14-Troubleshooting Spanning Tree

Lab ID: 9.9K317A192.TSP.
Troubleshooting Spanning Tree

Objective
Analyze, locate, and fix Spanning Tree Protocol (STP) problems on your network, which could be caused
by misconfiguration or incorrect design.
Lab Topology
The topology diagram below represents the NetMap in the Simulator.
ASW1 DSW1 CSW1 R1

PC1
ASW2 DSW2 CSW2 R2

PC2
Command Summary
Command Description
configure terminal enters global configuration mode from privileged EXEC mode
enable enters privileged EXEC mode
end ends and exits configuration mode
exit exits one level in the menu structure
interface range fastethernet slot/ configures a range of interfaces
starting-port - ending-port
show cdp neighbors displays information about directly connected neighbors
show interfaces status displays the line status of all interfaces
show running-config displays the active configuration file
show spanning-tree displays spanning-tree state information displays the status
and configuration of the root bridge displays the status and
configuration of the root bridge
show spanning-tree root [ detail | displays the status and configuration of the root bridge
priority}
show spanning-tree root port displays the root port
shutdown; no shutdown disables an interface; enables an interface
[no] spanning-tree bpduguard enable enables the BPDU guard feature on an interface; the no form
disables BPDU guard
1 Boson NetSim Lab Manual

Command Description
spanning-tree cost cost sets the path cost on an interface
[no] spanning-tree vlan vlan-id [root forces a switch to become the root bridge for a spanning tree
{primary | secondary} | {priority instance; the no form removes the existing configuration
priority}]
Lab Tasks
Complex network troubleshooting requires a structured approach. Network documentation that includes
thorough troubleshooting procedures can decrease the amount of time required to resolve network
problems. Troubleshooting procedures should contain a process to diagnose problems and the steps
necessary to verify that a proposed solution resolved the problem. In this lab, this is referred to as a
troubleshooting and verification plan.
Trouble Ticket 1: Bad Switch Optimization

Hot Standby Router Protocol (HSRP) was recently implemented on R1 and R2. Although you do not have
administrative access to R1 and R2, you have been informed that R1 is configured as the active router for
virtual LANs (VLANs) 1–3 and R2 is configured as the active router for VLANs 4–6. You have also been
informed that some portions of the network are sluggish and at times unresponsive under heavy load. In
this task, analyze the network and determine the cause of the problem.
Trouble Ticket 2: Traffic Shaping Due to a Faulty Switch

A network engineer has warned you that DSW2 is producing numerous errors and having problems
delivering traffic. DSW2 is currently the primary distribution switch for half of the VLANs in the network.
A new switch has been ordered to replace DSW2, but in the meantime, you must migrate all the primary
traffic off of DSW2 until the new switch can be delivered and installed.
First, you should analyze the network to determine which ports are connected and forwarding to DSW2.
Then, because DSW2 will be decommissioned soon, you must route all traffic through DSW1 to avoid
problems that could be caused by a potential hardware failure during business hours.
Trouble Ticket 3: Configuration Error Causing Unstable STP

A network engineer has informed you that ports on ASW1 are in an err-disable state. Your task is to
determine the cause of the problem and correct it. After correcting the problem, you should verify that
ASW1 is using the most efficient path to send traffic to the root bridge for VLANs 1–3.
You can do so by clicking the Grade Lab icon ( ) in the toolbar or by pressing Ctrl+G.

