The Net: Spanning tree

Showing posts with label Spanning tree. Show all posts

Saturday, May 22, 2010

spanning tree MST on Cat 6500, 4500, 3500

use the same network from previous lab, just remove the 3560 and Po64

let's focus on the two link between CORE1 and CORE2, and take VLAN 10, 20 as an example

before we go tot MST, there's something i forgot to mention on previous lab, this is one way to do the load balancing without using Etherchannel

CORE1#sh span vl 20

...

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/1            Desg FWD 4         128.1    P2p

Gi1/2            Desg FWD 4         128.2    P2p

Gi1/3            Desg FWD 19        128.3    P2p

CORE2#sh span vl 20

...

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi7/1            Root FWD 4         128.769  P2p

Gi7/2            Altn BLK 4         128.770  P2p

Gi7/5            Desg FWD 19        128.773  P2p

result for VLAN 10 also should be the same, so here's what we gonna do, we want to split VLAN 10 to use Gi7/1 and VLAN 20 to use Gi7/2,

and please take a close looks on port priority (in green), because we gonna manipulate this value the get the result

CORE1#sh span vlan 10

...

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/1            Desg FWD 4          16.1    P2p

Gi1/2            Desg FWD 4         128.2    P2p

Gi1/3            Desg FWD 19        128.3    P2p

CORE1#sh span vlan 20

....

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi1/1            Desg FWD 4         128.1    P2p

Gi1/2            Desg FWD 4          16.2    P2p

Gi1/3            Desg FWD 19        128.3    P2p

now the cost has changed, let's check on CORE2, VLAN 20 should have a different Root port by now

---------------- ---- --- --------- -------- --------------------------------

Gi7/1            Altn BLK 4         128.769  P2p

Gi7/2            Root FWD 4         128.770  P2p

Gi7/5            Desg FWD 19        128.773  P2p

now we go to MST

we'll create

a region REG1
instance 1, VLAN 10, 30, Root no CORE1
instance 2, VLAN 20, 40, Root on CORE2

CORE1(config)#spanning-tree mode mst

CORE1(config)#spanning-tree mst configuration

CORE1(config-mst)#revision 1

CORE1(config-mst)#name REG1

CORE1(config-mst)#instance 1 vlan 10, 30

CORE1(config-mst)#exit

CORE1(config)#spanning-tree mst 1 priority 8192

CORE1(config)#spanning-tree mst conf

CORE1(config-mst)#instance 2 vlan 20, 40

CORE1(config)#spanning-tree mst 2 prio 16384

run almost the same conf on CORE2, just change the priority for instance 1 and 2 to change the Root for each instance

CORE2(config)#spanning-tree mode mst

CORE2(config)#spanning-tree mst conf

CORE2(config-mst)#revision 1

CORE2(config-mst)#name REG1

CORE2(config-mst)#instance 1 vlan 10, 30

CORE2(config-mst)#exit

CORE2(config)#spanning-tree mst 1 priority 16384

CORE2(config)#spanning-tree mst conf

CORE2(config-mst)#instance 2 vlan 20, 40

CORE2(config-mst)#exi

CORE2(config)#spanning-tree mst 2 priority 8192

on Dist1, just run both of the instance

DIST1(config)#span mode mst

DIST1(config)#span mst conf

DIST1(config-mst)#rev 1

DIST1(config-mst)#name REG1

DIST1(config-mst)#inst 1 vlan 10, 30

DIST1(config-mst)#inst 2 vlan 20, 40

let's check is it working, by right, VLAN 10 Root is CORE1, 20 is CORE2

CORE2#sh span vl 10

MST1

  Spanning tree enabled protocol mstp

Root ID Priority 8193 bridge prio for VLAN 10 is 8193
Address 0019.0787.3000

             Cost        20000

Port 769 (GigabitEthernet7/1) via this port (CORE1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

  Bridge ID  Priority    16385  (priority 16384 sys-id-ext 1)

             Address     0019.a908.ac00

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi7/1            Root FWD 20000     128.769  P2p

Gi7/2 Altn BLK 20000 128.770 P2p An alternate port is the next best path available back to the root bridge shall the root port fail

Gi7/5            Desg FWD 200000    128.773  P2p

CORE2#sh span vla 20

MST2

  Spanning tree enabled protocol mstp

  Root ID    Priority    8194

             Address     0019.a908.ac00

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8194   (priority 8192 sys-id-ext 2)

             Address     0019.a908.ac00

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi7/1            Desg FWD 20000     128.769  P2p

