Introduction
A problem with layer 2 broadcast frames is that they have no natural way to expire.
If you don't understand how a broadcast frame propagates through a network check out "Logic Behind STP". In short, layer 2 broadcasts can be dangerous, as they can circulate the network, choking up resources along the way.
One issue with STP is the time it takes for interfaces to transition into an up state. Rapid spanning tree was developed. Then VLANs became more prominent, and everyone thought it would be a grand idea to be able to run an instance of spanning tree for each VLAN. This means that for each IP network that exists in your topology, you can have STP running for each. I made a cheat sheet on this some time ago
Instructions
In this lab (Download lab pack here) we will configure Rapid Per VLAN spanning tree, for VLANs 10 and 20 (as in the above cheat sheet). The main aim is to configure 2 switches as root bridges for different VLANs, this will have the added result of rudimentary load balancing. All in all, there are not many commands required to set this up. This lab aims to give you a more detailed look into the configuration. Introducing methods that help you discover information via the command line and may help you troubleshoot in the future.
Topology
VLAN Table
Device | Interface (Packet Tracer) | Interface (CML) | VLAN(s) |
S1 | F0/10 | Ge1/1 | Access 10 |
S1 | F0/11 | Ge1/2 | Access 20 |
S1 | F0/2 | Ge0/2 | Trunk 10,20 |
S1 | F0/3 | Ge0/3 | Trunk 10,20 |
S2 | F0/10 | Ge1/1 | Access 10 |
S2 | F0/11 | Ge1/2 | Access 20 |
S2 | F0/1 | Ge0/1 | Trunk 10,20 |
S2 | F0/3 | Ge0/3 | Trunk 10,20 |
S3 | F0/10 | Ge1/1 | Access 10 |
S3 | F0/11 | Ge1/2 | Access 20 |
S3 | F0/1 | Ge0/1 | Trunk 10,20 |
S3 | F0/2 | Ge0/2 | Trunk 10,20 |
Activity
Let's get to it. While this is about Rapid PVST+ and configuring it, this lab will give us a quick opportunity to set everything up. The only thing that is done for you is the connections.
Part 1 - Configure VLANs
This one is nice and easy. on each switch configure VLANs 10 and 20 with names BLUE and YELLOW (respectively).
Step 1 - S1
McCUBE-S1(config)#
McCUBE-S1(config)# vlan 10
McCUBE-S1(config-vlan)# name BLUE
McCUBE-S1(config-vlan)# exit
McCUBE-S1(config)# vlan 20
McCUBE-S1(config-vlan)# name YELLOW
McCUBE-S1(config-vlan)# exit
McCUBE-S1(config)#Step 2 - Repeat Repeat these same commands on S2 and S3
Part 2 - Configure Access interfaces
Another quick and easy one, we will again repeat the same commands on all 3 switches. We will set the mode to Access, and assign each interface to the correct interface. In addition, we will configure these interfaces as portfast, this means they will transition quicker into an up state. This should only be used on interfaces that connect to end devices, you will even get a warning message to tell you the same. Finally, we will configure the interfaces with BPDUGuard. In short STP uses messaged called Bridged Protocol Data Units (BPDUs). So, when we enable BPDUGuard on an interface, should a BPDU be received the interface will immediately shutdown. This if for security to ensure no one is connecting a rogue switch to mess up our STP configuration.
Step 1 - S1
McCUBE-S1(config)#
McCUBE-S1(config)# int f0/10 [in CML: int g1/1]
McCUBE-S1(config-if)# switchport mode access
McCUBE-S1(config-if)# switchport access vlan 10
McCUBE-S1(config-if)# spanning-tree portfast
McCUBE-S1(config-if)# spanning-tree bpduguard enable
McCUBE-S1(config-if)# exit
McCUBE-S1(config)# int f0/11 [in CML: int g1/1]
McCUBE-S1(config-if)# switchport mode access
McCUBE-S1(config-if)# switchport access vlan 20
McCUBE-S1(config-if)# spanning-tree portfast
McCUBE-S1(config-if)# spanning-tree bpduguard enable
McCUBE-S1(config-if)# exit
McCUBE-S1(config)#Step 2 - Repeat
Repeat these same commands on S2 and S3
Part 3 - Configure Trunk links
The commands we use are all the same here, but each switch uses a different pair of interfaces, as a result there will be differences only in the Int range command being used.
