Config Lab: RSTP Config 2

 In 200-301 V1 Ch10: RSTP and EtherChannel, 200-301 V1 Part 3: VLANs, STP, 200-301 V1 Parts, CML-Free-Labs, Config Lab, Config Lab CCNA Vol 1 Part 3, Hands-on
26

LAN switches use many default settings that work without you having to do anything, and oftentimes, you can leave those default settings as-is. However, with Spanning Tree Protocol (STP), and its better cousin Rapid STP (RSTP), you should configure some settings based on a few design goals. This config lab works through some of the more common configuration settings to influence the choice of root switch and designated ports.

Config-Lab-V2-w300
More about Config Labs

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Lab Requirements

This lab begins with a working network. It shows two PCs in each of the two separate VLANs/Subnets, with a router to router packets between the subnets. In fact, if you implement the lab as shown and use only the initial configuration, all the PCs should be able to ping each other.  In that case, STP/RSTP works with all default configuration settings.

(You may want to spend a little more time than usual checking out the detailed initial configuration. Also, if you plan to implement the lab for yourself in Cisco Packet Tracer or elsewhere, you may find it useful to implement the initial configuration and examine the VLANs, VLAN trunking, ROAS, and STP/RSTP behavior before performing the configuration.)

Once you understand the initial configuration, configure some common best practices for STP/RSTP in LANs. Specifically:

  1. Use default STP/RSTP settings unless you need the setting to implement the lab.
  2. Configure all switches to use per-vlan RSTP rather than per-vlan STP.
  3. Root Switch in VLAN 10:
    1. Configure the RSTP priority directly, as needed, so that Dist2 has the best RSTP priority and Dist1 has the second best.
    2. The priority settings on switches Access3 and Access4 may tie but must have a worse priority than Dist1 and Dist2.
    3. Configure the priority values directly. That is, do not use the spanning-tree root command.
    4. Multiple possible answers exist. To match the answers post, change the priority values as little as possible compared to the default settings. For example, if you could lower a setting by 1 or 2 to achieve the goal, lower it by 1.
  4. Root Switch in VLAN 11:
    1. Configure the RSTP priority using the spanning-tree vlan x root command so that Dist1 becomes the root switch, but Dist2 becomes the root if Dist1 fails.
    2. Switches Access3 and Access4 may tie with each other but must have a worse priority than Dist1 and Dist2.
  5. RSTP Optimizations: Portfast and BPDU Guard
    1. Configure Portfast on the switch ports connected to the PCs using interface subcommand(s).
    2. Configure BPDU Guard on those same ports, again using interface subcommand(s).

Figure 1: RSTP Topology for this Lab

 

Initial Configuration

The four switches have no pre-configuration related to RSTP. However, all the switches use VLAN trunking on the links between switches. They also use VTP mode transparent, requiring the VLANs to be configured on each switch. So, each switch shows both VLAN 10 and 11 as preconfigured. For information about the PCs and the router, look below these next four examples.

hostname Dist1
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/2
 description Trunk link to Dist2
 switchport mode trunk
!
interface GigabitEthernet1/1/3
 description Trunk link to Access3
 switchport mode trunk
!
interface GigabitEthernet1/1/4
 description Trunk link to Access4
 switchport mode trunk
!
interface GigabitEthernet1/0/1
 description Trunk to R1
 switchport mode trunk

Example 1: Dist1 Config

 

hostname Dist2
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/1
 description Trunk link to Dist1
 switchport mode trunk
!
interface GigabitEthernet1/1/3
 description Trunk link to Access3
 switchport mode trunk
!
interface GigabitEthernet1/1/4
 description Trunk link to Access4
 switchport mode trunk

Example 2: Dist2 Config

 

hostname Access3
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/1
 description Trunk link to Dist1
 switchport mode trunk
!
interface GigabitEthernet1/1/2
 description Trunk link to Dist2
 switchport mode trunk
!
interface GigabitEthernet1/0/11
 description Access link to PC11
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet1/0/21
 description Access link to PC21
 switchport mode access
 switchport access vlan 11

Example 3: Access3 Config

 

hostname Access4
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/1
 description Trunk link to Dist1
 switchport mode trunk
!
interface GigabitEthernet1/1/2
 description Trunk link to Dist2
 switchport mode trunk
!
interface GigabitEthernet1/0/12
 description Access link to PC12
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet1/0/22
 description Access link to PC22
 switchport mode access
 switchport access vlan 11

Example 4: Access4 Config

 

The four PCs connect to two different access VLANs and subnets, as follows:

  • PC11 and PC12: VLAN 10, subnet 10.1.10.0/24, gateway 10.1.10.1.
  • PC21 and PC22: VLAN 11, subnet 10.1.11.0/24, gateway 10.1.11.1.

