|
|
This chapter consists of these sections:
STP is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path must exist at Layer 2 between two stations. STP operation is transparent to end stations, which do not detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.
The Catalyst 6000 and 6500 series switches use STP (IEEE 802.1D bridge protocol) on all Ethernet virtual LANS (VLANs). When you create fault-tolerant internetworks, you must have a loop-free path between all nodes in a network. In STP, an algorithm calculates the best loop-free path throughout a Catalyst-switched network. The switches send and receive spanning-tree packets at regular intervals. The switches do not forward the packets, but use the packets to identify a loop-free path. The default configuration has STP enabled for all VLANs.
Multiple active paths between stations cause loops in the network. If a loop exists in the network, you might receive duplicate messages. When loops occur, some switches see stations on both sides of the switch. This condition confuses the forwarding algorithm and allows duplicate frames to be forwarded.
To provide path redundancy, STP defines a tree that spans all switches in an extended network. STP forces certain redundant data paths into a standby (blocked) state. If one network segment in the STP becomes unreachable, or if STP costs change, the spanning-tree algorithm reconfigures the spanning-tree topology and reestablishes the link by activating the standby path.
All switches in an extended LAN participating in STP gather information on other switches in the network through an exchange of data messages called Bridge Protocol Data Units (BPDUs). This exchange of messages results in the following actions:
The STP root switch is the logical center of the spanning-tree topology in a switched network. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in STP backup mode. Table 7-1 describes the root switch variables that affect the entire spanning-tree performance.
| Variable | Description |
|---|---|
Determines how often the switch broadcasts its hello message to other switches. | |
Measures the age of the received protocol information recorded for a port and ensures that this information is discarded when its age limit exceeds the value of the maximum age parameter recorded by the switch. The timeout value is the maximum age parameter of the switches. | |
Monitors the time spent by a port in the learning and listening states. The timeout value is the forward delay parameter of the switches. |
BPDUs contain information about the transmitting switch and its ports, including switch and port Media Access Control (MAC) addresses, switch priority, port priority, and port cost. The STP uses this information to elect the root switch and root port for the switched network, as well as the root port and designated port for each switched segment.
Figure 7-1 shows how BPDUs enable an STP topology.
The stable active topology of a switched network is determined by the following:
Each configuration BPDU contains the following minimal information:
The switch broadcasts configuration BPDUs to communicate and compute the spanning-tree topology. A MAC frame conveying a BPDU sends the switch group address to the destination address field. All switches connected to the LAN on which the frame is transmitted receive the BPDU. BPDUs are not directly forwarded by the switch, but the receiving switch uses the information in the frame to calculate a BPDU, and, if topology changes, initiate a BPDU transmission.
A BPDU exchange results in the following:
If all switches are enabled with default settings, the switch with the lowest MAC address in the network becomes the root switch. In Figure 7-2, Switch A is the root switch because it has the lowest MAC address. However, due to traffic patterns, number of forwarding ports, or line types, Switch A might not be the ideal root switch. By increasing the priority (lowering the numerical priority number) of the ideal switch so that it becomes the root switch, you force STP to recalculate a new, stable topology.
When the stable STP topology is based on default parameters, the path between source and destination stations in a switched network might not be the most ideal. For instance, connecting higher-speed links to a port that has a higher number than the current root port can cause a root-port change. The goal is to make the fastest link the root port.
For example, assume that port 2 on Switch B is a fiber-optic link, and that port 1 on Switch B (an unshielded twisted-pair [UTP] link) is the root port. Network traffic might be more efficient over the high-speed fiber-optic link. By changing the Port Priority parameter for port 2 to a higher priority (lower numerical value) than port 1, port 2 becomes the root port. The same change can occur by changing the Port Cost parameter for port 2 to a lower value than that of port 1.
Propagation delays can occur when protocol information passes through a switched LAN. As a result, topology changes can take place at different times and at different places in a switched network. When a switch port transitions directly from nonparticipation in the stable topology to the forwarding state, it can create temporary data loops. Ports must wait for new topology information to propagate through the switched LAN before starting to forward frames. They must allow the frame lifetime to expire for frames that have been forwarded using the old topology.
Each port on a switch using STP exists in one of the following five states:
A port moves through these five states as follows:
Figure 7-3 illustrates how a port moves through the five states.
