Aggregating Switch Links

Switch Port Aggregation with EtherChannel

• EtherChannel provides an easy means to “grow,” or expand, a link’s capacity

between two switches, without having to continually purchase hardware for the next
magnitude of throughput.
• Although an EtherChannel link is seen as a single logical link, the link doesn’t
necessarily have an inherent total bandwidth equal to the sum of its component
physical links.
• The hashing operation can be performed on either MAC or IP addresses and
can be based solely on source or destination addresses, or both. Use the
following command to config ure frame distribution for all EtherChannel
switch links:
• Switch(config)# portchannel loadbalance method
EtherChannel Negotiation Protocols

• EtherChannels can be negotiated between two switches to provide some

dynamic link configuration. Two protocols are available to negotiate
bundled links in Catalyst switches. The Port Aggregation Protocol (PAgP) is
a Cisco proprietary solution, and the Link Aggregation Control Protocol
(LACP) is standards based.
EtherChannel Negotiation Protocols

• Configuring a PAgP EtherChannel

• To configure switch ports for PAgP negotiation (the default), use the
following commands:

Switch(config)# interface type mod/num

Switch(configif)# channelprotocol pagp
Switch(configif)# channelgroup number mode {on | {{auto | desirable}
[nonsilent]}}
EtherChannel Configuration

• To configure switch ports for LACP negotiation, use the following

commands:

Switch(config)# lacp systempriority priority Switch(config)# interface type

mod/num Switch(configif)# channelprotocol lacp
Switch(configif)# channelgroup number mode {on | passive | active}
Switch(configif)# lacp portpriority priority
Troubleshooting an EtherChannel

• If you find that an EtherChannel is having problems, remember that the

whole concept is based on consistent configurations on both ends of the
channel. Here are some reminders about EtherChannel operation and
interaction:
• EtherChannel on mode does not send or receive PAgP or LACP packets.
Therefore, both ends should be set to on mode before the channel can form.
• Verify the EtherChannel state with the show etherchannel summary command.
• You can verify the channel negotiation mode with the show etherchannel port
command.
• You can display a port’s configuration by looking at the show runningconfig
interface type mod/ num output. Also, the show interface type mod/num
etherchannel shows all active EtherChannel parameters for a single port
Traditional Spanning Tree Protocol
IEEE 802.1D Overview
• A robust network design not only includes efficient transfer of packets or
frames, but also considers how to recover quickly from faults in the
network. In a Layer 3 environment, the routing protocols in use keep track
of redundant paths to a destination network so that a secondary path can be
used quickly if the primary path fails. Layer 3 routing allows many paths to
a destination to remain up and active, and allows load sharing across
multiple paths.
• In a Layer 2 environment (switching or bridging), however, no routing
protocols are used, and active redundant paths are neither allowed nor
desirable. Instead, some form of bridging provides data transport between
networks or switch ports. The Spanning Tree Proto col (STP) provides
network link redundancy so that a Layer 2 switched network can recover
from failures without intervention in a timely manner. The STP is defined in
the IEEE 802.1D standard.
Switching Loop

• When there is more

Switch A Switch B than one path between
two switches

• What are the potential

problems?
Swtich C
Switching Loop
• If there is more than one path between two switches:
• Forwarding tables become unstable
• Source MAC addresses are repeatedly seen coming from different ports
• Switches will broadcast each other’s broadcasts
• All available bandwidth is utilized
• Switch processors cannot handle the load
Switching Loop

Switch A Switch B

• Node1 sends a broadcast

Swtich C
frame (e.g. an ARP
request)

Node 1
Switching Loop

• Switches A, B and
Switch A Switch B C broadcast node
1’s frame out every
port

Swtich C

Node 1
Switching Loop

• But they receive

each other’s
Switch A Switch B broadcasts,
which they need
to forward again
out every port!
Swtich C • The broadcasts
are amplified,
creating a
broadcast
storm
Node 1
Good Switching Loops

• But you can take advantage of loops!

