CCNP: Building Cisco Multilayer Switched Networks Study Guide (642-811)
The STP prevents loops in layer 2 switched networks and is basically plug-and-play. However, it might be advantageous to change some of the default timers and settings to create a more stable environment.
In this section, we’ll discuss how to scale the STP protocol on a large, switched internetwork. It is important to understand how to provide proper placement of the root bridge to create an optimal topology. If the root bridge is automatically chosen through an election, which is the default, the actual path that the frames can take might not be the most efficient. As the administrator, you can then change the root placement to create a more optimal path. However, it’s possible that your changes could cause more damage instead—so you want to think through your network design before making any changes.
To change the root placement, you need to do the following:
-
Determine the root device.
-
Configure the device.
-
Set the port cost.
-
Set the port priorities.
-
Change the STP timers.
Determining the Root
Determining the root device is the most important decision that you make when configuring the STP protocol on your network. If you place the root in the wrong place in your network, it will be difficult to scale the network, and, really, that is what you are trying to do: create a scalable layer 2 switched internetwork.
However, by placing the root switch as close as possible to the center of your network, more optimal and deterministic paths can be easily chosen. You can choose the root bridge and secondary and backup bridges as well. Secondary bridges are very important for network stability in case the root bridge fails. Choosing the root is typically the best thing to do, but if that root goes down for maintenance, spanning tree will select a new root—and because all other switches have the same priority, it might be a switch you wouldn’t usually want to be the root bridge.
Because the root bridge should be close to the center of the network, the device will typically be a switch that a lot of traffic passes through, such as a distribution layer switch, a core layer switch, or one that does routing or multi-layer switching. An access layer switch would not usually be chosen.
After the root bridge has been chosen and configured, all the connected switches must determine the best path to the root bridge. The STP uses several different costs in determining the best path to the root bridge:
-
Port cost
-
Path cost
-
Port priority
When a BPDU is sent out a switch port, the BPDU is assigned a port cost. The path cost, which is the sum of all the port costs, is then determined. The STP first looks at the path cost to figure out the forwarding and blocking ports. If the path costs are equal on two or more links to the root bridge, the port ID is used to determine the root port. The port with the lowest port ID is determined to be the forwarding port. You can change the port used by changing the port priority, but Cisco doesn’t recommend this. However, we’ll show you how to do it later in this section (so you can have some fun on a rainy Saturday).
Configuring the Root
After you choose the best switch to become your root bridge, you can use the Cisco command- line interface (CLI) to configure the STP parameters in a switched network.
The command to configure the STP is set spantree. The following switch output (from our Catalyst 4000) shows the different command parameters you can use when configuring the STP. We are interested in the set spantree root and set spantree root secondary commands at this point:
Terry_4000(enable) set spantree ? Set spantree commands: ---------------------------------------------------------------------------- set spantree disable Disable spanning tree set spantree enable Enable spanning tree set spantree fwddelay Set spantree forward delay set spantree hello Set spantree hello interval set spantree help Show this message set spantree maxage Set spantree max aging time set spantree portcost Set spantree port cost set spantree portfast Set spantree port fast start set spantree portpri Set spantree port priority set spantree portvlancost Set spantree port cost per vlan set spantree portvlanpri Set spantree port vlan priority set spantree priority Set spantree priority set spantree root Set switch as primary or secondary root set spantree uplinkfast Enable or disable uplinkfast groups set spantree backbonefast Enable or disable fast convergence Terry_4000 (enable)
The set spantree root command sets the primary root bridge for a specific VLAN, or even for all your VLANs. The set spantree root secondary command enables you to configure a backup root bridge.
