|
|
This chapter describes how to configure spanning tree on Catalyst 6000 family switches.
This chapter consists of these sections:
These sections describe how spanning tree works:
Spanning tree is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Spanning tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.
The Catalyst 6000 family switches use the Spanning Tree Protocol (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of spanning tree runs on each configured VLAN (provided you do not manually disable spanning tree). You can enable and disable spanning tree on a per-VLAN basis.
When you create fault-tolerant internetworks, you must have a loop-free path between all nodes in a network. The spanning tree algorithm calculates the best loop-free path throughout a switched Layer 2 network. Switches send and receive spanning tree frames at regular intervals. The switches do not forward these frames, but use the frames to construct a loop-free path.
Multiple active paths between end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages. In addition, switches might learn end station MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network.
Spanning tree defines a tree with a root switch and a loop-free path from the root to all switches in the Layer 2 network. Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning tree algorithm recalculates the spanning tree topology and activates the standby path.
When two ports on a switch are part of a loop, the spanning tree port priority and port path cost setting determine which port is put in the forwarding state and which port is put in the blocking state. The spanning tree port priority value represents the location of an interface in the network topology and how well located it is to pass traffic. The spanning tree port path cost value represents media speed.
All switches in the Layer 2 network participating in spanning tree gather information about other switches in the network through an exchange of data messages called Bridge Protocol Data Units (BPDUs). This exchange of messages results in the following actions:
For each VLAN, the switch with the highest bridge priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch.
The spanning tree root switch is the logical center of the spanning tree topology in a switched network. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in spanning tree blocking mode.
BPDUs contain information about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost. Spanning tree uses this information to elect the root bridge and root port for the switched network, as well as the root port and designated port for each switched segment.
The stable active spanning tree topology of a switched network is determined by the following:
The BPDUs are transmitted in one direction from the root switch and each switch sends configuration BPPDUs to communicate and compute the spanning tree topology. Each configuration BPDU contains the following minimal information:
When a switch transmits a BPDU frame, all switches connected to the LAN on which the frame is transmitted receive the BPDU. When a switch receives a BPDU, it does not forward the frame but instead uses the information in the frame to calculate a BPDU, and, if the topology changes, initiate a BPDU transmission.
A BPDU exchange results in the following:
Table 10-1 describes the spanning tree protocol timers that affect the entire spanning tree performance.
| Variable | Description |
|---|---|
Hello timer | Determines how often the switch broadcasts hello messages to other switches. |
Forward delay timer | Determines the how long each of the listening and learning states will last before the port begins forwarding. |
Maximum age timer | Determines the amount of time protocol information received on a port is stored by the switch. |
In Figure 10-1, Switch A is elected as the root bridge because the bridge priority of all the switches is set to the default (32768) and Switch A has the lowest MAC address. However, due to traffic patterns, number of forwarding ports, or link types, Switch A might not be the ideal root bridge. By increasing the priority (lowering the numerical value) of the ideal switch so that it becomes the root bridge, you force a spanning tree recalculation to form a new spanning tree topology with the ideal switch as the root.
When the spanning tree topology is calculated based on default parameters, the path between source and destination end stations in a switched network might not be ideal. For instance, connecting higher-speed links to a port that has a higher number than the current root port can cause a root-port change. The goal is to make the fastest link the root port.
For example, assume that one port on Switch B is a fiber-optic link, and another port on Switch B (an unshielded twisted-pair [UTP] link) is the root port. Network traffic might be more efficient over the high-speed fiber-optic link. By changing the spanning tree port priority on the fiber-optic port to a higher priority (lower numerical value) than the root port, the fiber-optic port becomes the new root port.
Propagation delays can occur when protocol information passes through a switched LAN. As a result, topology changes can take place at different times and at different places in a switched network. When a Layer 2 interface transitions directly from nonparticipation in the spanning tree topology to the forwarding state, it can create temporary data loops. Ports must wait for new topology information to propagate through the switched LAN before starting to forward frames. They must allow the frame lifetime to expire for frames that have been forwarded using the old topology.
Each Layer 2 interface on a switch using spanning tree exists in one of the following five states:
A Layer 2 interface moves through these five states as follows:
Figure 10-2 illustrates how a Layer 2 interface moves through the five states.
