Portfast
Used
on access ports connecting to hosts, to immediately transition to the
forwarding state, bypassing the listening and learning states.
Can be configured globally with;
Spanning tree portfast default
Which will enable portfast on any port configured as an access port on the switch, or per interface with;
Spanning-tree portfast
Which will enable portfast on the port as long as it is in a non trunking mode, or
Spanning-tree portfast trunk
Which will enable it even if it is a trunk!
Portfast is typically configured on host ports only, although trunks can also be configured as portfast ports too
BPDUguard
Used on Access ports where BPDU’s should never be received, if they are the port will be placed in an err-disabled state.
Implimented either globally with;
Spanning-tree portfast bpduguard default
Which will enable it on any portfast enabled interface on the switch, or per interface with:
Spanning-tree bpduguard enable
Which will enable it explicitly on the port.
BPDUguard is configured on access switch host ports were BPDU's should never be seen.
BPDUfilter
When
enabled globally the port will transmit 10 BPDU's to ensure there is no
loop in the topology, if the port receives a BPDU it will lose portfast
status, bpdufilter will be disabled and the port will begin normal
spanning-tree operation.
When
enabled per interface, spanning-tree is effectively disabled on the
port altogether, it will not send BPDU's and will drop received BPDU's
on that port.
It is again enabled either globally with;
Spanning-tree portfast bpdufilter default
Which will enable it on any portfast enabled interface, or per interface;
Spanning-tree bpdufilter enable
Which will enable it explicitly on the port.
BPDUfilter is configured on access switch host ports.
Note: if BPDUguard and BPDUfilter are enabled on a switchport, BPDUguard will have no affect as BPDUfilter takes higher precedence over BPDUguard.
ROOTguard
Root
Guard is useful in avoiding Layer 2 loops during network anomalies. It
forces a port to become a designated port, if the port were to receive a
superior BPDU and ROOTguard was not enabled it would attempt to become a
root port, this is what ROOTguard prevents.
This feature effectively enforces the position of the root bridge.
it
is used to protect the desired root bridge from becoming over-run by a
new or reconfigured switch in the network, it is configured per
interface with;
Spanning-tree guard root
If
a superior BPDU is received on the port, the port will go into a
“root-inconsistent” state (effectively a listening state) until the
superior BPDU’s are no longer received on that port.
ROOTguard is configured on distribution switch downlinks to the access layer
LOOPguard
Prevents
bridge loops caused by unidirectional communication, it works by
detecting BPDU’s received on non-designated (blocked) ports, if the
BPDU’s stop coming then LOOPguard places the port into a
Loop-inconsistent state preventing a potential loop, if this mechanism
was not implemented and the sent BPDUs were not reaching the
non-designated port, the non-designated port would transition to a
forwarding state, because it believes that the bridge is dead! But it
isn’t, a loop is born!
When configured globally, LOOPguard is implimented on all ports considered to be point-to-point links (full duplex ports)
It is configured globally with;
Spanning-tree loopguard default
or per port with;
spanning-tree guard loop
LOOPguard is configured on links between distribution switches and uplink ports on access switches
UDLD
Is
a layer 2 protocol that works with layer 1 mechanisms to determine the
physical status of a link, in essence it prevents unidirectional
communication, unidirectional communication typically occurs with fibre
connections being misconnected tx to tx or rx to rx etc, this can play
havoc with spanning tree as you can imagine.
It
can be configured either globally or per interface, per interface
taking precedence, when configured globally, it is enabled on fibre
interfaces only.
It can also be configured in two modes, enable or aggressive.
Enable mode simply changes the UDLD enabled port to an "undetermined" state if it stops receiving UDLD packets from its neighbor.
Aggressive mode
will first attempt to re-establish connectivity by sending 8 UDLD
messages in quick succession, if they fail, the port is place in an
errdisabled state. From STP perspective, loop prevention.
It is configured globally with;
udld [aggressive|enable]
or per interface
udld port [aggressive|enable]
UDLD is configured on fibre interfaces
No comments:
Post a Comment