Spanning Tree Protocol

Redundant Links

- L2 Loops

- Broadcast storm

- Duplicated unicast

- MAC table instability

Spanning Tree Protocol STP aims to elect a root bridge and build loop-free

paths leading toward that root bridge for all bridges in the network.

When it is converged, every bridge in the network will have its bridged interfaces in one of two states: forwarding or blocking

STP accomplishes this by transmitting special messages called Bridge Protocol Data Units (BPDUs)

Bridges to determine the best possible path to root bridge use STP path cost.

Spanning Tree Protocol Rules

STP choose one root bridge for the topology

For each non-root bridge, one root port which be active

Each segment must have one Designated port

The non-designated port will be blocked

Segment is the Ethernet link between switches

Root Bridge Elect one root bridge

bridge with the lowest Bridge ID (BID) is elected

The STP BID is an 8-byte value unique to each switch

Root Port Elect Root Port (RP) for each non-root bridge

Lowest path cost to root bridge, if equal cost tiebreaker:

Lowest sender BID

Lowest sender port priority

Lowest sender Port ID (PID)

Designated Port

Elect one Designated Port (DP) on every segment

DP on each LAN segment is the switch port that advertises the lowest-cost hello onto a LAN segment

Spanning Tree Algorithm (STA)

IEEE 802.1d

Election Process

STP Timers Hello timer: The length of time between hello BPDUs

sent by the root bridge (default 2 sec).

Forward delay timer: Delay that affects the process that occurs when an interface changes from blocking state to forwarding state. A port stays in an interim listening state, and then an interim learning state, for the forward delay timer (default is 15 sec)

Max age timer: How long any switch should wait, after ceasing to hear hellos, before trying to change the STP topology (default is 20 sec)

Topology Change (TC)

Root switch sends a new hello BPDU every 2sec by default

Each nonroot switch forwards the hello on all DPs

Topology Broadcast

TC bit is set by the root for a period of max age + forward

delay seconds, which is 20+15=35 seconds by default.

Port States

State Forwards

Data

Frames?

Learns MACs

Based on

Received

Frames?

Transitory or

Stable

State?

Blocking No No Stable

Listening No No Transitory

Learning No Yes Transitory

Forwarding Yes Yes Stable

Disabled No No Stable

Ports Transition

Link Cost

sw(config-if)#spanning-tree cost 25

BPDU Fields

Equal Cost Root Ports

PortFast Technology

sw(config-if)#spanning-tree portfast

BPDU Guard

Cisco BPDU Guard feature helps defeat kinds of problems by disabling a port if any BPDUs are received on the port.

Some of problems:

An attacker could connect a switch to one of these ports with a low STP priority value, and become the root switch.

Attacker could plug into multiple ports, into multiple switches, become root, and actually forward much of the traffic in the LAN.

Users could innocently harm the LAN when they buy and connect an inexpensive consumer LAN switch, without any STP function, would not choose to block any ports and would likely cause a loop.

Rapid Spanning-Tree (RSTP)

IEEE 802.1w

RSTP BPDU

STP Variants

Extended System ID

The default value is 32768.

Priority range between 1 and 65536 (1 is the highest)

Priority of a switch = default value + vlan #

PerVLAN Spanning Tree (PVST)+

S1(config)#spanning-tree vlan 1 priority 4096

S2(config)#spanning-tree vlan 2 priority 4096

EtherChannel

Instead on having redundant links and allowing STP we can bundle the links.

Benefits:

Enables the creation of a high-bandwidth logical link

Load-shares among the physical links involved

Provides automatic failover

Simplify subsequent logical configuration

EtherChannel

EtherChannel can be formed statically or dynamically

Dynamic EtherChannel: IEEE LCAP and Cisco PAgP

Dynamic Protocols negotiate the consistence of link configurations

Cisco EtherChannel allows us to bundle up to 8 ports

EtherChannel

The switch checks the following before adding interface:

Speed and Duplex

Operational access or trunking state (all must be access, or all must be trunks)

If an access port, the access VLAN

If a trunk port, the allowed VLAN list (per the switchport trunk allowed command)

If a trunk port, the native VLAN

STP interface settings