When you enable spanning tree, every port in the switch, VLAN, or network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 interface stabilizes to the forwarding or blocking state.
When the spanning tree algorithm places a Layer 2 interface in the forwarding state, the following process occurs:
1. The Layer 2 interface is put into the listening state while it waits for protocol information that suggests it should go to the blocking state.
2. The Layer 2 interface waits for the forward delay timer to expire, moves the Layer 2 interface to the learning state, and resets the forward delay timer.
3. In the learning state, the Layer 2 interface continues to block frame forwarding as it learns end station location information for the forwarding database.
4. The Layer 2 interface waits for the forward delay timer to expire and then moves the Layer 2 interface to the forwarding state, where both learning and frame forwarding are enabled.
A Layer 2 interface in the blocking state does not participate in frame forwarding, as shown in Figure 10-3. After initialization, a BPDU is sent out to each Layer 2 interface in the switch. A switch initially assumes it is the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root bridge. If there is only one switch in the network, no exchange occurs, the forward delay timer expires, and the ports move to the listening state. A port always enters the blocking state following switch initialization.
A Layer 2 interface in the blocking state performs as follows:
The listening state is the first transitional state a Layer 2 interface enters after the blocking state. The Layer 2 interface enters this state when spanning tree determines that the Layer 2 interface should participate in frame forwarding. Figure 10-4 shows a Layer 2 interface in the listening state.
A Layer 2 interface in the listening state performs as follows:
A Layer 2 interface in the learning state prepares to participate in frame forwarding. The Layer 2 interface enters the learning state from the listening state. Figure 10-5 shows a Layer 2 interface in the learning state.
A Layer 2 interface in the learning state performs as follows:
A Layer 2 interface in the forwarding state forwards frames, as shown in Figure 10-6. The Layer 2 interface enters the forwarding state from the learning state.
A Layer 2 interface in the forwarding state performs as follows:
A Layer 2 interface in the disabled state does not participate in frame forwarding or spanning tree, as shown in Figure 10-7. A Layer 2 interface in the disabled state is virtually nonoperational.
A disabled Layer 2 interface performs as follows:
The supervisor engine has a pool of 1024 MAC addresses that are used as the bridge IDs for the VLAN spanning trees. You can use the show catalyst6000 chassis-mac-address command to view the MAC address range.
MAC addresses are allocated sequentially, with the first MAC address in the range assigned to VLAN 1, the second MAC address in the range assigned to VLAN 2, and so forth. For example, if the MAC address range is 00-e0-1e-9b-2e-00 to 00-e0-1e-9b-31-ff, the VLAN 1 bridge ID is 00-e0-1e-9b-2e-00, the VLAN 2 bridge ID is 00-e0-1e-9b-2e-01, the VLAN 3 bridge ID is 00-e0-1e-9b-2e-02, and so forth.
802.1Q VLAN trunks impose some limitations on the spanning tree strategy for a network. In a network of Cisco switches connected through 802.1Q trunks, the switches maintain one instance of spanning tree for each VLAN allowed on the trunks. However, non-Cisco 802.1Q switches maintain only one instance of spanning tree for all VLANs allowed on the trunks.
When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the 802.1Q VLAN of the trunk with the spanning tree instance of the non-Cisco 802.1Q switch. However, all per-VLAN spanning tree information is maintained by Cisco switches separated by a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches.
Table 10-2 shows the default spanning tree configuration.
| Feature | Default Value |
|---|---|
Enable state | Spanning tree enabled for all VLANs |
Bridge priority | 32768 |
Spanning tree port priority (configurable on a per-interface basis---used on interfaces configured as Layer 2 access ports) | 128 |
Spanning tree port cost (configurable on a per-interface basis---used on interfaces configured as Layer 2 access ports) |
|
Spanning tree VLAN port priority (configurable on a per-VLAN basis---used on interfaces configured as Layer 2 trunk ports) | 128 |
Spanning tree VLAN port cost (configurable on a per-VLAN basis---used on interfaces configured as Layer 2 trunk ports) |
|
Hello time | 2 seconds |
Forward delay time | 15 seconds |
Maximum aging time | 20 seconds |
These sections describe how to configure spanning tree on VLANs:
You can enable spanning tree on a per-VLAN basis. The switch maintains a separate instance of spanning tree for each VLAN (except on VLANs on which you disable spanning tree).
