Ch 3: Advanced STP Tuning Flashcards
A switch’s STP priority can be configured in increments of ______.
a. 1
b. 256
c. 2048
d. 4096
D. A switch’s STP priority increments in values of 4096. The priority is actually added to the VLAN number as part of the advertisement. The VLAN identifier is 12 bits, which is a decimal value of 4096.
True or false: The advertised path cost includes the advertising link’s port cost as part of the configuration BPDU advertisement.
a. True
b. False
B. False. The advertising path cost includes the calculate path cost but does not include the path cost of the interface from which the BPDU is being advertised.
The receiving switch adds the port cost for the interface on which the BPDU was received in conjunction to the value of the total path cost in the BPDU.
True or false: The switch port with the lower STP port priority is more preferred.
a. True
b. False
A. True. As part of the STP algorithm, when two links exist between two switches, on the upstream switch, the port with the lower port priority is preferred.
What happens to a switch port when a BPDU is received on it when BPDU guard is enabled on that port?
a. A message syslog is generated, and the BPDU is filtered.
b. A syslog message is not generated, and the BPDU is filtered.
c. A syslog message is generated, and the port is sent back to a listening state.
d. A syslog message is generated, and the port is shut down.
D. BPDU guard generates a syslog message and shuts down an access port upon receipt of a BPDU.
Enabling root guard on a switch port does what?
a. Upon receipt of an inferior BPDU, the port is shut down.
b. Upon receipt of a superior BPDU, the port is shut down.
c. Upon receipt of an inferior BPDU, the BPDU is filtered.
d. When the root port is shut down, only authorized designated ports can become root ports.
B. Root guard ensures that the designated port does not transition into a root port by shutting down the port upon receipt of a superior BPDU.
UDLD solves the problem of ______.
a. time for Layer 2 convergence
b. a cable sending traffic in only one direction
c. corrupt BPDU packets
d. flapping network links
B. Unidirectional Link Detection (UDLD) solves the problem when a cable malfunctions and transmits data in only one direction.
What command sets a switch to be either the primary or secondary root switch? What are the Bridge Priorities associated with both primary and secondary?
spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter]:
This command executes a script that modifies certain values. The primary keyword sets the priority to 24,576, and the secondary keyword sets the priority to 28,672.
The optional diameter command makes it possible to tune the Spanning Tree Protocol (STP) convergence and modifies the timers; it should reference the maximum number of Layer 2 hops between a switch and the root bridge. The timers do not need to be modified on other switches because they are carried throughout the topology through the root bridge’s bridge protocol data units (BPDUs).
What is the command to set STP bridge priority on a switch?
spanning-tree vlan vlan-id priority priority
The priority is a value between 0 and 61,440, in increments of 4,096.
The default is 32,768.
T/F: The best way to prevent erroneous devices from taking over the STP root role is to set the priority to 0 for the primary root switch and to 4096 for the secondary root switch. In addition, root guard should be used.
True. This will ensure the root role is not subverted.
What command is used to modify the STP port cost?
By changing the STP port costs with the command spanning tree [vlan vlan-id] cost cost, you can modify the STP forwarding path. You can lower a path that is currently an alternate port while making it designated, or you can raise the cost on a port that is designated to turn it into a blocking port.
The spanning tree command modifies the cost for all VLANs unless the optional vlan keyword is used to specify a VLAN.
T/F: The STP port priority impacts which port is an alternate port when multiple links are used between switches.
True.
What is STP port priority? What is the default value?
Each port of a Switch has a Spanning Tree Port Priority value associated with it, which is equal to 128 by default. We can view the spanning-tree command by using show command “show spanning-tree”.
The priority values are 0, 32, 64, 96, 128, 160, 192, and 224. All other values are rejected.
The STP port priority impacts which port is an alternate port when multiple links are used between switches.
This is used for prefering a path to the root bridge, by having traffic prefer a specific path.
Remember that the sytem ID and port cost will be checked first. But, if the system ID and port costs are the same, the next check is port priority, This is only used as a third resort in breaking ties to the root bridge.
What is STP Port ID? How is it formed?
Spanning Tree Port ID is formed by adding the 4-bit port priority value (the default value of 128) to 12-bit interface identifier (total 16 bits).
Normally, a Port ID is denoted in Hexadecimals similar as 0x8015, which is equivalant to 128.21 in decimals, where the first part is the default Port Priority number and second part is the switch interface identifier.
