Pages

network cisco ccna gns3 certification arteq

network cisco ccna gns3 certification arteq
a network runs through it

Search insearchofthecert

Monday, February 13, 2012

guest post - warren sullivan ccnp


warren sullivan is a ccnp who i bump into from time to time on the CLN (cisco learning network)  the following is an excellent treatise on spanning tree port enhancements... for those who have not yet joined an applicable study group on CLN; what in the hell are you waiting for...
and when you go there, be sure to thank warren...


Portfast
Used on access ports connecting to hosts, to immediately transition to the forwarding state, bypassing the listening and learning states.
Can be configured globally with;
Spanning tree portfast default
Which will enable portfast on any port configured as an access port on the switch, or per interface with;
Spanning-tree portfast
Which will enable portfast on the port as long as it is in a non trunking mode, or
Spanning-tree portfast trunk
Which will enable it even if it is a trunk!
Portfast is typically configured on host ports only, although trunks can also be configured as portfast ports too

BPDUguard
Used on Access ports where BPDU’s should never be received, if they are the port will be placed in an err-disabled state.
Implimented either globally with;
Spanning-tree portfast bpduguard default
Which will enable it on any portfast enabled interface on the switch, or per interface with:
Spanning-tree bpduguard enable
Which will enable it explicitly on the port.
BPDUguard is configured on access switch host ports were BPDU's should never be seen.

BPDUfilter
When enabled globally the port will transmit 10 BPDU's to ensure there is no loop in the topology, if the port receives a BPDU it will lose portfast status, bpdufilter will be disabled and the port will begin normal spanning-tree operation.
When enabled per interface, spanning-tree is effectively disabled on the port altogether, it will not send BPDU's and will drop received BPDU's on that port.
It is again enabled either globally with;
Spanning-tree portfast bpdufilter default
Which will enable it on any portfast enabled interface, or per interface;
Spanning-tree bpdufilter enable
Which will enable it explicitly on the port.
BPDUfilter is configured on access switch host ports.

Note: if BPDUguard and BPDUfilter are enabled on a switchport, BPDUguard will have no affect as BPDUfilter takes higher precedence over BPDUguard.

ROOTguard
Root Guard is useful in avoiding Layer 2 loops during network anomalies. It forces a port to become a designated port, if the port were to receive a superior BPDU and ROOTguard was not enabled it would attempt to become a root port, this is what ROOTguard prevents.
This feature effectively enforces the position of the root bridge.
it is used to protect the desired root bridge from becoming over-run by a new or reconfigured switch in the network, it is configured per interface with;
Spanning-tree guard root
If a superior BPDU is received on the port, the port will go into a “root-inconsistent” state (effectively a listening state) until the superior BPDU’s are no longer received on that port.
ROOTguard is configured on distribution switch downlinks to the access layer

LOOPguard
Prevents bridge loops caused by unidirectional communication, it works by detecting BPDU’s received on non-designated (blocked) ports, if the BPDU’s stop coming then LOOPguard places the port into a Loop-inconsistent state preventing a potential loop, if this mechanism was not implemented and the sent BPDUs were not reaching the non-designated port, the non-designated port would transition to a forwarding state, because it believes that the bridge is dead! But it isn’t, a loop is born!
When configured globally, LOOPguard is implimented on all ports considered to be point-to-point links (full duplex ports)
It is configured globally with;
Spanning-tree loopguard default
or per port with;
spanning-tree guard loop
LOOPguard is configured on links between distribution switches and uplink ports on access switches

UDLD
Is a layer 2 protocol that works with layer 1 mechanisms to determine the physical status of a link, in essence it prevents unidirectional communication, unidirectional communication typically occurs with fibre connections being misconnected tx to tx or rx to rx etc, this can play havoc with spanning tree as you can imagine.
It can be configured either globally or per interface, per interface taking precedence, when configured globally, it is enabled on fibre interfaces only.
It can also be configured in two modes, enable or aggressive.
Enable mode simply changes the UDLD enabled port to an "undetermined" state if it stops receiving UDLD packets from its neighbor.
Aggressive mode will first attempt to re-establish connectivity by sending 8 UDLD messages in quick succession, if they fail, the port is place in an errdisabled state. From STP perspective, loop prevention.
It is configured globally with;
udld [aggressive|enable]
or per interface
udld port [aggressive|enable]
UDLD is configured on fibre interfaces

3 comments:

  1. it's all warren... please go to cisco learning center, hunt him down in the ccnp groups and thank him personally...

    ReplyDelete