CCNA Routing and Switching Practice and Study Guide: LAN Redundancy

Date: May 15, 2014

To help you prepare for the ICND2 200-101 Certification Exam, this chapter investigates how Spanning Tree Protocol (STP) logically blocks physical loops in the network and how STP has evolved into a robust protocol that rapidly calculates which ports should be blocked in a VLAN-based network.

Computer networks are inextricably linked to productivity in today’s small and medium-sized businesses. Consequently, IT administrators have to implement redundancy in their hierarchical networks. When a switch connection is lost, another link needs to quickly take its place without introducing any traffic loops. This chapter investigates how Spanning Tree Protocol (STP) logically blocks physical loops in the network and how STP has evolved into a robust protocol that rapidly calculates which ports should be blocked in a VLAN-based network. In addition, the chapter briefly explores how Layer 3 redundancy is implemented through First Hop Redundancy Protocols (FHRPs).

Spanning-Tree Concepts

Redundancy increases the availability of a network topology by protecting the network from a single point of failure, such as a failed network cable or switch. STP was developed to address the issue of loops in a redundant Layer 2 design.

Draw a Redundant Topology

In Figure 2-1, draw redundant links between the access, distribution, and core switches. Each access switch should have two links to the distribution layer with each link connecting to a different distribution layer switch. Each distribution layer switch should have two links to the core layer with each link connecting to a different core layer switch.

Figure 2-1 Redundant Topology

Purpose of Spanning Tree

STP prevents specific types of issues in a redundant topology like the one in Figure 2-1. Specifically, three potential issues would occur if STP was not implemented. Describe each of the following issues:

MAC database instability:
Broadcast storms:
Multiple frame transmission:

You should be prepared to use a topology like Figure 2-1 to explain exactly how these three issues would occur if STP was not implemented.

Packet Tracer - Examining a Redundant Design (SN 2.1.1.5/SwN 4.1.1.5)

Spanning-Tree Operation

Because _______________(RSTP), which is documented in IEEE _______________-2004, supersedes the original STP documented in IEEE _______________-1998, all references to STP assume RSTP unless otherwise indicated.

STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a _______________. A switch port is considered _______________ when network traffic is prevented from entering or leaving that port.

STP uses the _______________(STA) to determine which switch ports on a network need to be _______________ to prevent _______________ from occurring. The STA designates a single switch as the _______________ bridge and uses it as the reference point for all subsequent calculations. Switches participating in STP determine which switch has the lowest _______________(BID) on the network. This switch automatically becomes the _______________ bridge.

A _______________ (BPDU) is a frame containing STP information exchanged by switches running STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The _______________BID value determines which switch is root.

After the root bridge has been determined, the STA calculates the shortest path to the root bridge. If there is more than one path to choose from, STA chooses the path with the lowest _______________.

When the STA has determined the “best” paths emanating from the root bridge, it configures the switch ports into distinct port roles. The port roles describe their relation in the network to the root bridge and whether they are allowed to forward traffic:

___________________ ports: Switch ports closest to the root bridge
___________________ ports: Nonroot ports that are still permitted to forward traffic on the network
___________________ ports: Ports in a blocking state to prevent loops
___________________ port: Ports that are administratively shut down

After a switch boots, it sends BPDU frames containing the switch BID and the root ID every ___ seconds. Initially, each switch identifies itself as the _______ bridge after boot.

How would a switch determine that another switch is now the root bridge?

How does the STA determine path cost?

Record the default port costs for various link speeds in Table 2-1.

Table 2-1 Port Costs

Link Speed	Cost (Revised IEEE Specification)	Cost (Previous IEEE Specification)
10 Gbps
1 Gbps
100 Mbps
10 Mbps

Although switch ports have a default port cost associated with them, the port cost is configurable.

To configure the port cost of an interface, enter the __________________________ command in interface configuration mode. The range value can be between _______________and _______________.

Record the commands, including the switch prompt, to configure the port cost for F0/1 as 15:

To verify the port and path cost to the root bridge, enter the _______________ privileged EXEC mode command, as shown here:

S2# __________________________________


VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     c025.5cd7.ef00
             Cost        15
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     c07b.bcc4.a980
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  15  sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 15        128.1    P2p
Fa0/2               Altn BLK 19        128.2    P2p
Fa0/3               Desg LIS 19        128.3    P2p
Fa0/4               Desg LIS 19        128.4    P2p
Fa0/6               Desg FWD 19        128.6    P2p<output omitted>

The BID field of a BPDU frame contains three separate fields: _______________, _______________, and _______________.

