- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:skoleni:cisco [2015/10/18 01:16] admin [STP - What it solves?] |
linux:skoleni:cisco [2015/10/18 14:02] (current) admin [STP - What it solves?] |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| * redundant - badly placed cable, circles the network | * redundant - badly placed cable, circles the network | ||
| STP can fix all of the above. | STP can fix all of the above. | ||
| + | |||
| + | {{ :linux:skoleni:stp-broadcast-storm.png |}} | ||
| Redundant layer 2 redundacy problems | Redundant layer 2 redundacy problems | ||
| Line 37: | Line 39: | ||
| + | ==== Creating broadcast storm==== | ||
| + | First create a loop, then we disable stp and finaly one ping will send arp broadcast. Lets suppose the loop goes from port fa0/5 somewhere. Clear the counters and check the state of interface | ||
| + | <code> | ||
| + | show interface fa0/5 | ||
| + | clear counters | ||
| + | show interface fa0/5 | ||
| + | </code> | ||
| + | no spanning-tree vlan 1 | ||
| + | And check vlans by | ||
| + | show vlan brief | ||
| + | Assign random IP to layer 3 interface vlan 1 and ping | ||
| + | <code> | ||
| + | conf t | ||
| + | int vlan 1 | ||
| + | ip 1.0.0.1 255.0.0.0 | ||
| + | no shut | ||
| + | end | ||
| + | </code> | ||
| + | Check it by | ||
| + | show ip int brief | ex una | ||
| + | and ping, just once | ||
| + | ping 1.0.0.2 repeat 1 | ||
| + | Check the interface with loop on vlan 1 | ||
| + | show interface fa0/5 | ||
| + | =====STP===== | ||
| + | {{ :linux:skoleni:stp-cost.png |}} | ||
| - | PVST+ | + | =====PVST+ - VLAN time===== |
| + | {{ :linux:skoleni:stp-pvst.png |}} | ||
| + | We make switch **A** root for VLAN 10 | ||
| <code> | <code> | ||
| + | spanning-tree mode pvst | ||
| + | spanning-tree vlan 10 priority 16384 | ||
| + | </code> | ||
| + | |||
| + | And switch **B** root for VLAN 20 | ||
| + | <code> | ||
| + | spanning-tree mode pvst | ||
| + | spanning-tree vlan 20 priority 16384 | ||
| + | </code> | ||
| + | |||
| + | See what happens: | ||
| + | {{ :linux:skoleni:stp-pvst-solved.png |}} | ||
| + | ===== RSTP - Is STP slow?===== | ||
| + | Yes, it is. New version Rapid STP doesn't have ''blocking'' port, rather has ''alternate'' port. Theory goes on the table, practicaly you doesn't have to know anything. Just type | ||
| + | <code> | ||
| + | spanning-tree mode rapid-pvst | ||
| + | </code> | ||
| + | |||
| + | |||
| + | ===== Can I see STP?====== | ||
| + | <code> | ||
| + | show spanning-tree vlan 98 | ||
| + | </code> | ||
| + | |||
| + | |||
| + | ===== Little security ======== | ||
| + | Let's suppose you're running an office network with STP. What if someone sent bad ''BPDU'' frames to you switches? He could re-route all the traffic throught his black-hat-notebook | ||
| + | {{ :linux:skoleni:black-hat-notebook.jpeg|}} | ||
| + | |||
| + | You can filter or guard incomming ''BPDU'' packets | ||
| + | * filter - ignores and discard the packet | ||
| + | * guard - the port is put in the error-disabled state | ||
| + | <code> | ||
| + | Switch(config-if)# spanning-tree portfast bpdufilter default | ||
| + | Switch(config-if)# spanning-tree bpduguard enable | ||
| + | </code> | ||
| There is no //more or less// static arp, but the interval could be longer. | There is no //more or less// static arp, but the interval could be longer. | ||
linux/skoleni/cisco.1445123784.txt.gz · Last modified: 2015/10/18 01:16 by admin