Lab Solutions
Trouble Ticket 1: Bad Switch Optimization
Hot Standby Router Protocol was recently implemented on R1 and R2 in. Although you do not have
administrative access to R1 and R2, you have been informed that R1 is configured as the active router for
VLANs 1–3 and R2 is configured as the active router for VLANs 4–6. You have also been informed that
some portions of the network are sluggish and at times unresponsive under heavy load. In this task, you
should first analyze the network and determine the cause of the problem, and then you should take steps
to resolve the problem.
You should create a troubleshooting and verification plan before attempting to correct the problem. There
are several possible solutions to this task. The following are steps that you can take to resolve the issue:
1. You should first familiarize yourself with the Layer 2 topology. You can most easily accomplish this
by determining which switches serve as the root bridges on the network. There should be one root
bridge for VLANs 1 through 3 and one for VLANs 4 through 6.
When designing or optimizing a network, you should identify the switch that should serve as the
root bridge for each VLAN. This selection greatly depends on the design of the network; you should
generally choose a powerful switch that is located in an optimal portion of the network to serve
as a root bridge. In networks with a significant amount of traffic between VLANs, putting the root
bridge where it has a direct connection to the active routers can reduce the average distance from
the clients to the routers and can increase interVLAN routing performance. By contrast, selecting a
switch at the client-edge of the network to be the root could increase the number of hops between
clients and the rest of the network, increase traffic, and cause packet loss.
In this scenario, R1 is the active router for VLANs 1–3 and R3 is the active router for VLANS 4–6.
Therefore, the optimal devices to be root bridges would be CSW1 (VLANs 1–3) and CSW2 (VLANs
4–6).
2. You can issue the following command to determine the devices that are currently the root bridges on
the network. Sample output for DSW1, which is the root bridge for VLANs 1–3, is shown:
DSW1#show spanning-tree root detail

VLAN0001
Root ID Priority 24576
Address 000C.1380.3538
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN0002
Address 000C.1380.3538
(continued on next page)

(continued from previous page)
VLAN0003
Address 000C.1380.3538
<output omitted>
DSW1 is not an optimal device to be a root bridge, because it is located in the center of the network
and is not adjacent to an active router. Because DSW1 is in the center of the network, it could cause
suboptimal paths between clients and their corresponding default gateways. Suboptimal paths could
cause a heavy load on portions of the network. The optimal device to be the root bridge for VLANs
1–3 is CSW1.
3. You should examine the running configuration on DSW1 to determine why DSW1 has been selected
as the root bridge for VLANs 1–3. The following command output indicates that DSW1 is configured
with a custom priority for VLANs 1–3:
DSW1#show running-config | section spanning-tree

spanning-tree mode pvst
spanning-tree vlan 1-3 priority 24576
spanning-tree extend system-id
Because the priority value configured for VLANs 1–3 on DSW1 is lower than the values configured
on the remaining switches in the topology, DSW1 will serve as the root bridge for those VLANs.
Additionally, the priority value configured for VLANs 4–6 will ensure that if the current root bridge for
VLANs 4–6 were to fail, DSW1 would take over the role of root bridge for those VLANs.
4. You should issue the following commands to remove the custom priority values configured on
DSW1for VLANs 1–3 and VLANs 4–6:
DSW1(config)#no spanning-tree vlan 1-3 root primary

DSW1(config)#no spanning-tree vlan 4-6 root secondary
5. From the output of the show spanning-tree root detail command or the show spanning-tree
command on the other switches (CSW1, CSW2, DSW2, ASW1, and ASW2), you can determine that
ASW2 is the root bridge for VLANs 4–6. Sample output from the show spanning-tree root detail
command on ASW2 is shown:
ASW2#show spanning-tree root detail

<output omitted>
VLAN0004
Address 000C.1461.3123
(continued on next page)

(continued from previous page)
VLAN0005
Address 000C.1461.3123
VLAN0006
Address 000C.1461.3123
ASW2 is not an optimal device to be a root bridge, because it is located at the client-edge of the
network and would increase the number of hops between clients and the rest of the network. The
cause of the heavy load on portions of the network could be because ASW2 is configured as the root
bridge for VLANs 4–6. The optimal device to be the root bridge for VLANs 4–6 is CSW2.
6. You should examine the running configuration on ASW2 to determine why ASW2 has been selected
as the root bridge for VLANs 4–6. The following command output indicates that ASW2 is configured
with a custom priority for VLANs 4–6:
ASW2#show running-config | section spanning-tree

spanning-tree mode pvst
spanning-tree extend system-id
Because the priority value configured for VLANs 4–6 on ASW2 is lower than the values configured
on the remaining switches in the topology, ASW2 will serve as the root bridge for those VLANs.
7. You should issue the following command to remove the priority for VLANs 4–6 configured on ASW2:
ASW2(config)#no spanning-tree vlan 4-6 root primary
8. Although removing the custom STP priority on ASW2 and DSW1 restores their place in the root
bridge selection process, it does not guarantee that the optimal switch will become the root bridge
for VLANs 1–3 or VLANs 4–6. You should issue the following commands on CSW1 and CSW2 to
ensure that they are selected to serve as the root bridges for their respective VLANs:
CSW1(config)#spanning-tree vlan 1-3 root primary

