STP lab

Campus Network Design & Operations Workshop

Introduction

The purpose of this lab is to introduce the Spanning Tree Protocol and how to configure priorities of core, distribution and access switches appropriately.

This lab is a continuation from the earlier set up exercise, and the lab layout is identical:

Initial STP Status

Before we begin configuring spanning tree we will take a look at the current situation on the network.

Run the following commands and pay close attention to the output:

show spanning-tree
show spanning-tree summary
show spanning-tree root
show spanning-tree blockedports

Which version of spanning tree is currently active? It will be one of these:
- STP: Spanning Tree Protocol (802.1D)
- RSTP: Rapid Spanning Tree Protocol (802.1w)
- MST: Multiple Spanning Tree (802.1s)
- PVST: Per-Vlan Spanning Tree (Cisco proprietary)
What is the priority on each switch?
Which switch is the root? Why?
Which ports are blocked? Why?

Make a note of the answers to the above questions, as we will compare those with the answers once we do the next step. If the instructors ask you, please write them up on the classroom whiteboard too.

STP Configuration

Firstly, configure every switch to use the standard “MST” version of spanning tree, which interoperates between vendors. Note that MST is backwards-compatible with RSTP and STP.

spanning-tree mode mst

Next, configure the STP priorities explicitly for each switch, according to the plan in Appendix A.

For example, on dist1-b1-campus1:

spanning-tree mst 0 priority 12288

(“mst 0” means MST instance zero, also known as the Common Spanning Tree, which interoperates with RSTP and STP. All switches will use this.)

Verify by running:

show spanning-tree root

Why is it so important to set the priorities explicitly?

Check the output of the “show spanning-tree” command. What is happening on edge1-bY-campusX? Here is an example taken from one of the past Campus Network Design Workshops (your interface numbers and MAC addresses might be different):

edge1-b1-campus1#show spanning-tree

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    0
             Address     009a.202e.3000
             Cost        0
             Port        1 (GigabitEthernet0/0)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24576  (priority 24576 sys-id-ext 0)
             Address     009a.20df.5800
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Root FWD 20000     128.1    P2p 
Gi0/1               Altn BLK 20000     128.2    P2p 
Gi0/2               Desg FWD 20000     128.3    P2p 
Gi0/3               Desg FWD 20000     128.4    P2p

There are actually two links from edge1 to dist1 in each Building. We will use these two links later on in this lab exercise.

Notice how one link is in Forwarding Mode, and the other link is in Blocking Mode. This is so we do not have a loop between the edge1 and dist1 switches. If spanning tree is turned off between these two switches, we end up with a loop, traffic would not be forwarded, and the CPU load on the switches would go to 100%.

HINT: If you see P2p Bound(STP) or P2p Bound(PVST) in the Type column, you probably have an STP type mismatch with the neighboring device: “Bound” refers to the boundary between MST regions. Check that both sides have spanning-tree mode mst. If they do, then run the command clear spanning-tree detected-protocols in privileged exec mode (i.e. not in configure mode) to reset this flag.

Simulate a failed link

As mentioned above, there are two links between edge1-b1 and dist1-b1, and also between edge1-b2 and dist1-b2.

Examine the spanning-tree port status on both edge1-bX and dist1-bX. Can you see which port is in blocking state? It will be at one end of one of the two links.

Now shutdown one of the ports on the active link, the one which doesn’t have a blocked port at either end. You could do this on either the edge1 or dist1 switch - it doesn’t matter. For example, on edge1-b1, if the active link is on GigabitEthernet 0/0, you could do

interface Gi0/0
  shutdown

Check the spanning-tree port statuses again. On the port which was blocking before, is it now forwarding?

Finally, re-enable the port that you shut down:

interface Gi0/0
  no shutdown

and check that the other link has gone back to blocking.

Simulate a backbone failure

Disconnect core1-campusX from the rest of the network:

interface range GigabitEthernet 0/1-2
  shutdown

While it is cut off from the rest, verify spanning tree status on the other switches.

Which switch is the root now?
Verify port roles and status. Verify connectivity with ping.

Reconnect core1-campusX:

interface range GigabitEthernet 0/1-2
  no shutdown

What happens to the spanning tree when the switch comes back online?

Appendix A - Spanning Tree Configuration

Refer to this priority table for the appropriate priorities on each switch.

Priority	Description	Notes
0	Core Switch	For the core switch (core1-campusX)
4096	Redundant Core Switch	For cases where we have a second core switch (building redundancy into the core)
8192	Reserved
12288	Building Distribution	(dist1-b1-campusX; dist1-b2-campusX)
16384	Redundant Building Distribution	For cases where we have a redundant building distribution switch
20480	Secondary Backbone	This is for building complexes, where there are separate building (secondary) backbones that terminate at the complex backbone.
24576	Access Switches	This is the normal edge-device priority (edge1-b1-campusX; edge2-b1-campusX; edge1-b2-campusX; edge2-b2-campusX)
28672	Access Switches	Used for access switches that are daisy-chained from another access switch. We’re using this terminology instead of “aggregation switch” because it’s hard to define when a switch stops being an access switch and becomes an aggregation switch.
32768	Default	No managed network devices should have this priority.