Ez a téma számomra mindig gázos, hogy mi a különbség a STP feature-k global és interface szintű módja között. Alább a laborozás eredménye.
PDF-ben is letölthető áttekinthetőbb formában.
Portfast_bpduguard_bpdufilter_v01
Topológia:
Nézzük szép sorjában.
Először is az IOS verziók, hátha másikban mégsem így lenne.
Cat1#sh ver | i flash: System image file is "flash:c3560-advipservicesk9-mz.122-44.SE.bin" R1#sh ver | i flash: System image file is "flash:c1841-advsecurityk9-mz.124-15.T9.bin"
1. Portfast – global
F0/1 access port, F0/19-20 trunk
Cat1#sh int trunk | i trunking Fa0/19 desirable n-isl trunking 1 Fa0/20 desirable n-isl trunking 1 Cat1# Cat1#sh int f0/1 sw | i access Operational Mode: static access Cat1#
Access porton érvényesül, trunk porton nem.
Cat1(config)#spanning-tree portfast default Cat1(config)#^Z Cat1#sh span int f0/1 portfast VLAN0001 enabled C at1#sh span int f0/19 portfast VLAN0001 disabled VLAN0010 disabled VLAN0100 disabled Cat1#sh span int f0/20 portfast VLAN0001 disabled VLAN0010 disabled VLAN0100 disabled
BPDU-kat a portfast port is küld (védelem a loop ellen)
Cat1#clear spanning-tree count Cat1#sh span int f0/1 de | i BPDU BPDU: sent 5, received 0
R1-en STP konfigurálás.
R1(config)#bridge 10 protocol ieee R1(config)#int f0/0 R1(config-if)#brid R1(config-if)#bridge-group 10 R1(config-if)#^Z
Ha BPDU-t kap, elveszti portfast tulajdonságát.
Cat1#sh span int f0/1 portf VLAN0001 disabled Cat1#sh span int f0/1 de | i BPDU BPDU: sent 69, received 32 Cat1#
Visszaállt normál működésre (nem edge)
Cat1#sh span vlan 1 | i Fa0/1_ Fa0/1 Root FWD 19 128.3 P2p
Ha kikapcsoljuk a másik oldalon a STP-t, akkor sem áll vissza EDGE portra:
Cat1#sh span vl 1 | i Fa0/1_ Fa0/1 Desg FWD 19 128.3 P2p
2.) Portfast – interface
Cat1(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. Cat1(config-if)#^Z Cat1#sh span int f0/1 portfast VLAN0001 enabled Cat1# Cat1#sh span vl 1 | i Fa0/1_ Fa0/1 Desg FWD 19 128.3 P2p Edge
STP config R1-en
R1(config)#bridge 10 protocol ieee R1(config)#int f0/0 R1(config-if)#bri R1(config-if)#bridge-group 10 R1(config-if)#
Portfast megszűnik.
Cat1#sh span int f0/1 port VLAN0001 disabled Cat1# Cat1#sh run int f0/1 Building configuration... Current configuration : 57 bytes ! interface FastEthernet0/1 spanning-tree portfast end Cat1#sh span int f0/1 de | i BPDU BPDU: sent 67, received 50
3.) BPDU Guard – global (+portfast)
Cat1(config)#spanning-tree portfast default Cat1(config)#spanning-tree portfast bpduguard default Cat1(config)# Cat1#sh span vl 1 | i Fa0/1_ Fa0/1 Desg FWD 19 128.3 P2p Edge
STP konfig R1-en:
R1(config-if)#bridge-group 10 R1(config-if)#^Z *Mar 3 01:43:58.835: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/1 with BPDU Guard enabled. Disabling port. *Mar 3 01:43:58.835: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1,putting Fa0/1 in err-disable state *Mar 3 01:43:59.842: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down *Mar 3 01:44:00.840: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
BPDU Guard-tól függetlenül küld BPDU-kat (portfast miatt).