CSW1(config)#spanning-tree vlan 4-6 root secondary
CSW2(config)#spanning-tree vlan 4-6 root primary

CSW2(config)#spanning-tree vlan 1-3 root secondary
The commands above ensure that CSW1 will serve as the root bridge for VLANs 1–3 and that
CSW2 will serve as the root bridge for VLANs 4–6. If either bridge goes offline, the remaining bridge
will take over the role of root bridge for the affected VLANs.

9. Verify that you have optimized the root bridge configuration in the network by issuing the following
command on CSW1 and CSW2. Sample output is shown below:
CSW1#show spanning-tree root detail

VLAN0001
Address 000C.1786.6569
VLAN0002
Address 000C.1786.6569
VLAN0003
Address 000C.1786.6569
<output omitted>
CSW2#show spanning-tree root detail

<output omitted>
VLAN0004
Address 000C.1497.2180
VLAN0005
Address 000C.1497.2180
VLAN0006
Address 000C.1497.2180

Trouble Ticket 2: Traffic Shaping Due to a Faulty Switch
A network engineer has warned you that DSW2 is producing numerous errors and having problems
delivering traffic. DSW2 is currently being used as the distribution switch for half of the VLANs in the
network. A new switch has been ordered to replace DSW2, but in the meantime, you must migrate all the
primary traffic off of DSW2 until the new switch can be delivered and installed.
First, you should analyze the network to determine which ports are connected and forwarding to DSW2.
Then, because DSW2 will be decommissioned soon, you must route all traffic through DSW1 to avoid
problems that could be caused by a potential hardware failure during business hours.
1. You can issue the following command on DSW2 to display the CDP neighbor table:
DSW2#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
<output omitted>
CSW1 Fas0/7 164 T S 3550 Fas 0/5
CSW1 Fas0/8 164 T S 3550 Fas 0/6
CSW2 Fas0/9 164 T S 3550 Fas 0/7
CSW2 Fas0/10 164 T S 3550 Fas 0/8
The sample output indicates that DSW2 is directly connected to both root bridges. DSW2’s
FastEthernet 0/7 and 0/8 interfaces connect to CSW1, and DSW2’s FastEthernet 0/9 and 0/10
interfaces connect to CSW2. Because DSW2 connects directly to the root bridges, the cost it
receives in BPDUs from the root bridges has a value of zero.
2. Because DSW2 is directly connected to both root bridges, it is possible that the traffic pattern for
all of the VLANs will pass through DSW2. You can examine the root ports on a particular switch
to determine where the switch will forward traffic for a particular VLAN. For example, the following
output from ASW2 indicates that traffic for all VLANs is forwarded out of the FastEthernet 0/1
interface, which is connected to DSW2:
ASW2#show spanning-tree root port

VLAN0001 FastEthernet0/1

3. You can issue the following command on ASW2 to display the port costs associated with each port
within a VLAN:
ASW2#show spanning-tree
VLAN0001
Spanning tree enabled protocol pvst
Address 000C.1786.6569
Cost 38
Bridge ID Priority 32768

Address 000C.1461.3123
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ----------------------------
Fa0/1 Root FWD 38 128.1 P2p
Fa0/2 Desg BLK 38 128.2 P2p
Fa0/5 Desg FWD 19 128.5 P2p
<output omitted>
The sample command output indicates that the root path cost for interface FastEthernet 0/1 is 38. In
order for the STP algorithm on ASW2 to select a different path to the root switch, the path cost must
be less than the path through the current root port.
4. You can change the traffic pattern from using DSW2 to using DSW1 without changing the global
priorities set for VLANs 4–6; you can do this by configuring a cost value on the interfaces on DSW2
that are connected to the root bridges, making the path through DSW2 less desirable to the STP
algorithm. When DSW2 advertises its root path cost to neighboring switches, the modified path cost
will become too high and those switches will choose alternate paths through other devices rather
than the higher cost path through DSW2.
5. You should assign a higher STP port cost to the interfaces on DSW2 that link to the root bridges so
that the protocol data units (PDUs) originating from DSW2 will have an undesirable root path cost. A
possible cost value is 100; commands configuring a cost of 100 on the range of FastEthernet ports
0/7 through 0/10 are shown below:
DSW2(config)#interface range fastethernet 0/7 - 10

