Catalyst 6500 Series Software Configuration Guide, 8.7
Configuring Spanning Tree
Download this chapter
Configuring Spanning TreeConfiguring Spanning Tree
give_us_feedback

Table Of Contents

Configuring Spanning Tree

Understanding How Spanning Tree Protocols Work

Understanding How a Topology is Created

Understanding How a Switch Becomes the Root Switch

Understanding How Bridge Protocol Data Units Work

Calculating and Assigning Port Costs

Calculating the Port Cost Using the Short Method

Calculating the Port Cost Using the Long Method

Calculating the Port Cost for Aggregate Links

Spanning-Tree Port States

Blocking State

Listening State

Learning State

Forwarding State

Disabled State

Understanding How PVST+ and MISTP Modes Work

PVST+ Mode

Rapid-PVST+

MISTP Mode

MISTP-PVST+ Mode

Understanding How Bridge Identifiers Work

MAC Address Allocation

MAC Address Reduction

Understanding How Multiple Spanning Tree Works

Rapid Spanning Tree Protocol

RSTP Port Roles

RSTP Port States

MST-to-SST Interoperability

Common Spanning Tree

MST Instances

MST Configuration

MST Region

Boundary Ports

CIST Regional Root

Edge Ports

Link Type

Message Age and Hop Count

MST-to-PVST+ Interoperability

Understanding How BPDU Skewing Works

Understanding How Layer 2 PDU Rate Limiting Works

Configuring PVST+ on the Switch

Default PVST+ Configuration

Setting the PVST+ Bridge ID Priority

Configuring the PVST+ Port Cost

Configuring the PVST+ Port Priority

Configuring the PVST+ Default Port Cost Mode

Configuring the PVST+ Port Cost for a VLAN

Configuring the PVST+ Port Priority for a VLAN

Disabling the PVST+ Mode on a VLAN

Configuring Rapid-PVST+ on the Switch

Configuring MISTP-PVST+ or MISTP on the Switch

Default MISTP and MISTP-PVST+ Configuration

Setting the MISTP-PVST+ Mode or the MISTP Mode

Configuring an MISTP Instance

Configuring the MISTP Bridge ID Priority

Configuring the MISTP Port Cost

Configuring the MISTP Port Priority

Configuring the MISTP Port Instance Cost

Configuring the MISTP Port Instance Priority

Enabling an MISTP Instance

Mapping VLANs to an MISTP Instance

Determining MISTP Instances—VLAN Mapping Conflicts

Unmapping VLANs from an MISTP Instance

Disabling MISTP-PVST+ or MISTP

Configuring a Root Switch

Configuring a Primary Root Switch

Configuring a Secondary Root Switch

Configuring a Root Switch to Improve Convergence

Using Root Guard—Preventing Switches from Becoming Root

Displaying Spanning-Tree BPDU Statistics

Configuring Spanning-Tree Timers on the Switch

Configuring the Hello Time

Configuring the Forward Delay Time

Configuring the Maximum Aging Time

Configuring Multiple Spanning Tree on the Switch

Enabling Multiple Spanning Tree

Configuring the MST Bridge ID Priority

Configuring the MST Port Cost

Configuring the MST Port Priority

Configuring the MST Port Instance Cost

Configuring the MST Port Instance Priority

Mapping and Unmapping VLANs to an MST Instance

Configuring BPDU Skewing on the Switch

Configuring Layer 2 PDU Rate Limiting on the Switch


Configuring Spanning Tree

This chapter describes the IEEE 802.1D bridge Spanning Tree Protocol (STP) and how to use and configure Cisco's proprietary spanning-tree protocols, Per VLAN Spanning Tree + (PVST+) and Multi-Instance Spanning Tree Protocol (MISTP), on the Catalyst 6500 series switches.

Note For information on configuring the spanning-tree PortFast, UplinkFast, and BackboneFast features, see Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

This chapter consists of these sections:

Understanding How Spanning Tree Protocols Work

Understanding How PVST+ and MISTP Modes Work

Understanding How Bridge Identifiers Work

Understanding How Multiple Spanning Tree Works

Understanding How BPDU Skewing Works

Understanding How Layer 2 PDU Rate Limiting Works

Configuring PVST+ on the Switch

Configuring Rapid-PVST+ on the Switch

Configuring MISTP-PVST+ or MISTP on the Switch

Configuring a Root Switch

Configuring Spanning-Tree Timers on the Switch

Configuring Multiple Spanning Tree on the Switch

Configuring BPDU Skewing on the Switch

Configuring Layer 2 PDU Rate Limiting on the Switch

Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.

Understanding How Spanning Tree Protocols Work

This section describes the specific functions that are common to all spanning-tree protocols. Cisco's proprietary spanning-tree protocols, PVST+ and MISTP, are based on IEEE 802.1D STP. (See the "Understanding How PVST+ and MISTP Modes Work" section for information about PVST+ and MISTP.) The 802.1D STP is a Layer 2 management protocol that provides path redundancy in a network while preventing undesirable loops. All spanning-tree protocols use an algorithm that calculates the best loop-free path through the network.

STP uses a distributed algorithm that selects one bridge of a redundantly connected network as the root of a spanning tree-connected active topology. STP assigns roles to each port depending on what the port's function is in the active topology. Port roles are as follows:

Root—A forwarding port that is elected for the spanning-tree topology

Designated—A forwarding port that is elected for every switched LAN segment

Alternate—A blocked port providing an alternate path to the root port in the spanning tree

Backup—A blocked port in a loopback configuration

The switches that have ports with these assigned roles are called the root or designated switches. For more information, see the "Understanding How a Switch Becomes the Root Switch" section.