Of these three fields, the _______________is a customizable value that you can use to influence which switch becomes the root bridge. The default value for this field is _______________.

Cisco enhanced its implementation of STP to include support for the extended system ID field, which contains the ID of the _______________ with which the BPDU is associated.

Because using the extended system ID changes the number of bits available for the bridge priority, the customizable values can only be multiples of _______________.

When two switches are configured with the same priority and have the same extended system ID, the switch with the lowest _______________ has the lower BID.

Identify the 802.1D Port Roles

The topologies in the next three figures do not necessarily represent an appropriate network design. However, they provide good exercise topologies for you to practice determining the STP port roles. In Figures 2-2 through 2-4, use the priority values and MAC addresses to determine the root bridge. Then label the ports with one of the following:

RP: Root Port
DP: Designated Port
AP: Alternate Port

Figure 2-2 802.1D Port Roles - Scenario 1

Figure 2-3 802.1D Port Roles - Scenario 2

Figure 2-4 802.1D Port Roles - Scenario 3

Lab – Building a Switched Network with Redundant Links (SN 2.1.2.10/SwN 4.1.2.10)

Varieties of Spanning Tree Protocols

STP has been improved multiple times since its introduction in the original IEEE 802.1D specification. A network administrator should know which type to implement based on the equipment and topology needs.

Comparing the STP Varieties

Identify each of the STP varieties described in the following list:

___________________: This is an IEEE that maps multiple VLANs into the same spanning tree instance.
___________________: This is an evolution of STP that provides faster convergence than STP.
___________________: This is an updated version of the STP standard, incorporating IEEE 802.1w.
___________________: This is a Cisco enhancement of STP that provides a separate 802.1D spanning tree instance for each VLAN configured in the network.
___________________: This is a Cisco enhancement that provides a separate instance of 802.1w per VLAN.
___________________: This is the original IEEE 802.1D version (802.1D-1998 and earlier) that provides a loop-free topology in a network with redundant links.

Complete the cells in Table 2-2 to identify each the characteristics of each STP variety.

Table 2-2 STP Characteristics - Exercise 1

Protocol	Standard	Resources Needed	Convergence	Tree Calculation
STP		Low
	Cisco
	802.1w
Rapid PVST+
	802.1s, Cisco	Medium or high

In Table 2-3, indicate which varieties of STP are best described by the characteristic. Some characteristics apply to more than one STP variety.

Table 2-3 STP Characteristics - Exercise 2

Characteristic	STP	PVST+	RSTP	Rapid PVST+	MSTP	MST
A Cisco implementation of 802.1s that provides up to 16 instances of RSTP.
Cisco enhancement of RSTP.
The default STP mode for Cisco Catalyst switches.
Has the highest CPU and memory requirements.
Can lead to suboptimal traffic flows.
Cisco proprietary versions of STP.
Cisco enhancement of STP. Provides a separate 802.1D spanning-tree instance for each VLAN.
There is only 1 root bridge and 1 tree.
Uses 1 IEEE 802.1D spanning-tree instance for the entire bridged network, regardless of the number of VLANs.
Supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard.
An evolution of STP that provides faster STP convergence.
Maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance.
First version of STP to address convergence issues, but still provided only one STP instance.

PVST+ Operation

After a switch boots, the spanning tree is immediately determined as ports transition through five possible states and three BPDU timers on the way to convergence. Briefly describe each state:

Blocking:
Listening:
Learning:
Forwarding:
Disabled:

Once stable, every active port in the switched network is either in the _______________ state or the _______________ state.

List and briefly describe the four steps PVST+ performs for each VLAN to provide a loop-free logical topology.

In Table 2-4, answer the “Operation Allowed” question with “yes” or “no” for each port state.

Table 2-4 Operations Allowed at Each Port State

Operation Allowed	Port State
	Blocking	Listening	Learning	Forwarding	Disabled
Can receive and process BPDUs
Can forward data frames received on interface
Can forward data frames switched from another interface
Can learn MAC addresses

Rapid PVST+ Operation

RSTP (IEEE _______________) is an evolution of the original _______________standard and is incorporated into the IEEE _______________-2004 standard. Rapid PVST+ is the Cisco implementation of RSTP on a per-VLAN basis. What is the primary difference between Rapid PVST+ and RSTP?

Briefly describe the RSTP concept that corresponds to the PVST+ PortFast feature.