DSW2(config-if-range)#spanning-tree cost 100

6. Wait for the network to converge, and then examine the root ports on ASW2 by issuing the following
command:

The sample output indicates that ASW2 now uses the FastEthernet 0/3 interface to reach the root
bridge for each VLAN.
7. You can issue the following command on ASW2 to display the port costs associated with each port
within a VLAN:
ASW2#show spanning-tree
VLAN0001
Spanning tree enabled protocol pvst
Address 000C.1786.6569
Cost 38
Bridge ID Priority 32768

Address 000C.1461.3123
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ----------------------------
Fa0/3 Root FWD 38 128.3 P2p
<output omitted>
The sample command output now indicates that the root path cost for interface FastEthernet 0/1
is 57, which is higher than the alternate root path cost of 38. The output also indicates that the
FastEthernet 0/3 interface, which connects to DSW1, has become the root port for VLAN 1.

Trouble Ticket 3: Configuration Error Causing Unstable STP
A network engineer has informed you that ports on ASW1 are in an err-disable state. Your task is to
determine the cause of the problem and correct it. After correcting the problem, you should verify that
ASW1 is using the most efficient path to send traffic to the root bridge for VLANs 1–3.
1. You should issue the following command on ASW1 to verify the state of the interfaces connecting
ASW1 to DSW1:
ASW1#show interfaces status

Port Name Status Vlan Duplex Speed Type
Fa0/1 err-disabled trunk a-full a-100 10/100BaseTX
Fa0/2 err-disabled trunk a-full a-100 10/100BaseTX
Fa0/3 connected trunk a-full a-100 10/100BaseTX
Fa0/4 connected trunk a-full a-100 10/100BaseTX
Fa0/5 connected 1 a-full a-100 10/100BaseTX
Fa0/6 notconnect 1 auto auto 10/100BaseTX
Gi0/1 notconnect 1 auto auto 10/100BaseTX
2. You should issue the following command on ASW1 to determine that the cause of the problem is
that BPDU guard has been enabled on the FastEthernet 0/1 and 0/2 interfaces:
ASW1#show running-config
<output omitted>
!
interface FastEthernet0/1
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/2
spanning-tree bpduguard enable
<output omitted>
The BPDU guard feature can be enabled on access ports to prevent a rogue switch from modifying
the STP topology. When such a port receives a bridge protocol data unit (BPDU), BPDU guard
immediately puts that port into the err-disable state and shuts down the port. The port must then be
manually re-enabled, or it can be recovered automatically through the err-disable timeout function.
BPDU guard should not be enabled on ports that are connected to other switches.

3. You should issue the following commands to correct the configuration error on ASW1:
ASW1(config)#interface range fastethernet 0/1 - 2

ASW1(config-if-range)#no spanning-tree bpduguard enable
4. Removing the BPDU guard configurations from the interfaces will not re-enable the interfaces. You
should issue the following commands on FastEthernet 0/1 and 0/2 to bring the interfaces up:
ASW1(config-if-range)#shutdown
ASW1(config-if-range)#no shutdown
5. You should issue the following command to verify that the FastEthernet 0/1 on ASW1 is the root port
for VLANs 1–3:


Sample Configuration Scripts
ASW1 ASW1 (continued)
ASW1#show running-config interface FastEthernet0/5
Building configuration... !
Current configuration : 1024 bytes interface FastEthernet0/6
! !
Version 15.b interface FastEthernet0/7
service timestamps debug uptime !
service timestamps log uptime interface FastEthernet0/8
no service password-encryption !
! interface GigabitEthernet0/1
hostname ASW1 !
! interface Vlan 1
ip subnet-zero no ip address
! no ip route-cache
ip cef !
no ip domain-lookup vlan 2 name VLAN0002
spanning-tree mode pvst vlan 3 name VLAN0003
spanning-tree extend system-id vlan 4 name VLAN0004
! vlan 5 name VLAN0005
interface FastEthernet0/1 vlan 6 name VLAN0006
switchport mode trunk !
! ip classless
interface FastEthernet0/2 no ip http server
! line con 0
interface FastEthernet0/3 line aux 0
switchport mode trunk line vty 0 15
! login
interface FastEthernet0/4 !
switchport mode trunk no scheduler allocate
! end