In Ethernet networks, only one active path may exist between any two stations. Multiple active paths between stations can cause loops in the network. When loops occur, some switches recognize the stations on both sides of the switch. This situation causes the forwarding algorithm to malfunction allowing the duplicate frames to be forwarded.

The spanning-tree algorithms provide path redundancy by defining a tree that spans all of the switches in an extended network and then forces certain redundant data paths into a standby (blocked) state. At regular intervals, the switches in the network send and receive spanning-tree packets that they use to identify the path. If one network segment becomes unreachable, or if the spanning-tree costs change, the spanning-tree algorithm reconfigures the spanning-tree topology and reestablishes the link by activating the standby path.

The spanning-tree operation is transparent to end stations, which do not detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

These sections describe the STP:

Understanding How a Topology is Created

Understanding How a Switch Becomes the Root Switch

Understanding How Bridge Protocol Data Units Work

Calculating and Assigning Port Costs

Spanning-Tree Port States

Understanding How a Topology is Created

All switches in an extended LAN participating in a spanning tree gather information about other switches in the network through an exchange of data messages that are known as bridge protocol data units (BPDUs). This exchange of messages results in the following actions:

A unique root switch is elected for the spanning-tree network topology.

A designated switch is elected for every switched LAN segment.

Any loops in the switched network are eliminated by placing redundant switch ports in a backup state; all paths that are not needed to reach the root switch from anywhere in the switched network are placed in STP-blocked mode.

The topology of an active switched network is determined by the following:

The unique switch identifier Media Access Control ([MAC] address of the switch) that is associated with each switch

The path cost to the root that is associated with each switch port

The port identifier (MAC address of the port) that is associated with each switch port

In a switched network, the root switch is the logical center of the spanning-tree topology. A spanning-tree protocol uses BPDUs to elect the root switch and root port for the switched network, as well as the root port and designated port for each switched segment.

Understanding How a Switch Becomes the Root Switch

If all switches are enabled with default settings, the switch with the lowest MAC address in the network becomes the root switch. In Figure 7-1, Switch A is the root switch because it has the lowest MAC address. However, due to traffic patterns, number of forwarding ports, or line types, Switch A might not be the ideal root switch. A switch can be forced to become the root switch by increasing the priority (that is, lowering the numerical priority number) on the preferred switch. This action causes the spanning tree to recalculate the topology and make the selected switch the root switch.

Figure 7-1 Configuring a Loop-Free Topology

You can change the priority of a port to make it the root port. When the spanning-tree topology is based on default parameters, the path between the source and destination stations in a switched network might not be ideal. Connecting higher-speed links to a port that has a higher number than the current root port can cause a root-port change. The goal is to make the fastest link the root port.

For example, assume that a port on Switch B is a fiber-optic link. Also, another port on Switch B (an unshielded twisted-pair [UTP] link) is the root port. Network traffic might be more efficient over the high-speed fiber-optic link. By changing the Port Priority parameter for the fiber-optic port to a higher priority (lower numerical value) than the UTP port, the fiber-optic port becomes the root port. You could also accomplish this scenario by changing the Port Cost parameter for the fiber-optic port to a lower value than that of the UTP port.

Understanding How Bridge Protocol Data Units Work

The BPDUs contain configuration information about the transmitting switch and its ports, including the switch and port MAC addresses, switch priority, port priority, and port cost. Each configuration BPDU contains this information:

The unique identifier of the switch that the transmitting switch believes to be the root switch

The cost of the path to the root from the transmitting port

The identifier of the transmitting port

The switch sends configuration BPDUs to communicate with and compute the spanning-tree topology. A MAC frame conveying a BPDU sends the switch group address to the destination address field. All switches that are connected to the LAN on which the frame is transmitted receive the BPDU. The BPDUs are not directly forwarded by the switch, but the receiving switch uses the information in the frame to calculate a BPDU and, if the topology changes, initiates a BPDU transmission.

A BPDU exchange results in the following:

One switch is elected as the root switch.

The shortest distance to the root switch is calculated for each switch.

A designated switch is selected. This is the switch that is closest to the root switch through which frames will be forwarded to the root.

A port for each switch is selected. This is the port that provides the best path from the switch to the root switch.

The ports included in the STP are selected.

Calculating and Assigning Port Costs

By calculating and assigning the port cost of the switch ports, you can ensure that the shortest (lowest cost) distance to the root switch is used to transmit data. You can calculate and assign the lower path cost values (port costs) to the higher bandwidth ports by using either the short method (which is the default) or the long method. The short method uses a 16-bit format that yields values from 1 to 65535. The long method uses a 32-bit format that yields values in the range of 1 to 200,000,000. For more information on setting the default cost mode, see the "Configuring the PVST+ Default Port Cost Mode" section.

Note You should configure all switches in your network to use the same method for calculating the port cost. The short method is used to calculate the port cost unless you specify that the long method be used. You can specify the calculation method using the CLI.

Calculating the Port Cost Using the Short Method

The IEEE 802.1D specification assigns 16-bit (short) default port cost values to each port that is based on bandwidth. You can also manually assign port costs between 1-65535. The 16-bit values are only used for the ports that have not been specifically configured for port cost. Table 7-1 shows the default port cost values that are assigned by the switch for each type of port when you use the short method to calculate the port cost.

