{"id":452,"date":"2017-11-28T09:45:11","date_gmt":"2017-11-28T08:45:11","guid":{"rendered":"http:\/\/www.quisted.net\/?p=452"},"modified":"2017-11-28T09:45:11","modified_gmt":"2017-11-28T08:45:11","slug":"advanced-stp-features","status":"publish","type":"post","link":"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/","title":{"rendered":"Advanced STP Features"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/#PortFast\" >PortFast<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/#UplinkFast\" >UplinkFast<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/#BackboneFast\" >BackboneFast<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/#Root_Guard\" >Root Guard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/#BDPU_Guard\" >BDPU Guard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.quisted.net\/index.php\/2017\/11\/28\/advanced-stp-features\/#BPDU_Filter_and_Loop_Guard\" >BPDU Filter and Loop Guard<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"PortFast\"><\/span><span style=\"color: #3366ff;\"><strong>PortFast<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>Allows a port running STP to go directly from <strong><span style=\"color: #ff0000;\">blocking<\/span> <\/strong>to <strong><span style=\"color: #339966;\">forwarding <\/span><\/strong>mode.<br \/>\nThis will bypass the 50 second timer (20 seconds max age, 15 seconds listening, 15 seconds learning).<\/p>\n<pre>sh spanning-tree interface fastEthernet 0\/1\nSW(config)#spanning-tree portfast ?\n<strong> bpdufilter<\/strong> Enable portfast bpdu filter on this switch\n <strong>bpduguard<\/strong> Enable portfast bpdu guard on this switch\n <strong>default<\/strong> Enable portfast by default on all access ports\n\nSW(config-if)#spanning-tree portfast ?\n <strong>disable<\/strong> Disable portfast for this interface\n <strong>trunk<\/strong> Enable portfast on the interface even in trunk mode\n &lt;cr&gt;\n\n<\/pre>\n<h1><span class=\"ez-toc-section\" id=\"UplinkFast\"><\/span><span style=\"color: #3366ff;\"><strong>UplinkFast<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><a href=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/uplinkfast-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-464 size-full\" src=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/uplinkfast-1.png\" alt=\"\" width=\"630\" height=\"259\" srcset=\"https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/uplinkfast-1.png 630w, https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/uplinkfast-1-300x123.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p>Switch01 has two paths to the root (sw0) where one is <span style=\"color: #339966;\"><strong>FWD<\/strong><\/span> and one is <span style=\"color: #ff0000;\"><strong>BLCK.<\/strong><\/span><br \/>\nWith UplinkFast the port that could potentially reach the rootswitch is collectivly refered as an uplinkgroup (includes <strong><span style=\"color: #339966;\">FWD<\/span><\/strong> and <span style=\"color: #ff0000;\"><strong>BLCK<\/strong><\/span> ports). If the <span style=\"color: #339966;\"><strong>FWD<\/strong><\/span> port goes down, the other ports will transition to <strong><span style=\"color: #339966;\">FWD<\/span> <\/strong>immediately (between <span style=\"color: #0000ff;\">1-3 seconds<\/span>).<br \/>\nNot recommended on core and distribuition switches making it &#8220;PortFast on the access layer&#8221;.<br \/>\nUplinkFast is enabled globally and for all VLANs on the switch.<\/p>\n<p><!--more--><\/p>\n<p>When UplinkFast is enabeld on a switch:<\/p>\n<ul>\n<li>STP Priority is increased by 49152 + VLAN SYSTEM ID\u00a0 ( 49152 + 1 = <strong>49153<\/strong> ).<\/li>\n<li>STP Path Cost is increased by 3000 ( 100Mbit, 19 cost + 3000 = <strong>3019 )<\/strong><\/li>\n<li>Sends multicast frames to <span class=\"st\">01-00-0C-CD-CD-CD<\/span> to update the MAC Adress table.<\/li>\n<\/ul>\n<p>The values are increased so the switch won&#8217;t become the rootbridge.<\/p>\n<h1><span class=\"ez-toc-section\" id=\"BackboneFast\"><\/span><span style=\"color: #3366ff;\"><strong>BackboneFast<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><a href=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-468 size-full\" src=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast.png\" alt=\"\" width=\"630\" height=\"259\" srcset=\"https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast.png 630w, https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast-300x123.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p>BackboneFast helps our network recover from indirect link failures.<br \/>\nWhen the link between Switch0 and Switch2 fails, Switch2 will think it is the Root and sends it to Switch1.<\/p>\n<p><a href=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-469 size-full\" src=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast2.png\" alt=\"\" width=\"630\" height=\"259\" srcset=\"https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast2.png 630w, https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/backbonefast2-300x123.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p>With the above link failure, Switch1 would normally compare the BPDUs where the BDPU from Switch0 will win, making the BPDU from switch2 <strong>inferior<\/strong> and ignoring it.<br \/>\nOnce the <span style=\"color: #0000ff;\"><strong>MaxAge<\/strong><\/span> from the port to Switch2 hits 0, the port will go in LISTENING mode and relays the information from the BDPU from Switch0 (the <strong>superior<\/strong> BPDU).<\/p>\n<p>BackboneFast will speed up this process by <strong>skipping<\/strong> the <strong><span style=\"color: #0000ff;\">MaxAge Timer.<\/span>\u00a0 <\/strong>When an indirect link failure happens the <strong>RLQ<\/strong> ( Root Link Query ) goes in action. The <strong>RLQ<\/strong> is send from the port receiving the BDPUs <em>&#8220;can I receive the root via this port?