Port fast
- Enters spanning tree forwarding state immediately
- If recieves bpdu it loses it port status + transtions throught the spanning tree states
- Must P2P and connected to non-switching device i.e a edge port
spanning-tree portfast default - global command all non trunking ports will be portfast enabled
spanning-tree portfast - interface command individual switch them on with the command at interface level
spanning-tree portfast trunk -In general you would not use portfast on trunks but there is case where you may want for example you are connecting to vmware servers a trunk to vmares in the case we could put port fast on a trunk with the command
STP Uplink FAST
Uplink fast is basically a way of speeding up spanning tree convergence in the event of DIRECTLY connected root port having an issue. What it can do if it keeps track of it altenate ports to the root which are in the blocking state.In the event the root port goes down it can near on instantly switch to the alternate port and start forwarding rather then waiting for the blocking listen learning phases
- Switch with uplink fast enabled should be transit switch to the root for other switches
- To ensure this happens when enabled it sets it bridge priority to 49152 and port costs are increased by 3000
- On switchover to alternative port the uplink switches need to update there cam to new port rather then sending a TCN notification and forcing a flush + delaying the failover the uplink switch spoofs all the sources in it cam table to make it look like all the sources are sending this update + sends the update out the new port upstream switches will update there cam table based on this update
- When the primary link comes back availible uplink fast does not switchback straight away. It waits 2 times the forwarding delay + 5 seconds. The main reasons for this is that it is accounting for flaps on the primary link and also the primary link on the upstream switch will be transitionating through the spanning-tree states so if it switchover immediately it would be waiting for the upstream switch to complete its computation with dataplane forwarding
Commands
spanning-tree uplink fast - to enable in global config mode
Backbone Fast
Backbone fast is technology in legacy spanning tree to detect an upstream issue. It is not for direct failures.
BackboneFast icheck if the root bridge is still alive using an algorith called RLQ. The process is simply put as the following:
the local switch sends a RLQ Request out its ports. Two figures can be distinguished:
- local switch receives RLQ Reply on its current root port: everything is fine, Root Bridge is OK
- local switch receives RLQ Reply on a non root port: there's a problem with the Root Bridge. The MaxAge timer expires immediately.
Commands
spanning-tree backbonefast -on all switches. If not on all upstream switches it will not work as rlq reply would not be generated
STP BPDU Filter
Is used to filter bpdus on an interface. You may want to do this on access layer ports as security measure so to stop bpdu been generate out where potentially if a person was to get a connection to access layer port they could find information in regard to the current root bridge. It is like passive interface in routing protocols ospf eigrp
- potential loop if connecting to switching device as your effectively disabling spanning tree
- Enabled either globally or interface. Globally it is enabled on all portfast enabled ports.
- Globally can be safer as if switching device is plugged and bpdu is recieved the port will lose it portfast status and in turn lose its bpduguard whereas if enabled on interface it will just ignore bpdus which could result in two ports on segment entering the forwarding state causing a potentiatl layer 2 loop
Commands
spanning-tree portfast bpdufilter defaultt- global command to enable on all portfast ports
spanning-tree bpdufilter enable- interface command to singular enabe on port
STP BPDU Guard
- if a bpdu is recieved on bpdu guard port the bpdu port is err disabled
- to renable a admin would need to do a shut no shut or set the err disable recovery timer.
- this can also be enabled on interface or global.
- interface over rides global
- errror disables on both interface and global
spanning-tree portfast bpduguard default - global command this will enable bpduguard on portfast ports
spanning-tree bpduguard enable- interface command
to enable an error disable timeout in global config
config() errdisable recoveryt cause bpduguard
config() errdisable recovery interval 30
Spanning Tree root Guard
- root guard is a solution to block superior bpdu from influencing the root on certain ports. It is to stop an attmept hijack of the root or potential mistakenly connecting a switch which you would not like to come root which may have a lower priority configured for spanning tree.
- You would enable this on downstream interfaces in the spanning tree
- if a superior bpdu is recived on root guard enabled port it will errdisable the port
- Will autorecover once the superior bpdu is not being recieved anymore
config-if) spanning-tree guard root
No comments:
Post a Comment