Table 7-1 Default Port Cost Values Using the Short Method

Port Speed
Default Cost Value
Default Range

10 Mbps

100

1 to 65535

100 Mbps

19

1 to 65535

1 Gbps

4

1 to 65535


Calculating the Port Cost Using the Long Method

802.1t assigns 32-bit (long) default port cost values to each port using a formula that is based on the bandwidth of the port. You can also manually assign port costs between 1-200,000,000. The formula for obtaining default 32-bit port costs is to divide the bandwidth of the port by 200,000,000. Table 7-2 shows the default port cost values that are assigned by the switch and the recommended cost values and ranges for each type of port when you use the long method to calculate port cost.

Table 7-2 Default Port Cost Values Using the Long Method

Port Speed
Recommended Value
Recommended Range
Available Range

£ 100 kbps

200000000

20000000 to 200000000

1 to 200000000

1 Mbps

20000000

2000000 to 200000000

1 to 200000000

10 Mbps

2000000

200000 to 20000000

1 to 200000000

100 Mbps

200000

20000 to 2000000

1 to 200000000

1 Gbps

20000

2000 to 200000

1 to 200000000

10 Gbps

2000

200 to 20000

1 to 200000000


Calculating the Port Cost for Aggregate Links

As individual links are added or removed from an aggregate link (port bundle), the bandwidth of the aggregate link increases or decreases. These changes in bandwidth lead to recalculation of the default port cost for the aggregated port. Changes to the default port cost or changes resulting from links that autonegotiate their bandwidth could lead to recalculation of the spanning-tree topology which may not be desirable, especially if the added or removed link is of little consequence to the bandwidth of the aggregate link (for example, if a 10-Mbps link is removed from a 10-Gbps aggregate link). Because of the limitations that are presented by automatically recalculating the topology, 802.1t states that changes in bandwidth will not result in changes to the cost of the port. The aggregated port will use the same port cost parameters as a standalone port.

Spanning-Tree Port States

Topology changes can take place in a switched network due to a link coming up or a link going down (failing). When a switch port transitions directly from nonparticipation in the topology to the forwarding state, it can create temporary data loops. Ports must wait for new topology information to propagate through the switches in the LAN before they can start forwarding frames. Also, they must allow the frame lifetime to expire for frames that have been forwarded using the old topology.

Note With Cisco IOS Release 12.1.(1)E or later releases on the Multilayer Switch Feature Card (MSFC), the Address Resolution Protocol (ARP) on the STP Topology Change Notification feature ensures that excessive flooding does not occur when the MSFC receives a topology change notification (TCN) from the supervisor engine. The feature causes the MSFC to send ARP requests for all the ARP entries belonging to the VLAN interface where the TCN is received. When the ARP replies come back, the Policy Feature Card (PFC) learns the MAC entries, which were lost as a result of the topology change. Learning the entries immediately following a topology change prevents excessive flooding later. There is no configuration required on the MSFC. This feature works with supervisor engine software release 5.4(2) or later releases.

At any given time, each port on a switch using a spanning-tree protocol is in one of these states:

Blocking

Listening

Learning

Forwarding

Disabled

A port moves through these states as follows:

From initialization to blocking

From blocking to listening or to disabled

From listening to learning or to disabled

From learning to forwarding or to disabled

From forwarding to disabled

Figure 7-2 illustrates how a port moves through the states.

Figure 7-2 STP Port States

You can modify each port state by using management software, for example, VLAN Trunking Protocol (VTP). When you enable spanning tree, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each port stabilizes into the forwarding or blocking state.

When the spanning-tree algorithm places a port in the forwarding state, the following occurs:

The port is put into the listening state while it waits for protocol information that suggests it should go to the blocking state.

The port waits for the expiration of a protocol timer that moves the port to the learning state.

In the learning state, the port continues to block frame forwarding as it learns station location information for the forwarding database.

The expiration of a protocol timer moves the port to the forwarding state, where both learning and forwarding are enabled.

Blocking State

A port in the blocking state does not participate in frame forwarding (see Figure 7-3). After initialization, a BPDU is sent to each port in the switch. A switch initially assumes that it is the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is really the root. If only one switch resides in the network, no exchange occurs, the forward delay timer expires, and the ports move to the listening state. A switch always enters the blocking state following switch initialization.

Figure 7-3 Port 2 in Blocking State

A port in the blocking state performs as follows:

Discards frames that are received from the attached segment.

Discards frames that are switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning on a blocking port, so there is no address database update.)

Receives BPDUs and directs them to the system module.

Does not transmit BPDUs that are received from the system module.

Receives and responds to network management messages.

Listening State

The listening state is the first transitional state that a port enters after the blocking state. The port enters this state when the spanning tree determines that the port should participate in frame forwarding. Learning is disabled in the listening state. Figure 7-4 shows a port in the listening state.

Figure 7-4 Port 2 in Listening State

A port in the listening state performs as follows:

Discards frames that are received from the attached segment.

Discards frames that are switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning at this point, so there is no address database update.)

Receives BPDUs and directs them to the system module.

Processes BPDUs that are received from the system module.

Receives and responds to network management messages.

Learning State

A port in the learning state prepares to participate in frame forwarding. The port enters the learning state from the listening state. Figure 7-5 shows a port in the learning state.

