VLAN Trunking Protocol: most commands can be configured in PRIVILEGED, CONFIGURE or DATABASE mode
- Have in mind that there is no way to dis-configure the VTP DOMAIN NAME (by default its NULL). You have to delete flash:vlan.dat and erase the Startup config and reload the router
VTP messages source IP (the IP from which the VTP messages are sourced):
(config)#vtp interface Loopback 1 [only] <- It will not be propagated
Restrict FLOOD TRAFFIC to the TRUNK Interfaces - use VTP PRUNING>
There are 4 types of VTP Advertisments exchanged between the switches:
1. Summary Advertisments - every time VTP database changes (every 300 ms)
2. Subset Advertisments - sent right after SUMMARY, includes what exactly changed
3. Advertisments requested from clients - client requests info to update the VTP database, server responds
4. VTP Membership announcements - when PRUNING is enabled, they tell the neighbor WHAT VLANs they want (if the VLAN is not announced with this message, it is not on the trunk)
Check the PRUNING STATUS:
#show interfaces pruning
Pruning not currently enabled in this device's VTP administrative domain.
ENABLE PRUNING>
#vtp pruning <--- PROPAGATED TO ALL SWITCHES WITHIN THE VTP DOMAIN
Pruning switched on
*VLAN 1 CANNOT BE PRUNED!!!
**VLANs that are used locally also CANNOT BE PRUNED
Spanning Tree: Root Election and Path Tuning
The concept is rather simple - The Switches send these
probes called the BPDUs (Bridge Protocol Data Units) to
discover loops in the network. If the BPDU “returns” – there is a loop in the
network!
BPDU = 4-bit-PRIORITY + MAC Address
Spanning tree is no game, so be extremely careful when
tuning the Priorities, Costs and Port-Priorities in order to manually make the
Switch set your desired path as preferred. Each problem and mis-configuration
can easily cause a major critical situation, as most of the Layer2 Loop
Problems cause your Switches to immediately increase the CPU usage drastically.
For your own stress-free dreams be sure to test in the Pre-Production
environment everything you need to change in your production network regarding
the Spanning Tree.
I´m not going to get into the explaining the Spanning
Tree basics here, as I guess most of the CCIE candidates should be familiar
with it. The focus of this post will be the pure control of the Root Bridge in
your network, and the preferred links.
Set
the Root Bridge
There are two ways to set which Switch within your
network will take the roll or the Root Bridge. They are both based on setting the
priority parameter, and therefore
the Bridge ID.
BRIDGE ID = PRIORITY* + VLAN No + MAC Address
*PRIORITY = N x 4096 (values between 0
and 61440, with 32768 being the mid-value chosen as a "default priority")
Remember about
the STP: LOWER
PRIORITY IS BETTER!!!
1st Way of setting the PRIORITY – SET PRIMARY/SECONDARY
(config)# spanning-tree vlan 1 root [primary |
secondary]
Honestly I don’t like this way because theres a
general confusion among the network engineers that this command somehow
dynamically sets the Switch to maintain its role as a Root Bridge. It doesn’t!!!
It just sets the priority value to the lower value that the CURRENT Root Bridge
has (case of primary), or sets the FIXED
value to the 28672 (case of secondary).
2nd way of setting the PRIORITY – Manual priority command
(config)# spanning-tree vlan 1 priority X*
*X = N x 4096
(values between 0 and 32768)
Personally I prefer this way, makes me that I´ve got
much more control over the L2 network when I set the parameters myself, no
automatic stuff and elections!
Be extremely careful when manually adjusting this
parameter as it will totally alter your Layer 2 Switching Paths. What basically
happens here is that each switch in the network does the following process:
1. Determine
who the Root Bridge is
2. Find the shortest path to the Root Bridge looking at
the COST parameter
1. Block
all the other paths*
*In the basic version of the Per-VLAN Spanning Tree
Protocol, 802.1D the ports have one of the following states:
- ROOT Port –
Used to reach the Root Bridge (Port TOWARDS the Root Bridge)
- DESIGNATED
Port – Forwarding Port (One-Per-Link, Port AWAY from the
Root Bridge)
- BLOCKING (Non-DESIGNATED)
Port – the link where “the tree fell”
On the NEWER versions of this protocol, such as Rapid
STP (802.1w) two new port roles are introduced instead of the BLOCKING port:
- - ALTERNATE
Port – The improvement where the Switch actually “remembers”
its alternative path to reach the Root Bridge in order to failover immediately in
case the primary link goes down
- - EDGE
Port – towards the NON-SWITCH devices, has portfast feature configured
Link
Cost
You´ve already chosen the Root Bridge, everything is
fine, but for some reason – you don’t want your traffic to prefer a certain
link… Why? Well, maybe you´ve got insider information that the cable is bad, that
the cleaning lady sometimes unplugs it by accident, or… well, or you simply
consider it better for your design. Cisco allows you to manually set the COST
of one link to a higher value so that the other link is chosen as the preferred, and that way you gain the control of the Root Port election on your switch.