You can modify each port state by using management software. When you enable STP, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, the ports then stabilize to the forwarding or blocking state.
When the spanning-tree algorithm places a port in the forwarding state, the following occurs:
A port in the blocking state does not participate in frame forwarding, as shown in Figure 7-4. After initialization, a BPDU is sent to each port in the switch. A switch initially assumes it is the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is really the root. If only one switch resides in the network, no exchange occurs, the forward delay timer expires, and the ports move to the listening state. A switch always enters the blocking state following switch initialization.
A port in the blocking state performs as follows:
The listening state is the first transitional state a port enters after the blocking state (see Figure 7-5). The port enters this state when STP determines that the port should participate in frame forwarding. Learning is disabled in the listening state.
A port in the listening state performs as follows:
A port in the learning state prepares to participate in frame forwarding. The port enters the learning state from the listening state.
A port in the learning state performs as follows:
A port in the forwarding state forwards frames (see Figure 7-6). The port enters the forwarding state from the learning state.
A port in the forwarding state performs as follows:
 | Caution Use the immediate-forwarding (portfast) mode only on ports connected to individual workstations to allow these ports to come up and go directly to the forwarding state, instead of going through the entire spanning-tree initialization process. To prevent illegal topologies, enable STP on ports connected to switches or other devices that forward messages. |
A port in the disabled state does not participate in frame forwarding or STP (see Figure 7-7).
A disabled port performs as follows:
Table 7-2 shows the default STP configuration.
| Feature | Default Value |
|---|---|
Enable state | STP enabled for all VLANs. |
Port priority | 128 |
Port cost | 62 |
Bridge Priority | 32,768 |
These sections describe how to configure STP:
To enable STP for all VLANs, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable spanning tree. | set spantree enable {vlan | all} |
Step 2 Verify that spanning tree is enabled. | show spantree [vlan] |
This example shows how to enable spanning tree and verify that it is enabled on a selected VLAN:
Console> (enable) set spantree enable all Spanning tree is enabled. Console> (enable) show spantree 100 VLAN 100 Spanning tree enabled Spanning tree type ieee Designated Root 00-10-0d-40-34-63 Designated Root Priority 32768 Designated Root Cost 19 Designated Root Port 1/2 Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Bridge ID MAC ADDR 00-10-0d-aa-cc-63 Bridge ID Priority 32768 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Port Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 1/2 100 forwarding 19 32 disabled Console> (enable)
You can change the port priority of switch ports. The port with the lowest priority value forwards frames for all VLANs. The possible port-priority range is 0 through 63. The default is 32. If all ports have the same priority value, the port with the lowest port number forwards frames.
To change the port priority for a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Change the port priority for a switch port. | set spantree portpri mod_num/port_num priority [vlans] |
Step 2 Verify the port priority setting. | show spantree [mod_num/port_num] |
This example shows how to change the port priority for a port and verify the configuration:
Console> (enable) set spantree portpri 1/2 20 Bridge port 1/2 port priority set to 20. Console> (enable) show spantree 1/2 Port Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 1/2 1 blocking 19 20 disabled 1/2 100 forwarding 19 20 disabled 1/2 521 blocking 19 20 disabled 1/2 522 blocking 19 20 disabled 1/2 523 blocking 19 20 disabled 1/2 524 blocking 19 20 disabled 1/2 1003 not-connected 19 20 disabled 1/2 1005 not-connected 19 4 disabled Console> (enable)
You can set the port priority for a port on a per-VLAN basis. The port with the lowest priority value for a specific VLAN forwards frames for that VLAN. The possible port-VLAN priority range is 0 through 63. The default is 32. If all ports have the same priority value for a particular VLAN, the port with the lowest port number forwards frames for that VLAN.