A port in the learning state performs as follows:

Discards frames that are received from the attached segment.

Discards frames that are switched from another port for forwarding.

Incorporates station location into its address database.

Receives BPDUs and directs them to the system module.

Receives, processes, and transmits BPDUs that are received from the system module.

Receives and responds to network management messages.

Figure 7-5 Port 2 in Learning State

Forwarding State

A port in the forwarding state forwards frames, as shown in Figure 7-6. The port enters the forwarding state from the learning state.

Figure 7-6 Port 2 in Forwarding State

A port in the forwarding state performs as follows:

Forwards frames that are received from the attached segment.

Forwards frames that are switched from another port for forwarding.

Incorporates station location information into its address database.

Receives BPDUs and directs them to the system module.

Processes BPDUs that are received from the system module.

Receives and responds to network management messages.

Caution Use spanning-tree PortFast mode only on ports that are directly connected to individual workstations to allow these ports to come up and go directly to the forwarding state, instead of having to go through the entire spanning-tree initialization process. To prevent illegal topologies, enable spanning tree on ports that are connected to switches or other devices that forward messages. For more information about PortFast, see Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

Disabled State

A port in the disabled state does not participate in frame forwarding or STP, as shown in Figure 7-7. A port in the disabled state is virtually nonoperational.

Figure 7-7 Port 2 in Disabled State

A disabled port performs as follows:

Discards frames that are received from the attached segment.

Discards frames that are switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning, so there is no address database update.)

Receives BPDUs but does not direct them to the system module.

Does not receive BPDUs for transmission from the system module.

Receives and responds to network management messages.

Understanding How PVST+ and MISTP Modes Work

Catalyst 6500 series switches provide two proprietary spanning-tree modes that are based on the IEEE 802.1D standard and one mode that is a combination of the two modes:

Per VLAN Spanning Tree (PVST+)

Rapid-PVST+

Multi-Instance Spanning Tree Protocol (MISTP)

MISTP-PVST+ (combination mode)

An overview of each mode is provided in this section. Each mode is described in detail in these sections:

Configuring PVST+ on the Switch

Configuring MISTP-PVST+ or MISTP on the Switch

Caution If your network currently uses PVST+ and you plan to use MISTP on any switch, you must first enable MISTP-PVST+ on the switch and configure an MISTP instance to avoid causing loops in the network.

PVST+ Mode

PVST+ runs on each VLAN on the switch, ensuring that each VLAN has a loop-free path through the network.

PVST+ provides Layer 2 load balancing for the VLAN on which it runs; you can create different logical topologies using the VLANs on your network to ensure that all the links are used and no link is oversubscribed.

Each PVST+ instance on a VLAN has a single root switch. This root switch propagates the spanning-tree information that is associated with that VLAN to all other switches in the network. This process ensures that the network topology is maintained because each switch has the same knowledge about the network.

Rapid-PVST+

With software release 8.1(1) and later releases, Rapid-PVST+ is the default spanning-tree protocol that is used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 6500 series switches. Rapid-PVST+ is similar to PVST+. The only difference is that Rapid-PVST+ uses a rapid STP that is based on IEEE 802.1w instead of 802.1D. Rapid-PVST+ uses the same configuration as PVST+ with minimal additional configuration. See the "Configuring Rapid-PVST+ on the Switch" section for configuration information. In Rapid-PVST+, dynamic CAM entries are flushed immediately on a per-port basis when any topology change is made. UplinkFast and BackboneFast are enabled, but not active in this mode, as the functionality is built into the rapid STP. Rapid-PVST+ provides for rapid recovery of connectivity following the failure of a bridge, bridge port, or LAN.

A port that is connected to a nonbridging device (for example, a host or a router) is an edge port. A port that connects to a hub is also an edge port if the hub or any LAN that is connected by it does not have a bridge. An edge port can start forwarding as soon as the link is up. You must explicitly configure the ports that are connected to the hosts and routers as edge ports while using Rapid-PVST+.

For complete protocol details, see the "Rapid Spanning Tree Protocol" section.

MISTP Mode

MISTP is an optional spanning-tree protocol that runs on Catalyst 6500 series switches. MISTP allows you to group multiple VLANs under a single instance of spanning tree (an MISTP instance). MISTP combines the Layer 2 load-balancing benefits of PVST+ with the lower CPU load of IEEE 802.1Q.

An MISTP instance is a virtual logical topology that is defined by a set of bridge and port parameters. When you map VLANs to an MISTP instance, this virtual logical topology becomes a physical topology. Each MISTP instance has its own root switch and a different set of forwarding links (different bridge and port parameters).

Each MISTP instance root switch propagates the information that is associated with it to all other switches in the network. This process maintains the network topology because it ensures that each switch has the same information about the network.

MISTP builds MISTP instances by exchanging MISTP BPDUs with peer entities in the network. MISTP uses one BPDU for each MISTP instance, rather than one for each VLAN, as in PVST+. Because there are fewer BPDUs in an MISTP network, MISTP networks converge faster with less overhead. MISTP discards PVST+ BPDUs.

An MISTP instance can have any number of VLANs that are mapped to it, but a VLAN can be mapped only to a single MISTP instance. You can easily move a VLAN (or VLANs) in an MISTP topology to another MISTP instance if it has converged. (However, if ports are added at the same time that the VLAN is moved, convergence time is required.)

