img img
Practice Exams:
View All
  • Home
  • Cisco CCNA 200-301 – STP – Spanning Tree Protocol Part 5

Cisco CCNA 200-301 – STP – Spanning Tree Protocol Part 5

  1. Spanning Tree and HSRP Alignment

You’ll learn about how to align your spanning tree and HSRP configuration so that they line up with each other. I’m using the same network topology example as usual. You can see in the diagram here, I’ve already configured my core distribution switches, CD One and CD Two to be my root primary and secondary for the root bridge. So CD one is currently the root bridge and I’ve got blocking links going from axis three to CD two and from axis four to CD two. If you look in the next slide, I’ve just tidied up the diagram a little where I’ve removed those links which are being blocked right now. Okay? So you can see that it layered to my spanning tree configuration, that my traffic going north and southbound is going via CD One. Right now, I want my HSRP configuration to match the spanning tree path.

So in this example, R One should be given a higher HSRP priority than R Two so that it is selected as the HSRP active router that allows traffic from the PCs to take the most direct path to their default gateway. If R Two was the HSRP active router, traffic would have to transit via an extra device over the CD One to CD Two link. So let’s break that down. Right now. CD One is the root bridge and I’m going to configure. R one is the HSRP active gateway. So if traffic goes from PC One up to the Internet, it goes via axis three, CD One and then R one. And if traffic is coming from PC Two, it goes from PC Two to axis four to CD One and then R one. If R Two was my HSRP active gateway, traffic from PC One would go to axis three, then CD One, then CD two, and then R two.

So you see it’s having to take an extra hop over my core distribution switches. So you want to line up your HSRP and your spanning tree configuration so that traffic is going to go over the most direct path at layer two with spanning three, and it layer three with HSRP as well. Finally, let’s look at an example of how we could do load balancing with aligned HSRP and spanning three configuration. Going back to the topology diagram again here, PC One has got IP address 1010 and it’s in VLAN Ten. PC Two, you can see it’s in VLAN ten as well. But for the example, imagine that PC Two is in VLAN 20 and it’s got IP address 1010 2010. And with the configuration, I’m going to configure it so that traffic for VLAN Ten, PC One is going to go up through the path via CD One and R One. And traffic from PC Two in VLAN 20 is going to go up via the path via CD Two and R Two. So I’m splitting.

Half my traffic is going to go along the left side path. Half my traffic is going to go along the right side path. So I get load balancing this way rather than all traffic going up one path. Also if one path fails, if CD one or R one or CD two or R two fails, the traffic will fail over to going over on the other side of the path. So I’m not going to have any outages if I have any single point of failure. So how we do the configuration? R one is going to be the HSRP active for VLAN one and I’m using router on a stick sub interfaces here. So in R one I’ve got interface gig 0110 incap one Qvlan ten, IP address 1010 two, no shut and then stand by one IP 1010 one standbyone prod 8110 and standby one preempt on R two. For VLAN ten I give it IP address 1010 three. It’s got that shared HSRP virtual IP address of 1010 one and I give it priority 90. So R one is going to be selected as the active HSRP gateway for VLAN ten.

On my switches on core distribution CD one I’ve set spanning three VLAN ten root primary and spanning three VLAN 20 root secondary the other way around on CD two. So on CD two it’s going to be spanning three Vuen ten root secondary. So R one will be selected as the active HSRP gateway for vuanton ten and CD one will be selected as a root bridge with spanning three. So going back to the diagram again, all traffic for vuan ten is going to go up and down the left path via CD one and R one. For VLAN 20 really just the mirror opposite configuration. On R two I give it IP address 1010 23 and I set it with standby one priority 110 and standby one preempt.

For R one I give it IP address physical IP address 1010 22 and priority 90 and the gateway address, the virtual IP I’m using is ten dot 1021. So R two will be the HSRP active gateway for VLAN 20 using IP address 10, 10, 21. That’s my layer three config. I also want to configure spanning three. I want this traffic to go through CD two. So on CD two switch I say spanning three VLAN 20 root primary and for failover on CD one I got spanning three VLAN 20 root secondary. So that’s how you do your configuration where you line up HSRP and spanning three so that you get load balancing. You also get automatic failover as well. That was see you in the next lecture where we’ll cover the final spanning three topic which is portfast and BBQ guard.

  1. Portfast, BPDU Guard and Root Guard

Lecture you’ll learn about spanning three portfast and BPTU guard. So first one we’ll cover is portfast. It can take up to 50 seconds for spanning three to transition a port to a forwarding state when that port becomes active by powering on the switch or plugging a network cable into it. So that’s a long time and if you think about it, a loop cannot be formed on ports where a single end host is plugged in. So if you see the diagram at the bottom here, I do have a potential loop between my three switches there. So one of the parts was put into a blocking state. I then go and plug a PC into one of the switches with a single network cable connecting it. Well, it’s impossible to have a loop going through there as long as it doesn’t change. So it would be nice if I didn’t have to wait 50 seconds for the port to come up and you can actually configure that. So you can make the port transition to a forwarding state immediately when it becomes active by disabling spanning three on the port. The way you do that is with the portfast command. So this is configured at the interface level.