To change the port-VLAN priority for a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Change the port-VLAN priority for a VLAN on a switch port. | set spantree portvlanpri mod_num/port_num priority [vlans] |
Step 2 Verify the port-VLAN priority setting. | show spantree [mod_num/port_num] |
This example shows how to change the port-VLAN priority on a port and verify the configuration:
Console> (enable) set spantree portvlanpri 1/2 1 100 Port 1/2 vlans 1-99,101-1004 using portpri 32. Port 1/2 vlans 100 using portpri 1. Port 1/2 vlans 1005 using portpri 4. Console> (enable) show spantree 1/2 Port Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 1/2 1 blocking 19 32 disabled
1/2 100 forwarding 19 1 disabled 1/2 521 blocking 19 32 disabled 1/2 522 blocking 19 32 disabled 1/2 523 blocking 19 32 disabled 1/2 524 blocking 19 32 disabled 1/2 1003 not-connected 19 32 disabled 1/2 1005 not-connected 19 4 disabled Console> (enable)
You can change the port cost of switch ports. Ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media.The possible range is 1 to 65535. The default differs for different media. Path cost is typically 1000 ÷ LAN speed in megabits per second.
To change the port cost for a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Change the port cost for a switch port. | set spantree portcost mod_num/port_num cost |
Step 2 Verify the port cost setting. | show spantree [mod_num/port_num] |
This example shows how to change the port-VLAN priority on a port and verify the configuration:
Console> (enable) set spantree portcost 1/2 10 Spantree port 1/2 path cost set to 10. Console> (enable) show spantree 1/2 Port Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 1/2 1 forwarding 10 20 disabled 1/2 100 forwarding 10 20 disabled 1/2 521 forwarding 10 20 disabled 1/2 522 forwarding 10 20 disabled 1/2 523 forwarding 10 20 disabled 1/2 524 forwarding 10 20 disabled 1/2 1003 not-connected 10 20 disabled 1/2 1005 not-connected 10 4 disabled Console> (enable)
You can change the port cost for a port on a per-VLAN basis. Ports with lower port-VLAN costs are more likely to be chosen to forward frames. You should assign lower numbers to ports attached to faster media (such as full duplex) and higher numbers to ports attached to slower media. The possible range is 1 to 65535. The default differs for different media.
To change the port-VLAN cost for a port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Change the port-VLAN cost for a VLAN on a switch port. | set spantree portvlancost mod_num/port_num cost cost [vlans] |
Step 2 Verify the port-VLAN cost setting. | show spantree [mod_num/port_num] |
This example shows how to change the port-VLAN priority on a port and verify the configuration:
Console> (enable) set spantree portvlancost 1/2 cost 10 100 Port 1/2 VLANs 1-99,101-1005 have path cost 19. Port 1/2 VLANs 100 have path cost 10. Console> (enable) show spantree 1/2 Port Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 1/2 1 blocking 19 20 disabled
1/2 100 forwarding 10 20 disabled 1/2 521 blocking 19 20 disabled 1/2 522 blocking 19 20 disabled 1/2 523 blocking 19 20 disabled 1/2 524 blocking 19 20 disabled 1/2 1003 not-connected 19 20 disabled 1/2 1005 not-connected 19 4 disabled Console> (enable)
With spanning-tree PortFast, a switch port connected to a single workstation or server can connect faster by causing spanning tree to enter the forwarding state immediately, bypassing the listening and learning states.
To enable PortFast on a switch port, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable PortFast on a switch port connected to a single workstation or server. | set spantree portfast mod_num/port_num {enable | disable} |
Step 2 Verify the PortFast setting. | show spantree [mod_num/port_num] |
This example shows how to enable PortFast on a port and verify the configuration:
Console> (enable) set spantree portfast 1/2 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution. Spantree port 1/2 fast start enabled. Console> (enable) show spantree 1/2 Port Vlan Port-State Cost Priority Fast-Start Group-method --------- ---- ------------- ----- -------- ---------- ------------ 1/2 1 blocking 19 20 enabled 1/2 100 forwarding 10 20 enabled 1/2 521 blocking 19 20 enabled 1/2 522 blocking 19 20 enabled 1/2 523 blocking 19 20 enabled 1/2 524 blocking 19 20 enabled 1/2 1003 not-connected 19 20 enabled 1/2 1005 not-connected 19 4 enabled Console> (enable)
To configure a switch as the primary root switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Configure a switch as the primary root switch. | set spantree root vlans [dia network_diameter] [hello hello_time] |
This example shows how to specify the primary root switch for VLANs 1-10:
Console> (enable) set spantree root 1-10 dia 4 VLANs 1-10 bridge priority set to 8192 VLANs 1-10 bridge max aging time set to 14 seconds. VLANs 1-10 bridge hello time set to 2 seconds. VLANs 1-10 bridge forward delay set to 9 seconds. Switch is now the root switch for active VLANs 1-6. Console> (enable)
The set spantree root command reduces the bridge priority (the value associated with the switch) from the default (32,768) to a significantly lower value, which allows the switch to become the root switch.
