Introduction to Spanning-Tree

Thanks for your reply.

Since you mentioned that change in port role when port state in forwarding state then that port should goto blocking state and move to listening,learning …etc

In that case switch A port 1 also changed its port role from designated to root when switch B becomes root switch.

Now my question is why switch A port 1 didn’t change its state from forwarding to blocking,listening,learning and finally forwarding?

Thanks

Raghu.K

Hello Raghu

Yes, you are correct. I did the simulation again. The following are the changes that take place:

Switch A port 1 goes from D to R and stays forwarding
Switch A port 2 remains D and stays forwarding
Switch B port 1 goes from R to D and stays forwarding
Switch B port 2 remains D and stays forwarding
Switch C port 1 goes from R to B and goes into a blocking state without going through the other states
Switch C port 2 goes from B, through blocking–>listening–>learning states and becomes R

So, a correction to my previous post:

  1. A change of role from D to R or R to D will cause a port to remain in the forwarding state without having to execute the STP algorithm.
  2. A change of role from D to B or R to B will cause a port to go into the blocking state without having to execute the STP algorithm
  3. A change of role from B to D or B to R will cause a port to execute the STP algorithm and go from blocking–>listening–>learning to determine its role.

I hope this has been helpful!

Laz

Uff.Atlast my assumption is correct.

Thanks for your lab work and confirmation.

Can someone give good document for the following interoperability case

  1. pvst+ and 802.1D
  2. rstp and pvst+/802.1D
  3. mstp and rstp/pvst+/802.1D

Thanks

Raghu.K

1 Like

Hi Rene,
If there is a switching loop in production network then
1). how we identify the loop
2). and what are the solving step ??
Can you please more briefly regarding …Thx

br//zaman

Hello Mohammad

If you have a layer 2 loop in your production network, you will immediately notice a network outage on the VLANs involved in the loop.

  1. The first thing to do is to physically eliminate any loops by disconnecting known redundant links. If the problem is in one of those links, the network should resume its normal functionality once the loop is physically removed.
  2. If the problem still persists even without any redundant links, the problem may be with one of the edge ports of an access switch where a new cable was connected incorrectly that created a loop. In order to find this you may need to shutdown specific access switches one at a time to see if the network returns to normal.
  3. Once you have either pulled the redundant links or found and shutdown one of the switches that is participating in the loop, the rest of the network should come back up and function normally. If it does not, the problem is probably not a layer 2 loop and you should continue troubleshooting in a different direction.
  4. Assuming the network is now up and running with several redundant links removed or a couple of switches shut down, anything you do next may have an effect on the operation of the network, so it would be a good idea to wait until a maintenance window before doing any of the following tests/configurations.
  5. If you have disconnected several redundant links and don’t know which one is the culprit, begin by reconnecting them one at a time. When reconnecting, test the connectivity of all the VLANs that are on that specific redundant link. Once you connect a link and some networks go down, you will know that the loop goes through this port. Leave this disconnected for now.
  6. If you have shutdown a switch to bring your network back up, then disconnect all of its cables making sure to note the port that each one was connected to. Startup the switch and reconnect the switch to its cables starting with all of the uplinks first. As you connect each cable, note which connection will cause the network to go down and keep it disconnected.
  7. In both cases, once you have found the ports where the problem persists, make sure that all correct configurations are made for STP on those ports.

In the meantime, it is always good practice to implement the following on a network in order to prevent/repair layer 2 loops:

  • Implement PortFast and BPDUGuard on all edge ports
  • Consider enabling root guard on all root and core switch uplink ports to distribution and access layer switches to ensure root bridge does not change unexpectedly.
  • Enable loop guard on all distribution and access layer switches
  • Enable BPDU guard on all distribution and access layer switches
  • If you have fibre uplinks, consider using UDLD (Unidirectional Link Detection
  • Prune unnecessary VLANs off of trunks

If after all of these precautions you still have a layer 2 loop, check switch logs for mac address flapping between interfaces.

Check out this excellent document for troubleshooting STP problems in general including loops.

I hope this has been helpful!

Laz

2 Likes

Hi Rene Sir,

How we could know that loop has occurred?

Hi Swapnil,

You will probably see an increase of link utilization and/or packet drops on your switch interfaces. On other devices, like routers, you might see a higher CPU load since they suddenly receive a lot of traffic.

You can also configure storm control on your switches:

I am trying to understand the role of Root Bridge in STP:
First of all, root bridge determines the designated and non-designated ports on non-root bridges. It helps in avoiding loops.

Is there any other role of the root bridge. Does it play a role similar of DR in OSPF? What will happen when an interface goes down in the network?

