Cisco Enhancements to Spanning Tree Protocol
The steps to transition to a forwarding state in STP are critical to ensure that the switched network has enough time to propagate a change in the topology. However, in the networking world, 50 seconds is a lot of downtime. In some instances, this 50 seconds may be detrimental because of the disruption of data traffic and should be avoided if it is safe to do so. In light of these scenarios, Cisco has created some enhancements to normal STP operation that can decrease the time it takes for the switched network to converge (have a consistent perspective of network), as discussed in the next sections.
PortFast and BPDU Guard
Imagine you just plugged your server, IP phone, or just a normal PC into your switch. Because STP is running on all ports on the Catalyst switches by default, the interface into which you plug your server transitions from a blocking state to the listening state, followed by the learning, and finally the forwarding. In that 30 seconds, devices such as IP phones and computers
cannot use those services that the server provides because no data transfer can occur until spanning tree is in a forwarding state.
To speed up the spanning tree process for end devices, you can configure your first STP enhancement, called PortFast. If you configure this feature on an interface, it skips the listening and learning states and transitions immediately to the forwarding state to enable instant data transfer.
If you enable PortFast on an interface, it is imperative that you never plug a switch or hub into it. This could easily cause a loop in your switched network. In fact, Cisco has added a function to PortFast called BPDU Guard that acts as a loop-preventive detector for BPDUs on a PortFast-enabled interface. When a BPDU is received on a PortFast-configured interface with
BPDU Guard enabled, the port is disabled automatically and must be enabled by an administrator to ensure that a switching loop will not occur.
EXAM ALERT
PortFast immediately transitions from a blocking to a forwarding state on ports connected to end devices. BPDU Guard is a feature that disables the PortFast-enabled interface if a BPDU is received on that port.
UplinkFast
In an optimal redundant switching design, you would have redundant high-end distribution layer switches in your network, with your access layer switch having an uplink to both, as shown in Figure 14.1. With this design, if your root port were to fail, it would still take at least 30 seconds to transition the backup link to a forwarding state. With a feature called UplinkFast, you can bypass the listening and learning states for this redundant uplink to ensure faster recovery.
NOTE
For UplinkFast to work, the access layer switch must have direct knowledge of link failure (a link that is connected to the switch), it must have one port in a blocking state, and the link failure must be on the root port.
BackboneFast
BackboneFast is similar to UplinkFast, in which a redundant link transitions faster than normal to a forwarding state. The difference is that the transition occurs without having direct knowledge of the link failure. Consider the scenario shown in Figure 14.2. The failure actually occurs on the link between the two distribution layer switches. When that link fails, the distribution switch on the left begins to have delusions of grandeur and believe it is the root bridge, and it advertises that to the access layer switch. Because this access switch still has connectivity to the actual root bridge, it disregards the left distribution switch’s false BPDUs (referred to as inferior BPDUs). By design, it must wait the max age (20 seconds) before transitioning to a learning state on its backup link and send a BPDU to the distribution switch, informing it of access to the actual root bridge.
With BackboneFast, the access layer switch bypasses the max age time and immediately transitions from blocking to listening. After the distribution switch receives that BPDU from the access layer switch, it realizes it has a path to the root bridge through the access layer switch, and that corresponding interface becomes its root port.
Configuring Cisco STP Enhancements
Objective:
- Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network
To enable the Cisco enhancements on a Catalyst switch, you can configure PortFast with BPDU Guard on an interface-by-interface basis. Conversely, UplinkFast and BackboneFast are configured globally on the switch, as demonstrated in the following configuration:
Switch(config)#interface FastEthernet 0/3 Switch(config-if)#spanning-tree portfast %Warning: PortFast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when PortFast is enabled, can cause temporary bridging loops. Use with CAUTION Switch(config-if)#spanning-tree bpduguard enable Switch(config-if)#exit Switch(config)#spanning-tree uplinkfast Switch(config)#spanning-tree backbonefast
NOTE
You can also enable BPDU Guard globally as opposed to on a port-by-port basis by using the spanning tree portfast bpduguard default command in global configuration mode:
Switch(config)# spanning-tree portfast bpduguard default
To verify that PortFast, UplinkFast, and BackboneFast are enabled on your switch, use the show spanning-tree summary command:
Switch#show spanning-tree summary Root bridge for: none. PortFast BPDU Guard is enabled UplinkFast is enabled BackboneFast is enabled Spanning tree default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ------------ -------- -------- --------- -------- ---------- ---------- 1 VLAN 0 0 0 1 1
EtherChannel
Objective:
- Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network
Although it isn’t an actual enhancement to Spanning Tree Protocol, EtherChannel proves to be a useful feature in Cisco switches to help overcome wasted bandwidth that might result from STP. For instance, consider the two switches illustrated in Figure 14.3. Because these switches have multiple redundant links between them, Spanning Tree Protocol ultimately blocks three of the links to avoid a loop. If these were Gigabit Ethernet interfaces, 3 gigabits of throughput would be wasted.
EtherChannel solves this dilemma by bundling the individual links into a single virtual interface. In this manner, the switch does not block the other ports in the bundle and load-balances data across the individual links to aggregate the bandwidth. What’s more, if one of the individual links fails, EtherChannel detects the failure and redistributes the data traffic load over
the remaining links in a matter of milliseconds.
EtherChannel is a hardware feature present on most Cisco Catalyst switches today. Before configuring EtherChannel, you must connect all the interfaces (up to eight), and they must be configured identically (speed, duplex, and so on). To assign them to an EtherChannel logical bundle, you have to navigate into each interface or use the interface range command and assign them to the same group number with the channel-group command:
Switch(config)#interface range FastEthernet0/1 - 8 Switch(config-if-range)#speed 100 Switch(config-if-range)#channel-group 3 mode on
This configuration places the first eight Fast Ethernet interfaces in logical EtherChannel bundle number 3. By adding these interfaces to the EtherChannel bundle, the Cisco IOS creates a logical interface called a port-channel interface. This logical interface simplifies configurations that need to affect the entire bundle (for instance, the duplex) because any configuration
that is configured on this interface gets applied to all the individual interfaces in the bundle:
Switch(config)#interface Port-channel 3 Switch(config-if)#duplex full Switch(config)#show running-configuration Building configuration... ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! !!!Output Omitted ! interface Port-channel 3 no ip address duplex full speed 100 ! interface FastEthernet 0/1 no ip address duplex full speed 100 channel-group 3 mode on ! interface FastEthernet 0/2 no ip address duplex full speed 100 channel-group 3 mode on ! interface FastEthernet 0/3 no ip address duplex full speed 100 channel-group 3 mode on ! !!!Output Omitted