MISTP-PVST+ Mode

MISTP-PVST+ is a transition spanning-tree mode that allows you to use the MISTP functionality on Catalyst 6500 series switches while continuing to communicate with the Catalyst 5000 and 6500 series switches in your network that use PVST+. A switch using PVST+ mode that is connected to a switch using MISTP mode cannot see the BPDUs of the other switch, which is a condition that can cause loops in the network. MISTP-PVST+ allows interoperability between PVST+ and pure MISTP because it sees the BPDUs of both modes. To convert your network to MISTP, use MISTP-PVST+ to transition the network from PVST+ to MISTP.

Because MISTP-PVST+ conforms to the limits of PVST+, you cannot configure more VLAN ports on your MISTP-PVST+ switches than on your PVST+ switches.

Understanding How Bridge Identifiers Work

These sections explain how MAC addresses are used in PVST+ and MISTP as unique bridge identifiers:

MAC Address Allocation

MAC Address Reduction

MAC Address Allocation

Catalyst 6500 series switches have a pool of 1024 MAC addresses that can be used as bridge identifiers for VLANs running under PVST+ or for MISTP instances. You can use the show module command to view the MAC address range.

MAC addresses are allocated sequentially, with the first MAC address in the range assigned to VLAN 1, the second MAC address in the range assigned to VLAN 2, and so on. The last MAC address in the range is assigned to the supervisor engine in-band (sc0) management interface.

For example, if the MAC address range is 00-e0-1e-9b-2e-00 to 00-e0-1e-9b-31-ff, the VLAN 1 bridge ID is 00-e0-1e-9b-2e-00, the VLAN 2 bridge ID is 00-e0-1e-9b-2e-01, the VLAN 3 bridge ID is 00-e0-1e-9b-2e-02, and so forth. The in-band (sc0) interface MAC address is 00-e0-1e-9b-31-ff.

MAC Address Reduction

For Catalyst 6500 series switches that support 4096 VLANs, MAC address reduction allows up to 4096 VLANs running under PVST+ or 16 MISTP instances to have unique identifiers without increasing the number of MAC addresses that are required on the switch. MAC address reduction reduces the number of MAC addresses that are required by the STP from one per VLAN or MISTP instance to one per switch. However, because VLANs running under PVST+ and MISTP instances running under MISTP-PVST+ or MISTP are considered logical bridges, each bridge must have its own unique identifier in the network.

When you enable MAC address reduction, the bridge identifier that is stored in the spanning-tree BPDU contains an additional field called the system ID extension. Combined with the bridge priority, the system ID extension functions as the unique identifier for a VLAN or an MISTP instance. The system ID extension is always the number of the VLAN or the MISTP instance; for example, the system ID extension for VLAN 100 is 100, and the system ID extension for MISTP instance 2 is 2.

Figure 7-8 shows the bridge identifier when you do not enable MAC address reduction. The bridge identifier consists of the bridge priority and the MAC address.

Figure 7-8 Bridge Identifier without MAC Address Reduction

Figure 7-9 shows the bridge identifier when you enable MAC address reduction. The bridge identifier consists of the bridge priority, the system ID extension, and the MAC address. The bridge priority and the system ID extension combined are known as the bridge ID priority. The bridge ID priority is the unique identifier for the VLAN or the MISTP instance.

Figure 7-9 Bridge Identifier with MAC Address Reduction Enabled

When you enter the show spantree command, you can see the bridge ID priority for a VLAN in PVST+ or for an MISTP instance in MISTP or MISTP-PVST+ mode.

This example shows the bridge ID priority for VLAN 1 when you enable MAC address reduction in PVST+ mode. The unique identifier for this VLAN is 32769. 

Console> (enable) show spantree 1

VLAN 1

Spanning tree mode          PVST+

Spanning tree type          ieee

  .

  .

  .

Bridge ID MAC ADDR          00-d0-00-4c-18-00

Bridge ID Priority          32769  (bridge priority: 32768, sys ID ext: 1)

Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec

If you have a Catalyst switch in your network with MAC address reduction enabled, you should also enable MAC address reduction on all other Layer-2 connected switches to avoid undesirable root election and spanning-tree topology issues.

When MAC address reduction is enabled, the root bridge priority becomes a multiple of 4096 plus the VLAN ID. With MAC address reduction enabled, a switch bridge ID (used by the spanning-tree algorithm to determine the identity of the root bridge, the lowest being preferred) can only be specified as a multiple of 4096. Only the following values are possible: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

If another bridge in the same spanning-tree domain does not run the MAC address reduction feature, it could claim and win root bridge ownership because of the finer granularity in the selection of its bridge ID.

Note MAC address reduction is enabled by default on Cisco switches that have 64 MAC addresses (to find the number of MAC addresses supported on a switch, refer to the Catalyst 6500 Series Switch Release Notes for Software Release 8.x publication).

Understanding How Multiple Spanning Tree Works

The Multiple Spanning Tree (MST) feature is the IEEE 802.1s and is an amendment to 802.1Q. MST extends the 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees. This extension provides for both rapid convergence and load balancing in a VLAN environment. In software release 8.3(1), the MST protocol is compliant with IEEE 802.1s and is backward compatible with 802.1D STP, 802.1w, the Rapid Spanning Tree Protocol (RSTP), and the Cisco PVST+ architecture that was implemented in previous software releases. The MST protocol in software release 8.3(1) will interoperate with MST in earlier software releases.

