Catalyst 6500 Series Software Configuration Guide, 8.7 - Configuring Spanning Tree [Cisco Catalyst 6500 Series Switches]

Table Of Contents

Configuring Spanning Tree

Understanding How Spanning Tree Protocols Work

Understanding How a Topology is Created

Understanding How a Switch Becomes the Root Switch

Understanding How Bridge Protocol Data Units Work

Calculating and Assigning Port Costs

Calculating the Port Cost Using the Short Method

Calculating the Port Cost Using the Long Method

Calculating the Port Cost for Aggregate Links

Spanning-Tree Port States

Blocking State

Listening State

Learning State

Forwarding State

Disabled State

Understanding How PVST+ and MISTP Modes Work

PVST+ Mode

Rapid-PVST+

MISTP Mode

MISTP-PVST+ Mode

Understanding How Bridge Identifiers Work

MAC Address Allocation

MAC Address Reduction

Understanding How Multiple Spanning Tree Works

Rapid Spanning Tree Protocol

RSTP Port Roles

RSTP Port States

MST-to-SST Interoperability

Common Spanning Tree

MST Instances

MST Configuration

MST Region

Boundary Ports

CIST Regional Root

Edge Ports

Link Type

Message Age and Hop Count

MST-to-PVST+ Interoperability

Understanding How BPDU Skewing Works

Understanding How Layer 2 PDU Rate Limiting Works

Configuring PVST+ on the Switch

Default PVST+ Configuration

Setting the PVST+ Bridge ID Priority

Configuring the PVST+ Port Cost

Configuring the PVST+ Port Priority

Configuring the PVST+ Default Port Cost Mode

Configuring the PVST+ Port Cost for a VLAN

Configuring the PVST+ Port Priority for a VLAN

Disabling the PVST+ Mode on a VLAN

Configuring Rapid-PVST+ on the Switch

Configuring MISTP-PVST+ or MISTP on the Switch

Default MISTP and MISTP-PVST+ Configuration

Setting the MISTP-PVST+ Mode or the MISTP Mode

Configuring an MISTP Instance

Configuring the MISTP Bridge ID Priority

Configuring the MISTP Port Cost

Configuring the MISTP Port Priority

Configuring the MISTP Port Instance Cost

Configuring the MISTP Port Instance Priority

Enabling an MISTP Instance

Mapping VLANs to an MISTP Instance

Determining MISTP Instances—VLAN Mapping Conflicts

Unmapping VLANs from an MISTP Instance

Disabling MISTP-PVST+ or MISTP

Configuring a Root Switch

Configuring a Primary Root Switch

Configuring a Secondary Root Switch

Configuring a Root Switch to Improve Convergence

Using Root Guard—Preventing Switches from Becoming Root

Displaying Spanning-Tree BPDU Statistics

Configuring Spanning-Tree Timers on the Switch

Configuring the Hello Time

Configuring the Forward Delay Time

Configuring the Maximum Aging Time

Configuring Multiple Spanning Tree on the Switch

Enabling Multiple Spanning Tree

Configuring the MST Bridge ID Priority

Configuring the MST Port Cost

Configuring the MST Port Priority

Configuring the MST Port Instance Cost

Configuring the MST Port Instance Priority

Mapping and Unmapping VLANs to an MST Instance

Configuring BPDU Skewing on the Switch

Configuring Layer 2 PDU Rate Limiting on the Switch

Configuring Spanning Tree

This chapter describes the IEEE 802.1D bridge Spanning Tree Protocol (STP) and how to use and configure Cisco's proprietary spanning-tree protocols, Per VLAN Spanning Tree + (PVST+) and Multi-Instance Spanning Tree Protocol (MISTP), on the Catalyst 6500 series switches.

Note For information on configuring the spanning-tree PortFast, UplinkFast, and BackboneFast features, see Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

This chapter consists of these sections:

•Understanding How Spanning Tree Protocols Work

•Understanding How PVST+ and MISTP Modes Work

•Understanding How Bridge Identifiers Work

•Understanding How Multiple Spanning Tree Works

•Understanding How BPDU Skewing Works

•Understanding How Layer 2 PDU Rate Limiting Works

•Configuring PVST+ on the Switch

•Configuring Rapid-PVST+ on the Switch

•Configuring MISTP-PVST+ or MISTP on the Switch

•Configuring a Root Switch

•Configuring Spanning-Tree Timers on the Switch

•Configuring Multiple Spanning Tree on the Switch

•Configuring BPDU Skewing on the Switch

•Configuring Layer 2 PDU Rate Limiting on the Switch

Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.

Understanding How Spanning Tree Protocols Work

This section describes the specific functions that are common to all spanning-tree protocols. Cisco's proprietary spanning-tree protocols, PVST+ and MISTP, are based on IEEE 802.1D STP. (See the "Understanding How PVST+ and MISTP Modes Work" section for information about PVST+ and MISTP.) The 802.1D STP is a Layer 2 management protocol that provides path redundancy in a network while preventing undesirable loops. All spanning-tree protocols use an algorithm that calculates the best loop-free path through the network.

STP uses a distributed algorithm that selects one bridge of a redundantly connected network as the root of a spanning tree-connected active topology. STP assigns roles to each port depending on what the port's function is in the active topology. Port roles are as follows:

•Root—A forwarding port that is elected for the spanning-tree topology

•Designated—A forwarding port that is elected for every switched LAN segment

•Alternate—A blocked port providing an alternate path to the root port in the spanning tree

•Backup—A blocked port in a loopback configuration

The switches that have ports with these assigned roles are called the root or designated switches. For more information, see the "Understanding How a Switch Becomes the Root Switch" section.

In Ethernet networks, only one active path may exist between any two stations. Multiple active paths between stations can cause loops in the network. When loops occur, some switches recognize the stations on both sides of the switch. This situation causes the forwarding algorithm to malfunction allowing the duplicate frames to be forwarded.