When you specify a switch as the primary root, the default bridge priority is modified so that it becomes the root for the specified VLANs. Set the bridge priority to 8192. If this setting does not result in the switch becoming a root, modify the bridge priority to be 100 less than the bridge priority of the current root switch. Since different VLANs could potentially have different root switches, the bridge VLAN-priority chosen makes this switch the root for all the VLANs specified. If reducing the bridge priority as low as 1 still does not make the switch the root switch, the switch displays a message.
To configure a switch as the secondary root switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Configure a switch as the secondary root switch. | set spantree root [secondary] vlans [dia network_diameter] [hello hello_time] |
This example shows how to specify the secondary root switch for VLANs 22 and 24:
Console> (enable) set spantree root secondary 22,24 dia 5 hello 1 VLANs 22,24 bridge priority set to 16384. VLANs 22,24 bridge max aging time set to 10 seconds. VLANs 22,24 bridge hello time set to 1 second. VLANs 22,24 bridge forward delay set to 7 seconds. Console> (enable)
The set spantree root secondary command reduces the bridge priority to 16,384, making it the probable candidate to become the root switch if the primary root switch fails. You can run this command on more than one switch to create multiple backup switches in case the primary root switch fails.
To configure additional STP parameters, perform one of these tasks in privileged mode:
| Task | Command |
| set spantree fwddelay delay [vlan] |
set spantree hello interval | |
set spantree maxage agingtime [vlan] | |
set spantree priority bridge_priority [vlan] |
To disable STP across all VLANs, enter this command in privileged mode:
| Task | Command |
|---|---|
Disable STP. | set spantree disable [vlan] |
This section describes the UplinkFast feature (also known as the spanning-tree Uplink Fast Switchover feature):
UplinkFast provides fast convergence after a spanning-tree topology change and achieves load balancing between redundant links using uplink groups. An uplink group is a set of ports (per VLAN), only one of which is forwarding at any given time. An uplink group consists of the root port (which is forwarding) and a set of blocked ports, except for self-looping ports. The uplink group provides an alternate path in case the currently forwarding link fails.
Figure 7-8 shows an example topology with no link failures. Switch A, the root switch, is connected directly to Switch B over link L1 and to Switch C over link L2. The port on Switch C that is connected directly to Switch B is in the blocking state.
If Switch C detects a link failure on the currently active link L2 (a direct link failure), UplinkFast unblocks the blocked port on Switch C and transitions it to the forwarding state without going through the listening and learning states (see Figure 7-9). This switchover takes approximately one to five seconds.
To enable UplinkFast, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable UplinkFast on the switch. | set spantree uplinkfast enable [rate station_update_rate] [all-protocols off | on] |
Step 2 Verify that UplinkFast is enabled. | show spantree uplinkfast |
The set spantree uplinkfast enable command increases the path cost of all ports on the switch, making it unlikely that the switch becomes the root switch. The station_update_rate value represents the number of multicast packets transmitted per 100 milliseconds (the default is 15 packets per millisecond).
This example shows how to enable UplinkFast with a station-update rate of 40 packets per 100 milliseconds and how to verify that UplinkFast is enabled:
Console> (enable) set spantree uplinkfast enable VLANs 1-1005 bridge priority set to 49152. The port cost and portvlancost of all ports set to above 3000. Station update rate set to 15 packets/100ms. uplinkfast all-protocols field set to off. uplinkfast enabled for bridge. Console> (enable) show spantree uplinkfast Station update rate set to 15 packets/100ms. uplinkfast all-protocols field set to off. VLAN port list ----------------------------------------------- 1 1/1(fwd),1/2 100 1/2(fwd) 521 1/1(fwd),1/2 522 1/1(fwd),1/2 523 1/1(fwd),1/2 524 1/1(fwd),1/2 Console> (enable)
This section describes the BackboneFast feature (also known as the spanning-tree Backbone Fast Convergence feature):
BackboneFast is initiated when a root port or blocked port on a switch receives inferior BPDUs from its designated bridge. An inferior BPDU identifies one switch as both the root bridge and the designated bridge. When a switch receives an inferior BPDU, it indicates that a link to which the switch is not directly connected (an indirect link) has failed (that is, the designated bridge has lost its connection to the root bridge). Under normal spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time, as specified by the agingtime variable of the set spantree maxage command.
