STP – Portfast, BPDU Guard, BPDU Filter – interface és global konfiguáráció

Ez a téma számomra mindig gázos, hogy mi a különbség a STP feature-k global és interface szintű módja között. Alább a laborozás eredménye.

PDF-ben is letölthető áttekinthetőbb formában.

 

Portfast_bpduguard_bpdufilter_v01

Topológia:

portfast

Nézzük szép sorjában.

Először is az IOS verziók, hátha másikban mégsem így lenne.

 

Cat1#sh ver | i flash:
System image file is "flash:c3560-advipservicesk9-mz.122-44.SE.bin"
R1#sh ver | i flash:
System image file is "flash:c1841-advsecurityk9-mz.124-15.T9.bin"

 

1. Portfast – global

F0/1 access port, F0/19-20 trunk

 

Cat1#sh int trunk | i trunking

Fa0/19      desirable        n-isl          trunking      1

Fa0/20      desirable        n-isl          trunking      1
Cat1#
Cat1#sh int f0/1 sw | i access

Operational Mode: static access

Cat1#

 

Access porton érvényesül, trunk porton nem.

 

Cat1(config)#spanning-tree portfast default

Cat1(config)#^Z
Cat1#sh span int f0/1 portfast

VLAN0001            enabled
C
at1#sh span int f0/19 portfast

VLAN0001            disabled

VLAN0010            disabled

VLAN0100            disabled

Cat1#sh span int f0/20 portfast

VLAN0001            disabled

VLAN0010            disabled

VLAN0100            disabled

 

BPDU-kat a portfast port is küld (védelem a loop ellen)

 

Cat1#clear spanning-tree count

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 5, received 0

 

R1-en STP konfigurálás.

 

R1(config)#bridge 10 protocol ieee

R1(config)#int f0/0

R1(config-if)#brid

R1(config-if)#bridge-group 10

R1(config-if)#^Z

 

Ha BPDU-t kap, elveszti portfast tulajdonságát.

 

Cat1#sh span int f0/1 portf

VLAN0001            disabled

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 69, received 32
Cat1#

 

Visszaállt normál működésre (nem edge)

 

Cat1#sh span vlan 1 | i Fa0/1_

Fa0/1               Root FWD 19        128.3    P2p

 

Ha kikapcsoljuk a másik oldalon a STP-t, akkor sem áll vissza EDGE portra:

 

Cat1#sh span vl 1 | i Fa0/1_

Fa0/1               Desg FWD 19        128.3    P2p

 

2.) Portfast – interface

 

Cat1(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single
 host. 
Connecting hubs, concentrators, switches, bridges, etc... 
to this
 interface  when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
%Portfast has been configured on FastEthernet0/1 but will only
 have effect when the interface is in a non-trunking mode.

Cat1(config-if)#^Z
Cat1#sh span int f0/1 portfast

VLAN0001            enabled
Cat1#
Cat1#sh span vl 1 | i Fa0/1_

Fa0/1               Desg FWD 19        128.3    P2p Edge

 

STP config R1-en

 

R1(config)#bridge 10 protocol ieee

R1(config)#int f0/0

R1(config-if)#bri

R1(config-if)#bridge-group 10

R1(config-if)#

 

Portfast megszűnik.

 

Cat1#sh span int f0/1 port

VLAN0001            disabled

Cat1#
Cat1#sh run int f0/1

Building configuration...
Current configuration : 57 bytes
!

interface FastEthernet0/1

spanning-tree portfast
end
Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 67, received 50

 

3.) BPDU Guard – global (+portfast)

 

Cat1(config)#spanning-tree portfast default

Cat1(config)#spanning-tree portfast bpduguard default

Cat1(config)#

Cat1#sh span vl 1 | i Fa0/1_

Fa0/1               Desg FWD 19        128.3    P2p Edge

 

STP konfig R1-en:

 

R1(config-if)#bridge-group 10

R1(config-if)#^Z
*Mar  3 01:43:58.835: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/1 with BPDU Guard enabled. Disabling port.

