Spanning Tree Protocol (STP) and (RSTP) rapid spanning tree protocol are switching’s mechanisms that prevent LAN with the redundant links to the forward Ethernet frames to the loop in an indefinite time in network. STP and RSTP have features that help networks work better and more securely, such as Port fast, BPDU Guard, & Root Guard.
What is a Bridge Protocol Data Unit (BPDU)?
A bridge protocol data unit (BPDU) is data message forwarded across the Local Area Network (LAN) to detect loops in the spanning tree topology. The BPDU contains information’s about ports, switches, port priority, & addresses.
Port Fast
Port Fast enables the
switch to the instantaneously transition from the blocking state to the
forwarding state immediately through by passing the listening and the learning
state. However, Port Fast is highly recommended only on the non-trunking access
ports, such as edge ports, because these ports are typically don’t send nor
receives BPDU.
It’s advisable to the
implement Port Fast only on the edge ports that connect end stations to switches,
similar to the example STP topology below are.
Configuring Port Fast on an Access Port
We can configure Port
Fast command on an access the switch port interfaces. See the configurations
examples below are:
Sw1(config)# interface f0/10
Sw1(config-if)# spanning-tree portfast
Sw1(config)# spanning-tree portfast
default
BPDU Guard
Because Port Fast can
be enabled on the non-trunking ports connecting’s two switches, spanning-tree
loops can be occurring because (BPDU) Bridge Protocol Data Units (BPDUs) are the
stills beings transmitted & received on those ports.
Layer 2 loops in our
network topology can be prevented by the enabling another feature called Port
Fast BPDU Guard wherein it’s prevents loop from the happening by moving
non-trunking switch ports into the an err disable state when
Bridge Protocol Data Unit (BPDU) are accepted on that port. Whenever STP BPDU
guard are enabled on switch, STP shuts downs Port Fast-configured interfaces on
switch that received Bridges Protocol Data Unit (BPDU) instead of the putting
them into the STP blocking state.
In correct
configuration, Port Fast-configured ports don’t receive BPDU. If Port Fast-configured
interface receives Bridge Protocol Data Unit (BPDU). The misconfiguration
exists. BPDU guard provide the secure response to the invalid configurations
because network engineer needs to the manually put interface in forwarding
state.
Enabling BPDU Guard
We enable BPDU guard
command in interface configurations mode. This configuration examples shows how
to the configure BPDU guard in the Switch1’s FastEthernet0/1 interfaces.
Switch1(config)# interface
fastethernet0/1
Switch1(config-if)# spanning-tree
portfast
Switch1(config-if)# spanning-tree
bpduguard enable
Switch1(config)# spanning-tree portfast
bpduguard default
Root Guard
Any switch in network
can be designated as root bridge. But to the efficiently forward frames, the
positioning of root bridge should be predetermined in the strategic location.
The standard STP doesn’t ensure that root bridge can be assigned permanently by
administrator.
The enhanced feature
of STP is developed to the address this issue. The root guard feature are
enables a way to the implement the root bridge deployment in network.
The root guard
assures that interface on which root guard is enabled is set as designated ports.
Normally, root bridges ports are all the set as designated ports unless two or
more root bridges ports are the connected. If the bridge receive superior STP
Bridge Protocol Data Unit (BPDUs) on root guard-enabled interface root guard moves this interface to the root-inconsistent STP state. This
root-inconsistent state is effectively equivalent to the listening state. No
traffic is forwarded across this interfaces. In this process, the root guard are
enforcing the position of root bridge.
Configuring Root Guard
Configuration on
interface level of the root guard for the Catalyst 6500/6000 and Catalyst
4500/4000 are shown below are:
Switch# configure terminal
Enter configuration commands, one per
line. End with CNTL/Z.
Switch#(config)# interface fastethernet
3/1
Switch#(config-if)# spanning-tree guard
root
On Cisco Switches
Catalyst 2900XL, 3500XL, 2950, and 3550, we are configuring roots guard as
shown:
Switch# configure terminal
Enter configuration commands, one per
line. End with CNTL/Z.
Switch(config)# interface fastethernet
0/8
Switch(config-if)# spanning-tree
rootguard
0 Comments