Автор: Ben Piper
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119658801
isbn:
Unidirectional Link Detection
The Unidirectional Link Detection (UDLD) protocol detects and shuts down unidirectional links. A unidirectional link is usually caused by one strand of a fiber cable being damaged. When this occurs, a switch may be able to send BPDUs but not receive them. This can destabilize a Spanning Tree topology and cause lost traffic or bridging loops.
UDLD periodically tests for bidirectional communication between switches. It sends Hello packets to its neighbor by default every 15 seconds. The neighbor echoes the packets back. If the sender does not receive the echo, it assumes a unidirectional link and responds according to its configured UDLD mode.
There are two UDLD modes: normal and aggressive. In aggressive mode, UDLD will try eight times to reestablish a bidirectional connection with a neighbor. After that, it will place the entire interface into an error-disabled state. It's important to note that when UDLD disables the interface, it will stop all traffic on that interface.
You can enable UDLD on a per-interface basis, or you can have IOS automatically enable it on fiber-optic ports. The interface command to enable aggressive mode is udld port aggressive. In normal mode, UDLD will only detect a unidirectional link but won't disable the port. To enable normal mode, use the interface command udld port. To have IOS automatically enable UDLD normal or aggressive mode on all fiber-optic ports, use the global configuration command udld enable or udld aggressive, respectively.
Similar to BPDU Guard, if UDLD error-disables a port, you must either recover the port manually or configure error-disable recovery using the following global configuration commands:
errdisable recovery interval 30 errdisable recovery cause udld
Loop Guard
Loop Guard is a Spanning Tree extension that places a Spanning Tree port into a loop-inconsistent state if it fails to receive BPDUs for a VLAN. Unlike UDLD aggressive mode, which disables an interface, Loop Guard blocks ports on a per-VLAN basis. You can enable Loop Guard using the interface command spanning-tree guard loop.
Summary
As with any networking technology, practice and experience are going to do more to solidify your conceptual understanding of Spanning Tree than simply studying it. Be sure to work through the exercises at the end of this chapter until you feel comfortable completing them on your own without referencing anything else.
Having your VLANs and trunks set up properly is a prerequisite for configuring or troubleshooting Spanning Tree. A VLAN must be configured on a switch before a Spanning Tree instance can exist for it. And for multiple switches to participate in Spanning Tree for a VLAN, they need to have trunks with the VLAN allowed and active.
The most common Spanning Tree mode you'll encounter is RPVST+. It goes by a variety of names, including RSTP and 802.1w. Two things that make for a rapid convergence time are what set it apart from the original PVST+: the absence of timer-based port states and the introduction of link types.
MST is useful when you have a large number of VLANs. Rather than using RPVST+, which creates a separate Spanning Tree instance for each VLAN, MST lets you map multiple VLANs to a single instance.
Exam Essentials
Be able to determine the root bridge, root ports, and designated ports for any Spanning Tree topology. Because a layer 2 loop can bring down a network, you must be able to understand what Spanning Tree will do before you configure it or add a new switch to an existing network. Experimenting is a recipe for disaster!
Understand the differences among PVST+, RPVST+, and MST. PVST+ is the original Cisco implementation of the timer-based 802.1D Spanning Tree specification. RPVST+ doesn't use timers, introduces link types, and has a faster convergence time. (R)PVST+ creates a separate Spanning Tree instance for each VLAN. MST lets you map multiple VLANs to a single MST instance, which is useful if you have a large number of VLANs.
Know how to manipulate active and allowed VLANs on a trunk. By default, all VLANs (1-4094) are allowed on a trunk. In order for a VLAN to be allowed and active on one end of a trunk, the VLAN must exist on the switch and not be shut down. If a VLAN is shut down, it will show as allowed but not active. If a VLAN is pruned or blocked, it will show as neither allowed nor active.
Be able to configure all Spanning Tree modes. Although PVST+ is deprecated, its configuration commands are similar to RPVST+, and you may still encounter PVST+ on older gear. Be able to configure (R)PVST+ and MST to customize the root bridge, root ports, and designated ports.
Understand the interactions between RPVST+ and MST. Although this is something that you're more likely to see on an exam than in real life, practicing running RPVST+ and MST concurrently in your lab will solidify your understanding of both. In particular, understand how MST simulates RPVST+.
Exercises
Exercise 2.1
Configure the full-mesh topology in the following figure. Set up 802.1Q trunks among the switches. Configure VLANs 100 and 200 on each switch. Configure one switch to be the primary root for VLAN 100 and another switch to be the primary root for VLAN 200.
Figure 2.8 Physical topology for Exercise 2.1
Exercise 2.2
Configure the primary root for VLAN 100 to be the secondary root for VLAN 200.
Exercise 2.3
Configure the primary root for VLAN 200 to be the secondary root for VLAN 100.
Exercise 2.4
On the switch that's the root for VLAN 100, prune VLAN 100 from all trunks. What happens?
Exercise 2.5
Locate a blocked port in the VLAN 200 topology. Unblock this port using whatever means you wish. (Hint: Try modifying port priority).
Exercise 2.6
Configure MST on the switches. Place VLANs 100 and 200 in MST1.
Exercise 2.7
Take note of the root bridge for MST1. Pick a different switch and make it the root bridge.
Review Questions
You can find the answers in the appendix.
1 Which of the following can reduce the size of a broadcast domain? (Choose two.)Prune VLANsUse 802.1Q trunksUse routed instead of switched interfacesTag the native VLAN
2 You СКАЧАТЬ