DSW2 DSW2 (continued)
DSW2#show running-config interface FastEthernet0/8
Building configuration... switchport trunk encapsulation dot1q
Current configuration : 1783 bytes switchport mode trunk
! spanning-tree vlan 1-6 cost 100
Version 15.b !
service timestamps debug uptime interface FastEthernet0/9
service timestamps log uptime switchport trunk encapsulation dot1q
no service password-encryption switchport mode trunk
! spanning-tree vlan 1-6 cost 100
hostname DSW2 !
! interface FastEthernet0/10
ip subnet-zero switchport trunk encapsulation dot1q
! switchport mode trunk
ip cef spanning-tree vlan 1-6 cost 100
no ip domain-lookup !
spanning-tree mode pvst interface FastEthernet0/11
spanning-tree extend system-id !
! interface FastEthernet0/12
switchport trunk encapsulation dot1q interface GigabitEthernet0/1
! interface GigabitEthernet0/2
switchport trunk encapsulation dot1q interface Vlan 1
switchport mode trunk no ip address
! no ip route-cache
switchport trunk encapsulation dot1q vlan 2 name VLAN0002
switchport mode trunk vlan 3 name VLAN0003
! vlan 4 name VLAN0004
interface FastEthernet0/4 vlan 5 name VLAN0005
switchport trunk encapsulation dot1q vlan 6 name VLAN0006
! ip classless
interface FastEthernet0/5 no ip http server
switchport trunk encapsulation dot1q !
switchport mode trunk line con 0
! line aux 0
interface FastEthernet0/6 line vty 0 4
switchport trunk encapsulation dot1q login
! no scheduler allocate
interface FastEthernet0/7 end
switchport trunk encapsulation dot1q
spanning-tree vlan 1-6 cost 100
!
Copyright © 1996–2017 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.

14-Troubleshooting Spanning Tree

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

14-Troubleshooting Spanning Tree

Uploaded by

Copyright:

Available Formats

Lab ID: 9.9K317A192.TSP.

Troubleshooting Spanning Tree

ASW1 DSW1 CSW1 R1

ASW2 DSW2 CSW2 R2

1 Boson NetSim Lab Manual

Trouble Ticket 1: Bad Switch Optimization

Trouble Ticket 2: Traffic Shaping Due to a Faulty Switch

Trouble Ticket 3: Configuration Error Causing Unstable STP

2 Boson NetSim Lab Manual

DSW1#show spanning-tree root detail

(continued on next page)

3 Boson NetSim Lab Manual

DSW1#show running-config | section spanning-tree

DSW1(config)#no spanning-tree vlan 1-3 root primary

ASW2#show spanning-tree root detail

4 Boson NetSim Lab Manual

ASW2#show running-config | section spanning-tree

ASW2(config)#no spanning-tree vlan 4-6 root primary

CSW1(config)#spanning-tree vlan 1-3 root primary

CSW2(config)#spanning-tree vlan 4-6 root primary

5 Boson NetSim Lab Manual

CSW1#show spanning-tree root detail

CSW2#show spanning-tree root detail

6 Boson NetSim Lab Manual

DSW2#show cdp neighbors

ASW2#show spanning-tree root port

7 Boson NetSim Lab Manual

Bridge ID Priority 32768

Interface Role Sts Cost Prio.Nbr Type

DSW2(config)#interface range fastethernet 0/7 - 10

8 Boson NetSim Lab Manual

ASW2#show spanning-tree root port

Bridge ID Priority 32768

Interface Role Sts Cost Prio.Nbr Type

9 Boson NetSim Lab Manual

ASW1#show interfaces status

10 Boson NetSim Lab Manual

ASW1(config)#interface range fastethernet 0/1 - 2

ASW1#show spanning-tree root port

11 Boson NetSim Lab Manual

12 Boson NetSim Lab Manual

13 Boson NetSim Lab Manual

You might also like