&#8221;.<\/em><br \/>\nIf the <strong>RLQ request<\/strong> matches the <strong>RLQ response<\/strong> it is fine and it&#8217;s talking to the root bridge.<\/p>\n<h1><span class=\"ez-toc-section\" id=\"Root_Guard\"><\/span><span style=\"color: #3366ff;\"><strong>Root Guard<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>Rootguard protects the current Root bridge when a switch is added with a superior BPDU.<br \/>\nSwitch0 is the Root bridge with a prio of 8192. Switch3 is added with a Prio of 4096:<\/p>\n<p><a href=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/rootguard-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-476 size-full\" src=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/rootguard-1.png\" alt=\"\" width=\"630\" height=\"259\" srcset=\"https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/rootguard-1.png 630w, https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/rootguard-1-300x123.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p>RootGuard is configured on interface level, the interface on Switch2 to Switch3.<br \/>\nWhen it received a superior BPDU\u00a0 on that interface it is discarded and put in the <em>root-inconsistent <\/em>state.<\/p>\n<pre><strong>Switch2(config-if)#spanning-tree guard root\nSwitch2(config-if)#no shut\nSwitch2(config-if)#<\/strong>\n%LINK-5-CHANGED: Interface FastEthernet0\/1, changed state to up\n\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/1, changed state to up\n%SPANTREE-2-ROOTGUARDBLOCK: Port 0\/1 tried to become non-designated in VLAN 1.\n\nMoved to root-inconsistent state\n\n<strong>Switch2#sh spanning-tree inconsistentports<\/strong> \nName                 Interface            Inconsistency\n-------------------- -------------------- ------------------\nVLAN0001             FastEthernet0\/1      Root Inconsistent\nNumber of inconsistent ports (segments) in the system : 1\n<\/pre>\n<h1><span class=\"ez-toc-section\" id=\"BDPU_Guard\"><\/span><strong><span style=\"color: #3366ff;\">BDPU Guard<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><a href=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/bdpuguard.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-479 size-full\" src=\"http:\/\/vps.quisted.net\/wp-content\/uploads\/2017\/11\/bdpuguard.png\" alt=\"\" width=\"630\" height=\"259\" srcset=\"https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/bdpuguard.png 630w, https:\/\/www.quisted.net\/wp-content\/uploads\/2017\/11\/bdpuguard-300x123.png 300w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p><strong>BDPUGuard<\/strong> is a feature to stops receiving all BDPUs on an interface.<br \/>\n<strong>RootGuard<\/strong> takes action when a superior BDPU is received, <strong>BDPUGuard<\/strong> takes action on all BPDUs and puts the interface down in <em>err-disabled.<br \/>\n<\/em>You have to manually <em>shut<\/em> and <em>no shut<\/em> the interface again.<em><br \/>\n<\/em><\/p>\n<pre><strong>Switch(config-if)#spanning-tree bpduguard ?<\/strong>\n  disable  Disable BPDU guard for this interface\n  enable   Enable BPDU guard for this interface\n<\/pre>\n<pre><strong>Switch2(config-if)#spanning-tree bpduguard enable\nSwitch2(config-if)#<\/strong>\n%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0\/1 with BPDU Guard enabled. Disabling port.\n%PM-4-ERR_DISABLE: bpduguard error detected on 0\/1, putting 0\/1 in err-disable state\n%LINK-5-CHANGED: Interface FastEthernet0\/1, changed state to administratively down\n%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0\/1, changed state to down\n<\/pre>\n<h1><span class=\"ez-toc-section\" id=\"BPDU_Filter_and_Loop_Guard\"><\/span><span style=\"color: #3366ff;\"><strong>BPDU Filter and Loop Guard<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>BPDU filter stops BDPUs from <strong>leaving<\/strong> and <strong>entering<\/strong> a PortFast-enabled port.<\/p>\n<pre><strong>\nSwitch(config)#spanning-tree portfast bpdufilter ?<\/strong>\n  disable  Disable BPDU filtering for this switch\n  enable   Enable BPDU filtering for this switch\n\n<strong>Switch(config-if)#spanning-tree bpdufilter ?<\/strong>\n  disable  Disable BPDU filtering for this interface\n  enable   Enable BPDU filtering for this interface\n<\/pre>\n<p>The <strong>Loop Guard<\/strong> feature is when a link between two switches becomes unidirectional, and only BDPUs are send and not received. The port will go in <em>loop-inconsistent mode <\/em>to prevent a swiching loop.<\/p>\n<pre><strong>Switch(config)#spanning-tree loopguard ?<\/strong>\n  default  Enable loopguard by default on all ports\n\n<strong>Switch(config-if)#spanning-tree guard ?<\/strong>\n  loop  Set guard mode to loop guard on interface\n  none  Set guard mode to none\n  root  Set guard mode to root guard on interface\n<\/pre>\n<h3><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>PortFast Allows a port running STP to go directly from blocking to forwarding mode. This will bypass the 50 second timer (20 seconds max age, 15 seconds listening, 15 seconds learning). sh spanning-tree interface fastEthernet 0\/1 SW(config)#spanning-tree portfast ? bpdufilter Enable portfast bpdu filter on this switch bpduguard Enable portfast bpdu guard on this switch [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[16,9],"tags":[],"class_list":["post-452","post","type-post","status-publish","format-standard","hentry","category-stp","category-switch"],"_links":{"self":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/comments?post=452"}],"version-history":[{"count":0,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/posts\/452\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/media?parent=452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/categories?post=452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quisted.net\/index.php\/wp-json\/wp\/v2\/tags?post=452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}