Unfortunately, I have become quite frustrated with the documentation on Spanning Tree in the several CCNA test prep books I have purchased over the years (I started working on a CCNA over eight years ago, but circumstances changed, and I never took the exam). I don't know about you, but for me, I don't retain much by simply reading technical documentation. Since I can't afford to NOT know the correct answers when I take the CCNA exam this coming week, I decided the best way to get the straight scoop was to configure, tweak, and observe Spanning Tree on my switches.
Root Bridge Election: Let's start with manipulating the root bridge election process. This was an area where I got really frustrated with the documentation, so let's just play with it on the switches and see what happens. Here goes:
lab2924a#sho span
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0003.e3e4.f887
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set, changes 1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 13, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 1416, received 8
Interface Fa0/2 (port 14) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 14, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 1383, received 2
...and lab2924b:
lab2924b#sho span
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00d0.58dd.d186
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0003.e3e4.f887
Root port is 13, cost of root path is 19
Topology change flag not set, detected flag not set, changes 3
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 13, path cost 0
Timers: message age 3, forward delay 0, hold 0
BPDU: sent 39, received 3092
Interface Fa0/2 (port 14) in Spanning tree 1 is BLOCKING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 14, path cost 0
Timers: message age 6, forward delay 0, hold 0
BPDU: sent 1, received 2916
The rest of the ports on the two switches are just "leaf nodes" -- that is, they connect to routers and laptops, rather to switches, and therefore, they are incapable of creating loops in the layer-2 network. From the output above, we can see that lab2924a is the root bridge, that fa0/1 and fa0/2 on lab2924a are designated ports, that fa0/1 on lab2924b is a root port and that fa0/2 on lab2924b is a blocking port. What happens if I pull the Ethernet cable on fa0/1 on one of the switches? Let's find out! Here's what I see on lab2924a:
lab2924a#sho span
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0003.e3e4.f887
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag set, detected flag set, changes 2
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 30, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is down
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 13, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 1734, received 8
Interface Fa0/2 (port 14) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 14, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 1705, received 4
For almost a full minute, however, I couldn't see anything from lab2924b (since I was directly connected to 2924a), which underscores a big problem with STP -- the network will recover from failure of a redundant link, but users will definitely notice the outage while spanning tree reconverges. Eventually, however, my telnet session recovered, and here is what I saw on lab2924b:
lab2924b#sho span
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00d0.58dd.d186
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0003.e3e4.f887
Root port is 14, cost of root path is 19
Topology change flag set, detected flag not set, changes 4
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is down
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 00d0.58dd.d186
Designated port is 13, path cost 19
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 39, received 3474
Interface Fa0/2 (port 14) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 14, path cost 0
Timers: message age 1, forward delay 0, hold 0
BPDU: sent 3, received 3340
Now we see that fa0/1 is down on both switches, and fa0/2 is forwarding on both switches once again. No surprises, right?
From the output above, we can see that both switches have a priority of 32768. If both switches have the same priority, then the choice of root bridge is decided by MAC address. lab2924a has MAC 0003.e3e4.f887 and lab2924b has MAC 00d0.58dd.d186. 0x0003 < 0x00d0 so apparently the low MAC address wins the election process when the priority is the same. But what if I wanted lab2924b to be the root bridge? Would I set the STP priority on lab2924b higher or lower than lab2924a? Let's try it and find out:
lab2924b#conf t
lab2924b(config)#spanning-tree priority 4096
lab2924b(config)#exit
lab2924b#sho span
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 4096, address 00d0.58dd.d186
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag set, detected flag set, changes 6
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 1, topology change 24, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 4096, address 00d0.58dd.d186
Designated bridge has priority 4096, address 00d0.58dd.d186
Designated port is 13, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 48, received 3744
Interface Fa0/2 (port 14) in Spanning tree 1 is LISTENING
Port path cost 19, Port priority 128
Designated root has priority 4096, address 00d0.58dd.d186
Designated bridge has priority 4096, address 00d0.58dd.d186
Designated port is 14, path cost 0
Timers: message age 0, forward delay 3, hold 0
BPDU: sent 10, received 4070
Wow...that was fast! Since STP takes almost a minute to move the ports to the forwarding state, I didn't expect lab2924b to assume its new role as root bridge quite so quickly, but it did. You can see that fa0/2 is still in the listening state as I ran the "sho span" command, but it already knows that it's the root bridge. Edit: I later reset lab2924b's priority back to 32768, and it seemed to take a few seconds to update its status, so it's not quite instantaneous -- say about 10 or 15 seconds, maybe?
