RootGuard

Khi STP topology hi t v to thnh mt s mng khng b loop (loop-free

topology) th cc cng ca switch s ng mt s loi vai tr trong spanning tree.
Rootport l cng ca switch c ng i v rootswitch thp nht. Designated port l cng
trn mt phn on mng c ng i ngn nht v rootswitch. Cng ny c nhim v
truyn cc BPDUs xung cho cc switch nhnh di. Blocking port l nhng cng
khng phi l root hay designated. Alternated port l nhng cng trng thi blocking, s
thay th root port ngay lp tc nu root port b hng hc hay s c. Alternated port l
khi nim c dng khi s dng tnh nng UplinkFast. Forwarding port l cng bnh
thng ca switch cho php thit b u cui kt ni vo.
Sau khi rootswitch c to ra, n s gi ra cc BPDU xung cho cc switch nhnh
di. Cc switch nhnh di s lun lun theo di cc BPDUs c gi ra t root switch
nhm xem xt xem root switch c cn hot ng bnh thng na khng. Nu BPDU
khng cn nhn c na, cc switch nhnh di s cho rng root switch b s c
hoc ng dn n root khng cn tn ti na. Gii thut STP c chy li v to li
mt s mng khc.
V tr ca RootSwitch trong STP topology rt quan trng. N quyt nh ng i ca cc
switch nhnh di ln Rootswitch l c ti u hay khng. Do c im bu chn Root l
da vo cc BPDUs nn khi c mt switch mi c thm vo trong s mng STP th
s mng STP lc ny thay i. Cc switch cn phi tnh ton v bu chn li
RootSwitch cng nh ng i mi n RootSwitch. Trong BPDUs c cha BridgeID,
trong BridgeID li cha u tin ca switch. Switch no c priority nh nht s tr
thnh Root switch. Tuy nhin, nu c mt switch l c cu hnh vi priority thp
hn c priority ca RootSwitch hin ti, switch ny gn vo mng v s tr thnh
RootSwitch.
Tnh nng Root guard ra i cho php admin lun gi c v tr Root switch theo
chn m khng s b bt k mt switch l no gn thm vo lm thay i STP topology.
Vi tnh nng ny, nu c mt switch l qung b mt Superior BPDU cho root switch,
Rootswitch s khng cho php switch l ny tr thnh New Root Switch. N s a cng
nhn superior BPDU trc tr v trng thi Root-inconsistent. Data s khng c
gi nhn trng thi ny. Khi superior BPDUs khng cn nhn c trn cng ny, cng
ny s tri qua cc trng thi ca STP a v s dng bnh thng.
Ta ch cu hnh root guard trn Root switch hoc cc switch no m ta khng mun nhn
BPDUs ca mt switch l, khng cu hnh rootguard trn swich c tnh nng uplinkfast.
V khi cu hnh RootGuard trn switch ny s lm cho cc alternated port ri vo trng
thi Root-inconsistent. iu ny lm cho cc alternated port khng th chuyn sang trng
thi forwarding. Cu hnh Rootguard trn interface no mun bo v bng cu lnh:
Switch(config-if)# spanning-tree guard root

