Académique Documents
Professionnel Documents
Culture Documents
The Spanning tree module provides you with the instructions and Cisco hardware to develop your
hands on skills in various spanning tree configurations on Cisco switches. This module includes the
following exercises:
Lab Diagram
During your session you will have access to the following lab configuration. Depending on the
exercises you may or may not use all of the devices, but they are shown here in the layout to get an
overall understanding of the topology of the lab.
Internet
ISP1 ISP2
172.14.0.3/24 172.14.0.4/24
Frame-Relay
WAN NYEDGE1 NYEDGE2
Gi0/1 Gi0/1 Cisco
Cisco
2911 Router Ser0/0/0 2911 Router
LDNWAN1
Ser0/0/0
Ser0/0/1
Ser0/0/1
Gi0/0 Ser0/0/1 Gi0/0
Ser0/1/1
Ser0/0/0 Ser0/1/0
Fas1/0/1 Fas1/0/1
Gi0/1 Gi0/0 Fas1/0/2 Fas1/0/12
172.16.16.0/24 Fas1/0/23
Fas0/24 Fas0/23
PLABCSCO01 NYACCESS1
Cisco Tools Server Lab Nic Fas0/1 Cisco 2960-24
192.168.16.10/24 Switch
Each exercise will detail which terminal you are required to work on to carry out the steps.
During the boot up process an activity indicator will be displayed in the device name tab:
If the remote terminal is not displayed automatically in the main window (or popup) click the
Connect icon located in the tools bar to start your session.
Copyright Notice
This document and its content is copyright of Practice-IT - Practice-IT 2014. All rights reserved.
Any redistribution or reproduction of part or all of the contents in any form is prohibited other than
the following:
1) You may print or download to a local hard disk extracts for your personal and non-commercial use
only.
2) You may copy the content to individual third parties for their personal use, but only if you
acknowledge the website as the source of the material. You may not, except with our express
written permission, distribute or commercially exploit the content. Nor may you transmit it or store
it in any other website or other form of electronic retrieval system.
Exercise 1 Traditional Spanning-tree
(STP)
In this exercise you will learn how to determine the outcome of the default spanning-tree topology
between the 3 switches in the lab, how to manipulate this configuration and how to verify that your
manipulations have worked. Please refer to your course material or use your preferred search
engine to gain an understanding of these tasks.
Lab Diagram
This diagram focuses on the devices used in this exercise.
NYEDGE1 NYEDGE1
Gi0/0 Gi0/0
192.168.16.1 /24 192.168.16.3 /24
Fas1/0/1 Fas1/0/1
Fas1/0/23
Fas1/0/24
NYCORE1 Fas1/0/22 Fas1/0/22 NYCORE2
192.168.16.5 /24 192.168.16.6 /24
PLABCSCO01
Cisco Tools Server
Fas0/24 Fas0/23
NYACCESS1
Lab Nic Fas0/1 192.168.16.7 /24
192.168.16.10/24
In fact it doesnt have to be two switches, you could for example have a hundred switches in your
network, then somebody places a hub under their desk or in a meeting room and connects two of its
interfaces to your infrastructure one connection may go to NYCORE1 in the network, the other
connection may go to NYCORE2, this could cause a loop to occur.
Spanning-trees role is to find these loops at take appropriate action against one of the interfaces
where the loop has occurred. There are many examples of what happens when a loop occurs in a
network, the classic example being when an arp packet consumes vast amounts of bandwidth
because the switches dont yet know about all the devices connected to them.
All things being equal, and all Cisco switches having default configuration, the switch with the lowest
MAC address will become the root bridge.
In the lab layout, assuming there were no servers connected to NYACCESS1, you would expect or
prefer NYCORE1 or NYCORE2 to be the root bridge. Looking at the lab diagram, you can see that
NYCORE1 & 2 are the center of the network, in this example we are going to determine which switch
has become the root bridge, and how to change it if it is not the switch we were expecting.
Lets have a look at which switch has become the root bridge in the lab.
Note: Your MAC Addresses will not be the same as the ones outlined here.
Step 1
Ensure all 3 switches are powered on in the lab. Connect to NYCORE1 and use the following
command to determine which switch is the root for VLAN 1:
On NYCORE1:
Output on NYCORE1:
VLAN0001
Address 0012.80e2.1a40
Cost 19
Port 24 (FastEthernet1/0/22)
We can see from the output that the root bridge is known via fa1/0/22, our root port.
Using our diagram we can determine that this is NYACCESS1. We could use CDP to determine what is
connected to NYCORE1 fa1/0/22.
VLAN0001
Address 0012.80e2.1a40
Notice that NYACCESS1 is the root for VLAN1 in this example. This of course is determined byt the
fact that it says This bridge is the root in the output.
