Spanning+Tree

toc

Root port election
Root port election occurs after the Root switch is determined. When a switch receives the Hello from the Root switch, it updates the cost, forwarding switch bridgeID, forwarder port priority and forwarder port number. After the hellos have been forwarded, the switches elect the port with the lowest total cost to the root switch as the root port. To calculate the cost, the cost listed to the hello is added to the cost of the local port in which the hello was received. Port costs are listed below.



The following tiebreakers occur if same cost Hellos are received:


 * 1) Lowest forwarding bridge ID
 * 2) Lowest port priority of the forwarding switch
 * 3) Lowest port ID of the forwarding switch

//*Note that if the second tiebreak is reached then the switch MUST have multiple links to the RP and the following steps only determine which of these parallel links to use.//

Topology Change Notification
When a STP change occurs a TCN must be generated. The purpose of this is to reconverge STP and to time out any existing CAM table entires. The detecting switch performs the following:


 * 1) A TCN BPDU is generated and forwarded out the root port to the root switch. This is repeated every hello interval until ack'd.
 * 2) The receiving switch acks the TCN.
 * 3) Repeat steps 1 and 2 for each segment until received by the root. When received, the root notifies all other switches.

STP Optimization



 * Portfast**: Should also enabled UplinkGuard and BPDU guard
 * Uplinkfast**: Sets priority to 49,152, port cost to 3000, tracks alternate RPs. Also times out the CAM tables by generating a multicast frame with the source mac set as each local MAC address. Does not use the TCN process.
 * Backbonefast:** Should be enabled on all switches in the layer2 network

=Convergence=

Convergence times and priorities are configured under //**#spanning-tree vlan <#>**//. When timers are configured on the root bridge, all other STP devices will inherit those timers.

Port Channels
Configured via #//**channel-group mode **//

Two methods of dynamically establishing a port channel: PAgP (Cisco) and LACP 802.1AD. The following conditions must match to establish a channel:


 * Speed/Duplex
 * Access Vlan if not trunking
 * Trunk type, native vlan and allowed vlans
 * Same STP cost per vlan on all vlans
 * No SPAN configured

Rapid Spanning Tree
Can be enabled two ways
 * 1) //**#spanning-tree mode rapid-pvst**//
 * 2) or by enabling 802.1s MST which uses RSTP by default.

Three major changes (Backbone, port and uplinkfast are are IEEE standardized)


 * 1) Wait for only 3 missed hello messages vs 10
 * 2) Can transition from disabled to learning, bypassing listening (No longer needed due to active queries)
 * 3) Allows for a backup DP



RSTP also defines edge ports using the portfast command, meaning that they are put into the forwarding state immediately. For point-to-point links, RSTP will also query the neighboring switches during lost hellos with the same login as backbonefast, but standardized.





802.1S - Multiple Spanning Trees
To setup MST:


 * 1) //**#spanning-tree mode mst**//
 * 2) Create a region using the //**#name**// subcommand.
 * 3) Create a revision number using the //**#revision**// subcommand.
 * 4) Map vlans to the instance using the //**#instance**// subcommand.

For MST to work properly, you must configure each switch in a region the same. The benefit of this is that when the Vlans grow, you still only need 1 instance of STP. With PVST many STP messages would be generated as the amount of Vlans increase. When communicating with an outside instance of STP, the MST region will appear as a single switch and will run a second instance of STP called Internal Spanning Tree.

Protecting STP

 * BPDU Guard** - Puts the port in an err-disabled state when it receives a BPDU
 * Root guard** - Ignores any superior BPDUs received on this port to prevent a rouge switch from becoming the STP root. Puts the port into a loop inconsistant state and ceases forwarding of frames until the BPDUs stop.
 * UDLD** - Detects a unidirectional link failure via layer2 messages. If a failure is found, whichever transmits interface did not fail is placed into an err-disabled state. Can also act in an aggressive mode, in which an active recovery is attempted 8 times and if no response is heard both sides are placed into err-disabled.
 * Loop Guard** - When normal BPDUs are not received, the port drops into loop inconsistant instead of going through normal STP convergence. This happens on blocking ports and helps prevent against a unidirectional link failure. When the hellos return to normal, the port is brought back to a normal state.
 * bpdufilter** - Prevents sending and receiving of BPDUs on an interface. When enabled together with portfast, the port will disable these settings if a BPDU is received.

A port can be set to automatically reenable with the commands:

//**#errdisable recovery cause bpduguard**// //**#errdisable recovery interval 120**//