Nu p t tnh nng RootGuard ln cng th cho d Switch mi c Bridge ID u tin

hn (v tr s s l thp hn) th vn khng nh hng g n mng. Tnh nng ny rt
mnh, n cm hon ton Switch l vo mng khng thc hin c telnet, ping Khi
kim tra lng ging trn Switch mi ny, bn s khng thy c Switch trong mng.
Switch(config-if)#spanning-tree guard root
Root Guard v BPDU Guard l hai phng php nhm ngn chn gi BPDU l i vo
mng. Ni r hn khi c Switch l cm vo mng th Switch ny khng th trao i vi
cc Switch khc trong mng nu nh c bt tnh nng ny ln. Cc tnh nng ny ch c
tc dng trn cng, c ngha l bn phi cu hnh trn tng cng. Nu bn cu hnh trn
cng f0/1 m li i cm Switch l vo cng f0/2 th Switch mi ny vn c th trao i
thng tin vi mng mt cch bnh thng.
BPDU Guard
Vn ln cn quan tm l khi c switch l ni vo mng campus ca ta, switch l ny s
truyn gi BPDU ca n vo mng. Cc switch s ng b vi nhau v s mng thng
qua cc gi tin BPDU. BPDU c truyn n cng ca cc Switch khc trong mng,
lm thay i quan im ca nhng Switch ny v mng m n ang hot ng v iu
ny c th dn n vng lp c th xy ra. Khi BPDU b mt, cng cng thay i trng
thi ca n lm nh hng n m hnh mng ban u. C hai trng hp va nu ra
trn u c th gy ra trng thi lp vng v iu lm chng ta lo lng l m hnh c
ca mng b thay i.
Tnh nng BPDUGuard cng tng t nh RootGuard. Tnh nng BPDUGuard c
khuyn co s dng cng c tnh nng portfast. Tnh nng portfast cho php cng ca
switch c th vo trng thi Forwarding ngay lp tc khi link kt ni vi cng up ln.
Tnh nng portfast c s dng khi kt ni vi PC ti access-layer. Portfast c bt ln
ch khi ta chc chn rng trn cng khng th xy ra lp vng. Ta bt portfast ln
khng c ngha l tt STP trn cng . Nu c mt switch mi b cm nhm vo cng
c tnh nng portfast th loop c th xy ra v portfast cho php chuyn cng sang trng
thi forwarding ngay lp tc. Trong khi pht hin ra vng lp th phi tri qua mt
khong thi gian v cc trng thi khc nhau th cng mi a vo s dng bnh thng
c. BPDUGuard s cm khng cho switch l trao i BPDU vi mng. Khi switch
nhn c BPDU trn portfast vi tnh nng BPDUGuard th cng s b a vo trng
thi errdisable. Mun s dng li cng ny th phi cho php cng mt cch th cng
hoc i khong thi gian errdisable ht hn.
Tm li, bpdu guard thng c dng kt hp vi portfast. Nu c mt bpdu xut hin
trn nhng cng c bt bpdu guard th cng ca switch s rt vo trng thi errdisable.

Backbonefast
Backbonefast ti u thi gian hi t cho bt k s mng no, ci tin thi gian hi t
khi c cc hng hc gin tip xy ra. Khi mt vi kt ni trc tip xy ra, switch s khng

ch cho khong thi gian MaxAge ht. Cc switch khng nhn c hello BPDU s ch
khong thi gian MaxAge tri qua th mi bt u th thay i topology.
Tnh nng backbonefast s lm cc switch hc cc s c gin tip ca spanning tree v
hi cc switch upstream l cc switch ny c bit v s c hay khng. thc hin vic
ny, khi gi tin hello u tin b mt, switch s gi ra cc frame truy vn Root Link
Query trn tt c cc cng m l ra phi nhn c hello. RLQ s hi switch lng ging
rng switch lng ging c cn nhn hello BPDU t root. Nu switch lng ging ang
gp s c hng hc trc tip, n s tr li l ng i t n v root mt. Khi bit c
iu ny, switch ban u s tip tc tnh ton li m khng ch khong thi gian
MaxAge. Tt c cc switch trong s mng s phi cu hnh tnh nng backbonefast.
Vi vn t ra:
Bnh thng, nu khng dng backbone fast, iu g s xy ra nu c mt link b down?
Thi gian max age l g?
indirect link failure (hng hc gin tip) l g?
tnh nng ny tit kim bao nhiu giy?
Tnh nng UDLD
Giao thc Unidirectional Link Detection (UDLD) cho php cc thit b ang kt ni vi
nhau bng cp quang hoc cp ng c th quan st v pht hin c cc vn v
trng thi kt ni vt l ca h thng cp khi c hin tng kt ni theo mt hng duy
nht (Unidirectional Link) xy ra.
Bnh thng, d liu trn cc ng cp quang hoc cp ng c truyn theo hai
chiu. Vi cp quang, c th mt si truyn v mt si s nhn tn hiu. Nu, v mt l
do no mc vt l, ch mt si quang thc hin truyn tn hiu, si cn li b hng
hc v khng thc hin ng chc nng, dng d liu s ch c truyn theo mt chiu
mt cch chp chn.
Mt h qu ca vn nu trn l thit b switch u bn kia khng nhn c cc
dng frame cn thit, v d nh BPDU chng hn, switch u bn kia s ngh rng, n
cn thit phi chuyn port (l port gn cp quang v khng nhn c BPDU) sang
trng thi forwarding.
Lc ny, hin tng bridging loop c th xy ra do thut ton Spanning tree quyt nh
sai trng thi ca port ca switch (l ra vn nn tip tc blocking nhng switch li quyt
nh chuyn sang forwarding).
Hin tng Unidirectional link ny gy ra nhiu h qu khc nhau khng c li cho mi
trng LAN, bao gm c vic gy nh hng n kh nng chng loop trong giao thc
spanning-tree.

