Advanced Spanning Tree Protocol Features: Configuring and Troubleshooting Etherchannels

channel-protocol lacp/pagp

channel-group NUMBER (Must match at each end) mode on – No protocol used?

This will enable Etherchannel only with no specified protocol

Logical interfaces always appear at the top of a configuration

Use the interface range command to avoid having to do each port manually, be aware that if set 1 side with a delay, this can err disable ports locally as the other side has no configuration

Etherchannel Verification

show etherchannel ? (several options)

summary and detail are helpful commands

detail shows you how long a physical port has been in the bundle

show pagp/lacp neighbor – details neighbours in Etherchannel bundles

show etherchannel brief

Look out for vlan masking on physical interfaces, will impact the logical interface.

Ports in an Etherchannel can be source SPAN ports but NOT destination SPAN ports.

Advertisements

Advanced Spanning Tree Protocol: RSTP Values and Intro to Etherchannels

RSTP answer to BLOCKING is ALTERNATE

Port states – disabled, blocking and listening are combined into DISCARDING

DISCARDING to LEARNING to FORWARDING

Edge and Point to Point ports are connected to a single host.

If a BPDU is received on an edge port, the port is demoted to a regular RSTP port and generates a TCN BPDU.

P2p ports is any port running in Full Duplex mode

RSTP considers a topology change to be a port that moves into Forwarding mode

Switch that discovers the topology change will send a BPDU with the TC bit set

RSTP switches generate a BPDU every 2 seconds regardless of receiving a BPDU from the root switch

RSTP misses 3 BPDUs and will immediately age out the superior BPDUs info

UplinkFast, Portfast, BackboneFast are all built into RSTP and no config required

MST = 802.1s – multiple VLANs to be mapped into 1 instance of STP

For MST to agree:

  • 1. The MST config name
  • 2. The MST instance to VLAN mapping table
  • 3. The MST config revision number

Up to 16 instances of MST can exist in a region

  • Turn on MST
  • Create a REGION
  • Create a REVISION number
  • Create a INSTANCE and map VLANs

Etherchannels

Etherchannels use an algorithm ‘Exclusive OR’ (XOR) to determine which channel in the EC to use to transmit data to the remote switch.

Values to match: Remote port group number and Device ID of all remote ports must be the same.

IF you change the physical speed on 1 interface in a Pagp bundle, this will reflect on the logical po interface

802.3d – LACP

Allows 16 ports , but only 8 ports will go into the bundle with the lowest port priority

PAGP – Dynamic and Auto, Dynamic will negotiate and Auto will wait for the remote switch to instruct

LAGP uses Active and Passive modes

ON option is with NO negotiation

 

 

Advanced Spanning Tree Protocol: UDLD, Loop Guard, Duplex Mismatches

Handy commands:

  • ‘show spanning-tree summary totals’
  • ‘show spanning-tree interface Fa0/1 detail’

UDLD

There are situations where a physical layer issue disables data transfer in one direction only and not the other. Particularly with fiber optic cabling.

A UDLD frame is sent across the link and if received all ok this indicates a successful bidirectional link. This is like a Layer 2 ping or echo request.

  • Normal Mode – Syslog message only, will not shut the port down
  • Aggressive Mode – Will shut down after 8 UDLD failed responses. (1 per second)

Only required on a fiber optic interface and has to be set on both ports on each end of the fiber.

In Aggressive Mode, when 1st enabled UDLD frames are sent, but nothing will happen until an answer is received. If this echo frame then doesn’t return it will shut the port. ‘Beginning communication’

Loop Guard

This concept is relevant to a UDLD type failure, when there is a partial link failure which will result in a lack of BPDUs from a particular switch. This can result in a switching loop as all ports can end up in a forwarding state with NO blocked ports.

When Loop Guard is enabled and breached, the port will transition to ‘loop inconsistent’. Once the loop is resolved, then port will transition through normal STP states.

Loop Guard operates on a per VLAN basis. If a BPDU frame stops coming in for 1 particular VLAN, then it will only transition to loop inconsistent for this 1 VLAN.

BPDU Skew Detection

Delays in the receipt of a BPDU. Should be every 2 seconds.

This is a notification feature only using syslog, 1 every 60 seconds.

Critical = 10 seconds. Any value greater than 1/2 of the Max Age value.

Advanced Spanning Tree Features: Portfast, UplinkFast, BackboneFast + BPDU features

Portfast

  • Portfast saves you 30 seconds of time for Listening and Learning stages.
  • spanning portfast default’ – Must follow up by disabling portfast on non- single host ports.
  • Will not send TCN based BPDUs on a portfast enabled port.

UplinkFast

  • Almost equivalent to PortFast but for a device with more then 1 host.
  • Only used at access layer.
  • Creates an ‘uplink group’
  • UplinkFast is a big bang setting/all or nothing
  • 2 x forward delay + 5 seconds
  • UplinkFast will take immediate action to ensure that a switch cannot be the root switch.
  • Sets a priority to 49152 to ensure it is higher than all other switches.
  • Increases the STP port cost to 3000 making this a highly unlikely root switch candidate

BackboneFast

  • Cisco preparatory feature to recover from an indirect link failure
  • Indirect link failure when an inferior BPDU is received.
  • Multiple switches claiming to be the root switch due to indirect link failure
  • Existing root switch will be receiving these BPDUs with switch claiming to be the root
  • BackboneFast will skip the Max Age stage.
  • Uses RLQ = Root Link Query protocol
  • Sent over ports that normally receive BPDUs
  1. When receiving an RLQ request, the receiving switch is indeed the root bridge named in the RLQ request
  2. The receiving switch has no connectivity to the root bridge names in the RLQ request, because it considers another switch to be the root bridge
  3. The receiving switch is not the root switch but considers the root switch named in the RLQ to be the root switch, relayed back to the root switch on a root port.
  4. RLQ is enabled by enabling BackboneFast

Enabled globally with one simple command: ‘spanning-tree backbonefast

Root Guard

  • Disqualifies any downstream switches from ever becoming the root switch.
  • Superior BPDU received from a potential rogue switch that could become the root bridge. Root Guard will block and discard the BPDU, the port will be put into a root inconsistent state.
  • Once the superior BPDUs stop coming in, the port will transition through normal STP states.
  • Set on links to downstream switches on your desired root switch.

BPDU Guard

  • Any BPDU that is received will then trigger the switch to put the interface into a ‘err-disabled’ state. Common practice on all access ports to stop switches being attached to the network.
  • This port will not recover of course and requires attention to shut and no shut the interface.
  • This can only be enabled on a port with the Portfast feature.

BPDU Filtering

  • When enabled globally, will apply to all ports with PortFast enabled. Any port that received a BPDU will stop running Portfast.
  • On a per port basis this will drop BPDUs and the port will not send any BPDUs in return.