R1 uses a router-on-a-stick (ROAS) configuration to support the subnets. With the initial topology and device configurations, the PCs should be able to ping each other and the default gateway. Their initial configurations are shown next.

 

Address: 10.1.10.11
Mask: 255.255.255.0
Gateway: 10.1.10.1

Example 5: PC11 Configuration Settings

Address: 10.1.10.12
Mask: 255.255.255.0
Gateway: 10.1.10.1

Example 6: PC12 Configuration Settings

Address: 10.1.11.21
Mask: 255.255.255.0
Gateway: 10.1.11.1

Example 7: PC21 Configuration Settings

Address: 10.1.11.22
Mask: 255.255.255.0
Gateway: 10.1.11.1

Example 8: PC22 Configuration Settings

 

hostname R1
!
interface gigabitethernet0/1
 no shutdown
!
interface gigabitethernet0/1.10
 encapsulation dot1q 10
 ip address 10.1.10.1 255.255.255.0
!
interface gigabitethernet0/1.11
 encapsulation dot1q 11
 ip address 10.1.11.1 255.255.255.0

Example 9: Router R1 Configuration Settings

 

Finally, you can proceed with the lab based on the above introduction. However, if you want a little different take about the scenario for this lab, check out this video:

Answer Options - Click Tabs to Reveal

Option 1: Paper/Editor

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

Option 2: Cisco Packet Tracer

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

Option 3: Cisco Modeling Labs

This Lab Supports Both CML-Free and CML-Personal!!!

The downloadable file listed here works in both CML-P or CML-F because it uses the IOL (router) and IOL-L2 (switch) reference platform images supported by both products as of CML V2.8. Note that these images also require less CPU and RAM than the other CML-P options.

Use the same general workflow as with Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML.
  3. Start the lab in CML.
  4. Compare the CML lab topology and interface IDs to this lab Blog page, as they may differ (more detail below).
  5. Add your planned configuration to the lab, adjusting for interface ID differences.
  6. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Interface ID Differences:

The lab diagrams on this page use interface IDs (IIDs) that match the Packet Tracer version of the lab. When using CML, adjust the lab IIDs based on this table. Also, note that the IOL and IOL-L2 images used by the supplied CML file support only the “Ethernet” interface type, and not “FastEthernet” or “GigabitEthernet”.

The conventions for this lab are:

  • All Gigabit interface types become Ethernet.
  • All Gigabit interface numbers in the pattern G1/1/x become E0/x (with two exceptions):
    • The two exceptions: The two interfaces G1/1/4 become E0/0.
  • Two interfaces do not follow the G1/1/x pattern: The interfaces on the link between router R1 and switch Dist1. Use E0/1 for the IID on both ends of that link.
Port Shown in Lab  CML Port
G1/1/1 E0/1
G1/1/2 E0/2
G1/1/3 E0/3
G1/1/4 E0/0
G1/0/1 E0/1
G0/1 E0/1

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Lab Configuration

Lab Answers

spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 28672
spanning-tree vlan 11 root primary

Example: Dist1 Config

 

spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 24576 
spanning-tree vlan 11 root secondary

Example: Dist2 Config

 

spanning-tree mode rapid-pvst
!
interface GigabitEthernet1/0/11
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21 
 spanning-tree portfast 
 spanning-tree bpduguard enable

Example: Access3 Config

 

spanning-tree mode rapid-pvst
!
interface GigabitEthernet1/0/12
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
 spanning-tree portfast
 spanning-tree bpduguard enable

Example: Access4 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Lab Commentary

Lab Commentary

The lab gives different requirements for RSTP in VLAN 10 versus VLAN 11. In production networks, engineers often do the same, making one distribution switch act as the root switch in some VLANs and another distribution switch act as root in other VLANs. Additionally, it makes the most sense to use only distribution switches as root switches, so configuring both distribution switches with lower STP/RSTP priority makes good sense.