The spanning-tree algorithms provide path redundancy by defining a tree that spans all of the switches in an extended network and then forces certain redundant data paths into a standby (blocked) state. At regular intervals, the switches in the network send and receive spanning-tree packets that they use to identify the path. If one network segment becomes unreachable, or if the spanning-tree costs change, the spanning-tree algorithm reconfigures the spanning-tree topology and reestablishes the link by activating the standby path.

The spanning-tree operation is transparent to end stations, which do not detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

These sections describe the STP:

•Understanding How a Topology is Created

•Understanding How a Switch Becomes the Root Switch

•Understanding How Bridge Protocol Data Units Work

•Calculating and Assigning Port Costs

•Spanning-Tree Port States

Understanding How a Topology is Created

All switches in an extended LAN participating in a spanning tree gather information about other switches in the network through an exchange of data messages that are known as bridge protocol data units (BPDUs). This exchange of messages results in the following actions:

•A unique root switch is elected for the spanning-tree network topology.

•A designated switch is elected for every switched LAN segment.

•Any loops in the switched network are eliminated by placing redundant switch ports in a backup state; all paths that are not needed to reach the root switch from anywhere in the switched network are placed in STP-blocked mode.

The topology of an active switched network is determined by the following:

•The unique switch identifier Media Access Control ([MAC] address of the switch) that is associated with each switch

•The path cost to the root that is associated with each switch port

•The port identifier (MAC address of the port) that is associated with each switch port

In a switched network, the root switch is the logical center of the spanning-tree topology. A spanning-tree protocol uses BPDUs to elect the root switch and root port for the switched network, as well as the root port and designated port for each switched segment.

Understanding How a Switch Becomes the Root Switch

If all switches are enabled with default settings, the switch with the lowest MAC address in the network becomes the root switch. In Figure 7-1, Switch A is the root switch because it has the lowest MAC address. However, due to traffic patterns, number of forwarding ports, or line types, Switch A might not be the ideal root switch. A switch can be forced to become the root switch by increasing the priority (that is, lowering the numerical priority number) on the preferred switch. This action causes the spanning tree to recalculate the topology and make the selected switch the root switch.

Figure 7-1 Configuring a Loop-Free Topology

You can change the priority of a port to make it the root port. When the spanning-tree topology is based on default parameters, the path between the source and destination stations in a switched network might not be ideal. Connecting higher-speed links to a port that has a higher number than the current root port can cause a root-port change. The goal is to make the fastest link the root port.

For example, assume that a port on Switch B is a fiber-optic link. Also, another port on Switch B (an unshielded twisted-pair [UTP] link) is the root port. Network traffic might be more efficient over the high-speed fiber-optic link. By changing the Port Priority parameter for the fiber-optic port to a higher priority (lower numerical value) than the UTP port, the fiber-optic port becomes the root port. You could also accomplish this scenario by changing the Port Cost parameter for the fiber-optic port to a lower value than that of the UTP port.

Understanding How Bridge Protocol Data Units Work

The BPDUs contain configuration information about the transmitting switch and its ports, including the switch and port MAC addresses, switch priority, port priority, and port cost. Each configuration BPDU contains this information:

•The unique identifier of the switch that the transmitting switch believes to be the root switch

•The cost of the path to the root from the transmitting port

•The identifier of the transmitting port

The switch sends configuration BPDUs to communicate with and compute the spanning-tree topology. A MAC frame conveying a BPDU sends the switch group address to the destination address field. All switches that are connected to the LAN on which the frame is transmitted receive the BPDU. The BPDUs are not directly forwarded by the switch, but the receiving switch uses the information in the frame to calculate a BPDU and, if the topology changes, initiates a BPDU transmission.

A BPDU exchange results in the following:

•One switch is elected as the root switch.

•The shortest distance to the root switch is calculated for each switch.

•A designated switch is selected. This is the switch that is closest to the root switch through which frames will be forwarded to the root.

•A port for each switch is selected. This is the port that provides the best path from the switch to the root switch.

•The ports included in the STP are selected.

Calculating and Assigning Port Costs

By calculating and assigning the port cost of the switch ports, you can ensure that the shortest (lowest cost) distance to the root switch is used to transmit data. You can calculate and assign the lower path cost values (port costs) to the higher bandwidth ports by using either the short method (which is the default) or the long method. The short method uses a 16-bit format that yields values from 1 to 65535. The long method uses a 32-bit format that yields values in the range of 1 to 200,000,000. For more information on setting the default cost mode, see the "Configuring the PVST+ Default Port Cost Mode" section.

Note You should configure all switches in your network to use the same method for calculating the port cost. The short method is used to calculate the port cost unless you specify that the long method be used. You can specify the calculation method using the CLI.

Calculating the Port Cost Using the Short Method

The IEEE 802.1D specification assigns 16-bit (short) default port cost values to each port that is based on bandwidth. You can also manually assign port costs between 1-65535. The 16-bit values are only used for the ports that have not been specifically configured for port cost. Table 7-1 shows the default port cost values that are assigned by the switch for each type of port when you use the short method to calculate the port cost.

Table 7-1 Default Port Cost Values Using the Short Method

Port Speed

Default Cost Value

Default Range

10 Mbps

100

1 to 65535

100 Mbps

19

1 to 65535

1 Gbps

4

1 to 65535

Calculating the Port Cost Using the Long Method

802.1t assigns 32-bit (long) default port cost values to each port using a formula that is based on the bandwidth of the port. You can also manually assign port costs between 1-200,000,000. The formula for obtaining default 32-bit port costs is to divide the bandwidth of the port by 200,000,000. Table 7-2 shows the default port cost values that are assigned by the switch and the recommended cost values and ranges for each type of port when you use the long method to calculate port cost.