T/F: All of the following are some common scenarios for Layer 2 forwarding loops:
- STP disabled on a switch
- A misconfigured load balancer that transmits traffic out multiple ports with the same MAC address
- A misconfigured virtual switch that bridges two physical ports (Virtual switches typically do not participate in STP.)
- End users using a dumb network switch or hub
True.
If you see this error in syslog, what should you look for?
- 12:40:30.044: %SW_MATM-4-MACFLAP_NOTIF: Host 70df.2f22.b8c7 in vlan 1 is flapping between port Gi1/0/3 and port Gi1/0/2
In this scenario, STP should be checked for all the switches hosting the VLAN mentioned in the syslog message to ensure that spanning tree is enabled and working properly.
Catalyst switches detect a MAC address that is flapping between interfaces and notify via syslog with the MAC address of the host, VLAN, and ports between which the MAC address is flapping. These messages should be investigated to ensure that a forwarding loop does not exist.
Which of the following are true?
- Root guard is an STP feature that is enabled on a port-by-port basis
- Root guard prevents a configured port from becoming a root port.
- Root guard functions by ignoring packets with a superior BPDU when they are received on a configured port.
- Root guard is enabled with the interface command spanning-tree guard root.
- Root guard is placed on designated ports toward other switches that should never become root bridges.
All are true except 3.
Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology. Root guard functions by placing a port in an ErrDisabled state if a superior BPDU is received on a configured port. This prevents the configured DP with root guard from becoming an RP.
Root guard is enabled with the interface command spanning-tree guard root. Root guard is placed on designated ports toward other switches that should never become root bridges.
T/F: The STP portfast feature disables TCN generation for access ports.
True:
The generation of TCN for hosts does not make sense as a host generally has only one connection to the network. Restricting TCN creation to only ports that connect with other switches and network devices increases the L2 network’s stability and efficiency. The STP portfast feature disables TCN generation for access ports.
T/F: The STP Portfast feature allows access ports to bypass the earlier 802.1D STP states (learning and listening) and forward traffic immediately.
True. This is beneficial in environments where computers use Dynamic Host Configuration Protocol (DHCP) or Preboot Execution Environment (PXE). If a BPDU is received on a portfast-enabled port, the portfast functionality is removed from that port.
What are the commands to enable Portfast globally and locally?
Interface:
- spanning-tree portfast [disable]
Globally:
- spanning-tree portfast default
T/F: Portfast can be enabled on trunk links.
True.
Portfast can be enabled on trunk links with the command spanning-tree portfast trunk. However, this command should be used only with ports that are connecting to a single host (such as a server with only one NIC that is running a hypervisor with VMs on different VLANs). Running this command on interfaces connected to other switches, bridges, and so on can result in a bridging loop.
What command(s) can you use to verify which ports are using Portfast?
Three ways:
- Show the running config.
- Portfast can be verified by examining the STP configuration for VLAN 10 with show spanning-tree vlan 10.
- By examining the STP interface details with show spanning-tree interface gi1/0/13 detail.
Notice that the portfast ports are displayed with P2P Edge.
What is BPDU Guard?
BPDU guard is a safety mechanism that shuts down ports configured with STP portfast upon receipt of a BPDU. Assuming that all access ports have portfast enabled, this ensures that a loop cannot accidentally be created if an unauthorized switch is added to a topology.
ErrDisabled is the resulting port state.
What is the command(s) to enable BPDU Guard?
BPDU guard is enabled globally on all STP portfast ports with the command spanning-tree portfast bpduguard default.
BPDU guard can be enabled or disabled on a specific interface with the command spanning-tree bpduguard {enable | disable}.
T/F: err-disabled ports from BPDU Guard must be manually shut and no shut before they will pass traffic again.
False.
By default, ports that are put in the ErrDisabled state because of BPDU guard do not automatically restore themselves. The Error Recovery service can be used to reactivate ports that are shut down for a specific problem, thereby reducing administrative overhead.
To use Error Recovery to recover ports that were shut down from BPDU guard, use the commands:
- errdisable recovery cause bpduguard
- errdisable recovery interval seconds
The Error Recovery service operates every 300 seconds (5 minutes) by default. This can be changed to 5 to 86,400 seconds with the global configuration command errdisable recovery interval time.