Step 1 - S1
In packet tracer there is a slight difference here compared to CML. In CML you will need to change the encapsulation mode with command before the "switchport mode trunk" command
CML Config example
McCUBE-S1(config)#
McCUBE-S1(config)# int range g0/2-3
McCUBE-S1(config-if-range)# switchport trunk encapsulation dot1q
McCUBE-S1(config-if-range)# switchport mode trunk
McCUBE-S1(config-if-range)# switchport trunk native vlan 99
McCUBE-S1(config-if-range)# switchport trunk allowed vlan 10,20
McCUBE-S1(config-if-range)# end
McCUBE-S1#Packet Tracer example
McCUBE-S1(config)# int range f0/2-3
McCUBE-S1(config-if-range)# switchport mode trunk
McCUBE-S1(config-if-range)# switchport trunk native vlan 99
McCUBE-S1(config-if-range)# switchport trunk allowed vlan 10,20
McCUBE-S1(config-if-range)# end
McCUBE-S1#It is worth noting that the commands switchport trunk native VLAN 99 is not required to make any of this work. It is however a good practice (for security) to change the native VLAN to an unused VLAN. I like to describe this as a "Blackhole VLAN". It goes nowhere.
Step 2 - S2
CML Config example
McCUBE-S1(config)#
McCUBE-S1(config)# int range g0/1, g0/3
McCUBE-S1(config-if-range)# switchport trunk encapsulation dot1q
McCUBE-S1(config-if-range)# switchport mode trunk
McCUBE-S1(config-if-range)# switchport trunk native vlan 99
McCUBE-S1(config-if-range)# switchport trunk allowed vlan 10,20
McCUBE-S1(config-if-range)# end
McCUBE-S1#Packet Tracer example
McCUBE-S2(config)# int range f0/1 , f0/3
McCUBE-S2(config-if-range)# switchport mode trunk
McCUBE-S2(config-if-range)# switchport trunk native vlan 99
McCUBE-S2(config-if-range)# switchport trunk allowed vlan 10,20
McCUBE-S2(config-if-range)# end
McCUBE-S2#Step 3 - S3
With some fun shorthand versions of the commands above.
CML Config Example
McCUBE-S1(config)#
McCUBE-S1(config)# int range g0/1-2
McCUBE-S1(config-if-range)# sw t e d
McCUBE-S1(config-if-range)# sw m t
McCUBE-S1(config-if-range)# sw t n v 99
McCUBE-S1(config-if-range)# sw t a v 10,20
McCUBE-S1(config-if-range)# end
McCUBE-S1#Packet Tracer example
Enter configuration commands, one per line. End with CNTL/Z.
McCUBE-S3(config)# int ran f0/1-2
McCUBE-S3(config-if-range)# sw m t
McCUBE-S3(config-if-range)# sw t n v 99
McCUBE-S3(config-if-range)# sw t a v 10,20
McCUBE-S3(config-if-range)# end
McCUBE-S3#Part 4 - Configure PVST on Switches
By default, old fashioned Spanning Tree Protocol (STP) is running. To change what version of STP we are using, only takes 1 command. We want to use Rapid PVST+ which is Cisco's proprietary version of PVST, which in short combines their Rapid Spanning Tree protocol with Per VLAN Spanning Tree Protocol.
Step 1 - S1
McCUBE-S1# conf t
McCUBE-S1(config)# spanning-tree mode rapid-pvst
McCUBE-S1(config)#Nice and easy
Step 2 - Repeat
Repeat this same command on S2 and S3
Part 5 - Configure root bridges
At this stage we can verify which switch will be root bridge for VLANs 10 and 20 with the show spanning-tree command
Step 1 - Verify current root bridge
This step can take a little troubleshooting to discover
Let's start by issuing the command on S1. this command Gives a really good clue when the device you are on is the root bridge, it will literally say "This bridge is the root".
(Note - CML output will be slightly different)
IF we don't see this then we are looking for ideally 2 pieces of information.
The MAC address of the root bridge
The Root interface
Remember, the example below is only the output of my Packet Tracer lab. It is highly likely your lab may have different information to work with. Use these commands to determine which of your 3 switches is the root bridge.
McCUBE-S1#show spanning-tree
---[Output Omitted]---
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 32778
Address 0003.E4B0.C0B0
Cost 19
Port 3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
---[Output Omitted]---
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ------------
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/3 Root FWD 19 128.3 P2p
Fa0/2 Desg FWD 19 128.2 P2p
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 32788
Address 0003.E4B0.C0B0
Cost 19
Port 3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
---[Output Omitted]---
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ------------
Fa0/3 Root FWD 19 128.3 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/11 Desg FWD 19 128.11 P2pAll the output indicates that a device with MAC address 0003.E4B0.C0B0 is acting as the root bridge for all VLANs. The interface section indicates that port F0/3 is the root port. We can use CDP neighbours command to confirm.