Gi7/2            Desg FWD 20000     128.770  P2p

Gi7/5 Desg FWD 200000 128.773 P2p Root bridge ports are all in FWD state

on DIST1

DIST1#sh span root

                                        Root    Hello Max Fwd

MST Instance           Root ID          Cost    Time  Age Dly  Root Port

---------------- -------------------- --------- ----- --- ---  ------------

MST0             32768 0018.19b2.58c0         0    2   20  15

MST1 8193 0019.0787.3000 200000 2 20 15 Fa4/3 root port for instance 1 (VLAN 10, 30)
MST2 8194 0019.a908.ac00 200000 2 20 15 Fa4/5 this is for instance 2

to confirm this, check which switch on Fa4/3 and Fa4/5

DIST1#sh cdp ne

Device ID        Local Intrfce     Holdtme    Capability Platform Port ID
CORE2            Fas 4/5           159             R S I WS-C6509- Gig 7/5 now confirm that Instance 2 root is CORE2
CORE1            Fas 4/3           173             R S I WS-C6509- Gig 1/3

happy Switching ;)

Thursday, May 20, 2010

spanning tree on Cat 6500, 4510 and 3560

make sure all the cabling are fine and working, show CDP should be able to show all it's neighbor

set all the connected port above to be a trunking port

ex using int range command on CORE1 to set trunk on int Gi1/1 until Gi1/3

CORE1(config)#interface range gigabitEthernet 1/1 - 3

CORE1(config-if-range)#switchport trunk encapsulation dot1q

CORE1(config-if-range)#switchport mode trunk

configure etherchannel between CORE1 and CORE2

interface GigabitEthernet1/1 (same for Gi1/2)

 switchport

 switchport trunk encapsulation dot1q

 switchport mode trunk

 no ip address

 channel-protocol lacp

 channel-group 64 mode active

end

this will automatically create etherchannel, Po64, make sure all the attribute in physical port applied the same to the port channel

interface Port-channel64
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
end

*once you start your switch, check the name, if 'router>' then all ports are layer3 port and by default is administratively shutdown, change it to switchport (layer2)
*if start with 'switch>', then it shouldn't be any problem

make sure you configure this on all ports above, next is creating management VLAN interface, we'll use VLAN1 to be the management VLAN, by default all port are belong to this VLAN

configure on CORE1

interface Vlan1

 ip address 172.16.1.1 255.255.255.0

end

use the same subnet for int VLAN1 on CORE2, DIST1 and ACC1, just change the last octet to 2, 3 and 4 accordingly

now all the int VLAN are up, if not then you might want to check on the trunk conf, make sure it's working

use this command, and make sure all of your trunk ports are listed, check on all switch

DIST1#sh interface trunk

Port        Mode             Encapsulation  Status        Native vlan

Fa4/3       on               802.1q         trunking      1

Fa4/5       on               802.1q         trunking      1

Fa4/7       on               802.1q         trunking      1

Port        Vlans allowed on trunk

Fa4/3       1-4094

Fa4/5       1-4094

Fa4/7       1-4094

Port        Vlans allowed and active in management domain

..

configure enable and line vty password before you can telnet all the switch using VLAN1 ip address

DIST1(config)#enable secret cisco

DIST1(config)#line vty 0 15

DIST1(config-line)#password cisco

DIST1(config-line)#privilege level 15

the line will make sure you telnet session automatically goes into the enable mode

now you should be able to telnet to all the others switch

next we'll conf VTP for easy VLAN management, on CORE1

CORE1(config)#vtp mode server

CORE1(config)#vtp domain AMD

CORE1(config)#vtp version 2

conf the CORE2, DIST1 and ACC1 to be mode client

create 4 VLAN on CORE2

CORE1(config)#vlan 10

CORE1(config)#vlan 20

CORE1(config)#vlan 30

CORE1(config)#vlan 40

show vlan on all the switch, make sure all have the same VLAN, if not then troubleshoot your VTP

now we move to spanning-tree, how to configure it? no need, by default it is turned on already(PVST), but we can control the behavior of spanning tree by manipulating a few attributes

lowest priority will become a root, if all are same value, then lowest mac address take place
in this case CORE1 has the lowest priority

show spanning-tree vlan [VLAN number]
*use show spanning-tree to to get the result for every single VLAN

by default, a single switch will become a root bridge for every single VLAN inside your network

CORE1>sh span vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID    Priority    8192 this value should be same as Bridge ID (below), because the switch itself is Root
             Address     0019.0787.300a
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    8192 priority value and ID for this switch
             Address     0019.0787.300a
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/3            Desg FWD 19        128.3    P2p all ports in Root should be in FWD mode
Po64             Desg FWD 3         128.1665 P2p