Table 7-2 Default Port Cost Values Using the Long Method

Port Speed

Recommended Value

Recommended Range

Available Range

£ 100 kbps

200000000

20000000 to 200000000

1 to 200000000

1 Mbps

20000000

2000000 to 200000000

1 to 200000000

10 Mbps

2000000

200000 to 20000000

1 to 200000000

100 Mbps

200000

20000 to 2000000

1 to 200000000

1 Gbps

20000

2000 to 200000

1 to 200000000

10 Gbps

2000

200 to 20000

1 to 200000000

Calculating the Port Cost for Aggregate Links

As individual links are added or removed from an aggregate link (port bundle), the bandwidth of the aggregate link increases or decreases. These changes in bandwidth lead to recalculation of the default port cost for the aggregated port. Changes to the default port cost or changes resulting from links that autonegotiate their bandwidth could lead to recalculation of the spanning-tree topology which may not be desirable, especially if the added or removed link is of little consequence to the bandwidth of the aggregate link (for example, if a 10-Mbps link is removed from a 10-Gbps aggregate link). Because of the limitations that are presented by automatically recalculating the topology, 802.1t states that changes in bandwidth will not result in changes to the cost of the port. The aggregated port will use the same port cost parameters as a standalone port.

Spanning-Tree Port States

Topology changes can take place in a switched network due to a link coming up or a link going down (failing). When a switch port transitions directly from nonparticipation in the topology to the forwarding state, it can create temporary data loops. Ports must wait for new topology information to propagate through the switches in the LAN before they can start forwarding frames. Also, they must allow the frame lifetime to expire for frames that have been forwarded using the old topology.

Note With Cisco IOS Release 12.1.(1)E or later releases on the Multilayer Switch Feature Card (MSFC), the Address Resolution Protocol (ARP) on the STP Topology Change Notification feature ensures that excessive flooding does not occur when the MSFC receives a topology change notification (TCN) from the supervisor engine. The feature causes the MSFC to send ARP requests for all the ARP entries belonging to the VLAN interface where the TCN is received. When the ARP replies come back, the Policy Feature Card (PFC) learns the MAC entries, which were lost as a result of the topology change. Learning the entries immediately following a topology change prevents excessive flooding later. There is no configuration required on the MSFC. This feature works with supervisor engine software release 5.4(2) or later releases.

At any given time, each port on a switch using a spanning-tree protocol is in one of these states:

•Blocking

•Listening

•Learning

•Forwarding

•Disabled

A port moves through these states as follows:

•From initialization to blocking

•From blocking to listening or to disabled

•From listening to learning or to disabled

•From learning to forwarding or to disabled

•From forwarding to disabled

Figure 7-2 illustrates how a port moves through the states.

Figure 7-2 STP Port States

You can modify each port state by using management software, for example, VLAN Trunking Protocol (VTP). When you enable spanning tree, every switch in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each port stabilizes into the forwarding or blocking state.

When the spanning-tree algorithm places a port in the forwarding state, the following occurs:

•The port is put into the listening state while it waits for protocol information that suggests it should go to the blocking state.

•The port waits for the expiration of a protocol timer that moves the port to the learning state.

•In the learning state, the port continues to block frame forwarding as it learns station location information for the forwarding database.

•The expiration of a protocol timer moves the port to the forwarding state, where both learning and forwarding are enabled.

Blocking State

A port in the blocking state does not participate in frame forwarding (see Figure 7-3). After initialization, a BPDU is sent to each port in the switch. A switch initially assumes that it is the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is really the root. If only one switch resides in the network, no exchange occurs, the forward delay timer expires, and the ports move to the listening state. A switch always enters the blocking state following switch initialization.

Figure 7-3 Port 2 in Blocking State

A port in the blocking state performs as follows:

•Discards frames that are received from the attached segment.

•Discards frames that are switched from another port for forwarding.

•Does not incorporate station location into its address database. (There is no learning on a blocking port, so there is no address database update.)

•Receives BPDUs and directs them to the system module.

•Does not transmit BPDUs that are received from the system module.

•Receives and responds to network management messages.

Listening State

The listening state is the first transitional state that a port enters after the blocking state. The port enters this state when the spanning tree determines that the port should participate in frame forwarding. Learning is disabled in the listening state. Figure 7-4 shows a port in the listening state.

Figure 7-4 Port 2 in Listening State

A port in the listening state performs as follows:

•Discards frames that are received from the attached segment.

•Discards frames that are switched from another port for forwarding.

•Does not incorporate station location into its address database. (There is no learning at this point, so there is no address database update.)

•Receives BPDUs and directs them to the system module.

•Processes BPDUs that are received from the system module.

•Receives and responds to network management messages.

Learning State

A port in the learning state prepares to participate in frame forwarding. The port enters the learning state from the listening state. Figure 7-5 shows a port in the learning state.

A port in the learning state performs as follows:

•Discards frames that are received from the attached segment.

•Discards frames that are switched from another port for forwarding.

•Incorporates station location into its address database.

•Receives BPDUs and directs them to the system module.

•Receives, processes, and transmits BPDUs that are received from the system module.

•Receives and responds to network management messages.

Figure 7-5 Port 2 in Learning State

Forwarding State

A port in the forwarding state forwards frames, as shown in Figure 7-6. The port enters the forwarding state from the learning state.

Figure 7-6 Port 2 in Forwarding State

A port in the forwarding state performs as follows:

•Forwards frames that are received from the attached segment.

•Forwards frames that are switched from another port for forwarding.

•Incorporates station location information into its address database.

•Receives BPDUs and directs them to the system module.

•Processes BPDUs that are received from the system module.

•Receives and responds to network management messages.

Caution Use spanning-tree PortFast mode only on ports that are directly connected to individual workstations to allow these ports to come up and go directly to the forwarding state, instead of having to go through the entire spanning-tree initialization process. To prevent illegal topologies, enable spanning tree on ports that are connected to switches or other devices that forward messages. For more information about PortFast, see Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

Disabled State

A port in the disabled state does not participate in frame forwarding or STP, as shown in Figure 7-7. A port in the disabled state is virtually nonoperational.

Figure 7-7 Port 2 in Disabled State

A disabled port performs as follows:

•Discards frames that are received from the attached segment.