McCUBE-S1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
McCUBE-S2 Fas 0/2 173 S 2960 Fas 0/1
McCUBE-S3 Fas 0/3 136 S 2960 Fas 0/1
McCUBE-S1#If we had IPs configured on the switched, we may also be able to use the "Show mac-address-command" to determine exactly by comparing Mac address and IP address.
Now we can jump on to the appropriate switch (in my case S3) and confirm.
McCUBE-S3# show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0003.E4B0.C0B0
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
---[Output Omitted]---
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 32778
Address 0003.E4B0.C0B0
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
---[Output Omitted]---
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 32788
Address 0003.E4B0.C0B0
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
---[Output Omitted]---
McCUBE-S3#As we can see, S3 is the root bridge for all VLANs. Our goal is to manipulate this.
The root bridge is elected (firstly) based on the STP Priority value, which by default is set to 32768. The LOWER the priority value the more likely the device is to win the election. An interesting element of this is the acceptable values. As you may be tempted to set them to numbers such a 1,2,3,4 or 5
McCUBE-S2(config)# spanning-tree vlan 10 priority 1
% Bridge Priority must be in increments of 4096.
% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440 That's right it only accepts values that are increments of 4096. So, that's fun.
Should all the priority values be the same (which should be the case in this current topology) then the winner of the election will be the switch with the lowest MAC address. In the show spanning-tree output we saw the MAC address 0003.E4B0.C0B0 This is the base MAC address of the system. which can be confirmed on each switch with the following "show version" command
McCUBE-S1# show version | include MAC Address
Base ethernet MAC Address : 00:0D:BD:DC:EE:90
McCUBE-S1#McCUBE-S2#
McCUBE-S2#show version | include MAC Address
Base ethernet MAC Address : 00:D0:D3:83:90:58
McCUBE-S2#McCUBE-S3#
McCUBE-S3#show version | include MAC Address
Base ethernet MAC Address : 00:03:E4:B0:C0:B0
McCUBE-S3#As you can see S3 has the lowest value MAC address.
Step 2 - Configure S2 as VLAN 10 root bridge.
This can be done in two different ways by using either names or numbers.
While not necessary, we will also configure S2 to be less favourable than both S1 and S3 for VLAN 20.
Why would we do this? Well, should S3 fail, which device would take over as the root bridge. In a fictional scenario, it is possible that S2 will become strained for resources should it have to take over root bridge roles for other VLANs. In order for this to work we need to ensure that S2's priority is higher than the default value 32788. Or manually configure another switch to be secondary. In this lab we will use Method 1, but you can see Method 2 here.
Method 1 (numbered)
Both options here can be configured on the 1 switch.
McCUBE-S2(config)#
McCUBE-S2(config)# spanning-tree vlan 10 priority 4096
McCUBE-S2(config)# spanning-tree vlan 20 priority 61440
McCUBE-S2(config)#Step 3 - Configure S3 as VLAN 20 root bridge
Too keep things simple, we will just use the numbered method all round. This time setting S3 to be less preferable than S1 for VLAN 10 for the same reasons as earlier.
McCUBE-S3(config)#
McCUBE-S3(config)# spanning-tree vlan 10 priority 61440
McCUBE-S3(config)# spanning-tree vlan 20 priority 4096
McCUBE-S3(config)#Part 6 - Verify root bridges
To confirm the root bridges, we return to the "Show spanning-tree" command. We will look at the output on all 3 devices. Remember we are trying to confirm the following.
S2 = VLAN 10 Root bridge
S3 = VLAN 20 Root bridge
S1 = Backup root bridge for VLAN 10 and 20
Step 1 - Confirm S2 is root bridge for VLAN 10
What are we looking for. The easy part is to see the under VLAN10 the message "This bridge is root" can be seen. We can see the bridge priority that we configured, but it is set to 4106, this is because our value of 4096 has had the VLAN system ID value (10) added to it. 4096+10 = 4106. We shouldn't stop looking here though, as we need to confirm that this device is NOT the root bridge for VLAN 20. So, be sure to look at the output under VLAN20. We can see there is no message stating it is root. The bridge priority is the one we set plus VLAN system ID of 20. 61440 + 20 = 61460.
McCUBE-S2# show spanning-tree
---[Output Omitted]---
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 4106
Address 00D0.D383.9058
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4106 (priority 4096 sys-id-ext 10)
Address 00D0.D383.9058
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
---[Output Omitted]---
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 4116
Address 0003.E4B0.C0B0
Cost 19
Port 3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61460 (priority 61440 sys-id-ext 20)
Address 00D0.D383.9058
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
---[Output Omitted]---
McCUBE-S2#Step 2 - Confirm S3 is root bridge for VLAN 20
We won't go over this in detail as before, the information we are looking for is the same just flipped.
