Cisco CCNP TSHOOT Troubleshooting Switching Part I



Cisco CCNP TSHOOT Redundant Topology


Some of the problems that can occur with redundant links in a switched / bridge network are as follows:

Broadcast storms: Without some type of loop avoidance, each switch would endlessly flood broadcasts, known as a broadcast storm.

Multiple frame transmissions: Multiple copies of unicast frames may be delivered to a destination host.  This can cause problems if the higher layer protocol is expecting only one copy and cannot handle multiple copies. 

MAC database instability: Instability of the MAC table causes copies of the same frame to be delivered to multiple ports.  Data forwarding can be impaired when this happens as the switch is consuming resources.  Remember, MAC address tables are built by examining the source MAC address on a packet received.  The source MAC address is tied to the interface it was received on.  If a loop occurs then the same source MAC address could be seen on multiple interfaces causing instability. 

Cisco CCNP TSHOOT Solution: Spanning-Tree Protocol


STP’s main task is to stop network loops from occurring on your layer-2 network (bridges or switches). It vigilantly monitors the network to find all links, making sure that no loops occur by shutting down any redundant links.

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from the perspective of this root bridge. A switched environment, which is different from a bridge environment, most likely deals with multiple VLANs. When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.


Cisco CCNP TSHOOT Spanning-Tree Operations


STP’s job is to find all links in the network and shut down any redundant ones, thereby preventing network loops from occurring.  STP performs this in three steps:

  • •First a root bridge is elected that will preside over network topology decisions. 
  • •Root ports are selected on nonroot bridges.
  • •Designated ports are selected on each segment.

Only the best path to the root bridge remains active.  All other paths are blocked, as depicted in the figure where SW Y has it’s 100Meg port blocked as the better path to the root bridge is through the 1Gig port.

STP Root Bridge Selection


To determine the root bridge, the priorities of the bridge and the MAC address are combined.  If two switches or bridges happen to have the same priority value, then the MAC address becomes the tie breaker for figuring out which one has the lowest (best) ID.

In the example on the slide above, Switch A has the lowest bridge ID as 0c0011111111 which is lower than Switch B’s bridge ID of 0c0022222222, hence Switch A will become the root bridge.

The following is used to elect a root bridge in a STP topology:

üBridge priority

üBridge ID (combination of priority and Mac address of the bridge)

Note: Since the lowest Bridge ID wins in the case of the bridge priority being the same on multiple switches, you can potentially have your oldest / slowest switch become the root bridge.  This is because the first portion of the MAC address is the organizational unique identifier (OID) and the second portion is essentially a serial number.  Since in a single vendor environment the older serial number typically equates to a older box, then a lower MAC would typically equate to an older / slower box.

A good rule of thumb is to chose a device to be the root bridge and another to be the backup and set the priority on those respective boxes accordingly and not leave things to chance.

Cisco CCNP TSHOOT STP Port States


Five port states of STP protocol:

  • Blocking – A blocked port won’t forward frames; it just listens to Bridge Protocol Data Units (BPDUs).  All ports are in blocking state by default when the switch is powered up.  The purpose of the blocking state is to prevent the use of looped paths.
  • Listening – The port listens to BPDUs to make sure no loops occur on the network before passing data frames.  A port in listening state prepares to forward data frames without populating the MAC address table.
  • Learning – The switch port listens to BPDUs and learns all the paths in the switched network.  A port in learning state populates the MAC address table but doesn’t forward data frames.
  • Forwarding – The port sends and receives all data frames on the bridged port.
  • Disabled – Port not participating in STP algorithm.

Note: Rapid STP has different states.

Cisco CCNP TSHOOT PortFast


Example of configuring spanning tree portfast.  NOTE: This should only be enabled on an access port (i.e. a port attached to a host, not another network device).

Switch(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single

 host. Connecting hubs, concentrators, switches, bridges, etc… to this

 interface  when portfast is enabled, can cause temporary bridging loops.

 Use with CAUTION

%Portfast has been configured on FastEthernet0/1 but will only

 have effect when the interface is in a non-trunking mode.

If the BPDUGUARD qualifier is specified then the port will be placed in err-disable mode if a spannign tree BPDU is receive on the respective port.


Cisco CCNP TSHOOT show spanning-tree (Root Bridge)


This example output is from the root bridge.  Root bridges forward on all ports.


Cisco CCNP TSHOOT show spanning-tree (non-Root Bridge)


This example output if not from the root bridge.  Non-root bridges will have blocked ports (if redundant links are present).  Note: Fa0/2 is in blocking state.

Cisco CCNP TSHOOT STP  Port States


Active Ports will have the lowest combination of:

            Root Path Cost

            Bridge ID (of upstream bridge)

            Port ID

Path from any switch to the root will travel either directly to the root bridge or though a parent or “designated” switch.  Blocked ports continue to send/receive BPDUs but NOT DATA.

Cisco CCNP TSHOOT Enabling Spanning Tree


Wow, the whole enchilada.  We placed a bullet point under each of the commands to help you digest what is going on in these examples.  All of the above is not necessary to configure spanning-tree, but it shows the flexibility in dictating which switch will become the root bridge.

Cisco CCNP TSHOOT Verifying STP


The show spanning-tree vlan command displays spanning tree information for the specified vlan.

Cisco CCNP TSHOOT What Is PortFast?


Portfast is used to minimize server or workstation downtime.  Portfast is configured on a port to port basis. The Portfast feature causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.

Cisco CCNP TSHOOT Enabling and Verifying PortFast


The spanning-tree portfast command should only be utilized on switch ports connected to end hosts, not to other network switches/routers.  This is because PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.

Cisco CCNP TSHOOT Protecting STP w/Portfast Enabled


The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port.  When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state.

BPDU filtering avoids transmitting BPDUs on PortFast-enabled ports.  By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is configured on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.

The root guard feature ensures that the port on which root guard is enabled is the designated port.  Typically, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together.  If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state.  This root-inconsistent state is effectively equal to a listening state.  No traffic is forwarded across this port, hence root guard enforces the position of the root bridge.

Cisco CCNP TSHOOT Enabling and Verifying BPDU Guard


The PortFast BPDU guard feature is enabled with the spanning-tree portfast bpduguard command.  You can verify if it is set utilizing the show spanning-tree summary totals command.

Cisco CCNP TSHOOT What Is UplinkFast?


UplinkFast is a means for speeding up network convergence.  It minimizes network downtime from about 50sec. to somewhere less than 5sec.  Uplink fast is configured on a switch to switch basis and should only be configured on Access Layer Switches.

UplinkFast provides fast convergence using uplink groups in the network access layer after a spanning tree topology change. An uplink group is a set of ports (per VLAN), only one of which is forwarding at any given time. Specifically, an uplink group consists of the root port (which is forwarding) and a set of blocked ports (not including self-looped ports). The uplink group provides an alternate path in case the currently forwarding link fails.