Spanning Tree Protocol
Redundant Links
- L2 Loops
- Broadcast storm
- Duplicated unicast
- MAC table instability
Spanning Tree Protocol STP aims to elect a root bridge and build loop-free
paths leading toward that root bridge for all bridges in the network.
When it is converged, every bridge in the network will have its bridged interfaces in one of two states: forwarding or blocking
STP accomplishes this by transmitting special messages called Bridge Protocol Data Units (BPDUs)
Bridges to determine the best possible path to root bridge use STP path cost.
Spanning Tree Protocol Rules
STP choose one root bridge for the topology
For each non-root bridge, one root port which be active
Each segment must have one Designated port
The non-designated port will be blocked
Segment is the Ethernet link between switches
Root Bridge Elect one root bridge
bridge with the lowest Bridge ID (BID) is elected
The STP BID is an 8-byte value unique to each switch
Root Port Elect Root Port (RP) for each non-root bridge
Lowest path cost to root bridge, if equal cost tiebreaker:
Lowest sender BID
Lowest sender port priority
Lowest sender Port ID (PID)
Designated Port
Elect one Designated Port (DP) on every segment
DP on each LAN segment is the switch port that advertises the lowest-cost hello onto a LAN segment
Spanning Tree Algorithm (STA)
IEEE 802.1d
Election Process
STP Timers Hello timer: The length of time between hello BPDUs
sent by the root bridge (default 2 sec).
Forward delay timer: Delay that affects the process that occurs when an interface changes from blocking state to forwarding state. A port stays in an interim listening state, and then an interim learning state, for the forward delay timer (default is 15 sec)
Max age timer: How long any switch should wait, after ceasing to hear hellos, before trying to change the STP topology (default is 20 sec)
Topology Change (TC)
Root switch sends a new hello BPDU every 2sec by default
Each nonroot switch forwards the hello on all DPs
Topology Broadcast
TC bit is set by the root for a period of max age + forward
delay seconds, which is 20+15=35 seconds by default.
Port States
State Forwards
Data
Frames?
Learns MACs
Based on
Received
Frames?
Transitory or
Stable
State?
Blocking No No Stable
Listening No No Transitory
Learning No Yes Transitory
Forwarding Yes Yes Stable
Disabled No No Stable
Ports Transition
Link Cost
sw(config-if)#spanning-tree cost 25
BPDU Fields
Equal Cost Root Ports
PortFast Technology
sw(config-if)#spanning-tree portfast
BPDU Guard
Cisco BPDU Guard feature helps defeat kinds of problems by disabling a port if any BPDUs are received on the port.
Some of problems:
An attacker could connect a switch to one of these ports with a low STP priority value, and become the root switch.
Attacker could plug into multiple ports, into multiple switches, become root, and actually forward much of the traffic in the LAN.
Users could innocently harm the LAN when they buy and connect an inexpensive consumer LAN switch, without any STP function, would not choose to block any ports and would likely cause a loop.
Rapid Spanning-Tree (RSTP)
IEEE 802.1w
RSTP BPDU
STP Variants
Extended System ID
The default value is 32768.
Priority range between 1 and 65536 (1 is the highest)
Priority of a switch = default value + vlan #
PerVLAN Spanning Tree (PVST)+
S1(config)#spanning-tree vlan 1 priority 4096
S2(config)#spanning-tree vlan 2 priority 4096
EtherChannel
Instead on having redundant links and allowing STP we can bundle the links.
Benefits:
Enables the creation of a high-bandwidth logical link
Load-shares among the physical links involved
Provides automatic failover
Simplify subsequent logical configuration
EtherChannel
EtherChannel can be formed statically or dynamically
Dynamic EtherChannel: IEEE LCAP and Cisco PAgP
Dynamic Protocols negotiate the consistence of link configurations
Cisco EtherChannel allows us to bundle up to 8 ports
EtherChannel
The switch checks the following before adding interface:
Speed and Duplex
Operational access or trunking state (all must be access, or all must be trunks)
If an access port, the access VLAN
If a trunk port, the allowed VLAN list (per the switchport trunk allowed command)
If a trunk port, the native VLAN
STP interface settings
Top Related