Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:skoleni:cisco [2015/10/18 00:56]
admin [STP - What it solves?] 		linux:skoleni:cisco [2015/10/18 14:02] (current)
admin [STP - What it solves?]
Line 14: Line 14:
   * redundant - badly placed cable, circles the network   * redundant - badly placed cable, circles the network
 STP can fix all of the above. STP can fix all of the above.
 +
 +{{ :​linux:​skoleni:​stp-broadcast-storm.png |}}
  
 Redundant layer 2 redundacy problems Redundant layer 2 redundacy problems
Line 21: Line 23:
  
 Magic question - what is //32768//? Magic question - what is //32768//?
 +
 +Time tracking
 +  * 20 waiting for no BPDU
 +  * 15 unblock blocked ports and listening state for new BPDUs - topology change
 +  * 15 learning state, accepts all ethernet frames, learns MAC, but doesn'​t forward
 +
  
 First we obviously need to know, how to disable stp for end host device (designated forwarding port). First we obviously need to know, how to disable stp for end host device (designated forwarding port).
Line 30: Line 38:
 </​code>​ </​code>​
  
 +
 +==== Creating broadcast storm====
 +First create a loop, then we disable stp and finaly one ping will send arp broadcast. Lets suppose the loop goes from port fa0/5 somewhere. Clear the counters and check the state of interface
 +<​code>​
 +   show interface fa0/5
 +   clear counters
 +   show interface fa0/5
 +</​code>​
 +   no spanning-tree vlan 1
 +And check vlans by
 +   show vlan brief
 +Assign random IP to layer 3 interface vlan 1 and ping
 +<​code>​
 +   conf t
 +      int vlan 1
 +         ip 1.0.0.1 255.0.0.0
 +         no shut
 +         end
 +</​code>​
 +Check it by
 +   show ip int brief | ex una
 +and ping, just once
 +    ping 1.0.0.2 repeat 1
 +Check the interface with loop on vlan 1
 +    show interface fa0/5
 +=====STP=====
 +{{ :​linux:​skoleni:​stp-cost.png |}}
 +
 +=====PVST+ - VLAN time=====
 +{{ :​linux:​skoleni:​stp-pvst.png |}}
 +We make switch **A** root for VLAN 10
 +<​code>​
 +spanning-tree mode pvst
 +spanning-tree vlan 10 priority 16384
 +</​code>​
 +
 +And switch **B** root for VLAN 20
 +<​code>​
 +spanning-tree mode pvst
 +spanning-tree vlan 20 priority 16384
 +</​code>​
 +
 +See what happens:
 +{{ :​linux:​skoleni:​stp-pvst-solved.png |}}
 +===== RSTP - Is STP slow?=====
 +Yes, it is. New version Rapid STP doesn'​t have ''​blocking''​ port, rather has ''​alternate''​ port. Theory goes on the table, practicaly you doesn'​t have to know anything. Just type
 +<​code>​
 +spanning-tree mode rapid-pvst
 +</​code>​
 +
 +
 +===== Can I see STP?======
 +<​code>​
 +show spanning-tree vlan 98
 +</​code>​
 +
 +
 +===== Little security ========
 +Let's suppose you're running an office network with STP. What if someone sent bad ''​BPDU''​ frames to you switches? He could re-route all the traffic throught his black-hat-notebook
 +{{ :​linux:​skoleni:​black-hat-notebook.jpeg|}}
 +
 +You can filter or guard incomming ''​BPDU''​ packets
 +  * filter - ignores and discard the packet
 +  * guard - the port is put in the error-disabled state
 +<​code>​
 +Switch(config-if)#​ spanning-tree portfast bpdufilter default
 +Switch(config-if)#​ spanning-tree bpduguard enable
 +</​code>​
  
 There is no //more or less// static arp, but the interval could be longer. There is no //more or less// static arp, but the interval could be longer.
  
 
linux/skoleni/cisco.1445122595.txt.gz · Last modified: 2015/10/18 00:56 by admin