Cisco CCNA 200-301 – STP – Spanning Tree Protocol

1. Introduction

Section is going to be one of the longer sections in the course because we’re going to cover one of the core topics for the CCNA exam and also for your work as a network engineer as well and that is the spanning tree protocol. I’ll start off with a review of how path selection and loop prevention works at layer three with our routing protocols and then we’ll get into the spanning tree information. I’ll explain why we need to have spanning tree to prevent loops in the layer two part of the network.

We’ll cover the terminology, go into detail with examples of how spanning three works, cover off the different versions, how to verify what spanning tree is actually doing when it’s just working automatically out of the box, and also how to configure it so that it’s going to act the way that you actually want it to and how to verify that as well. We’ll also speed about how to align the paths that spanning three takes with your HSRP configuration and finally we’ll cover portfast and BBTU guard. OK, so spanning three, let’s get started.

2. Layer 3 Path Selection and Loop Prevention Review

Section, we’re going to focus on spanning three, which is a layer two technology which prevents loops across your layer to switch to network. But before we get into that, I want to do a review of how network redundancy and our path selection and loop prevention works at layer three and at layer three, routing and HSRP control the path selection and provide automatic failover for our layer three connections. You see the network topology diagram here. I’m going to be using this throughout this section and the routers up at the top. So r one, r two, SP one and SP two. At the service providers, they’ve all got layer three connections between them. There’s also a layer three connection going from R One and R Two down to the end hosts PC One and PC Two at the bottom. But our switches to CD one, the core distribution switch one, CD two and our axis layer switch axis three and axis four. They are layer two only switches. So this first lecture, we’re going to be talking about those layer three connections.

So looking at the path selection which is controlled by our routing, for this example, I’m just going to use static routes. But if we were using a dynamic routing protocol, it would work pretty much the same as this. So my first route on R One, I’m going to have a default static route for all traffic going out to the Internet, which points at SP One, my service provider router is directly attached to R One and the command I use is IP route 203 1131, the next top address on SP One. And because this is a static route, it has a default administrative distance of one. Now, I want to have a redundant route here as well. I’ve put in redundant network devices, so I don’t have any single points of failure. So if that link between R One up to SP One goes down, I need to be able to route around the failure. So I’ve got a backup route for that. On R one my command is IP route o dot odor, odor, odor o dot o. And then the next hop address is 10 10 22.

Whenever you configure a backup route, it needs to be pointing to the same subnet as the main route was. So that’s why they’re both going to O with a slash zero mask. This route points at R two rather than SP one. And to make it a backup for the primary route, I give it an administrative distance of five. With administrative distance that controls which will be the preferred route, with the lower number being the better. So my first route has got an ad of one. The route going to SP One will be preferred if that route goes down. For example, because the SP One router or the link to SP One goes down, then this route will take over in the routing table. So that gives me redundancy for my northbound traffic. The reason that the traffic works via R Two is that R Two is going to have a similar configuration to R One. So R Two has got its primary default route pointing at SP two.

The service provider router is directly connected to R Two, will have a mirror backup route pointing back towards R One. I also need to have reachability and failover for my southbound traffic going down towards my PCs. Well if you look at R One it’s gigabit Ethernet one interface has got an IP address 1010 Two. It’s in the same subnet as the PCs so it is directly connected to the 1010 O subnet and whenever an interface is directly connected it goes into the routing table as a connected route with an administrative distance of zero. So it will always be the preferred route to get to that network.

I want to have redundancy to get down to my PCs in case the link going downstream to my CD one switch goes down. So for that I’m going to have a backup route pointing towards R Two. Again, my configuration there is IP route 1010 0252-5250 and the next top address on R Two of 1010 22. This is a static route so it has the default administrative distance of one which is not as good as the connected interfaces ad of zero. So this will function as a backup route. Okay, so that was how I did my configuration on R One. R Two is going to have similar configuration as this as well. So I’ve got redundancy going northbound and southbound through my R One and R Two routers.

Now looking at things from the point of view of the PCs they’ve got two gateways available on the ten 1010 00:24 network rose R One@ten. ten dot ten two and Rose R Two@ten. ten dot 1010 dot three. I want to have just one IP address to use as the default gateway on my PCs. So I’m going to configure HSRP on my R One and R Two routers. This is configured at the interface level and it’s interface gig zero one which is facing down towards the PCs on both routers. So on R One on interface gig zero slash one I give it its physical IP address of ten dot ten dot ten dot two no shutdown and then I say standby one IP ten dot ten dot ten dot one. That is the HSRP configuration that uses a virtual IP address of ten 1010 one. On R two I give it physical address 1010 three and it also has that shared virtual IP address of 1010 one. I haven’t configured priority in preemption for this example.

So the highest IP address will default to being the active HSRP gateway that is on R Two because it’s 1010 three. So all of the PCs will use R Two as their active default gateway. R One is going to be the spare if R Two or the link to R Two from Cdtu goes down, then R One will detect that, and R One will transition to being the active gateway. And now all our traffic going northbound from our PCs will go via R One. Okay? So that is how we configure our routing and our redundancy and failover when we’ve got redundant devices in a layer three network. Now, it is possible that we could make a misconfiguration here and create a routing loop. So let’s have a look at how that can happen. So here we’ve added a static route on R One for Ten with the next top address of 203 01131 on SP One. And then on SP One, we add an IP route, also for the 1010 50 network, with a next top address of 2030 One, 1310 on SP Two. SP Two routes it to R Two with IP address NextTop 203 01136. And on R Two, we’re routing traffic for 1010 500 to R One, with the next top address of 1010 21. We’ve created a layer three routing loop here. And what would happen would be if traffic gets sent into R One, or really any of these routers with an XTOP address on the 1050 or network, it’s going to start looping around those routers. But it’s not going to loop forever because in the IP header, we’ve got the time to live field the TTL. The way that the TTL works is every time that a packet passes through a router, it will decrement the TTL value by one, and if the TTL gets down to zero, the router will drop the traffic. So let’s see how this fixes our loop.

So a packet has come into R One with a destination address of say, 1050 Ten, and it currently has a TTL of five. So R one will route it to SP one, it gets to SP one, SP one will forward it to SP two and it will decrement the TTL to four. SP Two forwards it to R Two, the TTL is decremented to three, r Two sends it to R One, TTL goes to Two, and R One will then send it back to SP One and decrement the TTL to One. When it comes into SP One, if it was going to forward it on again, it would decrement the TTL to zero. So it won’t do that. It will drop the packet here and it will send an ICMP time exceeded message back to R One to let it know that the packet was dropped.

Okay, so you’ve seen that layer three, our standard layer three routing and HSRP will control the path selection and provide automatic failover for our layer three connections when we’ve got redundant devices, dynamic routing protocols have built in loop prevention mechanisms. So that example I showed you there, where I deliberately created a routing loop with static routes. When you’re using dynamic routing protocols, that shouldn’t really be possible to happen because they’ve got built in loop prevention mechanisms, but the TTL is there in the IP header to act as a final failsafe in case a loop does somehow get created. Okay, so that’s how things work at layer three. In the next lecture, we’ll start taking a look at how power app selection failover and loop prevention is going to work for our layer to only switches in our network.

3. Why we have the Spanning Tree Protocol

In this lecture you’ll learn why we have the spanning tree protocol. And to understand why we need to have it, I need to first start off with a review of Ethernet path selection. So we’ve got our example network topology on the left hand side here again, and our layer two Ethernet path selection is controlled by the switches Mac address tables. So let’s see how those are built and how it works. In this example I’m going to cover here PC One wants to send traffic to the ten 1010 two IP address on R One. And in this example I’ll cover what would happen if we didn’t have spanning three and then you’ll understand why we need to have it. So PC One. It hasn’t spoken to R One before.

So it sends an arc request for ten 1010 two that goes out with a source Mac of one one, the Mac address on PC One and a destination Mac of F because it’s broadcast traffic. So PC One sends that out and it will hit switch access three. Access three learns that Mac address one one is available via interface fast zero one because it saw that as the source Mac address in the incoming frame. Any subsequent traffic that is going to one one that hits switch access three will be forwarded outpour fast zero one. Switch access three floods that broadcast ARP request out all ports apart from the one it was received on. So it goes out interfaces Fast 00:24 and Fast 00:21 switched CD one learns that Mac address one one is available via interface fast 00:24 when that ARP request comes in and when it comes into switch CD two it learns that the Mac address one one is available via its interface fast 00:21. So you can see that the Mac address tables are getting built on the switches here as traffic hits them. Any subsequent traffic for one one that hits either CD One or CD Two will be forwarded out those relevant parts. Switch CD one floods the broadcast traffic at all parts apart from the one that it was received on there and the traffic will then reach R One. It also reaches CD two and access four. R One will respond to the ARP request. CD one learns that Mac address two two on R One is available via interface gig zero one from that ARP reply. So any subsequent traffic for two two will be forwarded out that port.

So Switch CD one now knows the best ports to send traffic out for both R One and for PC One. Switch CD one already knows to forward that ARP request for one one out towards PC One on interface fast 00:24. It comes into switch access free and it learns that Mac address two two, the source address and the ARP reply from R One is available via interface fast 00:24. So any subsequent traffic for two two that hits switch access free will be forwarded outport fast 00:24 and we now have end to end path selection in both directions between PC one and R one going through the switches access three and CD one and the switches know which port to send the traffic out of. But there is a problem here and to understand it let’s go back to the start to when the ARP request from PC one first came in to the switch access three. So switch access three received that ARP request from PC one and it floods the broadcast traffic out all ports apart from the one it was received on. This is if we don’t have spanning G, so that includes portfast 00:24 facing CD one and the port facing CD two as well.

Switch CD one receives the ARP request from axis three and it floods the broadcast traffic at all ports apart from the one it was received on. That includes going out its interface gig zero two towards CD two. CD two does the same thing. It floods the broadcast traffic at all ports apart from the one it was received on. And that includes portfast 00:21, which is facing back towards switch access three again. The traffic comes into Access Free and access free sends the traffic back to CD one again, which will then send it back to CD two, which will then send it back to access three and so on and so on. So we now have a loop running clockwise between the access three, CD one and CD two switches. Whenever we’ve got broadcast traffic, it’s going to keep on looping between the three of them, but it doesn’t end there.

The broadcast traffic was also forwarded out interface fast 00:21 by access three when the ARP request came in. So we also have a loop running counterclockwise between axis three, CD two and CD one. So you can see the ARP request comes in, access free, sends it to CD two, CD two sends it to CD one, CD one to access free, access free back to CD two, and so on. We have loops running in both directions, both clockwise and counterclockwise between access free CD one and CD two. Still it doesn’t stop there because the broadcast traffic was also forwarded out interface fast 00:21 by switch CD one. So we also have a loop running counterclockwise between CD one, axis four and CD two, and the broadcast traffic was also flooded out interface fast 00:24 by CD two. So we also have a loop running clockwise between CD two, axis four and CD one. So just like we have two loops running clockwise and counterclockwise between axis three, CD one and CD two.

We have the same thing two loops running clockwise and counterclockwise between axis four, CD one and CD two. So we’ve got four loops running through the network here and the layer two ethernet header does not have a TTL time to live field to stop the looping traffic like our layer three IP header does. So on a layer two network, if you get traffic looping, it will loop forever. There’s nothing to stop that happening. But if you do get a loop happening, the way you can stop it is by physically going and unplugging a cable. And there’s going to be more broadcast traffic on our network than just that single ARP request from PC one going to R one. There’s going to be loads of other broadcast traffic as well like other Arc requests, DHCP requests, et cetera. And if we do have loops on the network with all that broadcast traffic going around, we’re going to get a broadcast storm.

The network will crash because the amount of looping broadcast traffic will quickly overwhelm the switches, CPU and the bandwidth. So if you do get a broadcast storm on your network, it’s devastating for the network. It will stop the network from working. So a broadcast storm obviously must be avoided at all costs. And the way that we do avoid it is by using the spanning three protocol. It’s used to prevent any layer two loops. It does that by detecting any potential loops and blocking ports to prevent them. In our example network, you can see on the diagram on the left, if you look at the different links, you notice there’s a couple that are highlighted in red rather than in green. Portfast zero slash 21 on switch access three is highlighted in red. So it’s been blocked to prevent the loops both clockwise and counterclockwise that were running between CD one, CD two and axis three. We also had that other loop between axis four, CD one and CD two as well. So on that side, portfast 00:24 on axis four switch has been blocked.

So spanning T it will detect potential loops and it will block a port to break the loop. But if you look at it now before from axis three, if both up blanks fast zero slash 24 and fast 00:21 were up, if we weren’t blocking any ports, then we would be able to send traffic upstream to both CD one and CD two via the fast zero slash 24. And this fast 00:21 interfaces, let’s say that those are one gig interfaces. We would have had two gigs worth of uplink bandwidth. But because one of those ports has been shut down, we’re only using half of our available physically connected uplink bandwidth. We’ve only got one gigs worth of uplink connectivity rather than two gig. So spanning three it actually shuts down physically cabled interfaces. It reduces the amount of bandwidth that you have available. So it’s an evil, but it’s a necessary evil because if we got a broadcast storm the network wouldn’t work at all. So that would obviously be a far worse scenario.

Spanning three automates failover as well as performing loop prevention. So if an access layer switches uplink to CD one fails. You see in the example here. On both axis three and axis four, both switches, where available uplink is one facing towards CD one, the core distribution layer two. CD two switch. Both the uplinks from our access layer switches to it are blocking right now to prevent the loops. But if switch CD one goes down or the links to CD one go down spanning t will detect that and it will fail the uplinks over to using CD two instead. But we already covered one of the bad things about spanning three which is it limits the amount of bandwidth you have by shutting down interfaces that are actually physically cabled. Another bad thing about spanning three is it typically has a slow convergence time it can actually take up to 50 seconds to converge.

So spanning T it’s got some bad things about it but it’s absolutely necessary in networks because it’s far more important to ensure that we don’t have any layer two loops. But we would like to minimize the use of spanning tree if we can. I’ll get into some methods we can use to do that at the end of the next section in this section as a network engineer you have to understand spanning tree. So the rest of this section will go through how spanning tree works, how to configure it and by the end of that you’ll also understand how to troubleshoot it. So see you in the next lecture for how spanning three actually works.