*Mar  3 01:43:58.835: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1,putting Fa0/1 in err-disable state

*Mar  3 01:43:59.842: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

*Mar  3 01:44:00.840: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down

 

BPDU Guard-tól függetlenül küld BPDU-kat (portfast miatt).

Shut–no shut után ismét portfast, ha nem kap BPDU-kat (R1 STP instance lekapcsolva).

 

Cat1#sh span int f0/1 portf

VLAN0001            enabled

 

4.) BPDU Guard – interface

 

Cat1#sh run | i portfast|bpdug

Cat1#
Cat1(config-if)#spanning-tree bpduguard enable
Cat1#sh span int f0/1 portfast

VLAN0001            disabled

 

STP konfig R1-en:

 

R1(config)#int f0/0

R1(config-if)#brid

R1(config-if)#bridge-group 10
*Mar  3 01:48:27.178: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/1 with BPDU Guard enabled. Disabling port.

*Mar  3 01:48:27.178: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1,putting Fa0/1 in err-disable state

*Mar  3 01:48:28.193: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

*Mar  3 01:48:29.192: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down

 

Interface szintű portfast-tel együtt.

 

interface FastEthernet0/1

spanning-tree portfast

spanning-tree bpduguard enable
end
Cat1#sh span int f0/1 port

VLAN0001            enabled
R1(config-if)#bridge-group 10

*Mar  3 01:51:42.314: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/1 with BPDU Guard enabled. Disabling port.

*Mar  3 01:51:42.314: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1,putting Fa0/1 in err-disable state

*Mar  3 01:51:43.321: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

*Mar  3 01:51:44.319: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down

 

5.) BPDU Filter – Global (+ portfast)

 

Cat1(config)#spanning-tree portfast default

Cat1(config)#spanning-tree portfast bpdufilter default
Cat1#sh span int f0/1 portfast

VLAN0001            enabled
Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 9, received 0

 

R1 STP konfig

 

R1(config-if)#bridge-group 10

 

BPDU küldés kifelé megáll, de fogadni fogad.

 

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 11, received 5

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 11, received 7

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 11, received 13

Cat1#

R1(config-if)#no bridge-group 10

 

Elveszti portfast tulajdonságát.

 

Cat1#sh span int f0/1 portf

VLAN0001            disabled

 

Miután nem jön BPDU, ismét küld a BPDU-kat.

 

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 29, received 33
Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 36, received 33

 

6.) BPDU Filter – interface

Portfast-tal:

 

interface FastEthernet0/1

spanning-tree portfast

spanning-tree bpdufilter enable
end
Cat1#sh span int f0/1 portfast

VLAN0001            enabled

 

Ilyenkor küld néhány  BPDU-t, hogy tesztelje, van –e STP–ben részt vevő eszköz a túloldalon.

 

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 4, received 0

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 4, received 0
Cat1#
R1(config-if)#bridge-group 10

 

Továbbra is:

 

Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 4, received 0

 

R1 közben küldi a BPDU-kat, de nem kap (Cat1 szűr):

 

R1#sh span int f0/0 | i BPDU

BPDU: sent 17, received 0

R1#sh span int f0/0 | i BPDU

BPDU: sent 18, received 0

R1#sh span int f0/0 | i BPDU

BPDU: sent 18, received 0

 

Teljes szűrés!

Portfast nélkül:

 

interface FastEthernet0/1

spanning-tree bpdufilter enable

end
Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 0, received 0
R1(config-if)#bridge-group 10
Cat1#sh span int f0/1 de | i BPDU

BPDU: sent 0, received 0
R1#sh span int f0/0 | i BPDU

BPDU: sent 17, received 0

R1#sh span int f0/0 | i BPDU

BPDU: sent 18, received 0

R1#sh span int f0/0 | i BPDU

BPDU: sent 18, received 0

Teljes szűrés!