- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:skoleni:cisco [2015/10/18 01:48] admin [STP - What it solves?] |
linux:skoleni:cisco [2015/10/18 14:02] (current) admin [STP - What it solves?] |
||
|---|---|---|---|
| Line 38: | Line 38: | ||
| </code> | </code> | ||
| + | |||
| + | ==== Creating broadcast storm==== | ||
| + | First create a loop, then we disable stp and finaly one ping will send arp broadcast. Lets suppose the loop goes from port fa0/5 somewhere. Clear the counters and check the state of interface | ||
| + | <code> | ||
| + | show interface fa0/5 | ||
| + | clear counters | ||
| + | show interface fa0/5 | ||
| + | </code> | ||
| + | no spanning-tree vlan 1 | ||
| + | And check vlans by | ||
| + | show vlan brief | ||
| + | Assign random IP to layer 3 interface vlan 1 and ping | ||
| + | <code> | ||
| + | conf t | ||
| + | int vlan 1 | ||
| + | ip 1.0.0.1 255.0.0.0 | ||
| + | no shut | ||
| + | end | ||
| + | </code> | ||
| + | Check it by | ||
| + | show ip int brief | ex una | ||
| + | and ping, just once | ||
| + | ping 1.0.0.2 repeat 1 | ||
| + | Check the interface with loop on vlan 1 | ||
| + | show interface fa0/5 | ||
| =====STP===== | =====STP===== | ||
| {{ :linux:skoleni:stp-cost.png |}} | {{ :linux:skoleni:stp-cost.png |}} | ||
| Line 43: | Line 68: | ||
| =====PVST+ - VLAN time===== | =====PVST+ - VLAN time===== | ||
| {{ :linux:skoleni:stp-pvst.png |}} | {{ :linux:skoleni:stp-pvst.png |}} | ||
| + | We make switch **A** root for VLAN 10 | ||
| <code> | <code> | ||
| spanning-tree mode pvst | spanning-tree mode pvst | ||
| - | spanning-tree vlan 98 priority 16384 | + | spanning-tree vlan 10 priority 16384 |
| </code> | </code> | ||
| + | And switch **B** root for VLAN 20 | ||
| + | <code> | ||
| + | spanning-tree mode pvst | ||
| + | spanning-tree vlan 20 priority 16384 | ||
| + | </code> | ||
| + | |||
| + | See what happens: | ||
| + | {{ :linux:skoleni:stp-pvst-solved.png |}} | ||
| ===== RSTP - Is STP slow?===== | ===== RSTP - Is STP slow?===== | ||
| Yes, it is. New version Rapid STP doesn't have ''blocking'' port, rather has ''alternate'' port. Theory goes on the table, practicaly you doesn't have to know anything. Just type | Yes, it is. New version Rapid STP doesn't have ''blocking'' port, rather has ''alternate'' port. Theory goes on the table, practicaly you doesn't have to know anything. Just type | ||
| Line 64: | Line 98: | ||
| Let's suppose you're running an office network with STP. What if someone sent bad ''BPDU'' frames to you switches? He could re-route all the traffic throught his black-hat-notebook | Let's suppose you're running an office network with STP. What if someone sent bad ''BPDU'' frames to you switches? He could re-route all the traffic throught his black-hat-notebook | ||
| {{ :linux:skoleni:black-hat-notebook.jpeg|}} | {{ :linux:skoleni:black-hat-notebook.jpeg|}} | ||
| + | |||
| + | You can filter or guard incomming ''BPDU'' packets | ||
| + | * filter - ignores and discard the packet | ||
| + | * guard - the port is put in the error-disabled state | ||
| + | <code> | ||
| + | Switch(config-if)# spanning-tree portfast bpdufilter default | ||
| + | Switch(config-if)# spanning-tree bpduguard enable | ||
| + | </code> | ||
| There is no //more or less// static arp, but the interval could be longer. | There is no //more or less// static arp, but the interval could be longer. | ||
linux/skoleni/cisco.1445125704.txt.gz · Last modified: 2015/10/18 01:48 by admin