McCUBE-S3#show spanning-tree
---[Output Omitted]---
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 4106
Address 00D0.D383.9058
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61450 (priority 61440 sys-id-ext 10)
Address 0003.E4B0.C0B0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
---[Output Omitted]---
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 4116
Address 0003.E4B0.C0B0
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4116 (priority 4096 sys-id-ext 20)
Address 0003.E4B0.C0B0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
---[Output Omitted]---
McCUBE-S3#Step 3 - Confirm S1 is backup root bridge for VLAN 10 and 20
What we are looking for here is to compare the information here to the information on switches 2 and 3. For VLAN 10
We see the root bridge information and it matches information from S2 However the bridge priority value is smaller than that of S3 (32778 < 61450)
For VLAN 20
We see the root bridge information and it matches information from S3 However the bridge priority value is smaller than that of S2 (32788 < 61460)
McCUBE-S1#show spanning-tree
---[Output Omitted]---
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 4106
Address 00D0.D383.9058
Cost 19
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 000D.BDDC.EE90
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----------------------------
Fa0/2 Root FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/10 Desg FWD 19 128.10 P2p
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 4116
Address 0003.E4B0.C0B0
Cost 19
Port 3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 000D.BDDC.EE90
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----------------------------
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Root FWD 19 128.3 P2p
McCUBE-S1# Alternatively, you can shut things down. This may cause outages however so in a live environment should be avoided but here is an example of S2 being rebooted, and the output from S1.
McCUBE-S2#
McCUBE-S2#reload
Proceed with reload? [confirm]
######################################Quickly jump to S1
McCUBE-S1# show spanning-tree
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 32778
Address 000D.BDDC.EE90
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 000D.BDDC.EE90
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----------------------------
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/10 Desg FWD 19 128.10 P2p
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 4116
Address 0003.E4B0.C0B0
Cost 19
Port 3(FastEthernet0/3)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28692 (priority 28672 sys-id-ext 20)
Address 000D.BDDC.EE90
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----------------------------
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/3 Root FWD 19 128.3 P2p
McCUBE-S1#As you can see, S1 has taken priority of VLAN 10. If you were to look at S3 it will now have changed its root ports to reflect that S1 is the root bridge for VLAN 10 also.
Other Commands
We have covered the simplest configuration of Rapid Per VLAN Spanning Tree. but there are a few other cool things you can do.
Method 2 (named)
In this instance we need to configure S2 and S1 separately.
McCUBE-S2(config)#
McCUBE-S2(config)# spanning-tree vlan 10 root primary
McCUBE-S2(config)#McCUBE-S1(config)#
McCUBE-S1(config)# spanning-tree vlan 20 root secondary
McCUBE-S1(config)#While both methods are valid and acceptable, it is worth noting that the named version simply sets favourable numbered options.
Global PortFast
This command is awesome. It does, however, come in two parts. The first is that you need to configure all of the desired access ports. Then you can configure portfast at a global level and it will only apply to interfaces that are configured as access ports.
PORTFAST-Example(config)# int range f0/5-10 [in CML: int range g1/0-3]
PORTFAST-Example(config-if-range)# switchport mode access
PORTFAST-Example(config-if-range)# switchport access vlan 10
PORTFAST-Example(config)# spanning-tree portfast default Global BPDU Guard
Just like above and equally awesome. First, configure all of the desired portfast interfaces. Then you can configure BPDU Guard at a global level and it will only apply to interfaces that are configured as portfasts.
BDPUGuard-Example(config)# int range f0/11-15 [in CML: int range g2/0-3]
BDPUGuard-Example(config-if-range)# switchport mode access
BDPUGuard-Example(config-if-range)# switchport access vlan 10
BDPUGuard-Example(config-if-range)# spanning-tree portfast
BDPUGuard-Example(config-if-range)# exit
BDPUGuard-Example(config)# spanning-tree portfast bpduguard default Show spanning Tree Summary
A nice, quick view of spanning tree information. This command outputs details for root bridge and interface states per vlan, it also shows is both global Portfast and BPDU Guard are enabled.
SUMMARY-Example# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: BLUE
Extended system ID is enabled
Portfast Default is enabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 1 0 0 3 4
VLAN0010 1 0 0 3 4
VLAN0020 2 0 0 2 4
---------------------- -------- --------- -------- ---------- ----------
3 vlans 4 0 0 8 12
SUMMARY-Example#