For this lab, the configuration should change the base priority as follows:

VLAN 10:

  • Dist1: 28,672
  • Dist2: 24,576

VLAN 11:

  • Dist1: 24,576
  • Dist1: 28,672

The lab asked you to use two different styles to configure those settings. For VLAN 10, you were to set the base priority using the number (for example, the spanning-tree vlan 10 priority 28672 global command on Dist1) while using the spanning-tree vlan 11 root primary and the spanning-tree vlan 11 root secondary commands for VLAN 11. For VLAN 11, the switches look at the then-current VLAN 11 priority settings, choose appropriate values, and configure the spanning-tree vlan 11 priority command. Make sure to look in the configuration file once you complete the configuration steps.

The other lab requirement asked you to configure portfast and BPDU guard on the access ports. To do so, add the spanning-tree portfast and spanning-tree bpduguard enable commands to those ports.

Known Packet Tracer Issues

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 VLAN trunking requires the switchport trunk encapsulation command Old Cisco switches supported both ISL (older) and 802.1Q (newer) trunking protocol options, so those switches required the switchport trunk encapsulation command to be configured on VLAN trunks. Cisco Packet Tracer switches use this same logic, while Cisco switches produced since around 2010 support 802.1Q only.
2 Packet Tracer does not support multiple VLANs in the global vlan command The initial configuration shows the command vlan 10,11 – legal on real Cisco switches but rejected by Cisco Packet Tracer. Instead, configure the VLANs on separate vlan commands.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Known CML Issues

Known Issues in this Lab w/ CML

This tab lists known issues with running this lab in CML with the supplied file. The issues are:

# Summary Detail
1 No known issues. .

 

Why Would CML Have Issues?

(Note: The text below is the same as every Config Lab.)

CML supports a variety of Cisco operating systems (called reference platforms.) To make them work in CML, Cisco makes some adjustments to the code. Also, because no real router or switch hardware exists, some software features do not work the same when running in CML versus a real Cisco device. When we come across any difference when testing the lab, we’ll try to leave a note just above in case it helps you with the lab.

Verification Tips

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. Verify VLAN 10 STP/RSTP as follows:
    1. Issue the show spanning-tree vlan 10 command on all the switches. Note the root switch’s STP/RSTP Bridge ID (BID) and check to confirm that Dist2 is the root switch.
    2. From that same command, examine the base priority of each of the four switches. Dist2 should have a priority of 24,576, Dist1 should have a priority of 28,672, with Access3 and Access4 using default settings of 32,768.
  2. Verify VLAN 11 STP/RSTP as follows:
    1. Issue the show spanning-tree vlan 11 command on all the switches. Note the root switch’s STP/RSTP Bridge ID (BID) and check to confirm that Dist1 is the root switch.
    2. From that same command, examine the base priority of each of the four switches. Dist1 should have a priority of 24,576, Dist2 should have a priority of 28,672, with Access3 and Access4 using default settings of 32,768.
    3. Examine the running-config on Dist1 and Dist2. Note that the spanning-tree root primary and spanning-tree root secondary commands should not exist in the configuration; instead, you should see the spanning-tree vlan 11 priority command.
  3. Confirm that the access ports have portfast and BPDU Guard enabled on the access ports in switches Access3 and Access4:
    1. Issue the show spanning-tree detail command on each switch.
    2. Search for two separate lines for each access interface: one that mentions that Portfast mode and the other mentions that BPDU Guard is enabled.
Config Lab: RSTP Config 1
Config Lab: L2 EtherChannel 1
Subscribe
Notify of
guest

26 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
wm

Hi, how do I confirm that the access ports have portfast and BPDU Guard enabled on the access ports in switches Access3 and Access4 using the show spanning-tree detail command on each switch. Did not find any line indicating the Portfast mode and that BPDU Guard is enabled.

0
Reply
certskills

Hi WM,
I agree, that command doesn’t tell you the status for portfast or for BPDUGuard. I’d suggest a show running-config for starters. Then **show spanning-tree interface g1/0/11 detail” confirms portfast. Couldn’t find a command supported in PT that shows the BPDU Guard state. 🙁

4
Reply
Pedro

Hi Wendell,
For the section which asks to configure switch Dist2 with a better priority than switch Dist1 for vlan 10, I configured Dist 2 with priority 28672. I left the default for Dist1 and configured priority number 40960 for both access switches. Does my approach satisfy the lab’s requirement? Thank you for your time.

0
Reply
certskills

Pedro,
Short answer is “yes”. Most importantly, sounds like you understand how it works! I’m much less interested in configuring a lab per the words in the lab, and much more interested that folks learn how the features work. All good here!
Wendell

0
Reply
John r

Hello Wendell,

Firstly thank you for the lab.