In the following switch output, notice the options that are available with the set spantree root command:
Terry_4000> (enable) set spantree root ? Usage: set spantree root [secondary] <vlans> [dia <network_diameter>] [hello <hello_time>] (vlans = 1..1005, network_diameter = 2..7, hello_time = 1..10)
Table 5.1 shows the parameters available with the set spantree command and their definitions.
| Parameter | Definition |
|---|---|
| root | Designation to change the switch to the root switch. The set spantree root command changes the bridge priority from 32768 to 8192. |
| secondary | Designation to change the switch to a secondary root switch if the primary fails. This automatically changes the bridge priority from a default of 32768 to 16384. |
| vlan_list | Optional command that changes the STP parameters on a specified VLAN. If no VLAN is specified, then it changes only VLAN 1 by default. You can change the parameters for VLANs 1–1005. |
| dia network diameter | Another optional command that specifies the maximum number of bridges between any two points where end stations attach. You can set these parameters from 2 to 7. Figure the network diameter by starting at the root bridge and counting the number of bridges in the VLAN. The root bridge is 1, so if you have only one more switch, set the network diameter to 2. This changes the timers in the VLAN to reflect the new diameter. |
| hello hello time | Optional command that specifies in seconds the duration between configuration messages from the root switch. You can set this anywhere from 1 to 10 seconds (2 is the default). |
The following switch output is an example of using the set spantree root command:
Terry_4000> (enable) set spantree root 1-4 dia 2 VLANs 1-2 bridge priority set to 8192. VLANs 1-2 bridge max aging time set to 10. VLANs 1-2 bridge hello time set to 2. VLANs 1-2 bridge forward delay set to 7. Switch is now the root switch for active VLANs 1-4. Terry_4000> (enable)
The set spantree root command tells the switch to change the bridge priority to 8192, which automatically changes the switch to the root bridge. The 1-4 represents the VLANs for which the STP will change the parameters, and the dia 2 is the network diameter. To figure the network diameter, we simply counted the number of switches from the root, including the root bridge, which in our example equals 2.
Notice the output after the command. The bridge priority was changed to 8192, the maximum age time was changed to 10, hello time is still 2 seconds, and the forward delay was set to 7 seconds. If the network diameter is set, the STP sets the timers to what it would consider efficient for that size network.
Using the set spantree root command is great when the organization is very centralized. But in a decentralized environment, you might use this command only to find that a coworker set the priority of a different switch to a lower value by using the set spantree priority command. This will result in the switch you configured being no more than the backup root bridge. When setting a particular switch to become the root, always make sure that the switch you configured knows it’s the root and that other switches know it as well. I find it useful to check one last time as I finish, just to make sure everything is well.
You can verify your STP configuration with the show spantree command. If you type the command show spantree with no parameters, it will show you the spanning tree configuration for all VLANs. You can type show spantree vlan to see the parameters for just a particular VLAN. The following switch output shows the spanning tree information for VLAN 1:
Terry_4000> (enable) show spantree 1 VLAN 1 Spanning tree enabled Spanning tree type ieee Designated Root 00-e0-34-88-fc-00 Designated Root Priority 8192 Designated Root Cost 0 Designated Root Port 1/0 Root Max Age 10 sec Hello Time 2 sec Forward Delay 7 sec Bridge ID MAC ADDR 00-e0-34-88-fc-00 Bridge ID Priority 8192 Bridge Max Age 10 sec Hello Time 2 sec Forward Delay 7 sec Port Vlan Port-State Cost Priority Fast-Start --------- ---- -------- ----- ----- -------- ---------- 1/1 1 forwarding 19 32 disabled 1/2 1 forwarding 19 32 disabled 2/1 1 not-connected 100 32 disabled 2/2 1 not-connected 100 32 disabled 2/3 1 not-connected 100 32 disabled 2/4 1 not-connected 100 32 disabled 2/5 1 not-connected 100 32 disabled <output truncated>
Notice that the bridge IP priority is set to 8192; the designated root and bridge ID MAC address are the same because this is the root bridge. The port states are both 19, which is the default for 100Mbps. Because both ports are in forwarding state, the 2950 switch must have one of its FastEthernet ports in blocking mode. Let’s take a look by using the show spanning-tree command on the 2950:
Terry_2950# show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 8192 Address 00e0.3488.fc00 Cost 5 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be53.2c00 Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec Aging Time 300 Interface Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr --------- ------ -------- ------------------ ---------- Fa0/1 128.1 100 FWD 0 1 00b0.6414.1180 128.1 Fa0/24 128.24 100 BLK 0 1 00b0.6414.1180 128.12
Notice that port fa0/24 is in blocking mode and port fa0/1 is in forwarding mode. If we want port fa0/24 to be in forwarding mode and fa0/21 in blocking mode, we can set the port costs to help the switch determine the best path to use. Note that we are not saying you should do this; we just wanted to show you how.