MST allows you to build multiple spanning trees over VLAN trunks. You can group and associate VLANs to spanning-tree instances. Each instance can have a topology that is independent of other spanning-tree instances, and each instance can have a different port instance cost and port instance priority. This architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

In large networks, having different VLAN spanning-tree instance assignments that are located in different parts of the network makes it easier to administrate and optimally utilize redundant paths. However, a spanning-tree instance can exist only on bridges that have compatible VLAN instance assignments. MST requires that you configure a set of bridges with the same MST configuration information, which allows them to participate in a given set of spanning-tree instances. Interconnected bridges that have the same MST configuration are referred to as an MST region.

MST uses the modified RSTP version called the Multiple Spanning Tree Protocol (MSTP). The MST feature has these characteristics:

MST runs a variant of spanning tree that is called Internal Spanning Tree (IST). IST augments the Common Spanning Tree (CST) information with internal information about the MST region. The MST region appears as a single bridge to adjacent Single Spanning Tree (SST) and MST regions.

A bridge running MST provides interoperability with single spanning-tree bridges as follows:

MST bridges run a variant of STP (IST) that augments the Common Spanning Tree (CST) information with internal information about the MST region.

IST connects all the MST bridges in the region and appears as a subtree in the CST that encompasses the whole bridged domain. The MST region appears as a virtual bridge to adjacent SST bridges and MST regions.

The collection of ISTs in each MST region, the CST that interconnects the MST regions, and the SST bridges define Common and Internal Spanning Tree (CIST). CIST is the same as an IST inside an MST region and the same as a CST outside an MST region. The STP, RSTP, and MSTP together elect a single bridge as the root of CIST.

MST establishes and maintains additional spanning trees within each MST region. These spanning trees are referred to as MST instances (MSTIs). The IST is numbered 0, and the MSTIs are numbered 1,2,3,... and so on. Any given MSTI is local to the MST region that is independent of MSTIs in another region, even if the MST regions are interconnected. MST instances combine with the IST at the boundary of MST regions to become the CST as follows:

Spanning-tree information for an MSTI is contained in an MSTP record (M-record).

M-records are always encapsulated within MST BPDUs (MST BPDUs). The original spanning trees that are computed by MSTP are called M-trees. M-trees are active only within the MST region. M-trees merge with the IST at the boundary of the MST region and form the CST.

MST provides interoperability with PVST+ by generating PVST+ BPDUs for the non-CST VLANs.

MST supports some of the PVST+ extensions in MSTP as follows:

UplinkFast and BackboneFast are not available in MST mode; they are part of RSTP.

PortFast is supported.

BPDU filtering and BPDU guard are supported in MST mode.

Loop guard and root guard are supported in MST. MST preserves the VLAN 1 disabled functionality except that BPDUs are still transmitted in VLAN 1.

MST switches behave as if MAC reduction is enabled.

For private VLANs (PVLANs), secondary VLANs are mapped to the same instance as the primary.

Follow these guidelines when using MST:

Do not disable spanning tree on any VLAN in any of the PVST bridges.

Ensure that all PVST spanning-tree root bridges have lower (numerically higher) priority than the CST root bridge.

Do not use PVST bridges as the root of CST.

Ensure that trunks carry all of the VLANs that are mapped to an instance or do not carry any VLANs at all.

Do not connect switches with access links because access links may partition a VLAN.

You should perform any MST configuration involving a large number of either existing or new logical VLAN ports during the maintenance window because the complete MST database gets reinitialized for any incremental changes (such as adding new VLANs to instances or moving VLANs across instances).

These sections describe MST:

Rapid Spanning Tree Protocol

MST-to-SST Interoperability

Common Spanning Tree

MST Instances

MST Configuration

MST Region

Message Age and Hop Count

MST-to-PVST+ Interoperability

Rapid Spanning Tree Protocol

RSTP significantly reduces the time to reconfigure the active topology of the network when changes to the physical topology or its configuration parameters occur. RSTP selects one switch as the root of a spanning-tree-connected active topology and assigns port roles to individual ports of the switch, depending on whether that port is part of the active topology.

RSTP provides rapid connectivity following the failure of a switch, switch port, or a LAN. A new root port and the designated port on the other side of the bridge transition to forwarding through an explicit handshake between them. RSTP allows switch port configuration so that the ports can transition to forwarding directly when the switch reinitializes.

RSTP, specified in 802.1w, supersedes STP, which is specified in 802.1D, while remaining compatible with STP. RSTP provides the structure on which the MST operates. You configure RSTP when you configure the MST feature. For more information, see the "Configuring Multiple Spanning Tree on the Switch" section.

RSTP provides backward compatibility with 802.1D bridges as follows:

RSTP selectively sends 802.1D-configured BPDUs and Topology Change Notification (TCN) BPDUs on a per-port basis.

When a port initializes, the Migration Delay timer starts and RSTP BPDUs are transmitted. While the Migration Delay timer is active, the bridge processes all BPDUs that are received on that port. RSTP BPDUs are not visible on the port; only version 3 BPDUs are visible.

If the bridge receives an 802.1D BPDU after a port's Migration Delay timer expires, the bridge assumes that it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.

When RSTP uses 802.1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires, RSTP restarts the Migration Delay timer and begins using RSTP BPDUs on that port.

RSTP Port Roles

RSTP uses the following definitions for port roles:

Root—A forwarding port that is elected for the spanning-tree topology.

