Optional-Spanning-tree-Features_5
Root Guard ・If superior BPDU is received port shut down
SW1(config)#int range e0/0-1, e1/0-1 SW1(config-if-range)#spanning-tree guard root SW1#show spanning-tree interface e0/0 detail | i Port|Root Port 1 (Ethernet0/0) of VLAN0001 is designated forwarding Port path cost 100, Port priority 128, Port Identifier 128.1. Root guard is enabled on the port Port 1 (Ethernet0/0) of VLAN0002 is designated forwarding Port path cost 100, Port priority 128, Port Identifier 128.1. Root guard is enabled on the port Port 1 (Ethernet0/0) of VLAN0005 is designated forwarding Port path cost 100, Port priority 128, Port Identifier 128.1. Root guard is enabled on the port (omit) SW1#debug spanning-tree events Spanning Tree event debugging is on SW2(config)#spanning-tree vlan 2 priority 0 SW1# *May 31 11:59:06: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et1/1 *May 31 11:59:06: supersedes 4098-aabb.cc00.0100 %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port Ethernet1/1 on VLAN0002. *May 31 11:59:06: STP[2]: Generating TC trap for port Ethernet1/1 *May 31 11:59:06: STP: VLAN0002 Et1/1 -> blocking *May 31 11:59:06: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et1/0 *May 31 11:59:06: supersedes 4098-aabb.cc00.0100 *May 31 11:59:06: STP[2]: Generating TC trap for port Ethernet1/0 *May 31 11:59:06: STP: VLAN0002 Et1/0 -> blocking *May 31 11:59:07: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et0/1 *May 31 11:59:07: supersedes 4098-aabb.cc00.0100 *May 31 11:59:07: STP[2]: Generating TC trap for port Ethernet0/1 *May 31 11:59:07: STP: VLAN0002 Et0/1 -> blocking *May 31 11:59:07: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et0/0 *May 31 11:59:07: supersedes 4098-aabb.cc00.0100 *May 31 11:59:07: STP[2]: Generating TC trap for port Ethernet0/0 *May 31 11:59:07: STP: VLAN0002 Et0/0 -> blocking *May 31 11:59:08: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et0/1 *May 31 11:59:08: supersedes 4098-aabb.cc00.0100 *May 31 11:59:08: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et0/0 *May 31 11:59:08: supersedes 4098-aabb.cc00.0100 (omit) SW1#sh spanning-tree vl 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 4098 Address aabb.cc00.0100 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4098 (priority 4096 sys-id-ext 2) Address aabb.cc00.0100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Desg BKN*100 128.1 Shr *ROOT_Inc Et0/1 Desg BKN*100 128.2 Shr *ROOT_Inc Et1/0 Desg BKN*100 128.5 Shr *ROOT_Inc Et1/1 Desg BKN*100 128.6 Shr *ROOT_Inc SW1#show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ------------------------ ------------------ VLAN0002 Ethernet0/0 Root Inconsistent VLAN0002 Ethernet0/1 Root Inconsistent VLAN0002 Ethernet1/0 Root Inconsistent VLAN0002 Ethernet1/1 Root Inconsistent Number of inconsistent ports (segments) in the system : 4
SW1 immediately shut down ports if ports that enabled Root-Guard received superior BPDU.