To enable spanning tree on a per-VLAN basis, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# spanning-tree vlan vlan_ID | Enable spanning tree on a per-VLAN basis. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# | Verify that spanning tree is enabled. |
This example shows how to enable spanning tree on VLAN 200:
Router# configure terminal Router(config)# spanning-tree vlan 200 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show spanning-tree vlan 200
VLAN200 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0050.3e8d.6401
Configured hello time 2, max age 20, forward delay 15
Current root has priority 16384, address 0060.704c.7000
Root port is 264 (FastEthernet5/8), cost of root path is 38
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 01:53:48 ago
Times: hold 1, topology change 24, notification 2
hello 2, max age 14, forward delay 10
Timers: hello 0, topology change 0, notification 0
Port 264 (FastEthernet5/8) of VLAN200 is forwarding
Port path cost 19, Port priority 128, Port Identifier 129.9.
Designated root has priority 16384, address 0060.704c.7000
Designated bridge has priority 32768, address 00e0.4fac.b000
Designated port id is 128.2, designated path cost 19
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 3, received 3417
Router#
The Catalyst 6000 family of switches maintains a separate instance of spanning tree for each active VLAN configured on the switch. A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge ID will become the root bridge for that VLAN.
To configure a VLAN instance to become the root bridge, the bridge priority can be modified from the default value (32768) to a significantly lower value so that the bridge becomes the root bridge for the specified VLAN. Use the spanning-tree vlan vlan-ID root command to alter the bridge priority.
The switch checks the bridge priority of the current root bridges for each VLAN. The bridge priority for the specified VLANs is set to 8192 if this value will cause the switch to become the root for the specified VLANs.
If any root switch for the specified VLANs has a bridge priority lower than 8192, the switch sets the bridge priority for the specified VLANs to 1 less than the lowest bridge priority.
For example, if all switches in the network have the bridge priority for VLAN 100 set to the default value of 32768, entering the spanning-tree vlan 100 root primary command on a switch will set the bridge priority for VLAN 100 to 8192, causing the switch to become the root bridge for VLAN 100.
Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of bridge hops between any two end stations in the Layer 2 network). When you specify the network diameter, the switch automatically picks an optimal hello time, forward delay time, and maximum age time for a network of that diameter, which can significantly reduce the spanning tree convergence time. You can use the hello keyword to override the automatically calculated hello time.
To configure a switch as the root switch, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# [no] spanning-tree vlan vlan_ID root primary [diameter hops [hello-time seconds]] | Configure a switch as the root switch. Use the no form of this command to restore the defaults. | ||
| Router(config)# exit | Exit configuration mode. |
This example shows how to configure the switch as the root bridge for VLAN 10, with a network diameter of 4:
Router# configure terminal Router(config)# spanning-tree vlan 10 root primary diameter 4 Router(config)# exit Router#
When you configure a switch as the secondary root, the spanning tree bridge priority is modified from the default value (32768) to 16384 so that the switch is likely to become the root bridge for the specified VLANs if the primary root bridge fails (assuming the other switches in the network use the default bridge priority of 32768).
You can run this command on more than one switch to configure multiple backup root switches. Use the same network diameter and hello time values as you used when configuring the primary root switch.
To configure a switch as the secondary root switch, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# [no] spanning-tree vlan vlan_ID root secondary [diameter hops [hello-time seconds]] | Configure a switch as the secondary root switch. Use the no form of this command to restore the defaults. | ||
| Router(config)# exit | Exit configuration mode. |
This example shows how to configure the switch as the secondary root switch for VLAN 10, with a network diameter of 4:
Router# configure terminal Router(config)# spanning-tree vlan 10 root secondary diameter 4 Router(config)# exit Router#
In the event of a loop, spanning tree considers port priority when selecting an interface to put into the forwarding state. You can assign higher priority values to interfaces that you want spanning tree to select first and lower priority values to interfaces that you want spanning tree to select last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks other interfaces. The possible priority range is 0 through 255, configurable in increments of 4 (the default is 128).
IOS uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is configured as a trunk port.