Khi hin tng Unidirectional Link c pht hin, tnh nng UDLD s shutdown cc
cng ca switch b nh hng, v pht ra cnh bo cho cc ngi dng bit c tnh
trng hin ti ca interface ny.
UDLD l giao thc hot ng ti lp 2 nhng li lm vic v gip pht hin nhng vn
lp physical vi cc thit b lp mt c th xc nh trng thi kt ni vt l ca
mt kt ni no .
Ti lp 1, cc phng thc t ng thng lng (autonegotiation) m trch cc tn
hiu vt l v pht hin li. Khc vi qu trnh autonegotiation, UDLD thc thi cc tc v
m cc phng thc t ng d tm autonegotiation khng th thc thi. V d nh pht
hin tnh trng hin ti ca cc neighbor v shutdown cc "misconnected interface".
Khi ta bt ln ng thi "autonegotiation" v UDLD, lp 1 v 2 s lm vic cng nhau
ngn nga cc hin tng kt ni theo mt hng v mt vt l v lun l.
Hin tng Unidirectional Link xy ra khi c "local device" no pht ra cc tn hiu
v c tip nhn bi "neighbor" nhng "local device" ny li khng th tip nhn cc tn
hiu do "neighbor" ny tr v.
Nu mt trong cc mch quang trong mt cp dy b ngt , khi m autonegotiation
c active, kt ni khng trng thi UP. Nu cp dy cp quang ny hot ng bnh
thng lp 1, th giao thc UDLD ti lp 2 s xc nh cc cp quang ny c c kt
ni ng hay khng v cc traffic c ang truyn theo c hai hng gia cc neighbor
hay khng.
Qu trnh Autonegotiation khng th thc thi kh nng ny bi v qu trnh negotiation
hot ng lp 1.
V c ch hot ng v cch cu hnh ca UDLD.
Switch truyn cc gi UDLD ti cc thit b lng ging neighbor theo chu k khi giao
thc UDLD va c bt ln. Cc thit b c hai u kt ni phi h tr giao thc
UDLD giao thc ny c th nh ngha, ngha l, bn phicu hnh UDLD c hai
thit b hai u. Mc nh, giao thc UDLD c tt trn giao din kt ni bng cp
ng trnh vic gi cc traffic iu khin khng cn thit.
Switch B c th nhn c cc traffic t Switch A trn interface kt ni c th. Tuy nhin
Switch A khng th nhn c traffic t Switch B trn cng interface tng t. UDLD
pht hin ra vn ny v disable interface ny.
Cc cu hnh mc nh trn Switch Cisco 4500 series:
+ ULDL global enable state : Globally disabled

