[Show page]
[Old revisions]
[[unknown link type]]
[
]

Differences

This shows you the differences between two versions of the page.

--- linux:skoleni:cisco [2015/10/17 17:17]
admin created
+++ linux:skoleni:cisco [2015/10/18 14:02] (current)
admin [STP - What it solves?]
@@ Line 9: / Line 9: @@
+===== STP - What it solves? =====
+//Something's missing, something's redundant?//
+  * missing - broken cable, lost connection, broken switch
+  * redundant - badly placed cable, circles the network
+STP can fix all of the above.
+{{ :linux:skoleni:stp-broadcast-storm.png |}}
+Redundant layer 2 redundacy problems
+  * broadcast storm
+  * multiple frame copies - which is basicly the same
+  * ARP table instabilities (Cisco: CAM table)
+Magic question - what is //32768//?
+Time tracking
+  * 20 waiting for no BPDU
+  * 15 unblock blocked ports and listening state for new BPDUs - topology change
+  * 15 learning state, accepts all ethernet frames, learns MAC, but doesn't forward
+First we obviously need to know, how to disable stp for end host device (designated forwarding port).
+<code>
+conf t
+int fa 0/5
+    spanning-tree portfast
+end
+</code>
+==== Creating broadcast storm====
+First create a loop, then we disable stp and finaly one ping will send arp broadcast. Lets suppose the loop goes from port fa0/5 somewhere. Clear the counters and check the state of interface
+<code>
+   show interface fa0/5
+   clear counters
+   show interface fa0/5
+</code>
+   no spanning-tree vlan 1
+And check vlans by
+   show vlan brief
+Assign random IP to layer 3 interface vlan 1 and ping
+<code>
+   conf t
+      int vlan 1
+         ip 1.0.0.1 255.0.0.0
+         no shut
+         end
+</code>
+Check it by
+   show ip int brief | ex una
+and ping, just once
+    ping 1.0.0.2 repeat 1
+Check the interface with loop on vlan 1
+    show interface fa0/5
+=====STP=====
+{{ :linux:skoleni:stp-cost.png |}}
+=====PVST+ - VLAN time=====
+{{ :linux:skoleni:stp-pvst.png |}}
+We make switch **A** root for VLAN 10
+<code>
+spanning-tree mode pvst
+spanning-tree vlan 10 priority 16384
+</code>
+And switch **B** root for VLAN 20
+<code>
+spanning-tree mode pvst
+spanning-tree vlan 20 priority 16384
+</code>
+See what happens:
+{{ :linux:skoleni:stp-pvst-solved.png |}}
+===== RSTP - Is STP slow?=====
+Yes, it is. New version Rapid STP doesn't have ''blocking'' port, rather has ''alternate'' port. Theory goes on the table, practicaly you doesn't have to know anything. Just type
+<code>
+spanning-tree mode rapid-pvst
+</code>
+===== Can I see STP?======
+<code>
+show spanning-tree vlan 98
+</code>
+===== Little security ========
+Let's suppose you're running an office network with STP. What if someone sent bad ''BPDU'' frames to you switches? He could re-route all the traffic throught his black-hat-notebook
+{{ :linux:skoleni:black-hat-notebook.jpeg|}}
+You can filter or guard incomming ''BPDU'' packets
+  * filter - ignores and discard the packet
+  * guard - the port is put in the error-disabled state
+<code>
+Switch(config-if)# spanning-tree portfast bpdufilter default
+Switch(config-if)# spanning-tree bpduguard enable
+</code>
 There is no //more or less// static arp, but the interval could be longer.

linux/skoleni/cisco.1445095033.txt.gz · Last modified: 2015/10/17 17:17 by admin