Monday, October 25, 2010

Lesson 21 - Spanning-Tree Protocol in Practice

Previous post was designed to present in a nutshell the STP operation. However, without some practice it's just academic knowledge. I think it is a good idea to look at the same concepts using real equipment. Here goes...

The below topology (pic. 1) uses redundant links which create the loops.

Pic. 1 - Network Topology
Icons designed by: Andrzej Szoblik - http://www.newo.pl

If there's one thing the administrator should do with such design, that would be configuring the root bridge. Typically, the most powerful switch in the center of the network plays that role. You do not want some access switch to be transmitting the frames between other switches. Access switches are designed to connect your computers to the network, and not to handle the majority of the traffic between the switches which root bridge must deal with.

If you do not configure root bridge yourself, the switch with the lowest MAC address becomes the root since the priority is identical on all of them by default. We do not want to leave it to a chance, do we? For simplicity reasons I have chosen to make SW1 my root bridge. There are at least two ways to configure this.

Method 1
I can manually decrement the priority on SW1 and leave the default value on the other switches. I want to make SW1 my root bridge for all the VLANs I use in my network (remember Cisco uses PVST+). The lowest priority value allowed is zero and if higher needs to be used, it must be an increment of 4096. If you type in the value that is not allowed, the system will present you with the list of values you can use.

Step 1
Check the VLANs configured.



Step 2
Make SW1 the root bridge for all the VLANs configured in the network by decrementing the default value. Here, I will use the value of '0'.



A quick verification if the command took effect is below:





 The above output confirms that SW1 has been elected as the root bridge:

 This bridge is the root

Familiarize yourself with the output of this command. All active ports of the switch are in designated role (forwarding state) as it is the root.

Also, notice that both Bridge ID and Root ID are the same values. I assigned priority of 0, but the system extended ID (PVST) adds VLAN number to the priority assigned. Thus, the priority 0 + (VLAN id) 500 = 500.

Priority: 500
MAC: 000b.5ff7.a080


Like mentioned before, if the priority value configured is not configured according to the allowed values, the system shows the numbers you can use:



Method 2
I can use the spanning-tree vlan root primary macro command which decrements the priority value using Cisco best practices.


Step 1
Check the VLANs configured like before.


Step 2
Make SW1 the root bridge for all the VLANs configured in the network by using the macro command.



And now comes the interesting bit. Having elected the root bridge SW1, I can predict all the rest of the process. Lesson 20 provides us with all the knowledge we need to posses to tell which ports will become root ports on SW2 and SW3 as well as which ports will be designated and which will be non-designated in our topology.

Can you do that on your own? 

The base MAC addresses on SW2 and SW3 are as follows (priority is default):

SW2 MAC: 000E:83DA:7580
SW3 MAC: 000D:28BF:FD40

If you want to check what is the base mac address on your switch type in:

SW#show version | include Base

At least give it a shot before you click at the pic. 2 below to check your answers. If you cannot do it yet, do not worry. I will guide you through the process using some powerful 'show' commands.

Pic. 2 - Spanning-Tree Topology Computed

Icons designed by: Andrzej Szoblik - http://www.newo.pl

There are two loops in my network. One between SW1 and SW2 using ports F0/13 and F0/14. The other loop is formed between SW3 connections to SW1 and SW2 (ports F0/15 and F0/16).

Let's look at SW2 first and see how the knowledge from lesson 20 applies here.

SW2 receives BPDU frames from SW1 on F0/13 and F0/14 ports and from SW3 on its F0/16 port. A closer look at the following output can be very informative.


The above output shows clearly which machine is the root bridge (000B:5FF7:A080). SW2 chose F0/13 as it Root Port. As you recall the first thing to check to determine which is the best path towards the root bridge (root port) is the accumulative cost towards the root. SW2 has three outgoing ports towards the root bridge as shown in the next output:


The accumulative cost is calculated by adding two values:

Port path cost + designated path cost.
  • Port path cost - arbitrarily set values by IEEE (the speed-to-cost table is shown in the previous lesson).
  • Designated path Cost - the cost towards the root bridge advertised by the neighboring switch.
Port F0/16 can be ruled out immediately since 'port path cost' (19) +  'designated path cost' (19) amounts to: 38.

