Lab 4-13 - Configuring Per-VLAN STP

NOTICE:
Due to the limited feature support of the NM-16ESW, this lab CANNOT be completed using the Free CCNA Workbook GNS3 topology. This lab however can be completed on the Stub Lab.

Real World Application & Core Knowledge

So what happens when you plug two non-managed switches together using two crossovers and a PC’s on both switches. I’m after a short period of time you will notice that the LED’s on those switches will be flashing extremely fast and network performance will be slow as a turtle crawling on the internet from Miami to New York.

The reason for this is called a broadcast storm. A Broadcast storm is where a switch forwards a broadcast out all ports except the port the broadcast was received on and when you have two links between switches the broadcast goes back and forth until the links get overwhelmed with broadcast traffic to the point where the network is slower then a 56k modem.

So how do you fix this problem? Its called spanning-tree. Spanning tree is a protocol that detects and eliminate layer two loops in the switching topology to prevent broadcast storms. So when you have two links between two switches, one link gets blocked completely; thus effectively killing the potential for a broadcast storm on a layer two networking loop but also kills the usefulness of a redundant link.

What is the point of two links between two switches if you can only use a single link? How can you fix that to use both links to forward traffic? As previously discussed in a lab you can use a technology called EtherChannel which bundles multiple links into a single logical link and is processed as such. When spanning tree learns about the network it looks at a Port-Channel interface as a single interface and not all the physical interfaces bound in that channel group.

Another fix to use multiple links and not use an ether-channel is to load balance traffic over the two links using different VLAN’s. Link one forwards traffic for the odd VLAN’s and blocks even VLAN traffic and link two forwards even vlan traffic and blocks odd vlan traffic. This will be discussed in Lab 4-15 – Configuring Multiple Spanning Tree Protocol.

The original Spanning Tree protocol (802.1d) is quite outdated by today’s standards and only worked on a single VLAN or a single switch that does not support VLAN’s. Cisco saw the need for Spanning Tree on all VLAN’s and create the proprietary PVST and PVST+ protocols which enable spanning-tree on a per vlan instance. So in this case every single vlan on each switch has its own STP process running to detect and eliminate loops in a layer two switching network.

Spanning tree uses BPDU (Bridge protocol data units) to transmit information between switches regarding switches cost to the root or during root election.

Root is elected by the lowest mac address if the priory is left at the default 32768, or by the lowest priority.

Spanning tree uses different port modes to form a layer two switching topology to ensure no layer two loops exist in the network. You need to be familiar with the different port modes in PVST as given below;

Mode Description
root The port that receives the best BPDU that is closest to the root bridge in terms of path cost is called the root port. The root bridge is the only bride in the network that does not have a root port.
designated A port is designated if it can send the best BPDU on the segment to which it is directly connected. On a given LAN segment there can only be a single path towards the root bridge. This port forwards traffic to the LAN segment. Access ports are considered designated ports.
alternate An alternate port is the next best path available back to the root bridge shall the root port fail.
backup A backup port is a port that is connected to a segment where another bridge port already connects.

The default Spanning Tree mode is PVST on a Cisco Catalyst switch.

In this lab you will familiarize yourself with the following commands;

Command Description
spanning-tree vlan # root primary This command is executed from global configuration mode and configures the VLAN specified in the syntax on the switch you’re currently configuring as the root bridge for the specific VLAN on the network.
spanning-tree vlan # root secondary This command is executed from global configuration mode and configures the vlan specified in the syntax on the switch you’re currently on as the backup root bridge shall the root bridge fail in the network.
spanning-tree vlan # priority # This command is executed from global configuration mode and manually sets the bridge priority per vlan on a switch.
show spanning-tree vlan # This command can be executed only in privileged mode and displays spanning-tree information relating to a specific VLAN number.
show spanning-tree summary This command can be executed only in privileged mode and displays a summary of all spanning-tree instances and port counts.
show spanning-tree detail This command can be executed only in privileged mode and displays detailed information on a per port basis of each port participating in a spanning-tree process.
show spanning-tree bridge This command can be executed only in privileged mode and displays all spanning-tree processes per VLAN on the switch and other information including the priority per vlan, the sum of the bridge priority (vlan priority + sys-id-ext), Bridge MAC address, timers and effective spanning tree protocol.