CORE2#sh span vla 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     0019.0787.300a
             Cost        3
             Port        1665 (Port-channel64) local port going to Root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768 this switch can't become a Root because CORE1 has a lower priority
             Address     0019.a908.ac0a
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/5            Desg FWD 19        128.773 P2p port that forward traffic to the LAN segment
Po64             Root FWD 3         128.1665 P2p closest port to the root in term of cost

now we'll configure per VLAN spanning-tree, mean that we manually configure each VLAN it's own Root
there's two command to achieve this

spanning-tree vlan [VLAN X] root primary/secondary
OR
spanning-tree vlan [VLAN X] priority [Bridge ID]

we have created VLAN 10, 20, 30 and 40
divide into 2, 10 and 30 root on CORE1
20 and 40 root on CORE2

CORE1(config)#spanning-tree vlan 10 root primary
CORE1(config)#spanning-tree vlan 30 root primary

CORE2(config)#spanning-tree vlan 20 root primary
CORE2(config)#spanning-tree vlan 40 root primary

CORE2#show spanning-tree vlan 20

let's confirm this

VLAN0020
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     0019.a908.ac14
             This bridge is the root now this switch is the root for VLAN 20
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    8192
             Address     0019.a908.ac14
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/5            Desg FWD 19        128.773 P2p
Po64             Desg FWD 3         128.1665 P2p

check on all the other 3 VLANs for their root

now you can configure secondary root for each VLAN using the same approach

for the second command,
remove all the configuration that we just put in, we should have the Bridge ID (by know you should know how to get the Bridge ID)
but now the problem is, all my switch have the same Bridge priority : 32788 and since CORE1 has the lowest mac, it's now the Root for all VLANs

so, I've set VLAN 10 and 30 to have a higher priority value than it's Root for now

CORE1#spanning-tree vlan 10,30 priority 36864

check on CORE2, that fella should be the Root for VLAN 20 and 30 right now

we can also confirm this on DIST1

DIST1#show spanning-tree vlan 10

VLAN0010
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     0019.a908.ac0a
             Cost        19
             Port        197 (FastEthernet4/5)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32778 (priority 32768 sys-id-ext 10)
             Address     0018.19b2.58c0
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa4/3               Altn BLK 19        128.195 P2p
Fa4/5               Root FWD 19        128.197 P2p root port for VLAN 10 is different than 20 (below), Fa4/3 connect to CORE1, Fa4/5 to CORE2

DIST1#show spanning-tree vlan 20

VLAN0020
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     0019.0787.3014
             Cost        19
             Port        195 (FastEthernet4/3)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32788 (priority 32768 sys-id-ext 20)
             Address     0018.19b2.58c0
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa4/3               Root FWD 19        128.195 P2p connect to CORE1, it's the Root for VLAN20
Fa4/5               Altn BLK 19        128.197 P2p

another useful command

DIST1#show spanning-tree interface fastEthernet 4/5

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Altn BLK 19        128.197 P2p
VLAN0010            Root FWD 19        128.197 P2p
VLAN0020            Altn BLK 19        128.197 P2p
VLAN0030            Root FWD 19        128.197 P2p
VLAN0040            Altn BLK 19        128.197 P2p
VLAN0050            Altn BLK 19        128.197 P2p

Monday, March 8, 2010

Spanning tree, PVST lab - GNS3

as usual, i'm using cisco 3740 with additional slot NM-16ESW.
for the 1st stage, we only use one link for every connection between every switch (i'll refer the router as the switch for the rest of the tutorial)

configure on D1, port fast 1/1 and 1/7
no shutdown
switchport trunk encap dot1q
switchport mode trunk

on D2, no span tree yet on D2 because all port still down
D2(config)#do sh span br
No spanning tree instances exist.

configure the same we did on D2 for port 1/1 and 1/3
immediately after port change to trunk mode, you'll notice that it is in the listenin(LIS) mode
this is when they running the algorithm to find a loop
later the status will change to (learn)LRN then (forwarding)FWD
D2(config-if)#do sh sp br
  ...

