Configuring Per-VLAN STP
Per-VLAN Spanning Tree Protocol is the default STP mode on Cisco Catalyst Series Switches. This lab will discuss and demonstrate the configuration and verification of PVST+ root bridge election.
Real World Application & Core Knowledge
So what happens when you plug two non-managed switches together using two crossovers and a PC’s on both switches. I’m after a short period of time you will notice that the LED’s on those switches will be flashing extremely fast and network performance will be slow as a turtle crawling on the internet from Miami to New York.
The reason for this is called a broadcast storm. A Broadcast storm is where a switch forwards a broadcast out all ports except the port the broadcast was received on and when you have two links between switches the broadcast goes back and forth until the links get overwhelmed with broadcast traffic to the point where the network is slower then a 56k modem.
So how do you fix this problem? Its called spanning-tree. Spanning tree is a protocol that detects and eliminate layer two loops in the switching topology to prevent broadcast storms. So when you have two links between two switches, one link gets blocked completely; thus effectively killing the potential for a broadcast storm on a layer two networking loop but also kills the usefulness of a redundant link.
What is the point of two links between two switches if you can only use a single link? How can you fix that to use both links to forward traffic? As previously discussed in a lab you can use a technology called EtherChannel which bundles multiple links into a single logical link and is processed as such. When spanning tree learns about the network it looks at a Port-Channel interface as a single interface and not all the physical interfaces bound in that channel group.
Another fix to use multiple links and not use an ether-channel is to load balance traffic over the two links using different VLAN’s. Link one forwards traffic for the odd VLAN’s and blocks even VLAN traffic and link two forwards even vlan traffic and blocks odd vlan traffic. This will be discussed in Lab 4-15 – Configuring Multiple Spanning Tree Protocol.
The original Spanning Tree protocol (802.1d) is quite outdated by today’s standards and only worked on a single VLAN or a single switch that does not support VLAN’s. Cisco saw the need for Spanning Tree on all VLAN’s and create the proprietary PVST and PVST+ protocols which enable spanning-tree on a per vlan instance. So in this case every single vlan on each switch has its own STP process running to detect and eliminate loops in a layer two switching network.
Spanning tree uses BPDU (Bridge protocol data units) to transmit information between switches regarding switches cost to the root or during root election.
Root is elected by the lowest mac address if the priory is left at the default 32768, or by the lowest priority.
Spanning tree uses different port modes to form a layer two switching topology to ensure no layer two loops exist in the network. You need to be familiar with the different port modes in PVST as given below;
| Mode | Description |
|---|---|
| root | The port that receives the best BPDU that is closest to the root bridge in terms of path cost is called the root port. The root bridge is the only bride in the network that does not have a root port. |
| designated | A port is designated if it can send the best BPDU on the segment to which it is directly connected. On a given LAN segment there can only be a single path towards the root bridge. This port forwards traffic to the LAN segment. Access ports are considered designated ports. |
| alternate | An alternate port is the next best path available back to the root bridge shall the root port fail. |
| backup | A backup port is a port that is connected to a segment where another bridge port already connects. |
The default Spanning Tree mode is PVST on a Cisco Catalyst switch.
In this lab you will familiarize yourself with the following commands;
| Command | Description |
|---|---|
| spanning-tree vlan # root primary | This command is executed from global configuration mode and configures the VLAN specified in the syntax on the switch you’re currently configuring as the root bridge for the specific VLAN on the network. |
| spanning-tree vlan # root secondary | This command is executed from global configuration mode and configures the vlan specified in the syntax on the switch you’re currently on as the backup root bridge shall the root bridge fail in the network. |
| spanning-tree vlan # priority # | This command is executed from global configuration mode and manually sets the bridge priority per vlan on a switch. |
| show spanning-tree vlan # | This command can be executed only in privileged mode and displays spanning-tree information relating to a specific VLAN number. |
| show spanning-tree summary | This command can be executed only in privileged mode and displays a summary of all spanning-tree instances and port counts. |
| show spanning-tree detail | This command can be executed only in privileged mode and displays detailed information on a per port basis of each port participating in a spanning-tree process. |
| show spanning-tree bridge | This command can be executed only in privileged mode and displays all spanning-tree processes per VLAN on the switch and other information including the priority per vlan, the sum of the bridge priority (vlan priority + sys-id-ext), Bridge MAC address, timers and effective spanning tree protocol. |
Lab Prerequisites
- If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2 and SW3.
- Establish a console session with devices SW1, SW2 and SW3 than configure the devices respected hostname(s).