•Discards frames that are switched from another port for forwarding.

•Does not incorporate station location into its address database. (There is no learning, so there is no address database update.)

•Receives BPDUs but does not direct them to the system module.

•Does not receive BPDUs for transmission from the system module.

•Receives and responds to network management messages.

Understanding How PVST+ and MISTP Modes Work

Catalyst 6500 series switches provide two proprietary spanning-tree modes that are based on the IEEE 802.1D standard and one mode that is a combination of the two modes:

•Per VLAN Spanning Tree (PVST+)

•Rapid-PVST+

•Multi-Instance Spanning Tree Protocol (MISTP)

•MISTP-PVST+ (combination mode)

An overview of each mode is provided in this section. Each mode is described in detail in these sections:

•Configuring PVST+ on the Switch

•Configuring MISTP-PVST+ or MISTP on the Switch

Caution If your network currently uses PVST+ and you plan to use MISTP on any switch, you must first enable MISTP-PVST+ on the switch and configure an MISTP instance to avoid causing loops in the network.

PVST+ Mode

PVST+ runs on each VLAN on the switch, ensuring that each VLAN has a loop-free path through the network.

PVST+ provides Layer 2 load balancing for the VLAN on which it runs; you can create different logical topologies using the VLANs on your network to ensure that all the links are used and no link is oversubscribed.

Each PVST+ instance on a VLAN has a single root switch. This root switch propagates the spanning-tree information that is associated with that VLAN to all other switches in the network. This process ensures that the network topology is maintained because each switch has the same knowledge about the network.

Rapid-PVST+

With software release 8.1(1) and later releases, Rapid-PVST+ is the default spanning-tree protocol that is used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 6500 series switches. Rapid-PVST+ is similar to PVST+. The only difference is that Rapid-PVST+ uses a rapid STP that is based on IEEE 802.1w instead of 802.1D. Rapid-PVST+ uses the same configuration as PVST+ with minimal additional configuration. See the "Configuring Rapid-PVST+ on the Switch" section for configuration information. In Rapid-PVST+, dynamic CAM entries are flushed immediately on a per-port basis when any topology change is made. UplinkFast and BackboneFast are enabled, but not active in this mode, as the functionality is built into the rapid STP. Rapid-PVST+ provides for rapid recovery of connectivity following the failure of a bridge, bridge port, or LAN.

A port that is connected to a nonbridging device (for example, a host or a router) is an edge port. A port that connects to a hub is also an edge port if the hub or any LAN that is connected by it does not have a bridge. An edge port can start forwarding as soon as the link is up. You must explicitly configure the ports that are connected to the hosts and routers as edge ports while using Rapid-PVST+.

For complete protocol details, see the "Rapid Spanning Tree Protocol" section.

MISTP Mode

MISTP is an optional spanning-tree protocol that runs on Catalyst 6500 series switches. MISTP allows you to group multiple VLANs under a single instance of spanning tree (an MISTP instance). MISTP combines the Layer 2 load-balancing benefits of PVST+ with the lower CPU load of IEEE 802.1Q.

An MISTP instance is a virtual logical topology that is defined by a set of bridge and port parameters. When you map VLANs to an MISTP instance, this virtual logical topology becomes a physical topology. Each MISTP instance has its own root switch and a different set of forwarding links (different bridge and port parameters).

Each MISTP instance root switch propagates the information that is associated with it to all other switches in the network. This process maintains the network topology because it ensures that each switch has the same information about the network.

MISTP builds MISTP instances by exchanging MISTP BPDUs with peer entities in the network. MISTP uses one BPDU for each MISTP instance, rather than one for each VLAN, as in PVST+. Because there are fewer BPDUs in an MISTP network, MISTP networks converge faster with less overhead. MISTP discards PVST+ BPDUs.

An MISTP instance can have any number of VLANs that are mapped to it, but a VLAN can be mapped only to a single MISTP instance. You can easily move a VLAN (or VLANs) in an MISTP topology to another MISTP instance if it has converged. (However, if ports are added at the same time that the VLAN is moved, convergence time is required.)

MISTP-PVST+ Mode

MISTP-PVST+ is a transition spanning-tree mode that allows you to use the MISTP functionality on Catalyst 6500 series switches while continuing to communicate with the Catalyst 5000 and 6500 series switches in your network that use PVST+. A switch using PVST+ mode that is connected to a switch using MISTP mode cannot see the BPDUs of the other switch, which is a condition that can cause loops in the network. MISTP-PVST+ allows interoperability between PVST+ and pure MISTP because it sees the BPDUs of both modes. To convert your network to MISTP, use MISTP-PVST+ to transition the network from PVST+ to MISTP.

Because MISTP-PVST+ conforms to the limits of PVST+, you cannot configure more VLAN ports on your MISTP-PVST+ switches than on your PVST+ switches.

Understanding How Bridge Identifiers Work

These sections explain how MAC addresses are used in PVST+ and MISTP as unique bridge identifiers:

•MAC Address Allocation

•MAC Address Reduction

MAC Address Allocation

Catalyst 6500 series switches have a pool of 1024 MAC addresses that can be used as bridge identifiers for VLANs running under PVST+ or for MISTP instances. You can use the show module command to view the MAC address range.

MAC addresses are allocated sequentially, with the first MAC address in the range assigned to VLAN 1, the second MAC address in the range assigned to VLAN 2, and so on. The last MAC address in the range is assigned to the supervisor engine in-band (sc0) management interface.

For example, if the MAC address range is 00-e0-1e-9b-2e-00 to 00-e0-1e-9b-31-ff, the VLAN 1 bridge ID is 00-e0-1e-9b-2e-00, the VLAN 2 bridge ID is 00-e0-1e-9b-2e-01, the VLAN 3 bridge ID is 00-e0-1e-9b-2e-02, and so forth. The in-band (sc0) interface MAC address is 00-e0-1e-9b-31-ff.