What command implements Cisco’s version of an edge port?

In Table 2-5, indicate whether the characteristic describes PVST+, Rapid PVST+, or both.

Table 2-5 Comparing PVST+ and Rapid PVST+

Characteristic	PVST+	Rapid PVST+	Both
Cisco proprietary protocol.
Port roles: root, designated, alternate, edge, backup.
CPU processing and trunk bandwidth usage is greater than with STP.
Ports can transition to forwarding state without relying on a timer.
The root bridge is determined by the lowest BID + VLAN ID + MAC.
Runs a separate IEEE 802.1D STP instance for each VLAN.
Possible to have load sharing with some VLANS forwarding on each trunk.
Sends a BPDU “hello message” every 2 seconds.

Spanning-Tree Configuration

It is crucial to understand the impact of a default switch configuration on STP convergence and what configurations can be applied to adjust the default behavior.

PVST+ and Rapid PVST+ Configuration

Complete Table 2-6 to show the default spanning-tree configuration for a Cisco Catalyst 2960 series switch.

Table 2-6 Default Switch Configuration

Feature	Default Setting
Enable state	Enabled on VLAN 1
Spanning-tree mode
Switch priority
Spanning-tree port priority (configurable on a per-interface basis)
Spanning-tree port cost (configurable on a per-interface basis)	1000 Mbps: 100 Mbps: 10 Mbps:
Spanning-tree VLAN port priority (configurable on a per-VLAN basis)
Spanning-tree VLAN port cost (configurable on a per-VLAN basis)	1000 Mbps: 100 Mbps: 10 Mbps:
Spanning-tree timers	Hello time: seconds Forward-delay time: seconds Maximum-aging time: seconds Transmit hold count: BPDUs

Document the two different configuration commands that you can use to configure the bridge priority value so that the switch is root for VLAN 1. Use the value 4096 when necessary:

Record the command to verify that the local switch is now root:

S1# _____________________________

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    24577
             Address     000A.0033.3333
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24577  (priority 24576 sys-id-ext 1)
             Address     0019.aa9e.b000
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 4        128.1    Shr
Fa0/2            Desg FWD 4        128.2    Shr

Explain the purpose of the BPDU guard feature on Cisco switches.

What command interface configuration command enables BPDU guard?

What global configuration command will configure all nontrunking ports as edge ports?

What global configuration command will configure BPDU guard on all PortFast-enabled ports?

The power of PVST+ is that it can load balance across redundant links. By default, the least-favored redundant link is not used. So, you must manually configure PVST+ to use the link.

Figure 2-5 represents a small section of Figure 2-1, showing only two distribution layer switches and one access layer switch. For this example, we have attached PC2 to S1. PC1 is assigned to VLAN 15, and PC2 is assigned to VLAN 25. D1 should be the primary root for VLAN 1 and VLAN 15 and the secondary root for VLAN 25. D2 should be the primary root for VLAN 25 and the secondary root for VLAN 15.

Figure 2-5 PVST+ Configuration Topology

Based on these requirements, document the commands to modify the default PVST+ operation on D1 and D2.

D1 commands

D2 commands

Document the commands to configure all nontrunking ports on S1 as edge ports with BPDU guard enabled.

Now, assume that you want to run rapid PVST+ on all three switches. What command is required?

Lab - Configuring Rapid PVST+, PortFast, and BPDU Guard (SN 2.3.2.3/SwN 4.3.2.3)

Packet Tracer - Configuring PVST+ (SN 2.3.1.5/SwN 4.3.1.5)

Packet Tracer - Configuring Rapid PVST+ (SN 2.3.2.2/SwN 4.3.2.2)

First Hop Redundancy Protocols

Up to this point, we’ve been reviewing STP and how to manipulate the election of root bridges and load balance across redundant links. In addition to Layer 1 and Layer 2 redundancy, a high-availability network might also implement Layer 3 redundancy by sharing the default gateway responsibility across multiple devices. Through the use of a virtual IP address, two Layer 3 devices can share the default gateway responsibility. The section reviews First Hop Redundancy Protocols (FHRPs) that provide Layer 3 redundancy.

Identify FHRP Terminology

Match the definition on the left with the terms on the right. This is a one-to-one matching exercise.

