forwarding
|
|
|
|
- These timers and transitional states are to make sure that loops aren't accidentally created
|
|
by interface moving to forwarding state too soon.
|
|
|
|
note: A forwarding interface can move directly to a blocking state (there is no worry
|
|
about creating a loop by blocking an interface).
|
|
A blocking interface cannot move directly to forwarding state, it must go through the
|
|
listening and learning states.
|
|
|
|
```Wireshark
|
|
Dst: PVST+ (01:00:0c:cc:cc:cd)
|
|
```
|
|
|
|
PVST = Only ISL trunk enquapsulation
|
|
PVST+ = Supports [[802.1Q]]
|
|
|
|
Regular STP (not Cisco's PVST+)
|
|
uses a destination MAC address of 0180.c200.0000
|
|
|
|
The STP timers on the root bridge determine the STP timers for th entire network.
|
|
|
|
## Spanning Tree Optional Features (STP Toolkit)
|
|
|
|
### Portfast
|
|
|
|
Portfast allows a port to move imediately to the Forwarding state,
|
|
bypassing *Listening* and *Learning*.
|
|
|
|
If used, it must be enabled *only on ports connected to end hosts,*
|
|
if enabled on a port connected to another switch it could cause a Layer 2 loop.
|
|
|
|
```Cisco
|
|
SW1(config)#interface g0/2
|
|
SW1(config-if)#spanning-tree portfast
|
|
```
|
|
|
|
You can also enable portfast with the command:
|
|
|
|
```Cisco
|
|
SW1(config)#spanning-tree portfast default
|
|
```
|
|
|
|
This enables portfast on all access ports (not trunk ports).
|
|
|
|
### BPDU Guard
|
|
|
|
if an interface with BPDU Guard enabled receives a BPDU from another switch,
|
|
the interface will be shut down to prevent a loop from forming.
|
|
|
|
```Cisco
|
|
SW1(config)#interface g0/2
|
|
SW1(config-if)#spanning-tree bpduguard enable
|
|
```
|
|
|
|
You can also enable portfast with the command:
|
|
|
|
```Cisco
|
|
SW1(config)#spanning-tree portfast bpduguard default
|
|
```
|
|
|
|
### Root Guard
|
|
|
|
If you enable root guard on an interface, even if it receives a superior BPDU (lower bridge ID)
|
|
on that interface , the switch will not accept the new switch as the root bridge.
|
|
the interface will be disabled.
|
|
|
|
### Loop Guard
|
|
|
|
If you enable loop guard on an interface, even if the interface stops receiving BPDUs, it`will not
|
|
start forwarding. The interface will be disabled.
|
|
|
|
## Spanning Tree Configuration
|
|
|
|
|
|
### Spanning Tree mode
|
|
|
|
```Cisco
|
|
SW1(config)#spanning-tree mode ?
|
|
mst multiple spanning tree mode
|
|
pvst Per-Vlan spanning tree mode
|
|
rapid-pvst Per-Vlan rapid spanning tree mode //default
|
|
|
|
SW1(config)#spanning-tree mode pvst
|
|
```
|
|
|
|
### Primary Root Bridge
|
|
|
|
```Cisco
|
|
SW1(config)#spanning-tree vlan 1 root primary
|
|
|
|
SW1(config)#do show spanning-tree
|
|
```
|
|
|
|
The *spanning-tree vlan (vlan-number) root primary* command sets the STP priority to 24576.
|
|
if another switch already has a priority lower than 24576, it sets this switch's priority
|
|
to 4096 less than the other switch's priority.
|
|
|
|
### Secondary Root Bridge
|
|
|
|
```Cisco
|
|
SW1(config)#spanning-tree vlan 1 root secondary
|
|
|
|
SW1(config)#do show spanning-tree
|
|
```
|
|
|
|
The *spanning-tree vlan (vlan-number) root secondary* command sets the STP priority to 28672.
|
|
|
|
### STP Port Setting
|
|
|
|
```Cisco
|
|
SW1(config)#spanning-tree vlan 1 cost 200
|
|
SW1(config)#spanning-tree vlan 1 port-priority 32
|
|
|
|
```
|
|
|
|
## Review
|
|
|
|
|
|
- STP state/timers
|
|
- STP BPDU
|
|
- STP optional features
|
|
- STP configuration
|