As for the two remaining candidates to become a root port (F0/13 and F0/14), the total path cost is 19 in both cases (19+0). We need to resort to the second test in our algorithm to break the tie: the lowest bridge id of the BPDU sender. Unfortunately, both ports receive BPDU frames from the same switch: SW1 (look at the previous output).

Designated Bridge has priority 500, address 000B:5FF7:A080

Next step to solve the issue is checking the port priority of the sender. But both ports F0/13 and F0/14 receive the same port priority (port id):

Designated port id is 128

The number of the port is not factored in, only the id value like shown above.

There is only one more thing that can help us determine which of these two ports should be the root port: the lowest port id of the sender (SW1). F0/13 is lower in value than F0/14, so the former becomes the root port.

In the same way SW3 chooses its root port F0/15 as the root port since the accumulative cost using it is 19 as opposed to port F0/16 which total cost out towards the root bridge is 38.

Port F0/14 on SW2 becomes non-designated port (NDP) due to the fact, that the root bridge (SW1) has to have all the ports in designated mode which means they cannot be blocked.

The last thing to compute the STP active paths is to select the designated port between SW2 (F0/16) and SW3 (F0/16). Again, the same formula solves the issue. As both SW2 and SW3 advertise the same cost: 19, the tie breaker is going to be the lowest bridge id of the sender. In this contest, SW2 has higher bridge id (less preferred) which is: priority 33268, address 000E:83DA:758

SW3 priority being lower wins. SW3 bridge id for the same VLAN 500 looks like shown below:


priority 33268, address 000D:28BF:FD40

STP selects the layer 2 paths between the switches. In the pic. 2 I showed you also that all the ports connected to PC1, PC2 and R1 are in a designated role. This is because those ports do NOT receive BPDUs. They automatically become designated (forwarding state).

As the last thing in this lesson, I'd like to ask you two questions.

Assuming that SW1 is the root bridge:

Question1
What would you need to reconfigure in our topology (pic. 1), for SW2 to choose F0/14 as the root port for VLAN 500?

Question 2
What would you need to reconfigure in our topology (pic. 1) for SW3 to choose F0/16 as the root port for VLAN 500?


NOTICE!
The method of choosing root port/designated port in the previous lesson holds the answers to these questions. Remember about the order of operation.


The answer to question 1
Since the cost is the same towards SW1 (root), we could modify it on SW2 with the following command:

SW2(config)#interface f0/13
SW2(config-if)#spanning-tree vlan 500 cost 20

This way I have increased the cost on this port to 20, and F0/14 cost now is lower (19).

Another method could be to change the port priority on the SW1 preferring port F0/14. This is how you could do it:

SW1(config)#interface f0/14
SW1(config-if)#spanning-tree vlan 500 port-priority 64

Since, the path cost towards the root are identical on both ports, bridge id of the sender is the same switch SW1, the third thing to influence which one to use is the port priority assigned by the BPDU sender (here SW1). This is shown in the following picture taken from SW2 (show spanning-tree vlan 500 detail):


Now, the priority imposed by SW1 on SW2's F0/14 is lower: 64 compared to port F0/13 which is 128. Port F0/14 becomes the root port.

Answer to question 2
In order to change the root port on SW3 the only way to do that is to increase the cost to reach the root bridge on F0/15. For instance you could configure the following:

SW3(config)#interface f0/15
SW3(config-if)#spanning-tree vlan 500 cost 39

Since the total cost towards SW1 (root) using port F0/15 is 39 now, and using port F0/16 the cost used equals 38, this configuration will do the job.

Did you have fun? I sure did ;)

Cisco Is Easy - Main

  Cisco Basics (CCNA level)  Lessons: Watch Video Tutorials on Youtube 01 - Connecting to Cisco Console Port with MINICOM 02 - Navigatin...