- Configure interfaces Fa0/10, Fa0/11 and Fa0/12 on both SW1 and SW2 in an EtherChannel and configure the channel to trunk.
- Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW1 and interfaces Fa0/10, Fa0/11 and Fa0/12 on SW3 in an EtherChannel and configure the channel to trunk.
- Configure interfaces Fa0/13, Fa0/14 and Fa0/15 on SW2 and interfaces Fa0/13, Fa0/14 and Fa0/15 on SW3 in an EtherChannel and configure the channel to trunk.
- Configure SW1 as a VTP server and SW2 and 3 as VTP clients using the VTP domain name CISCO and VTP Version 2. Create VLAN 10, 20 and 30 on the VTP Server, ensure the VLAN’s have propagated to SW2 and SW3
Lab Objectives
- Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
- Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
- Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.
Lab Instruction
Step 1. – Configure SW1 as the ROOT bridge for VLAN 1 and 10. Verify your configuration on SW2.
To configure SW1 as the ROOT Bridge for VLAN 1 and 10, you can use one of two command. spanning-tree vlan # root primary which determines the best bridge priority and sets it to become the root bridge or you can use the spanning-tree vlan # priority # which manually specifies the priority on a per vlan basis. Remember the lower the priority number the higher higher chance the switch will be the root bridge during an election. If the switch has the lowest priority of all switches then it will automatically become the root per that vlan. Bridge priorities can be a number 0-65535 and must use 4096 increments to abide by the IEEE standard using the sum of the bridge priority and sys-id-ext (which is the VLAN Number). So if you set a priority on vlan 1 to 4096, the sum of the bridge priority and the sys-id-ext will be 4097 and that will be the bridge priority on that switch for that vlan.
Shown below is an example root bridge configuration using the spanning-tree vlan # root primary command;
SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config)#spanning-tree vlan 1 root primary SW1(config)#spanning-tree vlan 10 root primary SW1(config)#end SW1#
To verify your configuration you can use the show spanning-tree vlan # command or the show spanning-tree vlan root command as shown below;
SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 24577 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001c.57d8.9000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------- Po21 Root FWD 9 128.216 P2p Po23 Altn BLK 9 128.232 P2p SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 24586 Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 001c.57d8.9000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- --------------------------- Po21 Root FWD 9 128.216 P2p Po23 Altn BLK 9 128.232 P2p SW2#show span root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port ---------------- -------------------- --------- ----- --- --- ------------ VLAN0001 24577 0014.f2d2.4180 9 2 20 15 Po21 VLAN0010 24586 0014.f2d2.4180 9 2 20 15 Po21 VLAN0020 32788 0014.a964.2e00 9 2 20 15 Po23 VLAN0030 32798 0014.a964.2e00 9 2 20 15 Po23 SW2#
When using the show spanning-tree root command to verify rather or not the current switch you’re on is the root switch you’ll look at the root cost and root port. If you have a root cost of 0 and there is no specified root port then the switch you’re currently on is the root bridge for that vlan. If you have a root cost and root port then that displays the cost to get to the root and which port is the root port per VLAN basis as shown above.
Step 2. – Configure SW2 as the ROOT bridge for VLAN 20. Verify your configuration on SW1.
The configuration to complete this objective will be the same as step 1 as shown below;
SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#spanning-tree vlan 20 root primary SW2(config)#end SW2#
As shown in the verification below you can see that the root bridge has a priority of 24596 and the MAC address of 001c.57d8.9000. The best path to the root bridge is out the root port which is Po12; interface Port-Channel12 is directly connected to SW2. To further verify that SW2 is the root for VLAN 20 you can use the show spanning-tree vlan 20 command on SW2 and verify rather or not the output will say “This bridge is the root”
SW1#show spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 001c.57d8.9000
Cost 9
Port 144 (Port-channel12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 0014.f2d2.4180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po12 Root FWD 9 128.144 P2p
Po13 Altn BLK 9 128.152 P2p
SW1#
Step 3. – Configure SW3 as the ROOT bridge for VLAN 30. Verify your configuration on SW1.
The configuration and verification to complete this objective will be the same as step 2 as shown below;
SW3 con0 is now available Press RETURN to get started. SW3>enable SW3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#spanning-tree vlan 30 root primary SW3(config)#end SW3#
Verification shown below from SW1;
SW1#show spanning-tree vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 24606
Address 0014.a964.2e00
Cost 9
Port 152 (Port-channel13)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 0014.f2d2.4180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ---------------------------
Po12 Desg FWD 9 128.144 P2p
Po13 Root FWD 9 128.152 P2p
SW1#