How about lab2924a?
lab2924a#sho span
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0003.e3e4.f887
Configured hello time 2, max age 20, forward delay 15
Current root has priority 4096, address 00d0.58dd.d186
Root port is 13, cost of root path is 19
Topology change flag set, detected flag not set, changes 4
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 4096, address 00d0.58dd.d186
Designated bridge has priority 4096, address 00d0.58dd.d186
Designated port is 13, path cost 0
Timers: message age 2, forward delay 0, hold 0
BPDU: sent 1869, received 36
Interface Fa0/2 (port 14) in Spanning tree 1 is BLOCKING
Port path cost 19, Port priority 128
Designated root has priority 4096, address 00d0.58dd.d186
Designated bridge has priority 4096, address 00d0.58dd.d186
Designated port is 14, path cost 0
Timers: message age 10, forward delay 0, hold 0
BPDU: sent 2087, received 30
Yep, it has relinquished its role as root bridge already, and has fa0/2 in a blocking state. So apparently, a low priority and/or a low MAC address makes a switch a root bridge, and the lowest numbered redundant interface on a switch becomes the root port. Easy :)
Here's something even cooler. In our scenario, we have two switches with two redundant links. However, we are only using fa0/1 to carry traffic between the two switches. In effect, while fa0/2 is providing redundancy, it is essentially wasted bandwidth until a failure occurs. Wouldn't it be great if we could distribute the load between these two ports without setting up LAG or Etherchannel? As it turns out, we can.
You see, Spanning Tree runs a separate instance for each VLAN, which is often described as "Per-VLAN Spanning Tree" or "PVST." It turns out that we can tweak the priority of each VLAN on the FastEthernet port on each switch, making fa0/1 the designated/root port for some VLANs and fa0/2 the designated/root port for other VLANs. To keep it simple, I set this up with odd numbered VLANs on fa0/1 and even numbered VLANs on fa0/2. In a real environment, it would probably be better to do some traffic analysis and find out which VLANs typically have equal amounts of traffic and try to balance load intelligently. At any rate, here's how you do it:
lab2924b(config)#int fa0/1
lab2924b(config-if)#spanning-tree vlan 1 port-priority 64
lab2924b(config-if)#spanning-tree vlan 3 port-priority 64
lab2924b(config-if)#spanning-tree vlan 5 port-priority 64
lab2924b(config-if)#spanning-tree vlan 7 port-priority 64
lab2924b(config-if)#int fa0/2
lab2924b(config-if)#spanning-tree vlan 2 port-priority 64
lab2924b(config-if)#spanning-tree vlan 4 port-priority 64
lab2924b(config-if)#spanning-tree vlan 6 port-priority 64
lab2924b(config-if)#exit
lab2924b(config)#exit
lab2924b#sho spanning-tree vlan 2
Spanning tree 2 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00d0.58dd.d180
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0003.e3e4.f880
Root port is 14, cost of root path is 19
Topology change flag set, detected flag not set, changes 9
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 (port 13) in Spanning tree 2 is BLOCKING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f880
Designated bridge has priority 32768, address 0003.e3e4.f880
Designated port is 13, path cost 0
Timers: message age 1, forward delay 0, hold 0
BPDU: sent 8, received 3274
Interface Fa0/2 (port 14) in Spanning tree 2 is FORWARDING
Port path cost 19, Port priority 64
Designated root has priority 32768, address 0003.e3e4.f880
Designated bridge has priority 32768, address 0003.e3e4.f880
Designated port is 14, path cost 0
Timers: message age 2, forward delay 0, hold 0
BPDU: sent 5, received 3376
lab2924b#sho span vlan 1
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 00d0.58dd.d186
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0003.e3e4.f887
Root port is 13, cost of root path is 19
Topology change flag not set, detected flag not set, changes 7
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 64
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 13, path cost 0
Timers: message age 2, forward delay 0, hold 0
BPDU: sent 347, received 6622
Interface Fa0/2 (port 14) in Spanning tree 1 is BLOCKING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.e3e4.f887
Designated bridge has priority 32768, address 0003.e3e4.f887
Designated port is 14, path cost 0
Timers: message age 4, forward delay 0, hold 0
BPDU: sent 309, received 6948
Important! I didn't show it in the config above, but I repeated the same configuration on lab2924a -- this doesn't seem to work if the priority is changed on only one switch!
Notice how fa0/1 is forwarding on VLAN 1, but is blocking on VLAN 2, and vice versa for fa0/2? You are now utilizing both 100M Ethernet ports on your switch while still avoiding loops!
No comments:
Post a Comment