Skip to content

Rapid Spanning Tree

alt text

  1. Configure Rapid PVST+ on all Access and Distribution switches.

The switches in packet tracer are standard PVST+, as shown by the "ieee" in the output of show spanning-tree:

DSW-A1(config)#do show spanning-tree
VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    32778
             Address     0001.63BA.494A
             Cost        4
             Port        3(GigabitEthernet1/0/3)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

Enable RPVST+ on all distribution/access switches with spanning-tree mode rapid-pvst and confirm:

DSW-A1(config)#spanning-tree mode ?
  pvst        Per-Vlan spanning tree mode
  rapid-pvst  Per-Vlan rapid spanning tree mode
DSW-A1(config)#spanning-tree mode rapid-pvst

DSW-A1(config)#do sh spanning-tree
VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     0001.63BA.494A
             Cost        4
             Port        3(GigabitEthernet1/0/3)
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

Spanning Tree Priority

a. Ensure that the Root Bridge for each VLAN aligns with the HSRP Active router by configuring the lowest possible STP priority.

The lowest possible STP priority is 0.
So, in Office A, DSW-A1 should be the root for the Management VLAN, which is VLAN 99, and the PCs VLAN which is VLAN 10. And DSW-A2 should be the root for the Phones VLAN, VLAN 20, and the Wi-Fi VLAN - VLAN 40.

DSW-A1(config)#spanning-tree vlan 10,99 priority 0

Confirm that this made it the root bridge for these VLANs:

DSW-A1(config)#do sh span vlan 10
VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    10
             Address     000C.CFE7.2765
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

DSW-A1(config)#do sh span vlan 99
VLAN0099
  Spanning tree enabled protocol rstp
  Root ID    Priority    99
             Address     000C.CFE7.2765
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

b. Configure the HSRP Standby Router for each VLAN with an STP priority one increment above the lowest priority.

What’s one increment above 0? STP priority is configured in increments of 4096, so one increment above 0 is 4096.

DSW-A1(config)#span vlan 20,40 priority 4096

Finish the rest of the switches appropriately:

DSW-A2(config)#spanning-tree vlan 20,40 priority 0
DSW-A2(config)#spanning-tree vlan 10,99 pri 4096

DSW-B1(config)#spanning-tree vlan 10,99 pri 0
DSW-B1(config)#spanning-tree vlan 20,30 pri 4096

DSW-B2(config)#span vlan 20,30 pri 0
DSW-B2(config)#span vlan 10,99 pri 4096

PortFast / BPDU Guard

  1. Enable PortFast and BPDU Guard on all ports connected to end hosts (including WLC1). Perform the configurations in interface config mode.

PortFast allows ports connected to end hosts to immediately move to the STP Forwarding state, without having to wait 30 seconds to transition through listening and learning.

You should generally configure it on ports connected to end hosts so they don’t have to wait to access the network after physically connecting to the switch.

BPDU Guard on the other hand, is used to disable a port if it receives a spanning tree BPDU. You should configure it on ports connected to end hosts to prevent users from connecting an unauthorized switch to the network.

We will start on ASW-A1. Configure PortFast and BPDU Guard on F0/1, which is connected to LWAP1, and F0/2 connected to the WLC:

ASW-A1(config)#int f0/1
ASW-A1(config-if)#spanning-tree portfast
ASW-A1(config-if)#spanning-tree bpduguard enable
ASW-A1(config-if)#int f0/2
ASW-A1(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/2 but will only
have effect when the interface is in a non-trunking mode.
ASW-A1(config-if)#spanning-tree portfast ?
  disable  Disable portfast for this interface
  trunk    Enable portfast on the interface even in trunk mode
  <cr>
ASW-A1(config-if)#spanning-tree portfast trunk
ASW-A1(config-if)#spanning-tree bpduguard enable

Note the error received after configuring portfast on the trunk port going to the WLC. You need to use spanning-tree portfast trunk, or else it will not have effect.

The other access switches only have one host connected, configure appropriately:

interface f0/1
spanning-tree portfast
spanning-tree bpduguard enable

That’s all for part 4 of this lab. We enabled Rapid PVST+ on the distribution and access switches, modified the priority values of the distribution switches for each VLAN to align with the HSRP active and standby routers, and then configured PortFast and BPDU Guard on the access switches.