+ UDLD per-interface enable state for fiber-optic media: Enabled

+ UDLD per-interface enable state for Twisted-pair (cooper) media : Disabled
Bt giao thc UDLD ton cc cho tt c cc interface quang, dng lnh sau:
Switch(config)# [no] udld enable
Ch : dng lnh ny ch cu hnh cc interface quang chy giao thc UDLD.
Bt giao thc UDLD trn interface c th:
Switch(config-if)# udld enable
xem li cu hnh:
Switch# show udld interface
Disable UDLD trn cc interface khng phi l giao din quang(twisted pair,):
Switch(config-if) no udld enable
xem li cu hnh:
Switch# show udld interface
Ch : trn cc interface quang, dng lnh no udld enable s tr li cu hnh
ca cc interface thnh udld enable. Disable UDLD trn cc interface quang:
Switch (config-if)# udld disable
Resetting cc interface b shutdown bi UDLD:
Switch# udld reset
port-fast
Khi mt my trm kt ni vo mt switch-port, switchport s khng trong trng thi s
dng c ngay m phi tri qua cc trng thi t BLOCKING n FORWARDING.
Nu cc thng s thi gian ca STP khng thay i, khong thi gian phi ch ny tn
chng 30 giy (15 giy t listening sang learning v 15 giy t learning sang
forwarding). V vy, port s khng th truyn hay nhn d liu cho n khi no port
hon ton chuyn sang trng thi forwarding.
cu hnh port-fast:
Current configuration : 1545 bytes
!
version 12.1
no service pad
service timestamps debug uptime

service timestamps log uptime

no service password-encryption
!
hostname Switch
!
spanning-tree extend system-id
system mtu 1546
!
interface FastEthernet0/1
no ip address
spanning-tree portfast
!
kim tra, ta c th un-plug cp ra khi port ca switch. Nu port-fast l enable, sau
khi cm cp vo port, port ngay lp tc s chuyn sang trng thi forwarding (n led
mu xanh).
Khi no th dng BackboneFast
1. Cc c im nh port-fast, uplink-fast hay backbone-fast u l nhng c im gip
spanning tree hi t nhanh hn khi c mt link no b down.
2. Hin nay c Rapid SPT gip ci tin rt nhiu thi gian hi t. Cc c im XXXfast nu trn t c dng.
3. Backbone-Fast s hot ng bng cch xc nh sn mt ng i v root switch.
Indirect link-failure: l mt kt ni no b down m kt ni khng lin quan n
access-layer switch hin ti.
Inferior BPDU: l cc BPDU c gi ra khi mt switch mt ng i v root v switch
s cng b n l ROOT.
Lm th no mt switch (anh La nn hnh dung l switch m anh ang xt nm
access-layer) xc nh c indirect-link failure? l khi n nhn c Inferior BPDU.
trng thi bnh thng, Access-layer switch trn s phi ch i mt khong thi gian
l MAX_AGE timers c th bt u tnh ton li SPT. Tuy nhin, Backbone-fast s ci
tin ng k thi gian ch i ny bng cch ch da trn PORT m switch nhn c
Inferior BPDU.
Ni cch khc, nu access-layer switch trn nhn c inferior BPDU t mt block-port,
access-layer switch s kt lun ngay rng, root-port hin ti v cc blocking-port khc s
l ng i v ROOT.