This is a GNS3 diagram of 3 Switches, and it will
serve for this example. Lets say SW3 is the Root Bridge, and all the links are
100Mbps, which would be the COST of 19. Naturally the SW1 chooses the direct
link towards the SW3 cause it costs him 19 to get there.
Lets sat that for some reason we want to force the SW1
to use the other path to reach the SW3 (the link SW1-SW2-SW3). The cost of that
link is 38, so what do we do? We set the cost of the direct link SW1-SW3 to the
value greater than 38. Let’s go with the value of 39:
(config-if)#
spanning-tree vlan 1 cost 39
*Notice that the configuration is done on the Interface level
Port
Priority
This command is used only when there are more ways to
reach the SAME SWITCH. Sometimes it’s a tie-breaker so be careful, it
determines which ports are in the FWD and which in the BLK state. The default
port priority is 128, so you need to define the lower value in order for the
link to be preferred. The value range is between 0 and 255.
Check the output of the *show
spanning tree interface x details* command on the Cat2 device:
Cat1(config-if)#spanning-tree vlan 1 port-priority 64
Cat2#show spanning-tree vlan 1 int fa0/24 detail Port 24 (FastEthernet0/24) of VLAN0001 is root forwarding Port path cost 19, Port priority 128, Port Identifier 128.24. Designated root has priority 24577, address 0018.1820.2700 Designated bridge has priority 24577, address 0018.1820.2700 Designated port id is 64.26, designated path cost 0 Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 2 Link type is point-to-point by default BPDU: sent 1993, received 697
The important thing is that the UPSREAM value needs to be changed because it’s the RECEIVED port priority that really matters! For the port to be preferred we need to set a smaller value on the Cat1 device, so let’s go with 64:
And when we check the output of the *show spanning tree interface x details* command
again:
Cat2#show spanning-tree vlan 1 interface fa0/24 details
Port 24 (FastEthernet0/24) of VLAN0001 is alternate blocking
Port path cost 19, Port priority 128, Port Identifier 128.24.
Designated root has priority 24577, address 0018.1820.2700
Designated bridge has priority 24577, address 0018.1820.2700
Designated port id is 128.26, designated path cost 0
Timers: message age 1, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 1992, received 306
For more details please check the Cisco official Spanning Tree Configuration reference: Cisco Configuration Guide
Subscribe to:
Posts (Atom)
Most Popular Posts
-
Before we start, lets once again make sure we fully understand what Bridge Domain is. The bridge domain can be compared to a giant distribut...
-
Ever since Cisco bought Insieme and created Cisco ACI, and VMware bought Nicira and created NSX, I've been intensively deep-diving and b...
-
[In collaboration with the guest blogger, Marc Espinosa ] Let's start with the messaging protocols, MQTT and CoAP, and consider which ...
-
By know you should know the following facts about ACI: Cisco Nexus 9k Switches make the ACI Fabric, which is the Control and the Data pla...
-
Get ready to have your mind blown. One of the easiest procedures I've encountered. You just need to follow these 3 steps, to migrate the...
-
The VM-Series firewall for VMware NSX is jointly developed by Palo Alto Networks and VMware. NetX APIs are used to integrate the Palo Alto N...
-
Google has made their Cloud Platform (GCP) so that you can host your application any way your business requires. When we talk about the ...
-
First time we “unpack” ACI, we will find a certain number of potential Spine and potential Leaf switches, and hopefully 3 (or 5) APIC Contro...
-
Narbik Topology for web-iou Disclaimer: I DON’T OWN NOR HAVE AN ACCESS TO THE TOPOLOGY, INITIAL CONFIGS, IOU/IOL BINARIES OR ANY OTHER ...
-
Before I get into the Python for NX-OS, let me explain a few concepts that I've seen Network Engineers have been struggling with. Dev...