Mdeium Sized Switched Networks

Broadcast Storms – Without loop avoidance in operation, each switch or bridge floods broadcast frames endlessly.

Multiple Frame Transmission – Multiple copies of the same frame can cause unrecoverable errors.

MAC Database Instability – Instability of the MAC address table results from the same frame being received on different ports of the same switch.

Switches flood broadcast and multicast frames out ALL ports except the originating port.

Spanning Tree Operation

Elect Root Bridge

  • Only one per network
  • All ports are designated
  • Designated ports are in the forwarding state

Select Root Port on Non Root Bridge

  • Establish root ports on other switches
  • Root port is the lowest-cost path to root bridge
  • Root ports are in the forwarding state

Select Designated Port on each Segment

  • Lowest cost path to root bridge
  • Forwarding state, forwarding traffic for the segment
  • One designated port per segment

STP configuration messages exchange every 2 seconds via multicast BPDU’s

Every switch or bridge needs a unique bridge ID, made up of the priority (2 bytes) and the MAC address (6 bytes).

The root bridge is the device with the lowest bridge ID.

Switches use a MAC address from either the backplane or the supervisor module depending on the switch.

STP Port States

  • Blocking
  • Listening
  • Learning
  • Forwarding – Lowest cost path to root bridge
  • Disabled

Portfast should not be enabled on trunk links, it should only be applied to access ports.  Portfast enables endpoints to connect to the network immediately rather than wait for STP to converge by forcing an access port into the forwarding state.

Spanning Tree Path Cost

10Gbps 2
1Gbps 4
100Mbps 19
10Mbps 100

Normal STP (802.11D stp) convergence is between 20-50 seconds.

Per Vlan Spanning Tree allows several spanning tree instances running on the network, one instance per vlan.

PVST+ *802.11D allows optimum load sharing, includes CISCO propriety extensions eg: Backbone Fast, Uplink Fast and Portfast.

Rapid Spanning Tree – RSTP superseeds STP and is backwards compatible reducing convergence times.

PVRST+ 802.11w Faster convergence than PVST+

MSTP (802.11s) Combines the best of PVST+ and the IEEE standards.

The spanning tree root does not necessarily need to be the most powerful switch but it should be the most centralized.  All data flows on the network occur from the perspective of this switch.  Distribution layer switches often serve as the root as they do not connect to endpoints (hosts).

Spanning tree commands take effect immediately, network traffic will be interrupted while re configuration occurs.

Redundant switched topology includes redundant switches and etherchannel. Redundant topology causes looping issues eg: broadcast storms.

Original STP has been enhanced by PVST+ and RSTP.

Switch Security

Disable CDP if it is not required and enable only on a per interface basis.

Secure STP topology by enabling BPDU guard on access ports.

  • Shutdown all unused switch ports
  • Put all unused ports in a “security vlan”
  • Set all unused ports as an access port so they will not negotiate a trunk link
  • Use a password for VTP

The switchport host macro executes the following:

  • STP Portfast
  • Switch port to access port
  • Disables channel grouping

Port Security

Dynamic – How many MAC addresses can use a port at one time

Static – Specifically configured MAC addresses can use a port

Dynamic “Sticky Learning” – Addresses are automatically added as if they were set statically.

Troubleshooting Switched Networks

  • Have an accurate physical and logical network map
  • Verify the working components – Don’t Assume!
  • Logical Plan: Verify Physical Layer, Verify Layer 2, Verify Layer 3

Flow Chart:

  1. Troubleshoot Physical Layer/Port Issues
  2. Troubleshoot Vlan/Trunk
  3. Troubleshoot VTP Issues
  4. Troubleshoot STP Issues

Port Connectivity

  • Cable Type
  • Vlan Membership
  • Administratively down or error disabled?
  • Duplex mismatch?

Vlan/Trunk

  • Both ports on the same vlan?
  • Trunk modes match?
  • Each vlan a unique subnet?
  • Inter vlan communications routed or switched (is there a L3 switch or router to route packets?)
  •  Native vlan mismatch?

VTP

  • Vlan details in the running config?
  • Switches exchanging vlan information?
  • Newly installed switch causing problems?
  • All ports inactive after power cycling?

Spanning Tree

  • Use network map to identify the root and blocked ports
  • Identify bridging loop and restore connectivity
  • Check STP log events
  • Verify Root bridge and that RSTP is enabled
Facebooktwitterlinkedinby feather

Leave a Reply