Do you mind I ask with regards, to the spanning-tree portfast
spanning-tree bpduguard enable
Commands

The command was not mentioned in chapter 10, but it was mentioned in the chapter 10 Appendixs.

So therefore, could it come in the exam?

0
Reply
certskills

Hi John,
You’re quite welcome!
Honestly, my little blog, a free-to-all labor of love, suffers a bit in regards to older posts versus the current exams. I’ve got useful posts here in the blog from 10 years ago, for instance. But Each CCNA exam both removes and adds topics, so sometimes you have old posts that I wrote when a topic was in the then-current books, but time passed, exams changed, and the now-current books don’t cover a topic. This one’s just such an example.
So, on anything about scope, trust the books, not the blog site.
On your core question, I couldn’t answer if a specific command or fact is or isn’t on the exam. I can give you my opinion about what’s in the exam topics, and those would be opinions. But Cisco doesn’t tell the world what’s in any of their exams to that level of specificity. However, if you didn’t happen to read it, check out the heading “The Context Surrounding the Exam Topics” in the Introduction to either the CCNA 200-301 Volume 1 or 2 books. That gives some good background info. And on this specific command, note that the exam topics about Spanning Tree do not use the “configure” verb…
Hope this helps,
Wendell

0
Reply
Jay Mahannah

2022 Update for Packet Tracer 8.2 (Mac) shows the BPDU command as the following:

(config-if)# spanning-tree guard root

0
Reply
Wendell Odom

Hi Jay,
That command is for a different STP feature called root guard. FYI.
Wendell

0
Reply
Suranga Kulasekara

Hi Wendell, I’m studyng with your CCNA book and have question about STP root cost, as attached screenshot, how do you get root cost as “5” in this topology? SW3, g0/1 cost is 5 in this example and need to know how it become 5. as if it is gig interface, cost is 4.

0
Reply
Wendell Odom

Hi Suranga,
The short version: The interface isn’t using the default STP cost. I agree, the default would be 4. The example doesn’t offer or discuss config, but it does state the interface costs in the figure. So an interface with a non-default cost must have been configured to use that cost setting.
Hope this helps,
Wendell

0
Reply
Eliseo_CL

Here are my configurations 😁.
With this second lab I noticed my priorities were wrong in 1st Lab (because I forgot that higher priority is worse).

Also, regarding the portfast and BPDU guard I didn’t know the commands, then looked in my Volume 1 book for reference but I didn’t find any command reference neither in chapter 9 nor 10 (probably there are some references in Appendix, but at the moment I’ve only read until page 257. So had to look for these commands in internet 😅)

Dist1
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 24576
 #(c)#spanning-tree vlan 11 root primary
 #(c)#do wr
 #(c)#end
 
Dist2
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 20480
 #(c)#spanning-tree vlan 11 root secondary
 #(c)#do wr
 #(c)#end
 
Access3
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 28672
 #(c)#interface Gi1/0/11
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#interface Gi1/0/21
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#do wr
 #(c-if)#end
 
 Access4
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 28672
 #(c)#interface Gi1/0/12
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#interface Gi1/0/22
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#do wr
 #(c-if)#end

Last edited 1 year ago by Eliseo_CL
1
Reply
Wendell Odom

Yeah, there’s less emphasis on STP config/verification for the CCNA 200-301 V1.0 blueprint. An interesting choice by Cisco. Indeed, some of the material from previous editions is in one of the PDF appendices on the companion website. Just not in the book, so as to not make it even larger.

0
Reply
Sana

hello
i enabled bpduguard and portfast on both A3 and A4.
show spanning-tree summary
shows the portfast and bpdu guard disabled by default .

i think this is issue with pkt tracer
by above comments i used sh running config
and it showed both enabled
thanks

Last edited 1 year ago by Sana
0
Reply
Wendell Odom

Hi Sana,
I haven’t looked at CPT and it’s show command output related to BPDU Guard before. I’d be willing. Can you leave me a copy of exactly what you configured? (It matters to what a real switch would show in show command output.)
W

0
Reply
Sana

i didnt save the lab but all configurations were almost same when i chked the answers from
above.
here i only configured 1 interface of A4.
(no other configurations are done asked in lab)
Regards