Setting the Port Cost
The parameters in this next set are used to enable the network administrator to influence the path that spanning tree chooses when setting the port priority, port cost, and path cost.
Cisco does not recommend changing these settings unless it’s absolutely necessary. However, the best way to get a good understanding of how the STP works is by changing the defaults. We do not recommend trying any of this on a production network unless you have permission from the network manager, who understands that you can bring the network down by doing so.
By changing the port cost, you can change the port ID, which means it can be a more desirable port to STP. Remember that STP uses the port ID only if there is more than one path to the root bridge and they are of equal cost. Path cost is the sum of the costs between a switch and the root bridge. The STP calculates the path cost based on the media speed of the links between the switch and the port cost of each port forwarding the frames. In the hands-on lab at the end of this chapter, both links are 100Mbps, so the port ID is important and will be used.
To change the path used between a switch and the root bridge, first calculate the current path cost. Then change the port cost of the port you want to use, making sure that you keep in mind the alternate paths if the primary path fails before making any changes to your switch. Remember that ports with a lower port cost are more likely to be chosen; this doesn’t mean they always will be chosen.
To change the port cost of a port on a 4000 series switch, use the set spantree portcost command:
Terry_4000> (enable) set spantree portcost ? Usage: set spantree portcost <mod_num/port_num> <cost> set spantree portcost <trcrf> <cost> (cost = 1..65535)
The parameters to set the cost of a port are the module and port number and the cost you want to configure. The following example shows how to set the port cost on port 1/1 from the default of 19 to 10:
Terry_4000> (enable) set spantree portcost 1/1 10 Spantree port 1/1 path cost set to 10.
You would verify the change with the show spantree command. However, because both ports are in forwarding mode, the preceding command will not change the switch’s STP parameters. Notice in the following switch output that both ports are forwarding, but the costs of the ports are different:
Port Vlan Port-State Cost Priority Fast-Start ------ --- ----------- ---- -------- -------------- 1/1 1 forwarding 10 32 disabled 1/2 1 forwarding 19 32 disabled
Remember that a root switch will be forwarding on all active ports, so the port IDs are irrelevant to the switch. However, the 2950 must then choose a port to perform blocking on the interface with the lowest cost.
To change the port cost on an IOS-based switch, use the spanning-tree cost interface command. The cost value can be any number from 1 to 200000000; however, you can not make it less than the path cost of both links. What we need to do is to raise the port priority of the port we don’t want STP to use for forwarding. Notice that we changed the cost of port fa0/24 to 20. This should make the fa0/24 port a more desirable path:
Terry_2950#conf t Enter configuration commands, one per line. End with CNTL/Z. Terry_2950(config)#interface fa0/24 Terry_2950(config-if)#spanning-tree ? bpdufilter Don't send or receive BPDUs on this interface bpduguard Don't accept BPDUs on this interface cost Change an interface's spanning tree port path cost guard Change an interface's spanning tree guard mode link-type Specify a link type for spanning tree protocol use port-priority Change an interface's spanning tree port priority portfast Enable an interface to move directly to forwarding on link up stack-port Enable stack port vlan VLAN Switch Spanning Tree Terry_2950(config-if)#spanning-tree cost ? <1-200000000> port path cost Terry_2950(config-if)#spanning-tree cost 20 Terry_2950(config-if)#^Z
To verify the port priorities, use the show spanning-tree command:
Terry_2950#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee [Output cut] Interface Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr ---------- --------- --------- --------------- ----------- Fa0/1 128.1 5 FWD 0 1 00b0.6414.1180 128.1 Fa0/24 128.24 20 BLK 0 1 00b0.6414.1180 128.12
In the preceding switch output, notice that port fa0/1 is forwarding and port fa0/24 is now blocking. In the output, the port path cost is 5 for port fa0/1 and 20 for port fa0/24. This is a pretty simple and straightforward configuration and worked fine, but the network suffered downtime due to convergence, so caution should be used when changing the port costs in a real production network. Also, you need to plan your final topology, because you can cause havoc in a network if the configuration is not thought out carefully. The port costs are propagated in the BPDUs, so a small change on one switch can affect how spanning tree chooses the various ports on a switch a few cable segments away.