  Name Port ID Prio Cost Sts Cost Bridge ID Port ID
  -------------------- ------- ---- ----- --- ----- -------------------- -------
  FastEthernet1/1 128.42 128 19 LIS 0 32768 c404.0f45.0000 128.42

apply the same configuration for the A2 and A1

on A2, fast 1/5 and 1/3

on A1, fast 1/5 and 1/7 (once this int is up, then looping will happen)

there will be no blocked port until you configure the fast 1/7, where the looping start to exist

right after fast 1/7 up, spanning tree will find and choose which port need to be blocked

now show the spanning tree on each switch

D1#show spanning-tree br

VLAN1

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address c404.0f45.0000

This bridge is the root //this switch was elected as root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address c404.0f45.0000

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 0

Interface Designated

Name Port ID Prio Cost Sts Cost Bridge ID Port ID

-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet1/1 128.42 128 19 FWD 0 32768 c404.0f45.0000 128.42

FastEthernet1/7 128.48 128 19 FWD 0 32768 c404.0f45.0000 128.48

D2#show span br

VLAN1

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address c404.0f45.0000

Cost 19

Port 42 (FastEthernet1/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address c405.0f45.0000

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 0

Interface Designated

Name Port ID Prio Cost Sts Cost Bridge ID Port ID

-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet1/1 128.42 128 19 FWD 0 32768 c404.0f45.0000 128.42

FastEthernet1/3 128.44 128 19 FWD 19 32768 c405.0f45.0000 128.44

A2#sh span br

VLAN1

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address c404.0f45.0000

Cost 38

Port 44 (FastEthernet1/3)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address c407.0f45.0000

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 0

Interface Designated

Name Port ID Prio Cost Sts Cost Bridge ID Port ID

-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet1/3 128.44 128 19 FWD 19 32768 c405.0f45.0000 128.44

FastEthernet1/5 128.46 128 19 BLK 19 32768 c406.0f45.0000 128.46 //blocked port

A1#show spanning-tree br

VLAN1

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address c404.0f45.0000

Cost 19

Port 48 (FastEthernet1/7)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address c406.0f45.0000

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 0

Interface Designated

Name Port ID Prio Cost Sts Cost Bridge ID Port ID

-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet1/5 128.46 128 19 FWD 19 32768 c406.0f45.0000 128.46

FastEthernet1/7 128.48 128 19 FWD 0 32768 c404.0f45.0000 128.48

by default, switch with the lowest MAC address will be chosen as the root, to change this, try apply spanning-tree vlan 1 root primary on D2

D2(config)#spanning-tree vlan 1 root primary

VLAN 1 bridge priority set to 8192

VLAN 1 bridge max aging time unchanged at 20

VLAN 1 bridge hello time unchanged at 2

VLAN 1 bridge forward delay unchanged at 15

now check again, D2 should be the root now.

D2#show spanning-tree bri

VLAN1

Spanning tree enabled protocol ieee

Root ID Priority 8192

Address c405.0f45.0000

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ....

if you have multiple VLAN, you can chose which switch to be the root by applying the same command, just change the VLAN number

let's try this out, first, configure VTP for easy management on VLAN

D1(vlan)#vtp domain LAB

Domain name already set to LAB .

D1(vlan)#vtp server

Setting device to VTP SERVER mode

do the same for all the other 3 switches, just the change to CLIENT mode

then, create 1 VLAN on VTP sever (D1)

D1(vlan)#vlan 100 name seratus

VLAN 100 added:

Name: seratus

make sure all other switches have the same vlan database

A1#show vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa1/0, Fa1/1, Fa1/2, Fa1/3

Fa1/4, Fa1/6, Fa1/8, Fa1/9

Fa1/10, Fa1/11, Fa1/12, Fa1/13

Fa1/14, Fa1/15

100 seratus active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

by default calculation, D1 will be the root switch

D1#show spanning-tree br

....

VLAN100

Spanning tree enabled protocol ieee

Root ID Priority 32768

Address c404.0f45.0001

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768

Address c404.0f45.0001

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 0

Interface Designated

Name Port ID Prio Cost Sts Cost Bridge ID Port ID

-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet1/1 128.42 128 19 FWD 0 32768 c404.0f45.0001 128.42

FastEthernet1/7 128.48 128 19 FWD 0 32768 c404.0f45.0001 128.48

Simply repeat the step above to change the root for specific switch ;)

now bring up all the other port as trunk so each switch have 2 link between them, then you should see more clearly which port being blocked due to redundancy

ah, it is almost 5AM, i'm so lazy to paste all result here, furthermore i got Livepool game to watch later, so i'll just print screen all the result here

Pages

Saturday, May 22, 2010

spanning tree MST on Cat 6500, 4500, 3500

Thursday, May 20, 2010

spanning tree on Cat 6500, 4510 and 3560

Monday, March 8, 2010

Spanning tree, PVST lab - GNS3