Upload
wingenius
View
224
Download
0
Embed Size (px)
Citation preview
8/13/2019 Spanning Tree Enhancements
1/20
Michel TANNOURYInstructor
8/13/2019 Spanning Tree Enhancements
2/20
Outline Introduction
BPDU guard
Root guard BPDU filter
Loop guard
8/13/2019 Spanning Tree Enhancements
3/20
Quick review of STP
8/13/2019 Spanning Tree Enhancements
4/20
STP enhancements STP is designed to never create a loop.
Based on assumptions, that sometimes might not be
valid. BPDU guard, Root guard, BPDU filter, and loop guard:
Filter sent/received BPDU
Control network reactions when unexpected topology
changes occur
8/13/2019 Spanning Tree Enhancements
5/20
STP enhancements Supported by:
PVST+
MST PVRST+
8/13/2019 Spanning Tree Enhancements
6/20
BPDU guard Shuts down a Portfast enabled interface when a BPDU
is received.
8/13/2019 Spanning Tree Enhancements
7/20
8/13/2019 Spanning Tree Enhancements
8/20
Root guard Forces an interface to become designated in order to
prevent a switch from becoming a root switch.
8/13/2019 Spanning Tree Enhancements
9/20
Root guard
8/13/2019 Spanning Tree Enhancements
10/20
Root guard
8/13/2019 Spanning Tree Enhancements
11/20
Root guardWith root guard enabled:
8/13/2019 Spanning Tree Enhancements
12/20
Root guard Packet tracer demo
8/13/2019 Spanning Tree Enhancements
13/20
BPDU filter Prevents switches from sending BPDU on Portfast-
enabled interfaces.
Can be enabled: Globally
Per interface basis
8/13/2019 Spanning Tree Enhancements
14/20
BPDU filter enabled on an interface S: Show spanning-tree int fa0/0 detail
BPDU: sent x, received 0
R: conf terminalR(config)# bridge 1 protocol ieee
Exit
R(config)# int fa0/0
R(config-if)# bridge-group 1
// the router is now participating in bridging and sending BPDU to
The switch
On the switch now:
S# show spanning-tree int fa0/0 detailBPDU: sent x, received y
Now enable bpdu filter:
S(config)#Int fa0/1
S(config-if)#Spanning-tree bpdufilter enable
Now issue again the command show spanning-tree int fa0/1 detail
You will see that number of received BPDUs is not increasing anymore
8/13/2019 Spanning Tree Enhancements
15/20
BPDU filter enabled globally On the switch enable BPDU filter and portfast
S(config)# spanning-tree portfast bpdufilter default
S(config)# spanning-tree portfast default
S#show spanning-tree summary
S#show spanning-tree interface fa0/1 portfast
On the router:
R(config)# bridge 1 protocol ieee
R(config)# int fa0/0
R(config-if)# bridge-group 1
On the switch:
S# show spanning-tree int fa0/1 portfast
Disabled
We can use also debug spanning-tree bpdu
8/13/2019 Spanning Tree Enhancements
16/20
8/13/2019 Spanning Tree Enhancements
17/20
Loop guard Used to prevent bridging loops
STP blocking port erroneously transitions to
forwarding state => bridging loopA blocking port stops receiving bpdu => transitions to
forwarding state => bridging loop
Loop guard feature : additional check before
transitioning a blocking port to the forwarding state(loop inconsistent state)
8/13/2019 Spanning Tree Enhancements
18/20
Loop guard demo
8/13/2019 Spanning Tree Enhancements
19/20
Loop guard demo Enable bpdu filter on fa0/2 on switch2.
Fa0/2 on switch3 wont receive bpdu anymore,
transitions to forwarding state, => loop
8/13/2019 Spanning Tree Enhancements
20/20
Loop guard demo Enable loopguard globally on the switches
Spanning-tree loopguard default
Bpdu filter enabled on Fa0/2 on Switch2
Fa0/2 on Switch3 will go to loop Inconsistent state