Saturday, October 17, 2009

Troubleshooting STP

Some common things to look for when troubleshooting Spanning Tree Protocol include:

  • Duplex mismatch—When one side of a link is half-duplex and the other is full-duplex. This causes late collisions and FCS errors.
  • Unidirectional link failure—The link is up but data flows only in one direction. It can cause loops.
  • Frame corruption—Physical errors on the line cause BPDUs to be lost, and the port incorrectly begins forwarding. This is caused by duplex mismatch, bad cable, or cable too long.
  • Resource errors—STP is implemented in software, so a switch with an overloaded CPU or memory might neglect some STP duties.
  • Port Fast configuration errors—Connecting a switch to two ports that have Port Fast enabled. This can cause a loop.
  • STP tuning errors—Max age or forward delay set too short can cause a loop. A network diameter that is set too low causes BPDUs to be discarded and affects STP convergence.

Identifying a Bridging Loop

Suspect a loop if you see the following:
  • You capture traffic on a link, and see the same frames multiple times.
  • All users in a bridging domain have connectivity problems at the same time.
  • There is abnormally high port utilization.

To remedy a loop quickly, shut redundant ports and then enable them one at a time. Some switches allow debugging of STP (not 3550/2950) to help in diagnosing problems.


What to Use Where

Confused by all the acronyms and STP features? Figure 3-3 shows the STP features you might use in your network and where you might use them.

Posted by at No comments:

Wednesday, October 7, 2009

Additional Spanning Tree Features

Some additional features available to help you tune Spanning Tree include:
  • BPDU Guard
  • BPDU Filtering
  • Root Guard
  • UDLD
  • Loop Guard

BPDU Guard

BPDU Guard is used to prevent loops if another switch is attached to a Portfast port. When BPDU Guard is enabled on an interface, it is put into an error-disabled state (basically, shut down) if a BPDU is received on the interface. It can be enabled at either global config mode—in which case it affects all Portfast interfaces, or at interface mode. Portfast does not have to be enabled for it to be configured at a specific interface. The following configuration example shows BPDU guard being enabled.


BPDU Filtering

BPDU filtering is another way of preventing loops in the network. It also can be enabled either globally or at the interface, and functions differently at each. In global config, if a Portfast interface receives any BPDUs, it is taken out of Portfast status. At interface config mode, it prevents the port from sending or receiving BPDUs. The commands are:
  • (config)# spanning-tree portfast bpdufilter default
  • (config-if)# spanning-tree bpdufilter enable

Root Guard

Root Guard is meant to prevent the wrong switch from becoming the Spanning Tree root. It is enabled on ports other than the root port and on switches other than the root. If a Root Guard port receives a BPDU that might cause it to become a root port, then the port is put into “rootinconsistent” state and does not pass traffic through it. If the port stops receiving these BPDUs, it automatically re-enables itself.

(config-if)# spanning-tree guard root


Unidirectional Link Detection (UDLD)

A switch notices when a physical connection is broken by the absence of Layer 1 electrical keepalives (Ethernet calls this a link beat). However, sometimes a cable is intact enough to maintain keepalives, but not to pass data in both directions. This is a Unidirectional Link.
Unidirectional Link Detection (UDLD) detects a unidirectional link by sending periodic hellos out to the interface. It also uses probes, which must be acknowledged by the device on the other end of the link. UDLD operates at Layer 2. The port is shut down if a unidirectional link is found.

To enable UDLD on all fiber-optic interfaces, use the following command:
(config)# udld enable

Although this command is given at global config mode, it applies only to fiber ports.

To enable UDLD on non-fiber ports, give the same command at interface config mode.

To disable UDLD on a specific fiber port, use the following command:
(config-if)# udld disable


To disable UDLD on a specific non-fiber port, use the following command:
(config-if)#no udld enable


To re-enable all interfaces shut by UDLD, use the following:
#udld reset

To verify UDLD status, use the following:
#show udld interface


Loop Guard

Loop Guard prevents loops that might develop if a port that should be blocking inadvertently transitions to the forwarding state. This can happen if the port stops receiving BPDUs (perhaps because of a unidirectional link or a software/configuration problem in its neighbor switch). When one of the ports in a physically redundant topology stops receiving BPDUs, the STP conceives the topology as loop-free. Eventually, the blocking port becomes designated and moves to forwarding state, thus creating a loop. With Loop Guard enabled, an
additional check is made.

If no BPDUs are received on a blocked port for a specific length of time. Loop Guard puts that port into “loop inconsistent” blocking state, rather than transitioning to forwarding state. Loop Guard should be enabled on all switch ports that have a chance of becoming root or designated ports. It is most effective when enabled in the entire switched network in conjunction with UDLD.

To enable Loop Guard for all point-to-point links on the switch, use the following command:

(config)# spanning-tree loopguard default


To enable Loop Guard on a specific interface, use the following:

(config-if)# spanning-tree guard loop

Loop Guard automatically re-enables the port if it starts receiving BPDUs again.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)