The switch tries to determine if it has an alternate path to the root bridge. If the inferior BPDU arrives on a blocked port, the root port and other blocked ports on the switch become alternate paths to the root bridge. (Self-looped ports are not considered alternate paths to the root bridge.) If the inferior BPDU arrives on the root port, all blocked ports become alternate paths to the root bridge. If the inferior BPDU arrives on the root port and there are no blocked ports, the switch assumes that it has lost connectivity to the root bridge, causes the maximum aging time on the root to expire, and becomes the root switch according to normal spanning-tree rules.
If the switch has alternate paths to the root bridge, it uses these alternate paths to transmit a new kind of PDU called the Root Link Query PDU. The switch sends the Root Link Query PDU out all alternate paths to the root bridge. If the switch determines that it still has an alternate path to the root, it causes the maximum aging time on the ports on which it received the inferior BPDU to expire. If all the alternate paths to the root bridge indicate that the switch has lost connectivity to the root bridge, the switch causes the maximum aging times on the ports on which it received an inferior BPDU to expire. If one or more alternate paths can still connect to the root bridge, the switch makes all ports on which it received an inferior BPDU its designated ports and moves them out of the blocking state (if they were in the blocking state), through the listening and learning states, and into the forwarding state.
Figure 7-10 shows an example topology with no link failures. Switch A, the root switch, connects directly to Switch B over link L1 and to Switch C over link L2. The port on Switch C that connects directly to Switch B is in the blocking state.
If link L1 fails, Switch C detects this failure as an indirect failure, since it is not connected directly to link L1. Switch B no longer has a path to the root switch. BackboneFast allows the blocked port on Switch C to move immediately to the listening state without waiting for the maximum aging time for the port to expire. BackboneFast then transitions the port on Switch C to the forwarding state, providing a path from Switch B to Switch A. This switchover takes approximately 30 seconds. Figure 7-11 shows how BackboneFast reconfigures the topology to account for the failure of link L1.
If a new switch is introduced into a shared-medium topology, BackboneFast is not activated. Figure 7-12 shows a shared-medium topology in which a new switch is added. The new switch begins sending inferior BPDUs that say it is the root switch. However, the other switches ignore these inferior BPDUs and the new switch learns that Switch B is the designated bridge to Switch A, the root switch.
These sections describe how to configure Backbone Fast Convergence:
To enable BackboneFast, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable BackboneFast on the switch. | set spantree backbonefast enable |
Step 2 Verify that BackboneFast is enabled. | show spantree backbonefast |
This example shows how to enable BackboneFast on the switch and how to verify the configuration:
Console> (enable) set spantree backbonefast enable Backbonefast enabled for all VLANs Console> (enable) show spantree backbonefast Backbonefast is enabled. Console> (enable)
To display BackboneFast statistics, perform this task in privileged mode:
| Task | Command |
|---|---|
Display BackboneFast statistics. | show spantree summary |
This example shows how to display BackboneFast statistics:
Console> (enable) show spantree summary
Summary of connected spanning tree ports by vlan
Uplinkfast disabled for bridge.
Backbonefast enabled for bridge.
Vlan Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
1 0 0 0 1 1
Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total 0 0 0 1 1
BackboneFast statistics
-----------------------
Number of inferior BPDUs received (all VLANs) : 0
Number of RLQ req PDUs received (all VLANs) : 0
Number of RLQ res PDUs received (all VLANs) : 0
Number of RLQ req PDUs transmitted (all VLANs) : 0
Number of RLQ res PDUs transmitted (all VLANs) : 0
Console> (enable)
To disable BackboneFast, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable BackboneFast on the switch. | set spantree backbonefast disable |
Step 2 Verify that BackboneFast is disabled. | show spantree backbonefast |
This example shows how to disable BackboneFast on the switch and how to verify the configuration:
Console> (enable) set spantree backbonefast disable Backbonefast enabled for all VLANs Console> (enable) show spantree backbonefast Backbonefast is disable. Console> (enable)
Posted: Thu Apr 8 14:25:43 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.