| Tip | You can get a good idea of the delays associated with Spanning Tree convergence if you try this out for yourself. Immediately after making the changes to the port cost, enter the show spanning-tree command on the 2950 switch. If you keep repeating the command, you will see the switch going through the blocking, listening, and learning modes on the way to forwarding. You can time the process with your watch. |
Setting the Port Priority
Another option you can use to help the switch determine the path selection that STP uses in your network is to set the port priorities. Remember, this only influences STP; it doesn’t demand that STP do anything. However, between setting the port cost and priority, STP should always make your path selection.
The port priority and port cost configurations work similarly. The port with the lowest port priority will forward frames for all VLANs. The command to set a port priority is set spantree portpri:
Terry_4000> (enable) set spantree portpri ? Usage: set spantree portpri <mod_num/port_num> <priority> set spantree portpri <trcrf> <trcrf_priority> (priority = 0..63, trcrf_priority = 0..7) Terry_4000> (enable)
The possible port priority range is from 0 to 63, and the default is 32. If all ports have the same priority, then the port with the lowest port number will forward frames. For example, 2/1 is lower than 2/2. In the following example, the 4000 switch priority for port 1/1 is set to 20:
Terry_4000> (enable) set spantree portpri 1/1 20 Bridge port 1/1 port priority set to 20. Terry_4000> (enable)
After you change your port priority, you can verify the configuration with the show spantree 1/1 command:
Terry_4000> (enable) show spantree 1/1 Port Vlan Port-State Cost Priority Fast-Start ------ ---- ---------- ----- -------- ---------- 1/1 1 forwarding 10 20 disabled 1/1 2 forwarding 10 20 disabled 1/1 3 forwarding 10 20 disabled 1/1 4 forwarding 10 20 disabled 1/1 1003 not-connected 10 20 disabled 1/1 1005 not-connected 10 4 disabled Terry_4000> (enable)
Notice that, because port 1/1 is a trunked port, all VLAN priorities were changed on that port. Also notice in the following output that the priority is 20 for 1/1, but the default of 32 is set for 1/2:
Terry_4000> (enable)show spantree [output cut] Port Vlan Port-State Cost Priority Fast-Start ----- ---- ---------- ---- -------- --------------- 1/1 1 forwarding 10 20 disabled 1/2 1 forwarding 19 32 disabled
You can go one step further and set the port priority on a per-VLAN basis. The port with the lowest priority will forward frames for the VLAN for which you’ve set the priority. Again, if all the ports have the same priority, the lowest port number wins and begins forwarding frames.
There is an advantage to setting the port priority per VLAN. If you have a network with parallel paths, STP stops at least one link from forwarding frames so a network loop will not occur. All traffic would then have to travel over only the one link. However, by changing the port priority for a specific group of VLANs, you can distribute the VLANs across the two links. This isn’t quite as good as load sharing, but at least you get to use both links as opposed to having one sit idle.