MAC Address Reduction

For Catalyst 6500 series switches that support 4096 VLANs, MAC address reduction allows up to 4096 VLANs running under PVST+ or 16 MISTP instances to have unique identifiers without increasing the number of MAC addresses that are required on the switch. MAC address reduction reduces the number of MAC addresses that are required by the STP from one per VLAN or MISTP instance to one per switch. However, because VLANs running under PVST+ and MISTP instances running under MISTP-PVST+ or MISTP are considered logical bridges, each bridge must have its own unique identifier in the network.

When you enable MAC address reduction, the bridge identifier that is stored in the spanning-tree BPDU contains an additional field called the system ID extension. Combined with the bridge priority, the system ID extension functions as the unique identifier for a VLAN or an MISTP instance. The system ID extension is always the number of the VLAN or the MISTP instance; for example, the system ID extension for VLAN 100 is 100, and the system ID extension for MISTP instance 2 is 2.

Figure 7-8 shows the bridge identifier when you do not enable MAC address reduction. The bridge identifier consists of the bridge priority and the MAC address.

Figure 7-8 Bridge Identifier without MAC Address Reduction

Figure 7-9 shows the bridge identifier when you enable MAC address reduction. The bridge identifier consists of the bridge priority, the system ID extension, and the MAC address. The bridge priority and the system ID extension combined are known as the bridge ID priority. The bridge ID priority is the unique identifier for the VLAN or the MISTP instance.

Figure 7-9 Bridge Identifier with MAC Address Reduction Enabled

When you enter the show spantree command, you can see the bridge ID priority for a VLAN in PVST+ or for an MISTP instance in MISTP or MISTP-PVST+ mode.

This example shows the bridge ID priority for VLAN 1 when you enable MAC address reduction in PVST+ mode. The unique identifier for this VLAN is 32769.
Console> (enable) show spantree 1
VLAN 1
Spanning tree mode          PVST+
Spanning tree type          ieee
  .
  .
  .
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          32769  (bridge priority: 32768, sys ID ext: 1)
Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec
If you have a Catalyst switch in your network with MAC address reduction enabled, you should also enable MAC address reduction on all other Layer-2 connected switches to avoid undesirable root election and spanning-tree topology issues.

When MAC address reduction is enabled, the root bridge priority becomes a multiple of 4096 plus the VLAN ID. With MAC address reduction enabled, a switch bridge ID (used by the spanning-tree algorithm to determine the identity of the root bridge, the lowest being preferred) can only be specified as a multiple of 4096. Only the following values are possible: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

If another bridge in the same spanning-tree domain does not run the MAC address reduction feature, it could claim and win root bridge ownership because of the finer granularity in the selection of its bridge ID.

Note MAC address reduction is enabled by default on Cisco switches that have 64 MAC addresses (to find the number of MAC addresses supported on a switch, refer to the Catalyst 6500 Series Switch Release Notes for Software Release 8.x publication).

Understanding How Multiple Spanning Tree Works

The Multiple Spanning Tree (MST) feature is the IEEE 802.1s and is an amendment to 802.1Q. MST extends the 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees. This extension provides for both rapid convergence and load balancing in a VLAN environment. In software release 8.3(1), the MST protocol is compliant with IEEE 802.1s and is backward compatible with 802.1D STP, 802.1w, the Rapid Spanning Tree Protocol (RSTP), and the Cisco PVST+ architecture that was implemented in previous software releases. The MST protocol in software release 8.3(1) will interoperate with MST in earlier software releases.

MST allows you to build multiple spanning trees over VLAN trunks. You can group and associate VLANs to spanning-tree instances. Each instance can have a topology that is independent of other spanning-tree instances, and each instance can have a different port instance cost and port instance priority. This architecture provides multiple forwarding paths for data traffic and enables load balancing. Network fault tolerance is improved because a failure in one instance (forwarding path) does not affect other instances (forwarding paths).

In large networks, having different VLAN spanning-tree instance assignments that are located in different parts of the network makes it easier to administrate and optimally utilize redundant paths. However, a spanning-tree instance can exist only on bridges that have compatible VLAN instance assignments. MST requires that you configure a set of bridges with the same MST configuration information, which allows them to participate in a given set of spanning-tree instances. Interconnected bridges that have the same MST configuration are referred to as an MST region.

MST uses the modified RSTP version called the Multiple Spanning Tree Protocol (MSTP). The MST feature has these characteristics:

•MST runs a variant of spanning tree that is called Internal Spanning Tree (IST). IST augments the Common Spanning Tree (CST) information with internal information about the MST region. The MST region appears as a single bridge to adjacent Single Spanning Tree (SST) and MST regions.

•A bridge running MST provides interoperability with single spanning-tree bridges as follows:

–MST bridges run a variant of STP (IST) that augments the Common Spanning Tree (CST) information with internal information about the MST region.

–IST connects all the MST bridges in the region and appears as a subtree in the CST that encompasses the whole bridged domain. The MST region appears as a virtual bridge to adjacent SST bridges and MST regions.

–The collection of ISTs in each MST region, the CST that interconnects the MST regions, and the SST bridges define Common and Internal Spanning Tree (CIST). CIST is the same as an IST inside an MST region and the same as a CST outside an MST region. The STP, RSTP, and MSTP together elect a single bridge as the root of CIST.

•MST establishes and maintains additional spanning trees within each MST region. These spanning trees are referred to as MST instances (MSTIs). The IST is numbered 0, and the MSTIs are numbered 1,2,3,... and so on. Any given MSTI is local to the MST region that is independent of MSTIs in another region, even if the MST regions are interconnected. MST instances combine with the IST at the boundary of MST regions to become the CST as follows:

–Spanning-tree information for an MSTI is contained in an MSTP record (M-record).

M-records are always encapsulated within MST BPDUs (MST BPDUs). The original spanning trees that are computed by MSTP are called M-trees. M-trees are active only within the MST region. M-trees merge with the IST at the boundary of the MST region and form the CST.