Your lab may have a different outcome to this lab, so follow the same process (if NYCORE1 is the
root bridge, connect to another switch to so that you can see the output from both a root bridge,
and a non-root bridge).
You can see using the command you used that the bridge priority of each the switches is set to
32769, the easiest way to tune which switch becomes root for any specific VLAN is to change the
bridge priority.
Step 1
First we are going to manually tune NYCORE1s priority to be lower than 32769 (I am going to half
the value to 16384) using the following command:
NYCORE1#configure terminal
VLAN0001
Address 0024.514b.0800
Notice that in fact the switch has choses 16385 and not my 16384, more about this shortly.
You can also use the vlan-list command to achieve this for a number of VLANs if you want to tune
this parameter for multiple VLANs at the same time. For example if you wanted to tune VLANs 10,
20, 30, 31, 32, 33 you could use:
Step 2
An alternative approach to ensuring the root bridge for a specific VLAN is to use the spanning-tree
root macro command. This command sets the switches priority for the specified VLAN(s) to 4096
less than the current root bridge:
If you now view the root bridge on VLAN 1, you will notice fact nothing happened. This because we
had already tuned the priority of the switch.
Step 3
Instead lets create VLAN 10 and tune it to have its root on NYCORE1:
vlan 10
name InformationTech
exit
NYCORE1#configure terminal
NYCORE1(config)#vlan 10
NYCORE1(config-vlan)#name InformationTech
NYCORE1(config-vlan)#exit
VLAN0010
Address 0024.514b.0800
As you can see the value chosen by the root command is the default of 32768 + VLAN Id 8192:
Configuring VTP
In a previous exercise you configured VTP, lets configure VTP again on the lab switches which will
help us for the coming tasks.
Step 1
On NYCORE1 for example I have used the commands:
Step 2
Confirm that VLAN 10 has propagated throughout the lab:
show vlan
NYACCESS1#show vlan
Fa0/21, Fa0/22
10 InformationTech active
Step 3
Dont forget to check the trunk ports, if any of the links between the switches are not trunked,
configure the trunks appropriately:
In the output I can see that there is no trunk between the core switches:
Fa1/0/22 1-4094
Fa1/0/22 1,10
Fa1/0/22 1,10
Therefore, I need to configure a trunk between NYCORE1 and NYCORE2:
NYCORE1#configure terminal
Remember, you may need to repeat this on NYCORE2, but check your trunk ports first.
Step 4
Create a new VLAN on NYCORE1, VLAN 30 with a name of Research which you should see propagate
throughout each switch, now finally see where VLAN 30s root is:
vlan 30
name Research
exit
exit
NYCORE1#configure terminal
NYCORE1(config)#vlan 30
NYCORE1(config-vlan)#name Research
NYCORE1(config-vlan)#exit
NYCORE1(config)#exit
View where the root bridge for this VLAN is, should be NYACCESS1 again correct?
VLAN0030
Address 0024.514b.0800
This bridge is the root
Because I previously entered a VLAN list in my priority command, I still have this configuration in my
config:
NYCORE1#show run
Building configuration...
version 12.2
no service pad
no service password-encryption
hostname NYCORE1
boot-start-marker
boot-end-marker
no aaa new-model
ip routing
no ip domain-lookup
ip domain-name practice-labs.com
Therefore this switch is going to become the root for those VLANs.
Lets create a new VLAN 90 with a name of FrontOffice and see what happens (all of this is good
troubleshooting for you!):
vlan 90
name FrontOffice
NYCORE1#configure terminal
NYCORE1(config)#vlan 90
NYCORE1(config-vlan)#name FrontOffice
NYCORE1(config-vlan)#^Z
VLAN0090
Address 0012.80e2.1a40
Cost 19
Port 24 (FastEthernet1/0/22)
Address 0024.514b.0800
VLAN0090
Address 0024.514b.0800
You will notice in the output that in fact the priority is set to 24666, the default was 32768 so the
change was in fact (32768 + 90) 8192 = 24666.
Step 5
Lets try one more example to confirm this. Create another VLAN with an ID of 300, name it
BackOffice.
vlan 300
name BackOffice
exit
NYCORE1#configure terminal
NYCORE1(config)#vlan 300
NYCORE1(config-vlan)#name BackOffice
NYCORE1(config-vlan)#exit
NYCORE1(config)#exit
VLAN0300
Address 0024.514b.0800
This bridge is the root
Step 6
Lets check the command spanning-tree vlan x root secondary, to see what happens.