• Redundant paths improve resilience when:
• A switch fails
• Wiring breaks

• How to achieve redundancy without

creating dangerous traffic loops?
What is a Spanning Tree
• “Given a connected, undirected graph,
a spanning tree of that graph is a
subgraph which is a tree and connects
all the vertices together”.
• A single graph can have many different
spanning trees.
Spanning Tree Protocol

• The purpose of the protocol is to have bridges

dynamically discover a subset of the topology
that is loop-free (a tree) and yet has just
enough connectivity so that where physically
possible, there is a path between every switch
Types of STP

• Several flavors:
• Traditional Spanning Tree (802.1d)
• Rapid Spanning Tree or RSTP (802.1w)
• Multiple Spanning Tree or MSTP (802.1s)
Traditional Spanning Tree (802.1d)
• Switches exchange messages that allow them to compute the
Spanning Tree
• These messages are called BPDUs (Bridge Protocol Data Units)

• Two types of BPDUs:

• Configuration
• Topology Change Notification (TCN)
Traditional Spanning Tree (802.1d)
• First Step:
• Decide on a point of reference: the Root Bridge
• The election process is based on the Bridge ID, which is composed of:
• The Bridge Priority: A two-byte value that is configurable
• The MAC address: A unique, hardcoded address that cannot be
changed.
Root Bridge Selection (802.1d)
• Each switch starts by sending out BPDUs with a Root Bridge ID equal to its
own Bridge ID
• I am the root!

• Received BPDUs are analyzed to see if a lower Root Bridge ID is being

announced
• If so, each switch replaces the value of the advertised Root Bridge ID with
this new lower ID
• Eventually, they all agree on who the Root Bridge is
Root Bridge Selection (802.1d)
32678.0000000000AA
Swtich A

Switch B Switch C

32678.0000000000BB 32678.0000000000CC

• All switches have the same priority.

• Who is the elected root bridge?

Root Port Selection (802.1d)

Now each switch needs to figure out where it is in relation to the Root Bridge
• Each switch needs to determine its Root Port
• The key is to find the port with the lowest Root Path Cost
• The cumulative cost of all the links leading to the Root Bridge
Root Port Selection (802.1d)

• Each link on a switch has a Path Cost

• Inversely proportional to the link speed
• e.g. The faster the link, the lower the cost

Link Speed STP Cost

10 Mbps 100
100 Mbps 19
1 Gbps 4
10 Gbps 2
Root Port Selection (802.1d)

Root Path Cost is the accumulation of a link’s Path Cost and the Path Costs
learned from neighboring Switches.
• It answers the question: How much does it cost to reach the Root Bridge through this port?
Root Port Selection (802.1d)

1. Root Bridge sends out BPDUs with a Root Path Cost value of 0
2. Neighbor receives BPDU and adds port’s Path Cost to Root Path Cost
received
3. Neighbor sends out BPDUs with new cumulative value as Root Path Cost
4. Other neighbor’s down the line keep adding in the same fashion
Root Port Selection (802.1d)

On each switch, the port where the lowest Root Path Cost was received
becomes the Root Port
• This is the port with the best path to the Root Bridge
Root Port Selection (802.1d)
32678.0000000000AA
1 Swtich A 2

Cost=19 Cost=19

1 1
Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC

• What is the Path Cost on each Port?

• What is the Root Port on each switch?

Root Port Selection (802.1d)
32678.0000000000AA
1 Swtich A 2

Cost=19 Cost=19

Root Port Root Port

1 1
Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC
Electing Designated Ports (802.1d)

OK, we now have selected root ports but we haven’t solved the loop
problem yet, have we
• The links are still active!
Each network segment needs to have only one switch forwarding traffic to and
from that segment
Switches then need to identify one Designated Port per link
• The one with the lowest cumulative Root Path Cost to the Root Bridge
Electing Designated Ports(802.1d)
32678.0000000000AA
1 Swtich A 2

Cost=19 Cost=19

1 1
Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC

• Which port should be the Designated Port on each segment?