Lab Prerequisites

  • If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
  • Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
  • Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 in an EtherChannel and configure the channel to trunk.
  • Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW1 and interfaces Fa0/10, Fa0/11 and Fa0/12 on SW3 in an EtherChannel and configure the channel to trunk.
  • Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW2 and interfaces Fa0/13, Fa0/14 and Fa0/15 on SW3 in an EtherChannel and configure the channel to trunk.
  • Configure SW1 as a VTP server and SW2 and 3 as VTP clients using the VTP domain name CISCO and VTP Version 2. Create VLAN 10, 20 and 30 on the VTP Server, ensure the VLAN’s have propagated to SW2 and SW3.

Lab Objectives

  • Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
  • Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
  • Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.

Lab Instruction

Step 1. – Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.

To configure SW1 as the ROOT Bridge for VLAN 1 and 10, you can use one of two command. spanning-tree vlan # root primary which determines the best bridge priority and sets it to become the root bridge or you can use the spanning-tree vlan # priority # which manually specifies the priority on a per vlan basis. Remember the lower the priority number the higher higher chance the switch will be the root bridge during an election. If the switch has the lowest priority of all switches then it will automatically become the root per that vlan. Bridge priorities can be a number 0-65535 and must use 4096 increments to abide by the IEEE standard using the sum of the bridge priority and sys-id-ext (which is the VLAN Number). So if you set a priority on vlan 1 to 4096, the sum of the bridge priority and the sys-id-ext will be 4097 and that will be the bridge priority on that switch for that vlan.

Shown below is an example root bridge configuration using the spanning-tree vlan # root primary command;

SW1 con0 is now available
 
 
 
Press RETURN to get started.
 
 
 
SW1>enable
SW1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW1(config)#spanning-tree vlan 1 root primary
SW1(config)#spanning-tree vlan 10 root primary
SW1(config)#end
SW1#

To verify your configuration you can use the show spanning-tree vlan # command or the show spanning-tree vlan root command as shown below;

SW2#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     0014.f2d2.4180
             Cost        9
             Port        216 (Port-channel21)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     001c.57d8.9000
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po21                Root FWD 9         128.216  P2p 
Po23                Altn BLK 9         128.232  P2p 


SW2#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    24586
             Address     0014.f2d2.4180
             Cost        9
             Port        216 (Port-channel21)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     001c.57d8.9000
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po21                Root FWD 9         128.216  P2p 
Po23                Altn BLK 9         128.232  P2p 


SW2#show span root

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
---------------- -------------------- --------- ----- --- ---  ------------
VLAN0001         24577 0014.f2d2.4180         9    2   20  15  Po21            
VLAN0010         24586 0014.f2d2.4180         9    2   20  15  Po21            
VLAN0020         32788 0014.a964.2e00         9    2   20  15  Po23            
VLAN0030         32798 0014.a964.2e00         9    2   20  15  Po23            
SW2#

When using the show spanning-tree root command to verify rather or not the current switch you’re on is the root switch you’ll look at the root cost and root port. If you have a root cost of 0 and there is no specified root port then the switch you’re currently on is the root bridge for that vlan. If you have a root cost and root port then that displays the cost to get to the root and which port is the root port per VLAN basis as shown above.

Step 2. – Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.

The configuration to complete this objective will be the same as step 1 as shown below;

SW2 con0 is now available



Press RETURN to get started.



SW2>enable
SW2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW2(config)#spanning-tree vlan 20 root primary
SW2(config)#end
SW2#

As shown in the verification below you can see that the root bridge has a priority of 24596 and the MAC address of 001c.57d8.9000. The best path to the root bridge is out the root port which is Po12; interface Port-Channel12 is directly connected to SW2. To further verify that SW2 is the root for VLAN 20 you can use the show spanning-tree vlan 20 command on SW2 and verify rather or not the output will say “This bridge is the root”

SW1#show spanning-tree vlan 20

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    24596
             Address     001c.57d8.9000
             Cost        9
             Port        144 (Port-channel12)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0014.f2d2.4180
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po12                Root FWD 9         128.144  P2p 
Po13                Altn BLK 9         128.152  P2p 


SW1#

Step 3. – Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.

The configuration and verification to complete this objective will be the same as step 2 as shown below;

SW3 con0 is now available



Press RETURN to get started.



SW3>enable
SW3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#spanning-tree vlan 30 root primary
SW3(config)#end
SW3#

Verification shown below from SW1;

SW1#show spanning-tree vlan 30

VLAN0030
  Spanning tree enabled protocol ieee
  Root ID    Priority    24606
             Address     0014.a964.2e00
             Cost        9
             Port        152 (Port-channel13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32798  (priority 32768 sys-id-ext 30)
             Address     0014.f2d2.4180
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po12                Desg FWD 9         128.144  P2p 
Po13                Root FWD 9         128.152  P2p 


SW1#