Saturday 26 October 2019

STP Fast PVST + Configuration on Cisco

STP Fast PVST + Configuration on Cisco

This article will describes the STP & Fast PVST + Configuration on Cisco, you will learn steps and commands to take into account to configure PVST + and PVST + fast.
PVST + configuration on Cisco
The table shows the default expansion tree configuration for a Cisco Catalyst 2960 series switch. Note that the default expansion tree mode is PVST + .

Configuration and verification of the bridge ID

When an administrator wishes to select a specific switch as a root bridge, the bridge priority value must be adjusted to ensure that it is lower than the bridge priority values ​​of the rest of the switches in the network. There are two different methods to configure the bridge priority value on a Cisco Catalyst switch.
Method 1
To ensure that a switch has the lowest bridge priority value, use the spanning-tree vlan id-vlan root primary command in global configuration mode. The priority for the switch is set to the default value 24576 or the highest multiple of 4096, less than the priority of the lowest bridge detected in the network.
If another root bridge is desired, use the spanning-tree vlan id-vlan root secondary command in global configuration mode. This command sets the priority for the switch to the default value 28672. This ensures that the alternate switch becomes the root bridge if the main root bridge fails. It is assumed that the rest of the switches in the network have the default priority value 32768 defined.

In Image 1, S1 was assigned as the main root bridge using the spanning-tree vlan 1 root primary command , and S2 was configured as a secondary root bridge using the spanning-tree vlan 1 root secondary command .
 Method 2
Another method to configure the bridge priority value is to use the spanning-tree vlan id-vlan priority value of the global configuration mode. This command gives more detailed control of the priority value of the bridge. The priority value is set in increments of 4096 between 0 and 61440.
In the example in Image 1, bridge priority value 24576 was assigned to S3 using the spanning-tree vlan 1 priority 24576 command.
To verify the priority of a switch's bridge, use the show spanning-tree command . In Image 2, the switch priority was set to 24576. Also, note that the switch is designated as the root bridge for the expansion tree instance.

 PortFast and BPDU protection

PortFast is a feature of Cisco for PVST + environments. When a switch port is configured with PortFast, that port passes from the blocking state to the forwarding state immediately, omitting the usual STP 802.1D transition states (the listening and learning states).
You can use PortFast on the access ports to allow these devices to connect to the network immediately, instead of waiting for STP IEEE 802.1D to converge on each VLAN.
Access ports are ports connected to a single workstation or to a server.
In a valid PortFast configuration, BPDUs should never be received , as this would indicate that another bridge or switch is connected to the port, which could cause an expansion tree loop.
Cisco switches support a feature called " BPDU protection ." When enabled, BPDU protection puts the port in a disabled state by mistake when receiving a BPDU. This deactivates the port completely.
Cisco PortFast technology is useful for DHCP . Without PortFast, a computer can send a DHCP request before the port is in a state to send and prevent the host from obtaining a usable IP address and any other information. Because PortFast changes the status to be sent immediately, the device always obtains a usable IP address.

 PortFast configuration

To configure PortFast is a switch port, enter the spanning-tree portfast command of the interface configuration mode on each interface where PortFast must be enabled, as shown in Image 2. The spanning-tree portfast default mode command Global configuration enables PortFast on all non-trunk interfaces.

 BPDU protection configuration

To configure BPDU protection on a Layer 2 access port, use the spanning-tree bpduguard enable command in interface configuration mode. The spanning-tree portfast bpduguard default command in global configuration mode enables BPDU protection on all ports with PortFast enabled.

PVST + load balancing

In the topology of Image 6, three switches connected by 802.1Q trunk links are shown. There are two VLANs, 10 and 20, which are linked in a trunk through these links.
The objective is to configure S3 as the root bridge for VLAN 20 and S1 as the root bridge for VLAN 10. Port F0 / 3 on S2 is the forwarding port for VLAN 20 and the blocking port for VLAN 10 The F0 / 2 port on S2 is the forwarding port for VLAN 10 and the blocking port for VLAN 20.

In addition to establishing a root bridge, it is also possible to establish a secondary one. A secondary root bridge is a switch that can be converted into a root bridge for a VLAN if the main root bridge fails. If you take into account that the other VLAN bridges retain their default STP priority, this switch becomes the root bridge in the event of a failure in the main root bridge.