Access4(config)#spanning-tree mode rapid-pvst
Access4(config)#inte
Access4(config)#interface g1/0/12
Access4(config-if)#sp
Access4(config-if)#spa
Access4(config-if)#spanning-tree ?
bpduguard Don’t accept BPDUs on this interface
cost Change an interface’s spanning tree port path cost
guard Change an interface’s spanning tree guard mode
link-type Specify a link type for spanning tree protocol use
portfast Enable an interface to move directly to forwarding on link up
vlan VLAN Switch Spanning Tree
Access4(config-if)#spanning-tree b
Access4(config-if)#spanning-tree bpduguard en
Access4(config-if)#^Z
Access4#
%SYS-5-CONFIG_I: Configured from console by console

******************sh spanning -tree summary showing bpdu disabled*********************

Access4#sh spanning-tree su
Access4#sh spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for:
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled

EtherChannel misconfig guard is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active
———————- ——– ——— ——– ———- ———-
VLAN0001 4 0 0 0 4
VLAN0010 3 0 0 1 4
VLAN0011 3 0 0 1 4

———————- ——– ——— ——– ———- ———-
3 vlans 10 0 0 2 12

Access4#sh ru
Access4#sh running-config
Building configuration…

Current configuration : 1756 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Access4
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain-lookup
!
!
vtp mode transparent
!
spanning-tree mode rapid-pvst
!
!
!
!
!
!
vlan 10
!
vlan 11
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11

*************************************show running config (bpdu guard enabled)************

!
interface GigabitEthernet1/0/12
description Access link to PC12
switchport access vlan 10
switchport mode access
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/

0
Reply
Sana

i see why the first one was showing bpdu disable by default . cuz portfast bpdu is globally disabled there.

so only sh- running config shows about bpduguard per interface.(lab condition)

but if i enable it globally i cn see the
bpdu enabled globally here.

Enter configuration commands, one per line. End with CNTL/Z.

Access3(config)#spanning-tree portfast bpduguard default 

Access3#sh spanning-tree summary 
Switch is in pvst mode
Root bridge for: default VLAN0010 VLAN0011
Extended system ID      is enabled

Portfast Default       is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default      is disabled
EtherChannel misconfig guard is disabled

0
Reply
Wendell Odom

Hi Sana,
Yes, the show command you’re using – show spanning-tree summary – lists the settings of several of the global commands related to optional STP features. Interestingly, using the global settings isn’t always straightforward, and can change the logic of what’s implemented. It’s one of the topics I’ve tried to make clear in the content in the new 2024 books, and in some YouTube videos on STP that’ll publish in the next month or so.
Anyway, the trick is to rely on “show spanning-tree vlan x interface y [detail]”. The detail option will show you if the feature (BPDU Guard, BPDU Filter, Root Guard, Loop Guard) is enabled on the interface, and per which config style (interface subcommand or global command.) Sometimes you get a clue from this command without the detail keyword, eg, the phrase “P2p Edge” at the far right of a line for an interface denotes Port Fast is enabled on the port.
Note that in the output with the “detail” keyword, the output will list “by default” (literally) to denote that the global command (that has the word “default” in it), and omit the “by default” phrase when it’s an interface subcommand.
Fun stuff…

PS A quick check of “show spanning-tree int g1/0/1 detail” in this lab, w/ “spanning-tree bpduguard enable” configured as an interface subcommand, does NOT match real gear’s output. It’s silent about enabling BPDU Guard.

OK, that’s enough, follow up if interested… 🙂

2
Reply
Mizael

Hello Wendell,
Thank you for the labs! I followed your advice on super charger my lab on PT and tried to predict the RSTP results. These were my predictions after the vlan 10 configuration:
*DIST 1
G1/1/2 is RP
G1/1/3 is DP (wins election vs Access 3 due to the lower priority configured)
G1/1/4 is DP (wins election vs Access 4 due to the lower priority configured)
*DIST 2 (Root switch per the configured lowest priority)
All ports are DP due to being the root switch
*ACCESS 3
G1/1/1 is blocked/discarding due to the loss DP election vs DIST1
G1/1/2 is RP
Ports connected to end users are DP
*ACCESS 4
G1/1/2 is RP
G1/1/1 is blocked/discarding due to the loss DP election vs DIST1
*Ports connected to end users are DP

Like I said, I did my lab in PT. I just need to know if my predictions were correct because when is tried and verify them using the show spanning-tree vlan 10 commands I was getting some weird interactions and I was getting confused. The first time it showed me that the ports of Access3 and Access4 connected to Dist1 were DP and won the election over Dist 1 even though the configured priority in Dist 1 was lower. I tried the lab again and this time it clearly showed that Dist 2 was the root switch but had its G1/1/4 in BLK state? I thought all ports in the root switch were supposed to be DP. I tried the lab again without rapid-pvst and using the root primary/secondary commands and the show spanning-tree vlan 10 commands checked out with my predictions. Perhaps something happens when the priorties are changed numerically in rapid-pvst? Or did I make a mistake? I didn’t want to try to predict vlan 11 before being sure I did it right, or wrong.