To change the priority of STP for a certain VLAN or group of VLANs, use the set spantree portvlanpri command:
Terry_4000> (enable) set spantree portvlanpri ? Usage: set spantree portvlanpri <mod_num/port_num> <priority> [vlans] (priority = 0..63) Terry_4000> (enable)
The priority can be set for each VLAN from 0 to 63. In the following example, we’ll set port 1/1 to forward only VLANs 1 and 2, and port 1/2 to forward VLANs 3 and 4. Figure 5.1 shows the physical topology involved.
Terry_4000> (enable) set spantree portvlanpri 1/1 16 1-2 Port 1/1 vlans 1-2 using portpri 16. Port 1/1 vlans 3-1004 using portpri 20. Port 1/1 vlans 1005 using portpri 4. Terry_4000> (enable) set spantree portvlanpri 1/2 16 3-4 Port 1/2 vlans 1-2,5-1004 using portpri 32. Port 1/2 vlans 3-4 using portpri 16. Port 1/2 vlans 1005 using portpri 4. Terry_4000> (enable)
The preceding switch output displays the VLAN priority information. We set both VLAN port priorities to 16. Notice that for VLANs 1–4, the priority is 16. However, on port 1/1, all the other VLANs are listed as having a port priority of 20 because that is what we set the port priority to earlier in this chapter. On port 1/2, the switch thinks all the other ports have a port priority of 32, except for VLAN 1005, which becomes a default priority of 4.
You can view the changes by using the show spantree slot/port command, as shown here:
Terry_4000> (enable) show spantree 1/1 Port Vlan Port-State Cost Priority Fast-Start --------- ---- ------------- ----- -------- ---------- 1/1 1 forwarding 10 16 disabled 1/1 2 forwarding 10 16 disabled 1/1 3 forwarding 10 20 disabled 1/1 4 forwarding 10 20 disabled 1/1 1003 not-connected 10 20 disabled 1/1 1005 not-connected 10 4 disabled Terry_4000> (enable) show spantree 1/2 Port Vlan Port-State Cost Priority Fast-Start ------ --- ------------ --- -------- ---------- 1/2 1 forwarding 19 32 disabled 1/2 2 forwarding 19 32 disabled 1/2 3 forwarding 19 16 disabled 1/2 4 forwarding 19 16 disabled 1/2 1003 not-connected 19 32 disabled 1/2 1005 not-connected 19 4 disabled Terry_4000> (enable)
Setting the VLAN priority on the IOS-based switches is carried out using the interface command spanning-tree vlan vlan_number port-priority priority. Looking at the default configuration, we can see that the port priority is set to 128.
Terry_2950#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee [Output cut] Interface Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr --------- -------- ------- --------------- --------------------- Fa0/1 128.1 100 BLK 0 1 00b0.6414.1180 128.1 Fa0/24 128.24 20 FWD 0 1 00b0.6414.1180 128.12
If we want to change the VLAN port priority on the 2950 switch to make the port more desirable, then we can reduce the priority as follows:
Terry_2950#conf t Terry_2950(config)#interface fa0/1 Terry_2950(config-if)#spanning-tree vlan 1 port-priority 20 Terry_2950(config-if)#^Z Terry_2950#sho span VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 1 Address 00b0.6414.1180 Cost 20 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000b.be53.2c00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Port ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr ----------- -------- -------- ----------------- ------------ Fa0/1 20.1 20 BLK 0 1 00b0.6414.1180 128.1 Fa0/24 128.24 20 FWD 0 1 00b0.6414.1180 128.12
By changing either the port priority or the port cost, you can persuade the switch to use your chosen paths. However, there are some miscellaneous other STP variables that you can change. We’ll discuss those next.
Changing the STP Timers
The timers are important in an STP network to stop network loops from occurring. The different timers are used to give the network time to update the correct topology information to all the switches and also to determine the whereabouts of all the redundant links.