•MST provides interoperability with PVST+ by generating PVST+ BPDUs for the non-CST VLANs.

•MST supports some of the PVST+ extensions in MSTP as follows:

–UplinkFast and BackboneFast are not available in MST mode; they are part of RSTP.

–PortFast is supported.

–BPDU filtering and BPDU guard are supported in MST mode.

–Loop guard and root guard are supported in MST. MST preserves the VLAN 1 disabled functionality except that BPDUs are still transmitted in VLAN 1.

–MST switches behave as if MAC reduction is enabled.

–For private VLANs (PVLANs), secondary VLANs are mapped to the same instance as the primary.

Follow these guidelines when using MST:

•Do not disable spanning tree on any VLAN in any of the PVST bridges.

•Ensure that all PVST spanning-tree root bridges have lower (numerically higher) priority than the CST root bridge.

•Do not use PVST bridges as the root of CST.

•Ensure that trunks carry all of the VLANs that are mapped to an instance or do not carry any VLANs at all.

•Do not connect switches with access links because access links may partition a VLAN.

•You should perform any MST configuration involving a large number of either existing or new logical VLAN ports during the maintenance window because the complete MST database gets reinitialized for any incremental changes (such as adding new VLANs to instances or moving VLANs across instances).

These sections describe MST:

•Rapid Spanning Tree Protocol

•MST-to-SST Interoperability

•Common Spanning Tree

•MST Instances

•MST Configuration

•MST Region

•Message Age and Hop Count

•MST-to-PVST+ Interoperability

Rapid Spanning Tree Protocol

RSTP significantly reduces the time to reconfigure the active topology of the network when changes to the physical topology or its configuration parameters occur. RSTP selects one switch as the root of a spanning-tree-connected active topology and assigns port roles to individual ports of the switch, depending on whether that port is part of the active topology.

RSTP provides rapid connectivity following the failure of a switch, switch port, or a LAN. A new root port and the designated port on the other side of the bridge transition to forwarding through an explicit handshake between them. RSTP allows switch port configuration so that the ports can transition to forwarding directly when the switch reinitializes.

RSTP, specified in 802.1w, supersedes STP, which is specified in 802.1D, while remaining compatible with STP. RSTP provides the structure on which the MST operates. You configure RSTP when you configure the MST feature. For more information, see the "Configuring Multiple Spanning Tree on the Switch" section.

RSTP provides backward compatibility with 802.1D bridges as follows:

•RSTP selectively sends 802.1D-configured BPDUs and Topology Change Notification (TCN) BPDUs on a per-port basis.

•When a port initializes, the Migration Delay timer starts and RSTP BPDUs are transmitted. While the Migration Delay timer is active, the bridge processes all BPDUs that are received on that port. RSTP BPDUs are not visible on the port; only version 3 BPDUs are visible.

•If the bridge receives an 802.1D BPDU after a port's Migration Delay timer expires, the bridge assumes that it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.

•When RSTP uses 802.1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires, RSTP restarts the Migration Delay timer and begins using RSTP BPDUs on that port.

RSTP Port Roles

RSTP uses the following definitions for port roles:

•Root—A forwarding port that is elected for the spanning-tree topology.

•Designated—A forwarding port that is elected for every switched LAN segment.

•Alternate—An alternate path to the root bridge to that provided by the current root port.

•Backup—A backup for the path that is provided by a designated port toward the leaves of the spanning tree. Backup ports can exist only where two ports are connected together in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment.

•Disabled—A port that has no role within the operation of spanning tree.

Port roles are assigned as follows:

•A root port or designated port role includes the port in the active topology.

•An alternate port or backup port role excludes the port from the active topology.

RSTP Port States

The port state controls the forwarding and learning processes and provides the values of discarding, learning, and forwarding. Table 7-3 provides a comparison between STP port states and RSTP port states.

Table 7-3 Comparison Between STP and RSTP Port States

Operational Status

STP Port State

RSTP Port State

Port Included in Active Topology

Enabled

Blocking¹

Discarding²

No

Enabled

Listening

Discarding

No

Enabled

Learning

Learning

Yes

Enabled

Forwarding

Forwarding

Yes

Disabled

Disabled

Discarding

No

¹IEEE 802.1D port state designation.

²IEEE 802.1w port state designation. Discarding is the same as blocking in MST.

In a stable topology, RSTP ensures that every root port and designated port transition to forwarding while all alternate ports and backup ports are always in the discarding state.

MST-to-SST Interoperability

A virtual bridged LAN may contain interconnected regions of SST and MST bridges. See Figure 7-10.

Figure 7-10 Network with Interconnected SST and MST Regions

To the spanning-tree protocol running in the SST region, an MST region appears as a single SST or pseudobridge. Pseudobridges operate as follows:

•The same values for root identifiers and root path costs are sent in all BPDUs of all the pseudobridge ports. Pseudobridges differ from a single SST bridge as follows:

–The pseudobridge BPDUs have different bridge identifiers. This difference does not affect STP operation in the neighboring SST regions because the root identifier and root cost are the same.

–BPDUs that are sent from the pseudobridge ports may have significantly different message ages. Because the message age increases by 1 second for each hop, the difference in the message age is in the order of seconds.

•Data traffic from one port of a pseudobridge (a port at the edge of a region) to another port follows a path that is entirely contained within the pseudobridge or MST region.

•Data traffic belonging to different VLANs may follow different paths within the MST regions that are established by MST.

•Loop prevention is achieved by either of the following:

–Blocking the appropriate pseudobridge ports by allowing one forwarding port on the boundary and blocking all other ports.

–Setting the CST partitions to block the ports of the SST regions.

•A pseudobridge differs from a single SST bridge because the BPDUs that are sent from the pseudobridge's ports have different bridge identifiers. The root identifier and root cost are the same for both bridges.

Common Spanning Tree

CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 6500 series switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Catalyst 6500 series switch running MST, IST (instance 0) corresponds to CST.

