These are notes I made while completing JITL‘s Megalab. You can follow along by watching this video and grabbing the PKA file in the description.
I certainly don’t own anything I’ve posted here, which are excerpts from JITL’s PKA file, and Wendell Odom’s books CCNA 200-301: Official Cert Guide, 1st edition vol 1 and vol 2.
Spoiler warning, these notes contain configs.
Spanning Tree Protocol is a layer 2 protocol that dynamically shuts down ports to stop broadcast storms. Cisco’s proprietary Rapid Per-Vlan Spanning Tree (Rapid PVST+) converges faster, and creates a tree for each VLAN. For more info, this is the best resource.
- Configure Rapid PVST+ on all Access and Distribution switches.
- Ensure that the Root Bridge for each VLAN aligns with the HSRP Active router by configuring the lowest possible STP priority.
- Configure the HSRP Standby Router for each VLAN with an STP priority one increment above the lowest priority.
Remember this needs to be done on each VLAN. We created 4 on network A and B.
DSW-A1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Po1, Gig1/0/4, Gig1/0/5, Gig1/0/6
Gig1/0/7, Gig1/0/8, Gig1/0/9, Gig1/0/10
Gig1/0/11, Gig1/0/12, Gig1/0/13, Gig1/0/14
Gig1/0/15, Gig1/0/16, Gig1/0/17, Gig1/0/18
Gig1/0/19, Gig1/0/20, Gig1/0/21, Gig1/0/22
Gig1/0/23, Gig1/0/24, Gig1/1/3, Gig1/1/4
10 PCs active
20 Phones active
40 Wi-Fi active
99 Management active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default activeWe can start by enabling spanning tree. Then, we’ll set the root and secondary for each VLAN.
Forgot which distribution switch is the Active router?
DSW-A1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 2 105 P Active local 10.1.0.3 10.1.0.1
Vl20 3 100 Standby 10.2.0.3 local 10.2.0.1
Vl40 4 100 Standby 10.6.0.3 local 10.6.0.1
Vl99 1 105 P Active local 10.0.0.3 10.0.0.1 Nice. Network B will show differently too, so make sure to double check that before you config. We’re going to use priority instead of root primary and root secondary.
! DSW-A1
spanning-tree mode rapid-pvst
spanning-tree vlan 10,99 priority 0
spanning-tree vlan 20,40 priority 4096
! DSW-A2
spanning-tree mode rapid-pvst
spanning-tree vlan 20,40 priority 0
spanning-tree vlan 10,99 priority 4096
! DSW-B1
spanning-tree mode rapid-pvst
spanning-tree vlan 10,99 priority 0
spanning-tree vlan 20,30 priority 4096
! DSW-B2
spanning-tree mode rapid-pvst
spanning-tree vlan 10,99 priority 4096
spanning-tree vlan 20,30 priority 0
! Access
spanning-tree mode rapid-pvstWhy do we have to use increments of 4096 for priority values?
It’s because of the way the Rapid PVST+ BPDU is designed. The priority field of the BPDU is a 16 bit number. The first 12 bits are used for the VLAN and the last 4 are used for the priority.
| Priority (4 bits) | Systems ID Extension (VLAN) (12 bits) |
| 0000 | 0000 0000 0000 |
This means that increasing the priority section to “0001” is actually increasing the whole 16 bit number by 4096, and IOS accepts input in decimal. There ya go!
Moving on to step 2:
- Enable PortFast and BPDU Guard on all ports connected to end hosts (including WLC1). Perform the configurations in interface config mode.
Portfast allows access ports to immediately move into forwarding state. This is okay as long as we don’t connect switches to these ports.
BPDU Guard immediately shuts a port if it receives a BPDU. This would only happen if we plugged in a switch.
! ASW-A1
! Remember, LWAP traffic is tunneled though CAPWAP so we can enable as if it were an endhost
int range f0/1-2
spanning-tree portfast
spanning-tree bpduguard disable
! ASW-A2,A3, ASW-B1,B2,B3
int f0/1
spanning-tree portfast
spanning-tree bpduguard disableLet’s check to make sure all that stuck. We can use show spanning-tree summary, and show spanning-tree vlan commands.
ASW-B1#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for:
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0010 1 0 0 2 3
VLAN0020 1 0 0 2 3
VLAN0030 1 0 0 2 3
VLAN0099 0 0 0 3 3
---------------------- -------- --------- -------- ---------- ----------
5 vlans 3 0 0 9 12
DSW-A1#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address 000C.CFE7.2765
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 10 (priority 0 sys-id-ext 10)
Address 000C.CFE7.2765
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 4 128.1 P2p
Gi1/0/2 Desg FWD 4 128.2 P2p
Gi1/0/3 Altn FWD 4 128.3 P2pYou can get even more info by using show spanning-tree detail
Not so bad right? Spanning Trees can be difficult to understand as a concept, but configuring them is actually pretty painless. Remember to do write on each switch, and I’ll see you for Part 5!