Some information about STP. <\/p>\n\n
\n#STP \t\t- 802.1D and enable on all switches by default\n#*PVST \t\t- ie STP (ISL=Intel-Switch Link) only Cisco\n#*PVST+ \t\t- ISL+802.1Q\tcan work with all vendors\n#RSTP \t\t- 802.1w\n#*Rapid PVST+ \t- for average networks, each VLAN has its instance\n#MSTP -802.1s - uses MSTI, backward compatible STP (802.1D) & RSTP (802.1w) for huge networks\n#*MST -\t\t\t- ie MSTP\n\n#Loops->MAC address flapping\n\n\n#RSTP and STP have different priority\n#RSTP link types: EGDE - PC & net deices, Point-to-Point - between switches, Shared - a hub connection. Must operate in half-duplex mode.\n#RSTP port states: Discarding, Learning, Forwarding\n#RSTP port roles: Root, Designated, Alternative, Backup=hub)\n#RSTP built in features: UplinkFast, BackboneFast,Portfast\n#RSTP BPDU send by all switches not just the root bridge\n\n#Interfaces in Blocking state only send or recieve STP messages (called BPDUs)\n#Default Bridge ID priority is 32768 on all switches, so by default the MAC address is used as a tie-breaker.\n#A switch with the lowest MAC address becomes the root bridge.\n#PVST - per VLAN Spaning Tree. Different interfaces can be Forwarding \/ Blocking states.\n\n#Bridge priority is 16 bit (Bridge Priority 4 bits + Extended System ID (VLAN ID) 12 bit)\n#32768\t16384\t8192\t4096 |\t2048\t1024\t...\t1\n |\t\t\t\t\t\t\t\t\t\t\t\t\t|\n default\t\t\t\t\t\t\t\t\t\t \t default\n#Example. For VLAN 1, the default bridge priority is actually 32769 (32768+1)\n#If I want to reduce it\n#0 1 1 1 + VLAN ID 1=28673 (16384+8192+4096+1)\n#In this case I only can use: {0,4096,8192,12288,16384,20480,24576,28672,32768,36864,40960,45056,49152,53248,57344,61440}+1 \n\n#Speed\t\tSTP Cost\n#10 mbit\/s\t\t100\n#100 mbit\/s\t\t19\n#1Gbit\/s\t\t4\n#10Gbit\/s \t\t2\n\n#Root port selection\n#1) Lower root cost\n#2) Lower neighbor bridge ID\n#3) Lower neighbor port ID\n\nenable\n\tconfigure terminal\n\t\tshow spanning-tree\t\t\t#get STP interface information. STP port priority = 128 by default\n\t\tThe neighbor switches port is used to break the tie, not the local switches port ID.\n#Blocking ports\n#1) The switch with the lowest root cost will make its ports designated (all ports)\n#2) If the root cost is the same, the switch with the lowest bridge ID will make its ports designated (all ports)\n#3) The other switches will make its ports non-designated (Blocking)\n\n#Cisco PVST+ uses a destination MAC address of: 01:00:0C:CC:CC:CD\n#Regular STP uses a destination MAC address of: 01:80:C2:00:00:00 \n\n============================STP TOOLKIT=========================\n#PORTFAST\n#BPDU FILTER\n#BPDU GUARD\n#ROOT GUARD\n#UPLINK FAST\n#LOOP GUARD \n#BACKBONEFAST\n#ETHERCHANEL GUARD\n\n#PORTFAST - don`t wait 30 sec. FWD state immediately\n\t\tspanning-tree portfast default\t\t\t\t\t\t#enable portfast by default on all ports in access mode (only PC and devices)\n\t\tint f0\/1\n\t\t\tswitchport portfast\t\t\t\t\t\t\t\t#enable portfast on delected interface (only PC and devices)\n\t\tshow spanning-tree interface <interface> portfast\t#to show portfast state on the interface\n\t\t\n\t#BPDU FILTER - port will not send any BPDU\n\t\tspanning-tree portfast bpdufilter default\t#global enable on all access ports in portfast mode. Switch will not send BPDU.\n\t\t\n\t\t###BUT### if an interface in DTP mode and some switch connected to the interface and BPDU received, the interface join to STP\n\t\t\n\t\tint f0\/1\n\t\t\tspanning-tree bpdufilter enable\t\t\t#stops the port from sending and recieving BPDUs. Don`t connect any swiches \/ LOOP is posible\t\n\t\t\n\t#BPDU GUARD\t- port will shutdown (err-disable) if the switch port recieved any BPDU \n\t\tspanning-tree portfast bpduguard default\t#makes all access ports to use bpduguard <-prefer mode\n\t\tOR\n\t\tint f0\/1\n\t\t\tswitchport portfast\t\t\t\t\t\t#skip 30 sec waiting\n\t\t\tspanning-tree bpduguard enable\t\t\t#to prevent impact from unauthorized switches\n\t\t\n\t\t#if a port with BPDU Guard recieve any BPDUs the port will shutdown with err-disable\n\n#ROOT GUARD - garanties than only selected switch is a root. \n#Doesn`t work with LOOP GUARD\n#If a port recieved lower Bridge ID, the port become root-inconsistent and stop all traffic\n\t\t\tinterface f0\/1\t\t\t\t\t\t\t\t#do it on all ports on the root bridge\n\t\t\t\tspanning-tree guard root\t\t\t\t#enable root guard\n\t\t\tshow spanning-tree inconsistentports\t\t#to check \n#This may be the reason that the link between the switches on both sides may be displayed as designated\n\n#LOOP GUARD -checking for existence BPDUs on ports in Blocking \u0438\u043b\u0438 Listening states. \n#Doesn`t work with ROOT GUARD\n#If a port in Blocking or Forwarding state stoped to recieve BPDU, the port becomes Loop-Inconsistent.