Designated—A forwarding port that is elected for every switched LAN segment.

Alternate—An alternate path to the root bridge to that provided by the current root port.

Backup—A backup for the path that is provided by a designated port toward the leaves of the spanning tree. Backup ports can exist only where two ports are connected together in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment.

Disabled—A port that has no role within the operation of spanning tree.

Port roles are assigned as follows:

A root port or designated port role includes the port in the active topology.

An alternate port or backup port role excludes the port from the active topology.

RSTP Port States

The port state controls the forwarding and learning processes and provides the values of discarding, learning, and forwarding. Table 7-3 provides a comparison between STP port states and RSTP port states.

Table 7-3 Comparison Between STP and RSTP Port States

Operational Status
STP Port State
RSTP Port State
Port Included in Active Topology

Enabled

Blocking1

Discarding2

No

Enabled

Listening

Discarding

No

Enabled

Learning

Learning

Yes

Enabled

Forwarding

Forwarding

Yes

Disabled

Disabled

Discarding

No

1 IEEE 802.1D port state designation.

2 IEEE 802.1w port state designation. Discarding is the same as blocking in MST.


In a stable topology, RSTP ensures that every root port and designated port transition to forwarding while all alternate ports and backup ports are always in the discarding state.

MST-to-SST Interoperability

A virtual bridged LAN may contain interconnected regions of SST and MST bridges. See Figure 7-10.

Figure 7-10 Network with Interconnected SST and MST Regions

To the spanning-tree protocol running in the SST region, an MST region appears as a single SST or pseudobridge. Pseudobridges operate as follows:

The same values for root identifiers and root path costs are sent in all BPDUs of all the pseudobridge ports. Pseudobridges differ from a single SST bridge as follows:

The pseudobridge BPDUs have different bridge identifiers. This difference does not affect STP operation in the neighboring SST regions because the root identifier and root cost are the same.

BPDUs that are sent from the pseudobridge ports may have significantly different message ages. Because the message age increases by 1 second for each hop, the difference in the message age is in the order of seconds.

Data traffic from one port of a pseudobridge (a port at the edge of a region) to another port follows a path that is entirely contained within the pseudobridge or MST region.

Data traffic belonging to different VLANs may follow different paths within the MST regions that are established by MST.

Loop prevention is achieved by either of the following:

Blocking the appropriate pseudobridge ports by allowing one forwarding port on the boundary and blocking all other ports.

Setting the CST partitions to block the ports of the SST regions.

A pseudobridge differs from a single SST bridge because the BPDUs that are sent from the pseudobridge's ports have different bridge identifiers. The root identifier and root cost are the same for both bridges.

Common Spanning Tree

CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 6500 series switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Catalyst 6500 series switch running MST, IST (instance 0) corresponds to CST.

MST Instances

MST supports up to 64 instances; each spanning-tree instance is identified by an instance ID that ranges from 0-63. Instance 0 is mandatory and is always present. Instances 1-63 are optional.

With software release 8.3(1) and later releases, the instance ID can range from 0-4094. Instances 1-4094 are optional.

MST Configuration

MST configuration has three parts as follows:

Name—A 32-character string (null padded and null terminated) identifying the MST region.

Revision number—An unsigned 16-bit number that identifies the revision of the current MST configuration.

Note You must set the revision number when required as part of the MST configuration. The revision number is not incremented automatically each time that the MST configuration is committed.

MST configuration table—An array of 4096 elements representing all the possible extended-range VLANs. The value of element number X represents the instance to which VLAN X is mapped. VLAN 0 and VLAN 4095 are unused and are always mapped to the instance 0.

You must configure each byte manually. You can use SNMP or the CLI to perform the configuration.

MST BPDUs contain the MST configuration ID and the checksum. An MST bridge accepts an MST BPDU only if the MST BPDU configuration ID and the checksum match its own MST region configuration ID and checksum. If one value is different, the MST BPDU is treated as an SST BPDU.

When you modify an MST configuration through either a console or Telnet connection, the session exits without committing those changes and the edit buffer locks. Further configuration is impossible until you discard the existing edit buffer and acquire a new edit buffer by entering the set spantree mst config rollback force command.

With software release 8.3(1) and later releases, if you configure the MST configuration on a switch that is the VTP mode primary server for MST, all the other switches receive the MST configuration. For detailed information on VTP version 3 MST propagation, see the "Understanding How VTP Version 3 Works" section on page 10-13.

MST Region

Interconnected bridges that have the same MST configuration are referred to as an MST region. There is no limit on the number of MST regions in the network.

To form an MST region, bridges can be either of the following:

An MST bridge that is the only member of the MST region.

An MST bridge that is interconnected by a LAN. A LAN's designated bridge has the same MST configuration as an MST bridge. All the bridges on the LAN can process MST BPDUs.

If you connect two MST regions with different MST configurations, the MST regions do the following:

Load balance across redundant paths in the network. If two MST regions are redundantly connected, all traffic flows on a single connection with the MST regions in a network.

Provide an RSTP handshake to enable rapid connectivity between regions. However, the handshaking is not as fast as between two bridges. To prevent loops, all the bridges inside the region must agree upon the connections to other regions. This situation introduces a certain delay. We do not recommend partitioning the network into a large number of regions.

Switches running software release 8.3(1) and later releases form a different region than that of neighboring switches running earlier releases.