The problem with the STP timers is that, if a link goes down, it can take up to 50 seconds for the backup link to take over forwarding frames. This is a convergence problem that can be addressed when instability is occurring in the network. The following timers can be changed:
fwddelay
This interval indicates how long it takes for a port to move from listening to learning state and then from learning to forwarding state. The default is 15 seconds, but it can be changed to anywhere from 4 to 30 seconds. If you set this too low, the switch won’t be allowed ample time to make sure no loops will occur before setting a port in forwarding mode. The following switch output shows how to set the fwddelay to 10 seconds:
Terry_4000> (enable) set spantree fwddelay ? Usage: set spantree fwddelay <delay> [vlans] (delay = 4..30 seconds, vlan = 1..1005) Terry_4000> (enable) set spantree fwddelay 10 Spantree 1 forward delay set to 10 seconds.
hello
This is the time interval for sending BPDUs from the root switch. It is set to 2 seconds by default; you would think it couldn’t be set any lower, but it can be increased or decreased. You can set it to 1 second to actually double the amount of BPDUs sent out that must be lost before triggering an unwanted convergence in the network. However, it doubles the CPU load and processing load as well. The following switch output shows how to change the BPDU timers to 1 second:
Terry_4000> (enable) set spantree hello ? Usage: set spantree hello <interval> [vlans] (interval = 1..10, vlan = 1..1005) Terry_4000> (enable) set spantree hello 1 Spantree 1 hello time set to 1 seconds.
maxage
The max age is the amount of time that a switch will hold BPDU information. If a new BPDU is not received before the max age expires, then the BPDU is discarded and is considered invalid. The default is 20 seconds; it can be set to as low as 6 seconds. However, network instability will happen if too many BPDUs are discarded because this timer is set too low. The following output shows how to change the max age of a BPDU to 30 seconds:
Terry_4000> (enable) set spantree maxage ? Usage: set spantree maxage <agingtime> [vlans] (agingtime = 6..40, vlan = 1..1005) Terry_4000> (enable) set spantree maxage 30 Spantree 1 max aging time set to 30 seconds. Terry_4000> (enable)
Rather than directly modifying the timers, it is usually better to modify the size of the network. Table 5.1 referred to a “diameter” value that can be set when selecting the spanning tree root. The diameter used is the width of the network from one side to the other. Three switches daisy-chained together would have a diameter of 3, whereas three configured in a triangle would have a diameter of 2.
The diameter automatically sets the timers to a value appropriate to the size of your network. Setting the timers yourself to low values in a large network risks topological loops because the delay might not be long enough to account for BPDU propagation delay. The best thing to do is to use the diameter option when setting the root and then modify the timers from there, if necessary.
We have been discussing redundant links and STP, but most of the discussion has been about how to make STP run efficiently, and that is by making the non-root port a blocking port. We discussed load balancing only when we showed you how to set the port priority on a per-VLAN basis. However, that really wasn’t load balancing to the degree that is possible with a Cisco switched network. In the next section, we’ll cover the most efficient ways of using redundant links in a large, switched internetwork.
To set similar parameters on the IOS-based switches, use the global command spanning-tree vlan vlan_number options as follows:
Terry_2950(config)#spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions loopguard Spanning tree loopguard options mode Spanning tree operating mode pathcost Spanning tree pathcost options pathcost Spanning tree pathcost options uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree Terry_2950(config)#spanning-tree vlan 1 ? forward-time Set the forward delay for the spanning tree hello-time Set the hello interval for the spanning tree max-age Set the max age interval for the spanning tree priority Set the bridge priority for the spanning tree root Configure switch as root <cr> Terry_2950(config)#spanning-tree vlan 1 forward-time ? <4-30> number of seconds for the forward delay timer Terry_2950(config)#spanning-tree vlan 1 hello-time ? <1-10> number of seconds between generation of config BPDUs Terry_2950(config)#spanning-tree vlan 1 max-age ? <6-40> maximum number of seconds the information in a BPDU is valid