How long a switch keep sending BPDUs? What I mean is STP is enabled on modern switches by default. Whenever a switch is added to a Network it will start sharing BPDUs after the initial Blocking period. My question is how long this will happen? Even if now there is a Root Bridge and the Network is loop-free, will all the switch keep sharing BPDUs every 2 seconds since the Hello Timer is 2 second?

Hello rosna

The DR in OSPF is a central point where LSAs are sent from all routers and redistributed from the DR. The Root Bridge does not function in the same way. The role of the Root Bridge is to create a point of reference on the network from which the Spanning Tree can be created. And yes you are right when you say that the location of the Root Bridge determines the roles of the ports on all the switches participating in STP.

Now if an interface goes down, the BPDUs that are being exchanged on that interface cease. The network begins to reconverge and alternative paths to the root bridge are then unblocked in order to allow traffic to continue to flow.

I hope this has been helpful!

Laz

Hello rosna

As long as STP is configured on a switch, its ports will continue to send BPDUs every 2 seconds. Always. It will never stop.

BPDUs will stop being sent only in the following cases:
* If STP is disabled globally on the switch
* If STP is disabled on a per VLAN basis (deactivate STP for specific VLANs)
* If you apply BPDU filtering on a specific port.

I hope this has been helpful!

Laz

Hi Rene ,

I have a confusions regarding usage of terminology “Root” and “Non-root” switch . I gone through “Wendell Odom” ICND book which used term “designated bridge” for a ethernet segment .you are not using this term , can you please clarify if i am missing something ?


https://supportforums.cisco.com/t5/other-network-infrastructure/designated-bridge-and-root-bridge/td-p/28017

Regards,
Sameer.

Hello Sameer

Within a spanning tree topology, there is a root bridge that is elected. This is the single switch within a spanning tree instance that is chosen to be the point of reference in order to allow spanning tree to function. There is only one root bridge or root switch in a spanning tree topology. All the rest of the switches are considered to be non-root.

The designated bridge is another term that is not referred to so often. Specifically, it is the bridge (not the root bridge) that has the LOWEST cost to the root bridge for a specific LAN segment. So, all switches IN A LAN SEGMENT, except the root bridge compare the cost to the root bridge from their root ports. Whichever switch has the lowest cost will be the designated bridge.

If the total path cost is the same between two or more switches, then the local bridge ID (Bridge Priority + MAC) address is used to determine this, where the lowest value prevails.

I hope this has been helpful!

Laz

1 Like

hey just a quick question like do switches have MAC address on all the ports or they have one MAC address as a whole and what do they use it for.

Hello Parneet

Cisco switches have what is called a “Base ethernet MAC Address” as well as a separate MAC address for each port. You can view the base MAC address by issuing the show version command and you can see the the MAC address of each individual port by issuing the show interfaces command as the hardware address. The base MAC address is used for things like STP, HSRP priority and other such protocols.

There are vendors whose switches have a single MAC address without any MAC addresses on the ports. This is fine for layer 2 switches, but it does limit the switches in additional services and functionalities.

I hope this has been helpful!

Laz

Question, only the root bridge generates BPDU ?, at the beginning all the switches generate BPDU because they all think they are the root bridge but at the moment of knowing who is the ROOT BRIDGE only the root bridge generates them and the NON-ROOT switches that they receive the same BPDU generated by the ROOT BRIDGE and they change the root cost path and send it to the other switches? Is this correct?

Hello Jesus

When plain STP is implemented (that is, 802.1D) then yes, only the root bridge generates BPDUs and they are relayed by the rest of the switches that receive them. However, in RSTP, all switches generate BPDUs. This is further described in the following Cisco documentation:


I hope this has been helpful!

Laz

Thanks for the great explanation Rene…

How Prio.Nbr field is calculated? below is the output of Switch A, can you please explain how value 128.16 & 128.19 is generated

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/14              Desg FWD 19        128.16   P2p
Fa0/17              Root FWD 19        128.19   P2p

Hello Aniket

Each port of a Switch has a Spanning Tree Port Priority value which by default is set to 128. This is the first part of the value you see in this column. The second part is a 12 bit interface identifier that the switch assigned to each port including SVIs. This is usually a sequential number for each and every port on the switch.

So the full Prio.Nbr value is determined by adding port priority value (default of 128) to the 12-bit interface identifier. This particular switch has assigned an interface identifier of 16 to port Fa0/14 and 19 to Fa0/17. So the Prio.Nbr of these two interfaces are 128.16 and 128.19 respectively.

Typically a switch will begin sequentially with interface FastEthernet 0/1 assigned to ID 1, FastEthernet 0/2 assigned to ID 2 and so on. However, sometimes if there are additional modules, or management interfaces, these may obtain the first values and then the FastEthernet 0/1 and so on will be assigned the next sequential numbers, thus getting a result as seen above where the IDs are out of alignment with the actual port numbers.

I hope this has been helpful!

Laz

Thanks a lot Lazaros

1 Like