Boundary Ports

A boundary port is a port that connects to a LAN, the designated bridge of which, is either an SST bridge or a bridge with a different MST configuration. A designated port knows that it is on the boundary if it detects an STP bridge or receives an agreement message from an RST or MST bridge with a different configuration.

At the boundary, the role of MST ports does not matter; the MST-port state is forced to be the same as the IST port state. If the boundary flag is set for the port, the MSTP port role selection mechanism assigns a port role to the boundary and the same state as that of the IST port. The IST port at the boundary can take up any port role except a backup port role.

CIST Regional Root

The CIST regional root of an MST region is the bridge with the lowest bridge identifier and the least path cost to the CST root. If an MST bridge is the root bridge for CST, then it is the CIST regional root of that MST region. If the CST root is outside the MST region, then one of the MST bridges at the boundary is selected as the CIST regional root. Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root.

If two or more bridges at the boundary of a region have an identical path to the root, you can set a slightly lower bridge priority (higher port priority number) to make a specific bridge the CIST regional root.

The root path cost and message age inside a region stay constant, but the IST path cost is incremented and the IST remaining hops are decremented at each hop. Enter the show spantree mst command to display the information about the CIST regional root, path cost, and remaining hops for the bridge.

Edge Ports

A port that is connected to a nonbridging device (for example, a host or a router) is an edge port. A port that connects to a hub is also an edge port if the hub or any LAN that is connected by it does not have a bridge. An edge port can start forwarding as soon as the link is up.

MST requires that you configure all ports for each host or router. To establish rapid connectivity after a failure, you need to block the nonedge designated ports of an intermediate bridge. If the port connects to another bridge that can send back an agreement, then the port starts forwarding immediately. Otherwise, the port needs twice the forward delay time to start forwarding again. You must explicitly configure the ports that are connected to the hosts and routers as edge ports while using MST.

Note To configure a port as an edge port, you enable PortFast on that port. When you enter the show spantree portfast mod/port command, if the designation for a port is displayed as edge, that port is also a PortFast port. For more information, see Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

To prevent a misconfiguration, the PortFast operation is turned off if the port receives a BPDU. You can display the configured and operational status of PortFast by using the show spantree mst mod/port command.

Link Type

Rapid connectivity is established only on point-to-point links. You must configure ports explicitly to a host or router. However, cabling in most networks meets this requirement, and you can avoid explicit configuration by treating all full-duplex links as point-to-point links by entering the set spantree mst link-type command.

Message Age and Hop Count

IST and MST instances do not use the Message Age and Maximum Age timer settings in the BPDU. IST and MST use a separate hop count mechanism that is very similar to the IP TTL mechanism. You can configure each MST bridge with a maximum hop count. The root bridge of the instance sends a BPDU (or M-record) with the remaining hop count that is equal to the maximum hop count. When a bridge receives a BPDU (or M-record), it decrements the received remaining hop count by one. The bridge discards the BPDU (M-record) and ages out the information that is held for the port if the count reaches zero after decrementing. The nonroot bridges propagate the decremented count as the remaining hop count in the BPDUs (M-records) that they generate.

The Message Age and Maximum Age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region's designated ports at the boundary.

MST-to-PVST+ Interoperability

These guidelines apply in a topology where you configure MST switches (all in the same region) to interact with PVST+ switches that have VLANs 1-100 set up to span throughout the network:

Configure the root for all VLANs inside the MST region. The ports that belong to the MST switch at the boundary simulate PVST+ and send PVST+ BPDUs for all the VLANs. This example shows the ports simulating PVST: 

Console> (enable) show spantree mst 3

Spanning tree mode          MST

Instance                    3

VLANs Mapped:              31-40


Designated Root             00-10-7b-bb-2f-00

Designated Root Priority    8195  (root priority:8192, sys ID ext:3)

Designated Root Cost        0          Remaining Hops 20

Designated Root Port        1/0


Bridge ID MAC ADDR          00-10-7b-bb-2f-00

Bridge ID Priority          8195  (bridge priority:8192, sys ID ext:3)


Port                     State         Role Cost     Prio Type

------------------------ ------------- ---- -------- ------------------------

 6/1                     forwarding    BDRY    10000   30 P2P,

Boundary(PVST)

 6/2                     blocking      BDRY    20000   32 P2P,

Boundary(PVST)

If you enable loop guard on the PVST+ switches, the ports might change to a loop-inconsistent state when the MST switches change their configuration. To correct the loop-inconsistent state, you must disable and reenable loop guard on that PVST+ switch.

Do not locate the root for some or all of the VLANs inside the PVST+ side of the MST switch because when the MST switch at the boundary receives PVST+ BPDUs for all or some of the VLANs on its designated ports, root guard sets the port to the blocking state. Do not designate switches with a slower CPU running PVST+ as a switch running MST.

When you connect a PVST+ switch to two different MST regions, the topology change from the PVST+ switch does not pass beyond the first MST region. In this case, the topology changes are only propagated in the instance to which the VLAN is mapped. The topology change stays local to the first MST region and the CAM entries in the other region are not flushed To make the topology change visible throughout other MST regions, you can map that VLAN to IST or connect the PVST+ switch to the two regions through access links.

Understanding How BPDU Skewing Works

BPDU skewing is the difference in time between when the BPDUs are expected to be received by the switch and when the BPDUs are actually received by that switch. Skewing occurs as follows: