Load Sharing using STP Path Cost

Switch 1

Switch 1

Trunk Port 1 VLANs 2-4 (Path Cost 30) VLANs 8-10 (Path Cost 19)

Trunk Port 2

VLANs 8-10 (Path Cost 30) VLANs 2-4 (Path Cost 19)

Switch 2

Switch 2

© 2002, Cisco Systems, Inc. All rights reserved.

Cisco CCIE Prep v1.0—Module 5-57

You can configure parallel trunks to share VLAN traffic by setting different path costs on a trunk and associating the path costs with different sets of VLANs. The VLANs keep the traffic separate. Because no loops exist, STP does not disable the ports, and redundancy is maintained in the event of a lost link.

In the figure above, Trunk ports 1 and 2 are 100BASE-T ports. The path costs for the VLANs are assigned as follows:

■ VLANs 2 through 4 are assigned a path cost of 30 on Trunk port 1.

■ VLANs 8 through 10 retain the default 100BASE-T path cost on Trunk port 1 of 19.

■ VLANs 8 through 10 are assigned a path cost of 30 on Trunk port 2.

■ VLANs 2 through 4 retain the default 100BASE-T path cost on Trunk port 2 of 19.

Configuring PortFast

Access Port Configuration

3 55 0(config-if)# spanning-tree portfast

3550(config-if)# end 3 550#

Trunk Port Configuration

3550(config)# int faO/11

3550(config-if)# spanning-tree portfast trunk

3550(config-if)# end 3550(config)#

© 2002, CiscoSystems, Inc. All rights reserved. Cisco CCIE Prep v1.0—

MoCule 5-58

Port Fast immediately brings an interface configured as an access or trunk port to the forwarding state from a blocking state, bypassing the listening and learning states. You can use Port Fast on ports connected to a single workstation or server, to allow those devices to immediately connect to the network, rather than waiting for the spanning tree to converge.

Ports connected to a single workstation or server should not receive bridge protocol data units (BPDUs). A port with Port Fast enabled goes through the normal cycle of spanning-tree status changes when the switch is restarted.

Note Because the purpose of Port Fast is to minimize the time ports must wait for spanning-tree to converge, it is effective only when used on ports connected to end stations. If you enable Port Fast on a port connecting to another switch, you risk creating a spanning-tree loop.

A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state without waiting for the standard forward-time delay.

Caution Use Port Fast only when connecting a single end station to an access or trunk port. Enabling this feature on a port connected to a switch or hub could prevent spanning tree from detecting and disabling loops in your network, which could cause broadcast storms and address-learning problems.

You can enable this feature if your switch is running PVST or MSTP. Use the steps outlined in the following table to enable PortFast:

Table 5-34: PortFast

Command

Purpose

interface interface-id

Enter interface configuration mode, and specify an interface to configure.

spanning-tree portfast [trunk]

Enable Port Fast on an access port connected to a single workstation or server. By specifying the trunk keyword, you can enable Port Fast on a trunk port.

Caution Make sure that there are no loops in the network between the trunk port and the workstation or server before you enable Port Fast on a trunk port.

By default, Port Fast is disabled on all ports.

Note You can use the spanning-tree portfast default global configuration command to globally enable the Port Fast feature on all nontrunking ports.

To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration command.

Configuring BPDU Guard

Global Level

3550(config)# spanning-tree portfast bpduguard default

3550(config-if)# end 3 550#

Interface Level

3 550(config)# int faO/3

3550(config-if)# spanning-tree bpduguard enable

3550(config-if)# end 3 550(config)#

© 2002, CiscoSystems, Inc. All rights reserved. Cisco CCIE Prep v1.0—

Module 5-59

In a valid configuration, Port Fast-enabled ports should not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals that the port is connected to a switch and not an end station. This could indicate the connection of an unauthorized switch. Since connecting switches to port fast enabled ports can create a loop in the topology and cause network disruptions, it is critical to have a way to prevent this. The BPDU guard feature is used to monitor the reception of BPDUs on port fast enabled ports.

If BPDU guard is enabled and a BPDU is received on a port fast enabled port, the BPDU guard feature puts the port in the error-disabled state. The BPDU guard feature provides a secure response to invalid configurations because the administrator must manually put the port back in service. The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences.

At the global level, you can enable BPDU guard on Port Fast-enabled ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down ports that are in a Port Fast-operational state. In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state.

At the interface level, you can enable BPDU guard on any port by using the spanning-tree bpduguard enable interface configuration command without also enabling the Port Fast feature. When the port receives a BPDU, it is put in the error-disabled state.

When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port Fast-operational state), spanning tree shuts down Port Fast-enabled ports that receive BPDUs.

You can also use the spanning-tree bpduguard enable interface configuration command to enable BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it is put in the error-disabled state.

Use the steps outlined in the following table to enable the BPDU guard feature: Table 5-35: BPDU Guard

Command

Purpose

spanning-tree portfast bpduguard default

Globally enable BPDU guard. By default, BPDU guard is disabled.

interface interface-id

Enter interface configuration mode, and specify the interface connected to an end station.

spanning-tree portfast

Enable the Port Fast feature.

To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration command.

To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration command.

You can override the setting of the no spanning-tree portfast bpduguard default global configuration command by using the spanning-tree bpduguard enable interface configuration command.

0 0

Post a comment