Definitions	Terms
_______ The ability to dynamically recover from the failure of a device acting as the default gateway _______ Two or more routers sharing a single MAC and IP address _______ A device that is part of a virtual router group assigned to the role of default gateway _______ Provides the mechanism for determining which router should take the active role in forwarding traffic _______ A device that routes traffic destined to network segments beyond the source network segment _______ A device that is part of a virtual router group assigned the role of alternate default gateway _______ A Layer 3 address assigned to a protocol that shares the single address among multiple devices _______ The Layer 2 address returned by ARP for an FHRP gateway	a. Default gateway b. First-hop redundancy c. Forwarding router d. Redundancy rrotocol e. Standby router f. Virtual IP address g. Virtual MAC address h. Virtual router

Definitions

Terms

_______ The ability to dynamically recover from the failure of a device acting as the default gateway
_______ Two or more routers sharing a single MAC and IP address
_______ A device that is part of a virtual router group assigned to the role of default gateway
_______ Provides the mechanism for determining which router should take the active role in forwarding traffic
_______ A device that routes traffic destined to network segments beyond the source network segment
_______ A device that is part of a virtual router group assigned the role of alternate default gateway
_______ A Layer 3 address assigned to a protocol that shares the single address among multiple devices
_______ The Layer 2 address returned by ARP for an FHRP gateway

a. Default gateway
b. First-hop redundancy
c. Forwarding router
d. Redundancy rrotocol
e. Standby router
f. Virtual IP address
g. Virtual MAC address
h. Virtual router

Identify the Type of FHRP

In Table 2-7, indicate whether the characteristic describes HSRP, VRRP, or GLBP.

Table 2-7 FHRP Characteristics

FHRP Characteristic	HSRP	VRRP	GLBP
Used in a group of routers for selecting an active device and a standby device.
A nonproprietary election protocol that allows several routers on a multi-access link to use the same virtual IPv4 address.
Cisco-proprietary FHRP protocol designed to allow for transparent failover of a first-hop IPv4 devices.
Cisco-proprietary FHRP protocol that protects data traffic from a failed router or circuit while also allowing load sharing between a group of redundant routers.
One router is elected as the virtual router master, with the other routers acting as backups in case the virtual router master fails.

HSRP and GLBP Configuration and Verification

Refer to the topology in Figure 2-6. R2 has been configured for HSRP group 20, priority 120, IP address 192.168.1.20, and virtual IP address 192.168.1.1.

Figure 2-6 HSRP and GLBP Configuration Topology

Example 2-1 shows the HSRP configuration for R2.

Example 2-1 R2 HSRP Configuration

R2# show run interface g0/1
<output omitted>
interface GigabitEthernet0/1
 ip address 192.168.1.20 255.255.255.0
 standby 20 ip 192.168.1.1
 standby 20 priority 120
<output omitted>

Using the information in Example 2-1, document the commands to configure R1 as the HSRP active router in group 20 using a priority of 210.

What command would generate the following output to verify the HSRP configuration?

R1#__________________
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Gi0/1       20   210   Active  local           192.168.1.20    192.168.1.1

Now assume that all HSRP configurations have been removed. R2 has been configured for GLBP group 20, priority 120, IP address 192.168.1.20, and virtual IP address 192.168.1.1.

Example 2-2 shows the GLBP configuration for R2.

Example 2-2 R2 GLBP Configuration

R2# show run interface g0/1
<output omitted>
interface GigabitEthernet0/1
 ip address 192.168.1.20 255.255.255.0
 glbp 20 ip 192.168.1.1
 glbp 20 priority 120
<output omitted>

Using the information in Example 2-2, document the commands to configure R1 to be in GLBP group 20 using a priority of 210.

What command would generate the following output to verify the GLBP configuration?

R1#__________________
GigabitEthernet0/0 - Group 20
  State is Active
    1 state change, last state change 00:03:05
  Virtual IP address is 192.168.1.1
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.792 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Preemption disabled
  Active is local
  Standby is 192.168.1.20, priority 120 (expires in 9.024 sec)
  Priority 210 (configured)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    0006.f671.db58 (192.168.1.10) local
    0006.f671.eb38 (192.168.1.20)
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:02:53
    MAC address is 0007.b400.0a01 (default)
    Owner ID is 0006.f671.db58
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.0a02 (learnt)
    Owner ID is 0006.f671.eb38
    Redirection enabled, 599.040 sec remaining (maximum 600 sec)
    Time to live: 14399.040 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.1.20 (primary), weighting 100 (expires in 9.312 sec)

Lab - Configuring HSRP and GLBP (SN 2.4.3.4/SwN 4.4.3.4)