\n#When BPDUs recieve again, the port becomes Normal\n#No need to apply on access ports. Use BPDU Guard insted Loop Guard.\n#Some IOS doesn`t support this function\n\n\t\tspanning-tree guard loop default\t\t\t\t#enable loop guard on all trunk ports\n\t\tint g0\/1\n\t\t\tspanning-tree guard loop\t\t\t\t\t#to enable loop guard on the port\n\t\tint range g0\/1-2\n\t\t\tspanning-tree guard loop\t\t\t\t\t#to enable loop guard on the range of ports\n\t\t\n\tshow interface status\n\tshow errdisable recovery\n\tshow logging | include Err\n\n\n\n\n===========================RECOMENDATIONS=======================\n#Enable PortFast and BPDU Guard (per port or by default)\n#Only enable BPDU Filter by default (global config mode) unless you have a very good reason to enable it per port\n\nBPDU Guard and BPDU Filter can be enable at the same port at the same time\n#If BPDU Filter is enabled in global mode and the port recieves BPDU, then:\n\t-BPDU Filter will be disabled port;\n\t-BPDU Guard will be triggered and errdisable the interface\n#If BPDU Filter is enabled in interface config mode and the port recieves a BPDU, then:\n\t-The BPDU packet will be ignored;\n\t-BPDU Guard will not be triggered\n\n=================================================================\n\n\t\tspanning-tree mode {stp | pvst | rapid-pvst | mst }\t#to change STP mode on the switch\n\t\tspanning-tree vlan 1 root primary\t#it will set the root priority to 24576 for VLAN 1, it this priority exists then do -4096\n\t\tspanning-tree vlan 1 root secondary\t#to set redurant root switch for VLAN 1\n\n\n#Port Priority\n\t\tint f0\/24\n\t\t\tspanning-tree port-priority <0-240>\t\t\t\t#must be a multiple of 16. By default=128. It affects the selection of the Designated Port\n\n#Port ID = 16 bits. Port priority (4 bits) + Port Number on the switch (12 bits).\n\t\tint f0\/24\n\t\t\tspanning-tree cost <1-200000000>\t\t\t\t#to change the cost of the interface\n\n\tshow spanning-tree interface <interface> detail\t\t\t\t\t\t\t\t\t#to get more information\n\tshow spanning-tree vlan <vlan_number>\t\t\t\t\t\t\t\t\t\t\t\t#to get more information\n\tshow spanning-tree vlan <vlan_number> interface <interface> detail\t\t\t\t\t#to get more information\n\tshow spanning-tree summary\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n\tshow running-config | include spanning-tree\t\t\t\t\t\t\t\t\t\t\t#to show a field related STP in the running config \n\tshow interface <interface> status err-disable\t\t\t\t\t\t\t\t\t\t#to show the reason why port disabled\n\n#UPLINKFAST\n#Do not use it on the root bridge and no need to use in RSTP\n#An alternate Port become a root at the same time, then root port failed. State Blocking->Forwardind. \n#Then, using multicast group, it sends MAC addresses to other switches they to update paths (came table!?).\n#Active UplinkFast \u0430utomaticaly increases ports cost to prevent the switch from becoming root.\n\t\tspanning-tree uplinkfast\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#enable uplinkfast \n\t\tspanning-tree uplinkfast max-update-rate <0-65535>\t\t\t\t\t\t\t\t\t#packet per second to send MAC addresses\n\t\n\t\n#BACKBONEFAST\n#the mechanism used in the Spanning Tree Protocol (STP) to speed up the restoration of connectivity in the network when an indirect \n#link failure occurs. A non-direct error occurs if the failure occurred not on the root port of the switch, but somewhere in the \n#intermediate segment.\n#No need to use in RSTP\n#Must be enable on all switches in STP\n\t\tspanning-tree backbonefast\t\t\t\t\t\t\t#to activate\n\tshow spanning-tree backbonefast\t\t\t\t\t\t\t#to check the status\n\t\n\t\n#ETHERCHANEL GUARD\n#Enable by default\n#Monitors whether the settings of all ports involved in the EtherChannel are consistent. \n#If parameters such as speed, duplex, or EtherChannel mode do not match, the ports are switched to the err-disable state.\n\t\tspanning-tree etherchannel guard misconfig\t\t\t#to activate\n\tshow spanning-tree summary\t\t\t\t\t\t\t\t#to check the status\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"Some information about STP. <\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[],"tags":[],"_links":{"self":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/739"}],"collection":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=739"}],"version-history":[{"count":2,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/739\/revisions"}],"predecessor-version":[{"id":743,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=\/wp\/v2\/pages\/739\/revisions\/743"}],"wp:attachment":[{"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itgen.itbumper.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}