To configure the spanning tree port priority of an interface, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# interface {{ethernet | fastethernet | gigabitethernet} slot/port} | {port-channel port_channel_number}
| Select an interface to configure. | ||
| Router(config-if)# [no] spanning-tree port-priority port_priority | Configure the port priority for an interface. The port_priority value can be from 1 to 255 in increments of 4. Use the no form of this command to restore the defaults. | ||
| Router(config-if)# [no] spanning-tree vlan vlan_ID port-priority port_priority | Configure the VLAN port priority for an interface. The port_priority value can be from 1 to 255 in increments of 4. Use the no form of this command to restore the defaults. | ||
| Router(config-if)# exit | Exit interface configuration mode. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# | Verify the configuration. |
This example shows how to configure the spanning tree port priority of a Fast Ethernet interface:
Router# configure terminal Router(config)# interface fastethernet 5/8 Router(config-if)# spanning-tree port-priority 100 Router(config-if)# exit Router(config)# exit Router#
This example shows how to verify the configuration of the interface when it is configured as an access port:
Router# show spanning-tree interface fastethernet 5/8 Port 264 (FastEthernet5/8) of VLAN200 is forwarding Port path cost 19, Port priority 100, Port Identifier 129.8. Designated root has priority 32768, address 0010.0d40.34c7 Designated bridge has priority 32768, address 0010.0d40.34c7 Designated port id is 128.1, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 0, received 13513 Router#
This example shows how to configure the VLAN port priority of an interface:
Router# configure terminal Router(config)# interface fastethernet 5/8 Router(config-if)# spanning-tree vlan 200 port-priority 64 Router(config-if)# exit Router(config)# exit Router#
This example shows how to verify the configuration of VLAN 200 on the interface when it is configured as a trunk port:
Router# show spanning-tree vlan 200 <...output truncated...> Port 264 (FastEthernet5/8) of VLAN200 is forwarding Port path cost 19, Port priority 64, Port Identifier 129.8. Designated root has priority 32768, address 0010.0d40.34c7 Designated bridge has priority 32768, address 0010.0d40.34c7 Designated port id is 128.1, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 0, received 13513 <...output truncated...> Router#
The spanning tree port path cost default value is derived from the media speed of an interface. In the event of a loop, spanning tree considers port cost when selecting an interface to put into the forwarding state. You can assign lower cost values to interfaces that you want spanning tree to select first and higher cost values to interfaces that you want spanning tree to select last. If all interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks other interfaces. The possible cost range is 0 through 65535 (the default is media-specific).
Spanning tree uses the port cost value when the interface is configured as an access port and uses VLAN port cost values when the interface is configured as a trunk port.
To configure the spanning tree port cost of an interface, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# interface {{ethernet | fastethernet | gigabitethernet} slot/port} | {port-channel port_channel_number}
| Select an interface to configure. | ||
| Router(config-if)# [no] spanning-tree cost port_cost | Configure the port cost for an interface. The port_cost value can be from 1 to 65535. Use the no form of this command to restore the defaults. | ||
| Router(config-if)# [no] spanning-tree vlan vlan_ID cost port_cost | Configure the VLAN port cost for an interface. The port_cost value can be from 1 to 65535. Use the no form of this command to restore the defaults. | ||
| Router(config-if)# exit | Exit interface configuration mode. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# | Verify the configuration. |
This example shows how to change the spanning tree port cost of a Fast Ethernet interface:
Router# configure terminal Router(config)# interface fastethernet 5/8 Router(config-if)# spanning-tree cost 18 Router(config-if)# exit Router(config)# exit Router#
This example shows how to verify the configuration of the interface when it is configured as an access port:
Router# show spanning-tree interface fastethernet 5/8 Port 264 (FastEthernet5/8) of VLAN200 is forwarding Port path cost 18, Port priority 100, Port Identifier 129.8. Designated root has priority 32768, address 0010.0d40.34c7 Designated bridge has priority 32768, address 0010.0d40.34c7 Designated port id is 128.1, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 0, received 13513 Router#
This example shows how to configure the spanning tree VLAN port cost of a Fast Ethernet interface:
Router# configure terminal Router(config)# interface fastethernet 5/8 Router(config-if)# spanning-tree vlan 200 cost 17 Router(config-if)# exit Router(config)# exit Router#
This example shows how to verify the configuration of VLAN 200 on the interface when it is configured as a trunk port:
Router# show spanning-tree vlan 200 <...output truncated...> Port 264 (FastEthernet5/8) of VLAN200 is forwarding Port path cost 17, Port priority 64, Port Identifier 129.8. Designated root has priority 32768, address 0010.0d40.34c7 Designated bridge has priority 32768, address 0010.0d40.34c7 Designated port id is 128.1, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 0, received 13513 <...output truncated...> Router#
To configure the spanning tree bridge priority of a VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# [no] spanning-tree vlan vlan_ID priority bridge_priority | Configure the bridge priority of a VLAN. The bridge_priority value can be from 1 to 65535. Use the no form of this command to restore the defaults. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# show spanning-tree vlan vlan_ID bridge [brief] | Verify the configuration. |
This example shows how to configure the bridge priority of VLAN 200 to 33792:
Router# configure terminal Router(config)# spanning-tree vlan 200 priority 33792 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show spanning-tree vlan 200 bridge brief
Hello Max Fwd
Vlan Bridge ID Time Age Delay Protocol
---------------- -------------------- ---- ---- ----- --------
VLAN200 33792 0050.3e8d.64c8 2 20 15 ieee
Router#
To configure the spanning tree hello time of a VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# [no] spanning-tree vlan vlan_ID hello-time hello_time | Configure the hello time of a VLAN. The hello_time value can be from 1 to 10 seconds. Use the no form of this command to restore the defaults. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# show spanning-tree vlan vlan_ID bridge [brief] | Verify the configuration. |
This example shows how to configure the hello time for VLAN 200 to 7 seconds:
Router# configure terminal Router(config)# spanning-tree vlan 200 hello-time 7 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show spanning-tree vlan 200 bridge brief
Hello Max Fwd
Vlan Bridge ID Time Age Delay Protocol
---------------- -------------------- ---- ---- ----- --------
VLAN200 49152 0050.3e8d.64c8 7 20 15 ieee
Router#
To configure the spanning tree forward delay time for a VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# [no] spanning-tree vlan vlan_ID forward-time forward_time | Configure the forward time of a VLAN. The forward_time value can be from 4 to 30 seconds. Use the no form of this command to restore the defaults. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# show spanning-tree vlan vlan_ID bridge [brief] | Verify the configuration. |
This example shows how to configure the forward delay time for VLAN 200 to 21 seconds:
Router# configure terminal Router(config)# spanning-tree vlan 200 forward-time 21 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show spanning-tree vlan 200 bridge brief
Hello Max Fwd
Vlan Bridge ID Time Age Delay Protocol
---------------- -------------------- ---- ---- ----- --------
VLAN200 49152 0050.3e8d.64c8 2 20 21 ieee
Router#
To configure the spanning tree maximum aging time for a VLAN, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# [no] spanning-tree vlan vlan_ID max-age max_age | Configure the maximum aging time of a VLAN. The max_age value can be from 6 to 40 seconds. Use the no form of this command to restore the defaults. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# show spanning-tree vlan vlan_ID bridge [brief] | Verify the configuration. |
This example shows how to configure the maximum aging time for VLAN 200 to 36 seconds:
Router# configure terminal Router(config)# spanning-tree vlan 200 max-age 36 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show spanning-tree vlan 200 bridge brief
Hello Max Fwd
Vlan Bridge ID Time Age Delay Protocol
---------------- -------------------- ---- ---- ----- --------
VLAN200 49152 0050.3e8d.64c8 2 36 15 ieee
Router#
To disable spanning tree on a per-VLAN basis, perform this task:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)# no spanning-tree vlan vlan_ID | Disable spanning tree on a per-VLAN basis. | ||
| Router(config)# exit | Exit configuration mode. | ||
| Router# | Verify that spanning tree is disabled. |
This example shows how to disable spanning tree on VLAN 200:
Router# configure terminal Router(config)# no spanning-tree vlan 200 Router(config)# exit Router#
This example shows how to verify the configuration:
Router# show spanning-tree vlan 200 <...output truncated...> Spanning tree instance for VLAN 200 does not exist. Router#
Posted: Mon Jan 3 14:34:18 PST 2000
Copyright 1989-1999©Cisco Systems Inc.