So here my PC is plugged into interface fast zero 10. At the interface config I say spanning three portfast, it disables spanning three from running on the port and it will transition to forwarding immediately. You can also set all of your ports to be portfast by default. To do that at global config the command is spanning three portfast default then just make sure that on any ports that are connected to switches enter the command no spanning three portfast on most parts. Now hopefully it’s quite obvious that there could be a big problem with this because if you enable portfast on a port you’re disabling spanning tree and if a loop is formed through it then you’re going to get a broadcast storm and this could happen. The most common reason is users doing things that they shouldn’t be doing like adding devices to the network like additional switches or changing the cabling.

And you can see that’s what’s happened in the diagram here we’ve got our switches up at the top are configured with portfast and we expect normally it’s end hosts that get plugged in there. But probably what happened was there was some part of the building where there’s not enough wallports so a user has come in with their own switch and they’ve plugged that into two different wall ports in that part of the office to get more ports for the additional users that are there.

And by doing that they’ve formed a loop but you can see the loop that is formed there and now you’re going to get a broadcast storm so it’s dangerous enabling portfast. So we went to take some mitigation against this kind of problem happening and that is where BBTU guard comes in. So you can enable BBTU guard on the same interfaces where you’ve enabled portfast. And then if a BBTU is received, the port will be shut down. Remember switches, when they come online, they send BB to use out all ports to build the spanning tree.

So if you do plug a switch into a port, it will receive a BBTU on there and this can allow the switch to automatically shut down that port to prevent a loop from happening the command to enable Bbdugard. So it’s the same example we had before with interface fast zero 10 spanning three portfast. We put the additional command on there spanning three BBTU guard enable. And it is best practice to use these commands on your networks where you’ve got ports the end hosts are going to be plugged into just like we could with portfast. You can also make BBTU guard the global default to do that in global config spanning tree portfast, BBTU guard default. Another spanning tree command to cover is root guard. And this is used for a different reason than portfast and Bbdugard are spanning tree. Root guard prevents an unintended switch from becoming the root bridge. So say for example that you have an old switch which had been in a different office and it happened to be the root bridge in that different office, but it’s a much older switch than the root bridge which is in your main office. So you get that old switch shipped back to the main office and then you don’t do a factory reset on there. You plug it into the network and it happens to have a higher priority than the current route bridge.

Well now that old switch which is not going to be in a central part of the network is going to become the root bridge. So you want to make sure that that does not happen. Another reason that the wrong switch could become a root bridge is maybe that you’re under an attack and what the attacker is doing is putting a switch into the network, trying to make that the root bridge to force traffic to come through the switch that they are controlling. They’ll then be able to sniff the traffic and gain access to sensitive information. So if you want to make sure that the current route bridge remains the root bridge, which you normally will do, you can use root guard to help ensure that the way it works is that if a port where root guard is enabled, receives bpdus that are superior than the current route bridge.

It will transition that port to root inconsistent. Meaning that no traffic will be forwarded over that port. And the way that you configure this is on the interface you say spanning three guard route. So in the example on the slide here, we’ve got our route bridge up in the top left. This is the one that we want to remain the root bridge. What we do is on the port here and the port here. We configure spanning c guard route so that if the switch at the bottom starts sending out superior Bbdus, they are not going to be accepted. And the port that is connected to that switch is going to be transitioned to root inconsistent, basically shutting the port down. Okay, that was everything to tell you for spanning T. We got through it. See you in the next section. You.

Related posts:

  1. 5 Easiest Jobs to Make a Successful IT Career
  2. 5 New Microsoft Azure Certifications: Which One Will Look Good on Your Resume?
  3. Cisco Certifications Overview 2018
  4. Discover Top 10 Reliable JavaScript Test Tools and Choose the Best One
  5. Explore the Internet of Things Through Seven IT Skills!
  6. How To Launch A Career In IT
  7. Reasons To Get Microsoft MCSA Certification
  8. SY0-501 Section 1.5 -Given a scenario, troubleshoot security issues related to wireless networking.
  9. Top 10 Most Difficult Tech Jobs To Fill In 2018
  10. What Python Certifications Will Be Good for Your IT Career?

Popular posts

Top Vendors On The IT Certification Market

Top 5 Agile Certifications You Should Pursue in 2020

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

What Should You Know About New Amazon AWS Certified Database – Specialty Exam?

Recent Posts

img