Advanced STP Features

PortFast

Allows a port running STP to go directly from blocking to forwarding mode.
This will bypass the 50 second timer (20 seconds max age, 15 seconds listening, 15 seconds learning).

sh spanning-tree interface fastEthernet 0/1
SW(config)#spanning-tree portfast ?
 bpdufilter Enable portfast bpdu filter on this switch
 bpduguard Enable portfast bpdu guard on this switch
 default Enable portfast by default on all access ports

SW(config-if)#spanning-tree portfast ?
 disable Disable portfast for this interface
 trunk Enable portfast on the interface even in trunk mode
 <cr>

UplinkFast

Switch01 has two paths to the root (sw0) where one is FWD and one is BLCK.
With UplinkFast the port that could potentially reach the rootswitch is collectivly refered as an uplinkgroup (includes FWD and BLCK ports). If the FWD port goes down, the other ports will transition to FWD immediately (between 1-3 seconds).
Not recommended on core and distribuition switches making it “PortFast on the access layer”.
UplinkFast is enabled globally and for all VLANs on the switch.

When UplinkFast is enabeld on a switch:

  • STP Priority is increased by 49152 + VLAN SYSTEM ID  ( 49152 + 1 = 49153 ).
  • STP Path Cost is increased by 3000 ( 100Mbit, 19 cost + 3000 = 3019 )
  • Sends multicast frames to 01-00-0C-CD-CD-CD to update the MAC Adress table.

The values are increased so the switch won’t become the rootbridge.

BackboneFast

BackboneFast helps our network recover from indirect link failures.
When the link between Switch0 and Switch2 fails, Switch2 will think it is the Root and sends it to Switch1.

With the above link failure, Switch1 would normally compare the BPDUs where the BDPU from Switch0 will win, making the BPDU from switch2 inferior and ignoring it.
Once the MaxAge from the port to Switch2 hits 0, the port will go in LISTENING mode and relays the information from the BDPU from Switch0 (the superior BPDU).

BackboneFast will speed up this process by skipping the MaxAge Timer.  When an indirect link failure happens the RLQ ( Root Link Query ) goes in action. The RLQ is send from the port receiving the BDPUs “can I receive the root via this port?”.
If the RLQ request matches the RLQ response it is fine and it’s talking to the root bridge.

Root Guard

Rootguard protects the current Root bridge when a switch is added with a superior BPDU.
Switch0 is the Root bridge with a prio of 8192. Switch3 is added with a Prio of 4096:

RootGuard is configured on interface level, the interface on Switch2 to Switch3.
When it received a superior BPDU  on that interface it is discarded and put in the root-inconsistent state.

Switch2(config-if)#spanning-tree guard root
Switch2(config-if)#no shut
Switch2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%SPANTREE-2-ROOTGUARDBLOCK: Port 0/1 tried to become non-designated in VLAN 1.

Moved to root-inconsistent state

Switch2#sh spanning-tree inconsistentports 
Name                 Interface            Inconsistency
-------------------- -------------------- ------------------
VLAN0001             FastEthernet0/1      Root Inconsistent
Number of inconsistent ports (segments) in the system : 1

BDPU Guard

BDPUGuard is a feature to stops receiving all BDPUs on an interface.
RootGuard takes action when a superior BDPU is received, BDPUGuard takes action on all BPDUs and puts the interface down in err-disabled.
You have to manually shut and no shut the interface again.

Switch(config-if)#spanning-tree bpduguard ?
  disable  Disable BPDU guard for this interface
  enable   Enable BPDU guard for this interface
Switch2(config-if)#spanning-tree bpduguard enable
Switch2(config-if)#
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on 0/1, putting 0/1 in err-disable state
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

BPDU Filter and Loop Guard

BPDU filter stops BDPUs from leaving and entering a PortFast-enabled port.


Switch(config)#spanning-tree portfast bpdufilter ?
  disable  Disable BPDU filtering for this switch
  enable   Enable BPDU filtering for this switch

Switch(config-if)#spanning-tree bpdufilter ?
  disable  Disable BPDU filtering for this interface
  enable   Enable BPDU filtering for this interface

The Loop Guard feature is when a link between two switches becomes unidirectional, and only BDPUs are send and not received. The port will go in loop-inconsistent mode to prevent a swiching loop.

Switch(config)#spanning-tree loopguard ?
  default  Enable loopguard by default on all ports

Switch(config-if)#spanning-tree guard ?
  loop  Set guard mode to loop guard on interface
  none  Set guard mode to none
  root  Set guard mode to root guard on interface