Thanks!

0
Reply
Hilmer J

Hi Mr. W. Odom,

I share the setting that I did on this lab:
====================================

# DIST 1
spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 4096
spanning-tree vlan 11 priority 24576

# DIT 2
spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 0
spanning-tree vlan 11 priority 28672

# ACCESS 3
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default

interface GigabitEthernet1/0/11
 description Access link to PC11
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

interface GigabitEthernet1/0/21
 description Access link to PC21
 switchport access vlan 11
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

# ACCESS 4

interface GigabitEthernet1/0/12
 description Access link to PC12
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
 
 interface GigabitEthernet1/0/22
 description Access link to PC22
 switchport access vlan 11
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

====================================

I have a dude turns out that when I enabled the feature of  spanning-tree vlan x root primary / secondary I could see on the sh run configuration that a value was put on the line of command. Do you know why this happened?

Best

0
Reply
Wendell Odom

Hi again Hilmer,
Yeah. That command w/ the primary option tells the switch to calculate the base cost that’s 2*4096 (that is, 8192) lower than the current root switch’s base STP cost, and use that. Then it stores the spanning-tree vlan x priority y command with that new value in it. Effectively, the command, ONE TIME, does that calculation for you. It does NOT continue to monitor for other root switches and dynamically react to future changes in some other root’s priority.
If you have my books, check out “Switch Priority Using Root Primary and Secondary” in vol 1 Chap 10 of the current edition for a little more on the topic.

0
Reply
Xiaoming

is this right ?

Dist1#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 10
Address 00D0.D3CE.856A
Cost 4
Port 26(GigabitEthernet1/1/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4106 (priority 4096 sys-id-ext 10)
Address 00D0.584B.214A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi1/0/1 Desg FWD 4 128.1 P2p
Gi1/1/2 Root FWD 4 128.26 P2p
Gi1/1/3 Altn BLK 4 128.27 P2p
Gi1/1/4 Altn BLK 4 128.28 P2p

I thought Gi1/1/3 and 4 should be DP.
Am I missing something about tiebreaker?

0
Reply
Wendell Odom

Hi Xiaoming,
From that output, looks like you didn’t config exactly like the lab’s answer. You gave Dist2 base priority 0, and the other three switches base priority 4096. Then, on the DP choice on Dist1’s G1/0/3 and 4 ports, looks like Access3 and Access 4 won the tiebreaker on lowest bridge ID, although I can’t tell for sure based on the info in the output. If you go back in and give Access3 and 4 the default base priority of 32,768, that should get you to the topology you expected.

0
Reply
Xiaoming

Thank you for replying, I will recheck.

0
Reply
Xiaoming

I have checked, I saved the config and reloaded the pkt file. The result went correctly.

0
Reply
Nick

I need assistance, when i run the “show spanning-tree” command on switch1 it shows the the priority # as 32779 in VLAN 11.However it shows the modified priority # on vlan 10 as 28672

Last edited 17 days ago by Nick
0
Reply
Wendell Odom

Hi Nick,
For VLAN 10, I would expect Dist1’s base priority to be 28672 per the requirements and sample solution config. In VLAN 10, Dist1 is configured with a base priority of 28672, so seeing Dist1’s priority as 28672 makes sense to me.

Dist1#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 00D0.D3CE.856A
Cost 4
Port 26(GigabitEthernet1/1/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28682 (priority 28672 sys-id-ext 10)
Address 00D0.584B.214A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

As for VLAN 11, the instruction imply that Dist1 and Dist2 should use “spanning-tree vlan 11 root primary” (and secondary). Those should change their base priority values in VLAN 11, and not show the 32768 base priority that you saw.

What did your chosen config for STP priority settings look like versus the suggested config? I think that might reveal what differences exist between what the lab was attempting to ask and where you may have landed.

0
Reply
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

26
0
Would love your thoughts, please comment.x
()
x