PVST + Configuration Steps

The steps to configure PVST + in this sample topology are as follows:

  • Step 1. Select the switches you want as primary and secondary root bridges for each VLAN. For example, in Image 6, S3 is the main bridge and S1 is the secondary bridge for VLAN 20.
  • Step 2. Configure the switch as the main bridge for the VLAN using the spanning-tree vlan number root primary command , as shown in Figure 2.
  • Step 3. Configure the switch as a secondary bridge for the VLAN using the spanning-tree vlan number root secondary command .
  • The following command makes S3 the main root for VLAN 20.

The following command makes S3 the main root for VLAN 20.
S3 (config) # spanning-tree vlan 20 root primary
This command makes S3 the secondary root for VLAN 10.
S3 (config) # spanning-tree vlan 10 root secondary
This command makes S1 the main root for VLAN 10.
S1 (config) # spanning-tree vlan 10 root primary
The following command makes S1 the secondary root for VLAN 20.
S1 (config) # spanning-tree vlan 20 root secondary
Note that S3 is configured as a secondary root bridge for VLAN 10 and S1 is configured as a secondary root bridge for VLAN 20. This configuration enables expansion tree load balancing , in which VLAN 10 traffic passes on S1 and on VLAN 20, it goes through S3.
Another way to specify the root bridge is to set the expansion tree priority of each switch to the lowest value, so that the switch is selected as the main bridge for the associated VLAN.
 Next, the result shows that the priority of VLAN 10 is 4096, the lowest of the three respective VLAN priorities.
S1 # show running-config
Building configuration ...
Current configuration: 1595 bytes
!
version 12.2

!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
spanning-tree vlan 10 priority 4096
spanning-tree vlan 20 priority 28672
!
<result omitted>

Fast PVST + configuration on Cisco

Fast PVST + is the Cisco implementation of RSTP. This supports RSTP by VLAN. The topology in Image 9 has two VLANs: 10 and 20.

Note : The default configuration of the spanning tree on a Cisco Catalyst 2960 series switch is PVST +. Cisco Catalyst 2960 series switches support PVST +, fast PVST + and MST, but there can only be one active version for all VLANs at the same time.
The fast PVST + commands control the configuration of the VLAN expansion tree instances. The expansion tree instance is created when an interface is assigned to a VLAN and is deleted when the last interface is moved to another VLAN.
In addition, you can configure the STP port and switch parameters before an expansion tree instance is created. These parameters apply when an expansion tree instance is created.
Commands to configure PVST + fast
The following table shows the Cisco IOS command syntax that is required to configure PVST + fast on a Cisco switch.
Cisco IOS command syntax to configure PVST + fast
Description
Command
Enter global configuration mode.
configure terminal
Set the PVST + fast tree expansion mode.
spanning-tree mode rapid-pvst
Enter interface configuration mode and specify an interface to configure. Valid interfaces include physical ports, VLANs and port channels.
interface interface-id
Specify that the type of link for this port is point to point.
spanning-tree link-type point-to-point
Return to privileged EXEC mode.
end
Delete all detected STPs.
clear spanning-tree detected-protocols
The command required to configure PVST + fast is the spanning-tree mode rapid-pvst command of the global configuration mode. When the interface to be configured is specified, valid interfaces include physical ports, VLAN networks and port channels.
The VLAN ID range is 1 to 4094 when the enhanced software image (EI) is installed and 1 to 1005 when the standard software image (SI) is installed. The range of port channels is 1 to 6.

Example commands for PVST + fast

The following shows the fast PVST + commands configured in S1 (see Image 9).
S1 # configure terminal
S1 (config) # spanning-tree mode rapid-pvst
S1 (config) # interface f0 / 2
S1 (config-if) # spanning-tree link-type point-to-point
S1 (config-if) # end
S1 # clear spanning-tree detected-protocols
In Image 10, the show spanning-tree vlan 10 command shows the expansion tree configuration for VLAN 10 on switch S1.

Note that the BID priority is set to 4096. In the result, the instruction "Spanning tree enabled protocol rstp" indicates that the S1 executes PVST + fast. Since S1 is the root bridge for VLAN 10, all its interfaces are designated ports.

In following figure, the show running-config command is used to verify the rapid PVST + configuration on S1.

on
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)