SW2#sh spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 2 Address aabb.cc00.0200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 2 (priority 0 sys-id-ext 2) Address aabb.cc00.0200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Desg FWD 100 128.1 Shr Et0/1 Desg FWD 100 128.2 Shr Et1/0 Desg FWD 100 128.5 Shr Et1/1 Desg FWD 100 128.6 Shr SW3#sh spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 2 Address aabb.cc00.0200 Cost 200 Port 5 (Ethernet1/0) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address aabb.cc00.0300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Desg FWD 100 128.1 Shr Et0/1 Desg FWD 100 128.2 Shr Et1/0 Root FWD 100 128.5 Shr Et1/1 Altn BLK 100 128.6 Shr SW4#sh span vl 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 2 Address aabb.cc00.0200 Cost 100 Port 1 (Ethernet0/0) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 8194 (priority 8192 sys-id-ext 2) Address aabb.cc00.0400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Root FWD 100 128.1 Shr Et0/1 Altn BLK 100 128.2 Shr Et1/0 Desg FWD 100 128.5 Shr Et1/1 Desg FWD 100 128.6 Shr
SW2(config)#no spanning-tree vlan 2 priority 0 SW1# *May 31 12:46:52: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et1/1 *May 31 12:46:52: supersedes 4098-aabb.cc00.0100 *May 31 12:46:52: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et1/0 *May 31 12:46:52: supersedes 4098-aabb.cc00.0100 *May 31 12:46:52: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et0/1 *May 31 12:46:52: supersedes 4098-aabb.cc00.0100 *May 31 12:46:52: STP: VLAN0002 heard root 2-aabb.cc00.0200 on Et0/0 *May 31 12:46:52: supersedes 4098-aabb.cc00.0100 *May 31 12:46:54: STP: VLAN0002 heard root 32770-aabb.cc00.0200 on Et1/1 *May 31 12:46:54: STP: VLAN0002 heard root 32770-aabb.cc00.0200 on Et1/0 *May 31 12:46:54: STP: VLAN0002 Topology Change rcvd on Et1/0 %SPANTREE-2-ROOTGUARD_UNBLOCK: Root guard unblocking port Ethernet0/1 on VLAN0002. *May 31 12:47:10: STP: VLAN0002 we are the spanning tree root *May 31 12:47:10: STP: VLAN0002 Et0/1 -> listening *May 31 12:47:10: STP: VLAN0002 we are the spanning tree root *May 31 12:47:10: STP: VLAN0002 Et0/0 -> listening *May 31 12:47:11: STP: VLAN0002 heard root 32770-aabb.cc00.0300 on Et0/1 *May 31 12:47:11: STP: VLAN0002 heard root 32770-aabb.cc00.0300 on Et0/0 *May 31 12:47:11: STP: VLAN0002 Topology Change rcvd on Et0/1 %SPANTREE-2-ROOTGUARD_UNBLOCK: Root guard unblocking port Ethernet1/1 on VLAN0002. *May 31 12:47:12: STP: VLAN0002 we are the spanning tree root *May 31 12:47:12: STP: VLAN0002 Et1/1 -> listening *May 31 12:47:12: STP: VLAN0002 we are the spanning tree root *May 31 12:47:12: STP: VLAN0002 Et1/0 -> listening *May 31 12:47:13: STP: VLAN0002 Topology Change rcvd on Et0/0 *May 31 12:47:14: STP: VLAN0002 Topology Change rcvd on Et1/0 *May 31 12:47:25: STP: VLAN0002 Et0/1 -> learning *May 31 12:47:25: STP: VLAN0002 Et0/0 -> learning *May 31 12:47:27: STP: VLAN0002 Et1/1 -> learning *May 31 12:47:27: STP: VLAN0002 Et1/0 -> learning *May 31 12:47:40: STP[2]: Generating TC trap for port Ethernet0/1 *May 31 12:47:40: STP: VLAN0002 Et0/1 -> forwarding *May 31 12:47:40: STP[2]: Generating TC trap for port Ethernet0/0 *May 31 12:47:40: STP: VLAN0002 Et0/0 -> forwarding *May 31 12:47:41: STP: VLAN0002 Topology Change rcvd on Et0/0 *May 31 12:47:42: STP[2]: Generating TC trap for port Ethernet1/1 *May 31 12:47:42: STP: VLAN0002 Et1/1 -> forwarding *May 31 12:47:42: STP[2]: Generating TC trap for port Ethernet1/0 *May 31 12:47:42: STP: VLAN0002 Et1/0 -> forwarding SW1#sh spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 4098 Address aabb.cc00.0100 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4098 (priority 4096 sys-id-ext 2) Address aabb.cc00.0100 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Desg FWD 100 128.1 Shr Et0/1 Desg FWD 100 128.2 Shr Et1/0 Desg FWD 100 128.5 Shr Et1/1 Desg FWD 100 128.6 Shr
when SW2 stop receiving superior BPDUs,
ports are changed forwarding status via transition of spanning-tree.