Electing Designated Ports (802.1d)

Two or more ports in a segment having identical Root Path Costs is

possible, which results in a tie condition
All STP decisions are based on the following sequence of conditions:
• Lowest Root Bridge ID
• Lowest Root Path Cost to Root Bridge
• Lowest Sender Bridge ID
• Lowest Sender Port ID
Electing Designated Ports(802.1d)
Designated 32678.0000000000AA Designated
Port 1 Swtich A 2 Port

Cost=19 Cost=19

1 1
Switch B Switch C
2 2
32678.0000000000BB Cost=19 32678.0000000000CC

Designated
Port
In the B-C link, Switch B has the lowest
Bridge ID, so port 2 in Switch B is the
Designated Port
Blocking a port

Any port that is not elected as either a Root Port, nor a Designated Port is put
into the Blocking State.
This step effectively breaks the loop and completes the Spanning Tree.
Designated Ports on each segment (802.1d)
32678.0000000000AA

1 Swtich A 2
Cost=19 Cost=19

1 1
Switch B
2
✕Switch C
2
32678.0000000000BB Cost=19 32678.0000000000CC

• Port 2 in Switch C is then put into the Blocking State because

it is neither a Root Port nor a Designated Port
Spanning Tree Protocol States

Disabled
• Port is shut down
Blocking
• Not forwarding frames
• Receiving BPDUs
Listening
• Not forwarding frames
• Sending and receiving BPDUs
Spanning Tree Protocol States

Learning
• Not forwarding frames
• Sending and receiving BPDUs
• Learning new MAC addresses
Forwarding
• Forwarding frames
• Sending and receiving BPDUs
• Learning new MAC addresses
STP Topology Changes

Switches will recalculate if:

• A new switch is introduced
• It could be the new Root Bridge!
• A switch fails
• A link fails
Spanning Tree Configuration
STP Root Bridge
• As the network administrator, you can make adjustments to the spanningtree
operation to control its behavior. The location of the root bridge should be
determined as part of the design process. You can use redundant links for
load balancing in parallel, if configured correctly. You can also configure
STP to converge quickly and predictably if a major topology change occurs.
Root Bridge Placement

Using default STP parameters might result in an undesired situation

• Traffic will flow in non-optimal ways
• An unstable or slow switch might become the root
You need to plan your assignment of bridge priorities carefully
• You can configure a Catalyst switch to become the root bridge using one of
two methods, which are configured as follows:
• Manually setting the bridge priority value so that a switch is given a lowerthan
defaul bridge ID value to win a root bridge election. You must know the bridge pri
orities of every other switch in a VLAN so that you can choose a value that is less
than all the others. The command to accomplish this is as follows:
Switch(config)# spanningtree vlan vlanlist priority bridgepriority
Switch(config)# spanningtree vlan 5,100200 priority 4096

• Causing the wouldbe root bridge switch to choose its own priority, based on some assumptions
about other switches in the network.

Switch(config)# spanningtree vlan vlanid root {primary | secondary} [diameter

diameter]
Bad Root Bridge Placement
Out to router

32678.0000000000BB Swtich B Switch D 32678.0000000000DD

Root
Bridge

32678.0000000000CC Switch C Switch A 32678.0000000000AA

Good Root Bridge Placement

Alernative Out to standby Out to

Root Bridge
Root Bridge router active router

1.0000000000BB Swtich B Switch D 0.0000000000DD

32678.0000000000CC Switch C Switch A 32678.0000000000AA

Spanning-Tree Customization
• The most important decision you can make when designing your
spanningtree topology is the placement of the root bridge. Other decisions,
such as the exact loopfree path structure, will occur automatically as a result
of the spanningtree algorithm (STA). Occasionally, the path might need
additional tuning, but only under special circumstances and after careful
consideration.
• Recall the sequence of four criteria that STP uses to choose a path:
• 1. Lowest bridge ID
• 2. Lowest root path cost
• 3. Lowest sender bridge ID
• 4. Lowest sender port ID
Tuning Spanning-Tree Convergence
• STP uses several timers, a sequence of states that ports must move through,
and specific topology change conditions to prevent bridging loops from
forming in a complex net work. Each of these parameters or requirements is
based on certain default values for a typical network size and function. For
the majority of cases, the default STP operation is sufficient to keep the
network loop free and enable users to communicate.
• However, in certain situations, the default STP can cause network access to
be delayed while timers expire and while preventing loops on links where
loops are not possible. For example, when a single PC is connected to a
switch port, a bridging loop is simply not possible. Another situation relates
to the size of a Layer 2 switched network: The default STP timers are based
on a benchmark network size.
Tuning Spanning-Tree Convergence
• Manually Configuring STP Timers
• Use one or more of the following global configuration commands to modify STP timers:

Switch(config)# spanningtree [vlan vlanid] hellotime seconds

Switch(config)# spanningtree [vlan vlanid] forwardtime seconds
Switch(config)# spanningtree [vlan vlanid] maxage seconds
• Switch# show spanningtree vlan 100
VLAN0100
Spanning tree enabled protocol ieee
Root ID Priority 100
Address 000c.8554.9a80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 100 (priority 0 sysidext 100) Address 000c.8554.9a80

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Redundant Link Convergence
• Some additional methods allow faster STP convergence if a link failure
occurs:
• PortFast—Enables fast connectivity to be established on accesslayer switch ports
to workstations that are booting
Switch(config)# spanningtree portfast default
Switch(configif)# switchport host
• UplinkFast—Enables fastuplink failover on an accesslayer switch when dual up
links are connected into the distribution layer
switch(config)# spanningtree uplinkfast [maxupdaterate pktspersecond]
• BackboneFast—Enables fast convergence in the network backbone or core layer
switches after a spanningtree topology change occurs
• Instead of modifying timer values, these methods work by controlling
convergence on specifically located ports within the network hierarchy.
Monitoring STP
• Because the STP running in a network uses several timers, costs, and
dynamic calculations, predicting the current state is difficult. You can use a
network diagram and work out the STP topology by hand, but any change on
the network could produce an entirely different outcome. Then, figure in
something like PVST+, in which you have one instance of STP running for
each VLAN present. Obviously, simply viewing the STP status on the active
network devices would be better
Monitoring STP
Spanning Tree Protocol Troubleshooting
Protecting Spanning Tree Protocol Topology
Protecting Against Unexpected BPDUs
• To maintain an efficient topology, the placement of the root bridge must be
predictable.
• Hopefully, you configured one switch to become the root bridge and a second one to
be the secondary root. What happens when a “foreign” or rogue switch is connected
to thenetwork, and that switch suddenly is capable of becoming the root bridge?
Cisco added two STP features that help prevent the unexpected: Root Guard and
BPDU Guard.
Protecting Against Unexpected BPDUs
• Root Guard
• In essence, Root Guard designates that a port can only forward or relay BPDUs; the
port can’t be used to receive BPDUs. Root Guard prevents the port from ever
becoming a root port where BPDUs normally would be received from the root
bridge.
• You can enable Root Guard only on a per-port basis. By default, it is disabled on all
switch ports. To enable it, use the following interface configuration command:
• Switch(config-if)# spanning-tree guard root
Protecting Against Unexpected BPDUs
• BPDU Guard
• By definition, if you enable PortFast, you do not expect to find anything that can
cause a bridging loop—especially another switch or device that produces BPDUs.
Suppose that a switch is connected by mistake to a port where PortFast is enabled.
Now there is a potential for a bridging loop to form. An even greater consequence is
that the potential now exists for the newly connected device to advertise itself and
become the new root bridge.
switch(config)# spanning-tree portfast bpduguard default

• You also can enable or disable BPDU Guard on a per-port basis, using the following
interface configuration command:
Switch(config-if)# [no] spanning-tree bpduguard enable
Protecting Against Sudden Loss of BPDUs
• What happens if a switch doesn’t receive BPDUs in a timely manner or
when it doesn’t receive any? The switch can view that condition as
acceptable—perhaps an upstream switch or an upstream link is dead. In that
case, the topology must have changed, so blocked ports eventually can be
unblocked again.
Protecting Against Sudden Loss of BPDUs
• Loop Guard
• By default, Loop Guard is disabled on all switch ports. You can enable Loop Guard
as a global default, affecting all switch ports, with the following global configuration
command:
Switch(config)# spanning-tree loopguard default
Protecting Against Sudden Loss of BPDUs
• What happens if a switch doesn’t receive BPDUs in a timely manner or
when it doesn’t receive any? The switch can view that condition as
acceptable—perhaps an upstream switch or an upstream link is dead. In that
case, the topology must have changed, so blocked ports eventually can be
unblocked again.
Using BPDU Filtering to Disable STP on a Port
• Ordinarily, STP operates on all switch ports in an effort to eliminate bridging loops
beforethey can form. BPDUs are sent on all switch ports—even ports where PortFast has
been enabled. BPDUs also can be received and processed if any are sent by neighboring
switches.
• You always should allow STP to run on a switch to prevent loops. However, in special
cases when you need to prevent BPDUs from being sent or processed on one or more
switch ports, you can use BPDU filtering to effectively disable STP on those ports.
Switch(config)# spanning-tree portfast bpdufilter default
Switch(config-if)# spanning-tree bpdufilter {enable | disable}

• Be very careful to enable BPDU filtering only under controlled circumstances in which
you are absolutely sure that a switch port will have a single host connected and that a loop
will be impossible. Enable BPDU filtering only if the connected device cannot allow
BPDUs to be accepted or sent. Otherwise, you should permit STP to operate on the switch
ports as a precaution
Troubleshooting STP Protection
Advanced Spanning Tree Protocol
Rapid Spanning Tree (802.1w)
• Convergence is much faster
• Communication between switches is more interactive
• Edge ports don’t participate
• Edge ports transition to forwarding state immediately
• If BPDUs are received on an edge port, it becomes a non-edge port to prevent
loops
Rapid Spanning Tree (802.1w)
• Defines these port roles:
• Root Port (same as with 802.1d)
• Alternate Port
• A port with an alternate path to the root
• Designated Port (same as with 802.1d)
• Backup Port
• A backup/redundant path to a segment where another bridge port already connects.
Rapid Spanning Tree (802.1w)
• Synchronization process uses a handshake method
• After a root is elected, the topology is built in cascade, where each switch proposes
to be the designated bridge for each point-to-point link
• While this happens, all the downstream switch links are blocking
Rapid Spanning Tree (802.1w)

DP Root
Proposal

RP
Agreement
Switch Switch

Switch Switch
Rapid Spanning Tree (802.1w)

DP Root DP Proposal

RP Agreement
RP
Switch Switch

Switch Switch
Rapid Spanning Tree (802.1w)

DP Root DP

RP RP
Switch Switch

DP
Proposal Agreement

RP
Switch Switch
Rapid Spanning Tree (802.1w)

DP Root DP

RP RP
Switch Switch

DP DP
Proposal Agreement

RP RP
Switch Switch
Rapid Spanning Tree (802.1w)
• Prefer RSTP over STP if you want faster convergence
• Always define which ports are edge ports
Multiple Spanning Tree (802.1s)
• Allows separate spanning trees per VLAN group
• Different topologies allow for load balancing between links
• Each group of VLANs are assigned to an “instance” of MST

• Compatible with STP and RSTP

Multiple Spanning Tree (802.1s)

Root VLAN A Root VLAN B

✕

✕
Vlan A Vlan B
Multiple Spanning Tree (802.1s)

• MST Region
• Switches are members of a region if they have the same set of attributes:
• MST configuration name
• MST configuration revision
• Instance-to-VLAN mapping
• A digest of these attributes is sent inside the BPDUs for fast comparison by the
switches
• One region is usually sufficient
Multiple Spanning Tree (802.1s)

• CST = Common Spanning Tree

• In order to interoperate with other versions of Spanning Tree, MST needs a
common tree that contains all the other islands, including other MST regions
Multiple Spanning Tree (802.1s)
• IST = Internal Spanning Tree
• Internal to the Region, that is
• Presents the entire region as a single virtual bridge to the CST outside
Multiple Spanning Tree (802.1s)
• MST Instances
• Groups of VLANs are mapped to particular Spanning Tree instances
• These instances will represent the alternative topologies, or forwarding paths
• You specify a root and alternate root for each instance
Multiple Spanning Tree (802.1s)

MST Region CST

MST Region

IST

IST

802.1D switch
Multiple Spanning Tree (802.1s)
• Design Guidelines
• Determine relevant forwarding paths, and distribute your VLANs equally into
instances matching these topologies
• Assign different root and alternate root switches to each instance
• Make sure all switches match region attributes
• Do not assign VLANs to instance 0, as this is used by the IST