Nu access-layer switch nhn c inferioe BPDU t root-port th switch s kt lun

ngay l cc BLOCKING port khc s l ng i c th v ROOT.
Nh vy, im mu cht hiu backbone-fast l anh phi hiu inferior BPDU s c
trong trng hp no. V cng nn hnh dung mt s mng cho v d nu trn vi y
ba lp c core sw, distribution sw v access. Mt distribution switch s b down,
access-layer switch s tm ng v root nm core.
backbone fast phi enable trn tt c cc switch.
Khi STP topology converge v to thnh mt loop-free topology th cc port ca
switch s tr thnh cc dng port sau :
- Root port : port ca switch c root path cost n Root switch l thp nht .
- Designated port : y l port trn mt LAN segment c lowest path cost n Root
switch . Port ny c nhim v forward ra cc BPDUs xung cho cc switch nhnh
di .
- Blocking port : l nhng port khng phi l root port hay designated port .
- Alternated port : l nhng port trng thi blocking , s thay th root port ngay lp tc
nu root port b fail . Alternated port l khi nim c dng khi s dng tnh nng
uplink fast .
- Forwarding port : Port ny l normal port ca switch cho php end-user kt ni vo .
Trong mng chy STP th cc switch s giao tip vi nhau thng qua BPDUs . Sau khi
root switch c to ra , n s gi ra cc BPDUs xung cho cc switch nhnh i .
Cc switch nhnh di s lun lun theo di cc BPDUs c gi ra t root switch nhm
xem xt xem root switch c available na khng . Nu BPDUs khng cn nhn c na
. Cc switch nhnh di s cho rng root switch b fail hoc ng dn n root
khng cn tn ti na . Gii thut STP c chy li v to li 1 loop-free topology
khc .
Ta bit rng , v tr ca Root Switch trong STP topology rt quan trng . N quyt nh
ng i ca cc switch nhnh di ln Root switch l c ti u hay khng . Do c
im bu chn Root l da vo cc BPDUs . Khi c mt switch mi c add thm vo
trong STP topology ca mnh th STP topology lc ny thay i , cc switch cn phi
tnh ton v bu chn li Root switch cng nh ng i mi n Root switch . Trong
BPDUs c cha BID , trong BID li cha priority ca switch . Switch no c priority nh
nht s tr thnh Root switch . V l do mun ti u cho STP topology , admin chn
la ra mt v tr thch hp nht t Root Switch . Admin cu hnh root switch vi
priority thp nht so vi priority ca cc switch cn li . Tuy nhin , nu c mt switch l
c cu hnh vi priority thp hn c priority ca Root switch hin ti , switch ny
gn vo STP topology v s ln thay th Root switch . mun ti u v v tr ca
Root switch ca admin tht bi .
Tnh nng Root guard ra i cho php admin lun gi c v tr Root switch theo
chn m khng s b bt k mt switch l no gn thm vo lm thay i STP topology .
Vi tnh nng ny , nu c mt switch l qung b mt Superior BPDU cho root switch .
Root switch s khng cho php switch l ny tr thnh New Root Switch . N s a port
nhn superior BPDU trc tr v trng thi Root-inconsistent . Data s khng c
gi nhn trng thi ny . Khi superior BPDUs khng cn nhn c trn port ny , port
ny s tri qua cc trng thi ca STP a v s dng bnh thng . Ch cu hnh root

guard trn Root switch hoc cc switch no m ta khng mun nhn BPDUs ca mt
switch l , khng cu hnh root guard trn swich c tnh nng uplink fast . V khi cu hnh
Root Guard trn switch ny s lm cho cc alternated port ri vo trng thi Rootinconsistent . iu ny lm cho cc alternated port khng th chuyn sang trng thi
forwarding .
Cu hnh Root guard trn interface no mun protect bng cu lnh : Switch(config-if)#
spanning-tree guard root
Vi tnh nng port fast cho php switch port c th vo trng thi Forwarding ngay lp
tc khi link kt ni vi port up ln . Tnh nng port fast c s dng khi kt ni vi
PC ti access-layer . Port past c enable ln khi chc chn rng trn port khng th
xy ra loop . Ta enable port fast ln khng c ngha l disable STP trn port . Nu
c mt Switch mi b cm nhm vo port c tnh nng port fast th switch-loop s xy ra
v port fast cho php forwarding ngay lp tc . Trong khi detect ra switching loop
th phi tri qua 1 khong thi gian v cc trng thi khc nhau th port mi a vo s
dng bnh thng c .
Tnh nng BPDU guard c i km vi port fast . Khi switch nhn c BPDU trn
port fast th port s b a vo trng thi errdisable . Mun s dng li port ny th phi
manual no shut hoc i khong thi gian errdisable timeout ht hn .