Module 4 - Building a Redundant Switched Topology

Question 1

Switched Redundancy - Spanning Tree Protocol

Answer 1

Redundancy is vitally important and should be configured where possible.

Spanning tree offers loop-free redundancy capabilities. There is no TTL on a switch so that is where a need for a loop prevention mechanism was introduced.

STP was introduced to stop broadcast storms, also note that you can’t have two paths to a destination in switching unless it is using a port-channel or a VPC.

Without STP then the following issues would occur:

• Broadcast storms
• multiple frame transmission
• Mac database instability.

Remember - There is only ever one active path with STP. It’s a loop avoidance technology to support redundant topology.

Question 2

Spanning Tree Election Process

Root bridge election.

Answer 2

Switches do a really bad job with STP by default. The switch with the oldest MAC address, more than likely also the slowest performance wise is seleced by default.

Within STP there is one switch more important than the rest, this is known as the **‘Root Bridge’ **and an election takes place as the first step of the STP process to deterime this.

All ports on the root bridge take the role of designated ports.

BPDU packets are sent from the root bridge.

Question 3

Root ports

Answer 3

Root ports are the next to be chosen on the non root bridge switches. The root ports are the ports closest to the root bridge.

The lowest sending port-id of the connected switch wins in a tie break situation.

Question 4

Comparison of STP Protocols

Answer 4

There are 5 implementations of STP, some of them are standards and some developed by Cisco.

STP (802.1D) - slow convergence - One tree

PVST+ (cisco proprietary) - slow convergence - one tree per vlan

RSTP (802.1W) - fast - one tree

RPVSTP+ (cisco proprieratry) - fast - one tree per vlan

MST (802.1S) - fast - can have multiple trees for multiple vlans for balancing topologies

Question 5

Bridge Protocol Data Unit (BPDU)

Answer 5

Sent every 2 seconds by an hello timer.

There are 3 types of BDPU.

Configuration BPDU’s always come from the root bridge. They also send out a TCA - topology change acknowledgement.

Topology Change Notifications (TCN’s) are sent to the root bridge from downstream switches.

Question 6

Root Bridge

Answer 6

The Root Bridge is elected on the lowest bridge ID.

The bridge ID is made up of the BID + MAC address. The default bridge ID is 32768 + vlan number - example would be

switch one = 32768 and vlan 10 = BID = 32778

remember lowest MAC is generally older so the priority of the switch becomes important.

Tip - The root bridge should always be placed at the core or the distribution layer depending on the topology of your network.

Question 7

STP Port States

There are 5 of them… do you know what they are

Answer 7

It can be upto 50 seconds before a switch can forward with STP 802.1D. Quite slow and noticeable on modern networks.

blocking - 20 seconds. This state won’t receive or forward BPDU’s

listening - 15 seconds - Can RX but won’t forward BDPU’s

learning - 15 seconds - can rx and tx BPDU’s , will also learn mac addresses at this state… it won’t forward data packets though.

forwarding - rx, tx, learns mac addresses and also forwards data packets.

disabled - doesn’t rx, tx, learn macs or forwards.

Question 8

STP Timers

Answer 8

There are 3 timers used with STP:

Hello timer - every 2 seconds by default BPDU’s are sent out.

Forward delay - 15 seconds

Max age timer - 20 seconds

You can adjust STP timers. You can tune the hello time between 1 and 10 seconds, forward delay between 4 and 30 seconds, and maximum age between 6 and 40 seconds. However, the timer values should never be changed without consideration

Normally, you do not change the STP timers, you would instead use RSTP.

Question 9

Designated Ports

Answer 9

The designated ports are chosen on non root bridge switches, they are any port which is not a root port or blocking port.

Designated ports have lower mac address.

Question 10

Rapid Spanning Tree Protocol

RSTP (802.1w)

Answer 10

3 basic operations of a switch port operating in RSTP:

• discarding - blocking and listening states (combined)
• learning
• forwarding

Question 11

RSTP Link Types

Answer 11

Edge Port - A PC or printer for example connected into a switch.

P2P - When two switches are interconnected, this link type allows full duplex

Shared - where multiple switches may reside off, for example a hub or dirty switch. Operates in half duplex mode.

It is recommended that Portfast be configured for any interfaces which have end devices such as PC’s connected.

Also worth noting that PVST is now the default mode of switches and that 802.1d is now obsolete in reality.

useful cmd

in interface configuration mode - spanning-tree link-type point-to-point

Question 12

Bridge Priority

Configuration and Theory

Answer 12

Bridge priority on a switch can be configured in increments of 4096. Starting at 0. It can go up to 61,440.

recommended configuration, two commands can be run:

spanning-tree vlan vlanid root primary | secondary

if changing timers then this should only be done on the root bridge, it will then propogate to the other switches.

spanning-tree vlan vlan-id priority bridge-priority

Question 13

Q.

In a redundant topology, which of the following is a problem where multiple copies of the same unicast frames are delivered to a destination station, causing problems with the receiving protocol?

Answer 13

A.

Multiple frame transmission

Question 14

STP Port Roles

Answer 14

Root port

This port exists on non-root bridges. It is the switch port with the best path to the root bridge. Root ports forward traffic toward the root bridge and the source MAC address of the frames that are received on the root port that is capable of populating the MAC table. Only one root port is allowed per bridge.

Designated port

This port exists on root and non-root bridges. For root bridges, all switch ports are designated ports. For non-root bridges, a designated port is the switch port that will receive and forward frames toward the root bridge as needed. Only one designated port is allowed per segment. If multiple switches exist on the same segment, an election process determines the designated switch, and the corresponding switch port begins forwarding frames for the segment. Designated ports are capable of populating the MAC table.

Nondesignated port (blocking)

The nondesignated port is a switch port that is not forwarding (blocking) data frames and is not populating the MAC address table with the source addresses of frames that are seen on that segment.

Disabled port

The disabled port is a switch port that is shut down.

Question 15

BPDU Frame Format

Answer 15

• Protocol ID: Identifies the STP
• Version: Identifies the current version of the protocol
• Message type: Identifies the type of BPDU—configuration or TCN (Topology Change Notification) BPDU
• Flags: Used in response to a TCN BPDU
• Root bridge ID: Identifies the bridge ID of the root bridge
• Root path cost: Identifies the cost from the transmitting switch to the root
• Sender bridge ID: Identifies the bridge ID of the transmitting switch
• Port ID: Identifies the transmitting port
• Message age: Indicates the age of the current BPDU
• Maximum age: Indicates the timeout value
• Hello time: Identifies the time interval between generation of configuration BPDUs by the root
• Forward delay: Defines the time a switch port must wait in the listening and learning state

Question 16

STP Cost

Answer 16

Links between switches witin STP have costs. The cost is associated with the bandwidth of the link, it can be changed administratively, however this is not a common practice.

STP COSTS

16mbpbs - 62

100mbps - 19

1gbps - 4

2gbps - 3

10gbps - 2

The higher the bandwidth the lower the cost!

Question 17

In the STP (Spanning Tree Protocol) which of the two port types are able to forward traffic? (Choose two.)

Answer 17

The answer is root port and designated port.

Question 18

In STP, which port on a nonroot switch is the closest logical port to the root switch?

Answer 18

root port

Question 19

If two switches have the same bridge priority, which of the following options is used as a tie-break to determine the root bridge?

Answer 19

MAC address.

Question 20

Which of the following options is an IEEE standard that is inspired by the earlier Cisco proprietary MISTP implementation that maps multiple VLANs into the same spanning-tree instance?

Answer 20

Multiple Spanning Tree (MST)

MSTP is an IEEE standard that is inspired by the earlier Cisco proprietary MISTP implementation. To reduce the number of required STP instances, MSTP maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The Cisco implementation of MSTP is MST. MST provides up to 16 instances of RSTP (802.1w) and combines many VLANs with the same physical and logical topology into a common RSTP instance. The CPU and memory requirements of this version are lower than the requirements of Rapid PVST+ but are higher than the requirements of RSTP.

Question 21

MST (802.1W) - Multiple Spanning Tree

Answer 21

The main purpose is to reduce the number of spaning tree instances. It also eases the burden on the CPU of the switches and reduces the number of BPDU’s.

PVSTP creates an STP instance per VLAN, this leads to lots of bdpu’s traversing links and utilising CPU.

MST essentially load balances the STP to just the active links/paths, For example VLAN 1-500 could traverse one set of links as part of a STP instace. VLANa 501-1000 could be part of another instance.

Note - MST instances start at 0. Also pruning should not be configured on trunk links, this can block ports and stop vlans traversing over links if a path is blocked due to STP.

Question 22

MST Region

Answer 22

MST Region is essentially a group of bridges/switches which have the same MST instance configured.

This VLAN-to-MST grouping must be consistent across all bridges within an MST region. Interconnected bridges that have the same MST configuration are referred to as an MST region.

You must configure a set of bridges with the same MST configuration information, which allows them to participate in a specific set of spanning-tree instances. Bridges with different MST configurations or legacy bridges running 802.1D are considered separate MST regions.

Question 23

Q.

Which type of port should be configured between switches when using MST?

Answer 23

Trunk port with no pruning.

Question 24

Which of the following options are benefits of MST (Multiple Spanning Tree)?

Answer 24

To reduce the CPU loading of the Switch.

Question 25

Spanning Tree Cmds

Answer 25

#**show spanning-tree -** used for verifying STP protocol, port states, types, timers, and root bridge etc. #**debug spanning-tree events** - useful for checking events related to spanning tree **spanning-tree vlan vlan-id priority bridge-priority spanning-tree vlan vlan-id root primary** **show spanning-tree root** **spanning-tree vlan 1 cost 16** - within interface configuration mode #**spanning-tree mode rapid-pvst** - this command run on all bridges changes the protocol to RSTP **spanning-tree link-type point-to-point -** in interface configuration mode this cmd changes the link type and p2p will put the type as full duplex. **show spanning-tree summary -** can see the mode and the vlans which are running in PVST \*tip - If you issue the **show running-configuratio**n command, you will see the switch **priority as a number—not the primary or secondary** keyword. Note If the priority of the root bridge is set to 0, configuring another switch with the root primary command will yield no results. The command will fail since it cannot make a local switch priority for 4096 lower than the priority of the root bridge.

Question 26

**Topology Change Notification** (TCN)

Answer 26

When a switch receives a BPDU with the TC bit set from a neighbor, **it clears the MAC addresses that were learned on all its ports**, except the 1 that receives the topology change. **The switch also sends BPDUs with the TC bit set on all designated ports and the root port.** There is no need to wait for the root bridge to be notified and then maintain the topology change state for the whole network for seconds.

Question 27

**MST Configuration**

Answer 27

You start by first creating a MST configuration before activating it. 1) **spanning-tree mst coniguration** 2) **name CCNP** 3) **revision 1** (manual process but must match across switches) **You then create an instance and assign Vlans to the instance.** 4) instance 1 vlan 1,2 5) instance 2 vlan 4,5 **Mapping the instance as either primary/secondary on the Switch** SW1(config)# **spanning-tree mst 1 root primary** SW1(config)# **spanning-tree mst 2 root secondary** **Enabling MST on the switch** config mode - **spanning-tree mode mst** **Verfication Cmds** show spanning-tree mst 1 - verification show spanning-tree summary show spanning-tree mst configuration show spanning-tree mst configuration digest \*\*the digest information must match across all devices within an MST region. Switch(config)# interface ethernet 0/2 Switch (config-if)# spanning-tree mst 1 port-priority 64

Question 28

**MST Non Root Device**

Answer 28

## Footnote Once the root bridge has been determined, an MST non-root device uses this sequence to choose the best path to the root bridge: 1) Lowest root path cost 2) Lowest sender BID 3) Lowest sender Port\_ID Switch(config)# interface ethernet 0/2 Switch (config-if)# spanning-tree mst 1 port-priority 64

Question 29

**Portfast and BPDU Guard** **Overview**

Answer 29

**PortFast -** Cisco developed this to speed up the transition for access port devices, STP is designed to stop loops, however it runs on all ports by default. The STP delay of waiting for state transition of upto 50 seconds can cause issues with DHCP for network devices. **BPDU Guard -** Usually used in conjunction with PortFast, this will shut down an access port if it receives a bpdu received on the port. This is a mechanisim for stopping other switch devices from been introduced into the network and causing issues.

Question 30

**PortFast**

Answer 30

Transitions from blocking to forwarding state immediatley, used on access ports for PC's and Servers. In a valid PortFast configuration no BPDU's should ever be received. The only reason this may happen is if a user plugged a switch into a port. **Note** Because the purpose of PortFast is to minimize the time that access ports that are connecting to user equipment and servers must wait for spanning tree to converge, you should use it only on access ports. If you enable PortFast on a port that is connecting to another switch, you risk creating a spanning-tree loop. Keep in mind, that BPDU filter is available but not recommended.

Question 31

**BDPU Guard**

Answer 31

Portfast **BPDU Guard** allows network engineers to **create an STP domain boundary**, one that cannot be influenced by end users plugging devices into a network and causing issues on the network. Example of a BDPU received on a port with BPDU Guard enabled. It disables the port and puts it into an err disabled state. *2000 May 12 15:13:32 %SPANTREE-2-RX\_PORTFAST:Received BPDU on PortFast enable port. Disabling 2/1 2000 May 12 15:13:32 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1*

Question 32

**Configuring PortFast and BPDU Guard**

Answer 32

It can be configured port by port or globally. **Interface specific config** SwitchX(config)# interface FastEthernet0/1 SwitchX(config-if)# spanning-tree portfast SwitchX(config-if)# spanning-tree bpduguard enable **Global config** SwitchX(config)# spanning-tree portfast bpduguard default SwitchX(config)# spanning-tree portfast default **Verification Cmds** **show running-config interface** - to see that bpdu and portfast is configured on interfaces. **show spanning-tree summary** -to check that bpdu guard and portfast are configured globally.

Question 33

**Portfast and BPDU Continued**

Answer 33

## Footnote **Note** When you enable the PortFast feature globally, you will not see it under the interface configuration using show running-config interface type slot/port command. For this case, you should use show **spanning-tree interface** type slot/port portfast command or **show spanning-tree summary** command. **Note** When setting a port as an access port you can also use the command **switchport host**. This command will set the port as a switchport, set spanning-tree portfast, and disable port-channeling.

Question 34

Q. How long does it take a standard STP port without PortFast configured to progress from the blocked to the forwarding state?

Answer 34

50 seconds.

Question 35

Q. In which STP state does the port listen to BPDUs that it received and listens for new topology information that would cause it to transition back to the blocking state without populating the MAC address table with the addresses it learns and it does not forward any frames?

Answer 35

**Listening**. Listening receives BPDU's but does not populate any information in the Mac address table.

Question 36

Q. Which is the calculation used to determine the root port in the Spanning Tree Calculation? 1) The port with the fastest speed 2) The port that neighbor switch will forward traffic to 3) The port with the lowest cost to the root 4) The first port that becomes active

Answer 36

A. The port with the lowest cost to the root

Question 37

Q. In STP, what is the default factor that determines the cost of the path associated with a link? 1) the speed of the link 2) the type of link 3) the bridge priority 4 ) the duplex of the link

Answer 37

A. the speed of the link

Question 38

Q. Which two of the following options are IEEE variants of the Spanning Tree Protocol? (Choose two.) 1. RSTP 2. PVST+ 3. Rapid PVST+ 4. MSTP 5. VRRP

Answer 38

A. RSTP (802.1s) & MST (802.1w)

Question 39

Q Which of the following options is not an RSTP port state? 1. forwarding 2. blocking 3. discarding 4. learning

Answer 39

A. Blocking. Blocking was removed in RSTP and discarding now combines blocking and learning.

Question 40

Q. **Which type of RSTP link type is full duplex and assumes that the port is connected to a single device at the other end of the link?** 1. shared 2. serial 3. multi-link 4. point-to-point

Answer 40

A. point-to-point

Question 41

Q. **In MST, which of the following options is the first criteria used to choose the best path to the root bridge?** 1. lowest root path cost 2. lowest sender port ID 3. highest BID 4. lowest sender BID

Answer 41

A. Lowest root path cost.

Question 42

Q. **Which of following options is the protocol that will prevent a bridging loop if BPDUs are received on an interface that has the STP calculation disabled?** 1. PortFast 2. BPDU Guard 3. RSTP 4. MST

Answer 42

A. BPDU Guard

Question 43

Q. **Which command can you use to verify the MST port cost for instance 1?** 1. show spanning-tree mst 1 2. show spanning-tree 1 3. show spanning-tree mst instance 1 4. show spanning tree cost 1

Answer 43

A. show spanning-tree mst 1

Question 44

****Spanning Tree - Common Problems Seen

Answer 44

**Broadcast Storms** **Multiple Frame Transmissions** **Mac Database Instability**

Question 45

**BPDU Continued...**

Answer 45

Bridge protocol data units (BPDUs) are frames that have information about the STP. They are used for root bridge election and for loop identification. By default, BPDUs are sent out every 2 seconds.

Question 46

**Root Bridge Election**

Answer 46

Root bridge election is an ongoing process. If a new switch appears with a better bridge ID, it will be elected as the new root bridge. Recall that BID = Bridge Priority + MAC ... lowest mac is preferred and because of this, older switches which are introduced into the STP Topology can inadvertently become a root bridge. Bridge Priority can start at 0 and go up in incremets of 4096.

Question 47

**Root Port**

Answer 47

After the root bridge is elected, each nonroot bridge must figure out where it is in relation to the root bridge. The root port is the port with the best path to the root bridge. The port with the lowest cost to the root bridge is called the root port. If two ports have the same cost, the sender Port_ID is used to break the tie. To determine root ports on nonroot bridges, the cost value is used. The path cost is the cumulative cost of all links to the root bridge. The root port will have the lowest cost to the root bridge.

Question 48

**Designated Ports**

Answer 48

Only one of the links on a segment should forward traffic to and from that segment. The designated port, the one forwarding the traffic, is also chosen based on the lowest cost to the root bridge. On the root bridge, all ports are designated. You can have two paths with equal cost to the root bridge. STP uses the following criteria for best path determination, and so for determination of the designated and nondesignated ports on the segment: Lowest root path cost to the root bridge Lowest sender bridge ID Lowest sender port_ID

Question 49

**STP Port States**

Answer 49

Disabled Blocking Listening Learning Forwarding

Question 50

**STP Port Types**

Answer 50

Root Port Desginated Port Non Desginated Port Blocking/Disabled

Question 51

**STP - Content Questions** Which two port types in STP can forward traffic? (Choose two.)

Answer 51

Desginated and Root Port

Question 52

**STP - Content Questions** Which port on a non-root switch in STP is the closest logical port to the root switch?

Answer 52

A: Root port

Question 53

**STP Content Questions** Which option is used as a tiebreaker to determine the root bridge if two switches have the same bridge priority?

Answer 53

A: MAC Address

Question 54

STP Types and Features

Answer 54

STP/CST - 802.1D - IEEE PVST+ - Cisco enhancement MSTP - 802.1S (MST - cisco enhancement - 16 instances of 802.1w) RSTP - 802.1W Rapid PVST+ - Cisco Enhancement

Question 55

Introducing MST

Answer 55

Multiple Spanning Tree - Is defined within 802.1s IEEE Standards Before the IEEE Standard there was Cisco MISTP. Main Advantages are: * Grouping simplifies the tree structure * MST is backwards compatible with other STP Forms MST reduces the number of spanning tree instances which reduces the CPU loading of a Switch.

Question 56

MST Continued

Answer 56

A group of interconnected switches with matching MST configuration are called an MST Region. MST links between Switches should be configured as a Trunk and with no pruning of vlans. An IST (Internal Spanning Treet - instance 0) is created when you create MST. **Bear in mind that 4096 spanning tree instances can technically be created with CST

Question 57

MST Region

Answer 57

Need to be configured with: Name Revision Number VLAN Association Table

Question 58

Spanning Tree Verification

Answer 58

show spanning-tree summary - *useful cmd to see version and features* spanning-tree mst configuration show current - useful sub cmd to view mst related information show spanning-tree mst configuration digest - this output needs to be the same on all configured switches

Question 59

MST Configuration & Verfication

Answer 59

**Example ** **spanning-tree mst configuration** name CCNP revision 1 instance 1 vlan 2,3 instance 2 vlan 4,5 **spanning-tree mst 1 root primary** - sets instance 1 to primary root bridge **spanning-tree mst 2 root secondary** - sets a secondary root bridge for specified vlans **spanning-tree mode mst **- done at the end of the config to set the STP mode to MST **show spanning-tree mst 1** - useful cmd to see port states for MST instances

Question 60

MST Port Priority and costs

Answer 60

interface eth0/2 spanning-tree mst 1 port-priority 64 int eth0/2 spanning-tree mst 1 cost 1000000

Question 61

Portfast and BPDU Guard

Answer 61

Example configuration of turning on Portfst and bpdu guard. They normally go hand in hand as a protection mechanism for stopping other switches been introduced onto the network, they also allow access devices which are configured within access ports such as servers, clients, printers etc to transition straightaway to forwarding state.

Question 62

Portfast and BPDU Guard Continued

Answer 62

They can be configured globally with the below commands and verified with: spanning-tree portfast - per interface spanning-tree portfast default - global cmd spanning-tree bpduguard enable - per interface spanning-tree portfast bpduguard default - global cmd show running-config interfacetypeslot/port show spanning-tree interfacetypeslot/portportfast show spanning-tree summary

Question 63

STP Port Initialisation

Answer 63

The following shows the transition states that a port goes through

Question 64

Root Guard

Answer 64

Root guard is best deployed toward ports that connect to switches that should not be the root bridge. Root guard is enabled by using the spanning-tree guard root command in interface configuration mode.