Shut–no shut után ismét portfast, ha nem kap BPDU-kat (R1 STP instance lekapcsolva).
Cat1#sh span int f0/1 portf VLAN0001 enabled
4.) BPDU Guard – interface
Cat1#sh run | i portfast|bpdug Cat1# Cat1(config-if)#spanning-tree bpduguard enable Cat1#sh span int f0/1 portfast VLAN0001 disabled
STP konfig R1-en:
R1(config)#int f0/0 R1(config-if)#brid R1(config-if)#bridge-group 10 *Mar 3 01:48:27.178: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/1 with BPDU Guard enabled. Disabling port. *Mar 3 01:48:27.178: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1,putting Fa0/1 in err-disable state *Mar 3 01:48:28.193: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down *Mar 3 01:48:29.192: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
Interface szintű portfast-tel együtt.
interface FastEthernet0/1 spanning-tree portfast spanning-tree bpduguard enable end Cat1#sh span int f0/1 port VLAN0001 enabled R1(config-if)#bridge-group 10 *Mar 3 01:51:42.314: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/1 with BPDU Guard enabled. Disabling port. *Mar 3 01:51:42.314: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1,putting Fa0/1 in err-disable state *Mar 3 01:51:43.321: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down *Mar 3 01:51:44.319: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
5.) BPDU Filter – Global (+ portfast)
Cat1(config)#spanning-tree portfast default Cat1(config)#spanning-tree portfast bpdufilter default Cat1#sh span int f0/1 portfast VLAN0001 enabled Cat1#sh span int f0/1 de | i BPDU BPDU: sent 9, received 0
R1 STP konfig
R1(config-if)#bridge-group 10
BPDU küldés kifelé megáll, de fogadni fogad.
Cat1#sh span int f0/1 de | i BPDU BPDU: sent 11, received 5 Cat1#sh span int f0/1 de | i BPDU BPDU: sent 11, received 7 Cat1#sh span int f0/1 de | i BPDU BPDU: sent 11, received 13 Cat1# R1(config-if)#no bridge-group 10
Elveszti portfast tulajdonságát.
Cat1#sh span int f0/1 portf VLAN0001 disabled
Miután nem jön BPDU, ismét küld a BPDU-kat.
Cat1#sh span int f0/1 de | i BPDU BPDU: sent 29, received 33 Cat1#sh span int f0/1 de | i BPDU BPDU: sent 36, received 33
6.) BPDU Filter – interface
Portfast-tal:
interface FastEthernet0/1 spanning-tree portfast spanning-tree bpdufilter enable end Cat1#sh span int f0/1 portfast VLAN0001 enabled
Ilyenkor küld néhány BPDU-t, hogy tesztelje, van –e STP–ben részt vevő eszköz a túloldalon.
Cat1#sh span int f0/1 de | i BPDU BPDU: sent 4, received 0 Cat1#sh span int f0/1 de | i BPDU BPDU: sent 4, received 0 Cat1# R1(config-if)#bridge-group 10
Továbbra is:
Cat1#sh span int f0/1 de | i BPDU BPDU: sent 4, received 0
R1 közben küldi a BPDU-kat, de nem kap (Cat1 szűr):
R1#sh span int f0/0 | i BPDU BPDU: sent 17, received 0 R1#sh span int f0/0 | i BPDU BPDU: sent 18, received 0 R1#sh span int f0/0 | i BPDU BPDU: sent 18, received 0
Teljes szűrés!
Portfast nélkül:
interface FastEthernet0/1 spanning-tree bpdufilter enable end Cat1#sh span int f0/1 de | i BPDU BPDU: sent 0, received 0 R1(config-if)#bridge-group 10 Cat1#sh span int f0/1 de | i BPDU BPDU: sent 0, received 0 R1#sh span int f0/0 | i BPDU BPDU: sent 17, received 0 R1#sh span int f0/0 | i BPDU BPDU: sent 18, received 0 R1#sh span int f0/0 | i BPDU BPDU: sent 18, received 0
Teljes szűrés!