Make NYCORE2 the secondary root (or backup) for VLANs 1,10,90,300:
NYCORE2#configure terminal
Now lets check the priority chosen by the switch for each of these VLANs:
VLAN0001
Address 0024.514b.0800
Cost 19
Port 25 (FastEthernet1/0/23)
VLAN 1 = 28673
VLAN 10 = 28682
VLAN 90 = 28762
VLAN 1 = 16385 (set because of our vlan-priority command, so ignore this as it is not default)
We can see that the calculation for the secondary root bridge is:
This is half the value of the root primary of 8192. Remember the default priority will differ
depending on VLAN id. For example, VLAN 100 is:
Step 1
On NYCORE2, because our root bridge is NYCORE1, we would expect that the root port to fas 1/0/23:
VLAN0001
Address 0024.514b.0800
Cost 19
Port 25 (FastEthernet1/0/23)
Address 0017.5a7b.4400
Step 2
For NYACCESS1 our primary path is via Fas0/24 which is directly connected to NYCORE1:
VLAN0001
Address 0024.514b.0800
Cost 19
Port 24 (FastEthernet0/24)
Address 0012.80e2.1a40
Observing the output on NYCORE2. We can see that in fact Fas1/0/23 has become the root port, and
not Fas1/0/24.
Step 1
Using the below command we can view the priority and cost of the interface:
We can see that the cost (100Mbps) is 19, and the priority is 128.25 where 25 is the interface index
(fas 1/0/24 would be 26).
Step 2
Lets change the cost of fastethernet 1/0/24 so that this interface has preference:
NYCORE2#configure terminal
VLAN0001
Address 0024.514b.0800
Cost 18
Port 26 (FastEthernet1/0/24)
Address 0017.5a7b.4400
Disabled
Blocking
Listening
Learning
Forwarding
Step 1
On NYACCESS1, shut down the interface for the server which is on Fas0/1.
Step 2
Lets use the show spanning-tree interface fas0/1 command to see what happens when we issue the
no shutdown command on the same interface:
First we see the interface change to Listening, then Learning, finally we see the interface change to
Forwarding:
Leave the lab devices in their current states and move to the next exercise.
Exercise 2 Tuning STP timers
In this exercise we are going to tune the spanning-tree timers to make the network converge a little
quicker. Use your course information or use your preferred search engine to gain an understanding
of these tasks.
Note: Please ensure you are continuing on from the previous section, if you are not, then you will
need to find the root bridge in the lab and use this switch to make the configuration changes.
A word of caution
In almost every circumstance I would leave the default spanning-tree timers set to defaults. These
timers are set to specific default values for a reason and in most instances they work exactly as
required. However, if you find yourself in a situation where you need to modify these, you can learn
how to change these in this exercise.
In this exercise we are going to tune the timers for VLAN 1 only.
Step 1
First we can tune the hello timer, the default is 2 seconds, but tuneable from 1 to 10 seconds.
These timers must be set on the root bridge for the VLAN, if you have continued from the previous
exercise, this will be NYCORE1.
NYCORE1#configure terminal
VLAN0001
Spanning tree enabled protocol ieee
Address 0024.514b.0800
Cost 18
Port 26 (FastEthernet1/0/24)
As you can see in the last line here (output has been omitted) that the hello time has changed to 1
second (from 2).
Step 2
Next we can tune the forward delay timer, default being 15 seconds, but tuneable from 4 to 30
seconds.
VLAN0001
Address 0024.514b.0800
Cost 18
Port 26 (FastEthernet1/0/24)
Step 3
Finally we can tune the max-age timer, default being 20 seconds but tuneable from 6 and 40
seconds.
VLAN0001
Address 0024.514b.0800
Cost 18
Port 26 (FastEthernet1/0/24)
Here is a quote from the provided Cisco link which is very important:
As the Spanning Tree Protocol Timers section mentions, each BPDU includes the hello, forward
delay, and max age STP timers. An IEEE bridge is not concerned about the local configuration of the
timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge
receives. Effectively, only a timer that is configured on the root bridge of the STP is important. If
you lose the root, the new root starts to impose its local timer value on the entire network. So,
even if you do not need to configure the same timer value in the entire network, you must at least
configure any timer changes on the root bridge and on the backup root bridge.
Step 1
On NYCORE1, change the diameter of VLAN 1 to be 3.
Remember, be very careful when tuning any of these parameters in a real production environment.
Summary
In this module you achieved the following activities:
You learnt how to locate the root bridge in your network for a specified VLAN.
You learnt how to tune which switch in your network becomes the root bridge, and the
secondary root.
You learnt how to tune the root bridge for different VLANs.
You learnt how to calculate the bridge values.
You learnt how to tune spanning-tree timers.
Also Try
Using your lab infrastructure you can attempt the following topics at your own pace, these are
additional tasks that can be done building on what you have learnt in this module:
Create VLAN 400 and make NYCORE2 the primary root, and NYCORE1 the secondary root,
observe spanning-tree topology for this new VLAN.
Set the new timer values on the secondary root.