MST Instances

MST supports up to 64 instances; each spanning-tree instance is identified by an instance ID that ranges from 0-63. Instance 0 is mandatory and is always present. Instances 1-63 are optional.

With software release 8.3(1) and later releases, the instance ID can range from 0-4094. Instances 1-4094 are optional.

MST Configuration

MST configuration has three parts as follows:

•Name—A 32-character string (null padded and null terminated) identifying the MST region.

•Revision number—An unsigned 16-bit number that identifies the revision of the current MST configuration.

Note You must set the revision number when required as part of the MST configuration. The revision number is not incremented automatically each time that the MST configuration is committed.

•MST configuration table—An array of 4096 elements representing all the possible extended-range VLANs. The value of element number X represents the instance to which VLAN X is mapped. VLAN 0 and VLAN 4095 are unused and are always mapped to the instance 0.

You must configure each byte manually. You can use SNMP or the CLI to perform the configuration.

MST BPDUs contain the MST configuration ID and the checksum. An MST bridge accepts an MST BPDU only if the MST BPDU configuration ID and the checksum match its own MST region configuration ID and checksum. If one value is different, the MST BPDU is treated as an SST BPDU.

When you modify an MST configuration through either a console or Telnet connection, the session exits without committing those changes and the edit buffer locks. Further configuration is impossible until you discard the existing edit buffer and acquire a new edit buffer by entering the set spantree mst config rollback force command.

With software release 8.3(1) and later releases, if you configure the MST configuration on a switch that is the VTP mode primary server for MST, all the other switches receive the MST configuration. For detailed information on VTP version 3 MST propagation, see the "Understanding How VTP Version 3 Works" section on page 10-12.

MST Region

Interconnected bridges that have the same MST configuration are referred to as an MST region. There is no limit on the number of MST regions in the network.

To form an MST region, bridges can be either of the following:

•An MST bridge that is the only member of the MST region.

•An MST bridge that is interconnected by a LAN. A LAN's designated bridge has the same MST configuration as an MST bridge. All the bridges on the LAN can process MST BPDUs.

If you connect two MST regions with different MST configurations, the MST regions do the following:

•Load balance across redundant paths in the network. If two MST regions are redundantly connected, all traffic flows on a single connection with the MST regions in a network.

•Provide an RSTP handshake to enable rapid connectivity between regions. However, the handshaking is not as fast as between two bridges. To prevent loops, all the bridges inside the region must agree upon the connections to other regions. This situation introduces a certain delay. We do not recommend partitioning the network into a large number of regions.

Switches running software release 8.3(1) and later releases form a different region than that of neighboring switches running earlier releases.

Boundary Ports

A boundary port is a port that connects to a LAN, the designated bridge of which, is either an SST bridge or a bridge with a different MST configuration. A designated port knows that it is on the boundary if it detects an STP bridge or receives an agreement message from an RST or MST bridge with a different configuration.

At the boundary, the role of MST ports does not matter; the MST-port state is forced to be the same as the IST port state. If the boundary flag is set for the port, the MSTP port role selection mechanism assigns a port role to the boundary and the same state as that of the IST port. The IST port at the boundary can take up any port role except a backup port role.

CIST Regional Root

The CIST regional root of an MST region is the bridge with the lowest bridge identifier and the least path cost to the CST root. If an MST bridge is the root bridge for CST, then it is the CIST regional root of that MST region. If the CST root is outside the MST region, then one of the MST bridges at the boundary is selected as the CIST regional root. Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root.

If two or more bridges at the boundary of a region have an identical path to the root, you can set a slightly lower bridge priority (higher port priority number) to make a specific bridge the CIST regional root.

The root path cost and message age inside a region stay constant, but the IST path cost is incremented and the IST remaining hops are decremented at each hop. Enter the show spantree mst command to display the information about the CIST regional root, path cost, and remaining hops for the bridge.

Edge Ports

A port that is connected to a nonbridging device (for example, a host or a router) is an edge port. A port that connects to a hub is also an edge port if the hub or any LAN that is connected by it does not have a bridge. An edge port can start forwarding as soon as the link is up.

MST requires that you configure all ports for each host or router. To establish rapid connectivity after a failure, you need to block the nonedge designated ports of an intermediate bridge. If the port connects to another bridge that can send back an agreement, then the port starts forwarding immediately. Otherwise, the port needs twice the forward delay time to start forwarding again. You must explicitly configure the ports that are connected to the hosts and routers as edge ports while using MST.

Note To configure a port as an edge port, you enable PortFast on that port. When you enter the show spantree portfast mod/port command, if the designation for a port is displayed as edge, that port is also a PortFast port. For more information, see Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

To prevent a misconfiguration, the PortFast operation is turned off if the port receives a BPDU. You can display the configured and operational status of PortFast by using the show spantree mst mod/port command.

Link Type

Rapid connectivity is established only on point-to-point links. You must configure ports explicitly to a host or router. However, cabling in most networks meets this requirement, and you can avoid explicit configuration by treating all full-duplex links as point-to-point links by entering the set spantree mst link-type command.

Message Age and Hop Count

IST and MST instances do not use the Message Age and Maximum Age timer settings in the BPDU. IST and MST use a separate hop count mechanism that is very similar to the IP TTL mechanism. You can configure each MST bridge with a maximum hop count. The root bridge of the instance sends a BPDU (or M-record) with the remaining hop count that is equal to the maximum hop count. When a bridge receives a BPDU (or M-record), it decrements the received remaining hop count by one. The bridge discards the BPDU (M-record) and ages out the information that is held for the port if the count reaches zero after decrementing. The nonroot bridges propagate the decremented count as the remaining hop count in the BPDUs (M-records) that they generate.

The Message Age and Maximum Age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region's designated ports at the boundary.

MST-to-PVST+ Interoperability

These guidelines apply in a topology where you configure MST switches (all in the same region) to interact with PVST+ switches that have VLANs 1-100 set up to span throughout the network:

•Configure the root for all VLANs inside the MST region. The ports that belong to the MST switch at the boundary simulate PVST+ and send PVST+ BPDUs for all the VLANs. This example shows the ports simulating PVST:
Console> (enable) show spantree mst 3
Spanning tree mode          MST
Instance                    3
VLANs Mapped:              31-40
Designated Root             00-10-7b-bb-2f-00
Designated Root Priority    8195  (root priority:8192, sys ID ext:3)
Designated Root Cost        0          Remaining Hops 20
Designated Root Port        1/0
Bridge ID MAC ADDR          00-10-7b-bb-2f-00
Bridge ID Priority          8195  (bridge priority:8192, sys ID ext:3)
Port                     State         Role Cost     Prio Type
------------------------ ------------- ---- -------- ------------------------
 6/1                     forwarding    BDRY    10000   30 P2P,
Boundary(PVST)
 6/2                     blocking      BDRY    20000   32 P2P,
Boundary(PVST)
If you enable loop guard on the PVST+ switches, the ports might change to a loop-inconsistent state when the MST switches change their configuration. To correct the loop-inconsistent state, you must disable and reenable loop guard on that PVST+ switch.

•Do not locate the root for some or all of the VLANs inside the PVST+ side of the MST switch because when the MST switch at the boundary receives PVST+ BPDUs for all or some of the VLANs on its designated ports, root guard sets the port to the blocking state. Do not designate switches with a slower CPU running PVST+ as a switch running MST.

When you connect a PVST+ switch to two different MST regions, the topology change from the PVST+ switch does not pass beyond the first MST region. In this case, the topology changes are only propagated in the instance to which the VLAN is mapped. The topology change stays local to the first MST region and the CAM entries in the other region are not flushed To make the topology change visible throughout other MST regions, you can map that VLAN to IST or connect the PVST+ switch to the two regions through access links.

Understanding How BPDU Skewing Works

BPDU skewing is the difference in time between when the BPDUs are expected to be received by the switch and when the BPDUs are actually received by that switch. Skewing occurs as follows:

•Spanning-tree timers lapse.

•Expected BPDUs are not received by the switch.

•Spanning tree detects topology changes.

The skew causes BPDUs to reflood the network to keep the spanning-tree topology database current.

The root switch advertises its presence by sending out BPDUs for the configured hello time interval. The nonroot switches receive and process one BPDU during each configured time period. A VLAN may not receive the BPDU as scheduled. If the BPDU is not received on a VLAN at the configured time interval, the BPDU is skewed.

Spanning tree uses the hello time (see the "Configuring the Hello Time" section) to detect when a connection to the root switch exists through a port and when that connection is lost. This feature applies to both PVST+ and MISTP. In MISTP, the skew detection is on a per-instance basis.

BPDU skewing detects BPDUs that are not processed in a regular time frame on the nonroot switches in the network. If BPDU skewing occurs, a syslog message is displayed. The syslog applies to both PVST+ and MISTP.

The number of syslog messages that are generated may impact the network convergence and the CPU utilization of the switch. New syslog messages are not generated as individual messages for every VLAN because the higher the number of syslog messages that are reported, the slower the switching process will be. To reduce the impact on the switch, the syslog messages are as follows:

•Generated 50 percent of the maximum age time (see the "Configuring the Maximum Aging Time" section)

•Rate limited at one for every 60 seconds

Understanding How Layer 2 PDU Rate Limiting Works

You can use rate limiters to prevent receiving an unwanted number of protocol data units (PDUs) or more than a certain number of PDUs from a neighboring switch. The Layer 2 PDU rate limiters are supported in the hardware on the Catalyst 6500 series switches. They rate limit traffic on the Local Target Logic (LTL) index.

You can configure up to four rate limiters. You can configure rate limters to limit the following PDU types globally on the switch:

•Spanning-tree BPDUs—IEEE and SSTP, CDP, UDLD, VTP, and PAgP

•Layer 2 protocol tunnel-encapsulated PDUs

•802.1X port security

These restrictions apply if you want to enable rate limiting:

•Hardware-based rate limiters are supported on Catalyst 6500 series switches that are configured with a PFC3A or later PFC.

•The Catalyst 6500 series switch cannot be in truncated mode. If you attempt to enable rate limiting and you are in truncated mode, an error message is displayed.

•If the rate limiter is enabled and some events cause the system to go from nontruncated mode to truncated mode, rate limiting is disabled and an informational message is displayed.

Configuring PVST+ on the Switch

These sections describe how to configure PVST+ on Ethernet VLANs:

•Default PVST+ Configuration

•Setting the PVST+ Bridge ID Priority

•Configuring the PVST+ Port Cost

•Configuring the PVST+ Port Priority

•Configuring the PVST+ Default Port Cost Mode

•Configuring the PVST+ Port Cost for a VLAN

•Configuring the PVST+ Port Priority for a VLAN

•Disabling the PVST+ Mode on a VLAN

Default PVST+ Configuration

Table 7-4 shows the default PVST+ configuration.

Table 7-4 PVST+ Default Configuration

Feature

Default Value

VLAN 1

All ports assigned to VLAN 1

Enable state

PVST+ enabled for all VLANs

MAC address reduction

Disabled

Bridge priority

32768

Bridge ID priority

32769 (bridge priority plus system ID extension of VLAN 1)

Port priority

32

Port cost

•10-Gigabit Ethernet: 2

•Gigabit Ethernet: 4

•Fast Ethernet: 19¹

•FDDI/CDDI: 10

•Ethernet: 100²

Default spantree port cost mode

Short (802.1D)

Port VLAN priority

Same as port priority but configurable on a per-VLAN basis in PVST+

Port VLAN cost

Same as port cost but configurable on a per-VLAN basis in PVST+

Maximum aging time

20 seconds

Hello time

2 seconds

Forward delay time

15 seconds

¹If 10/100 Mbps ports autonegotiate or are hard set to 100 Mbps, the port cost is 19.

²If 10/100 Mbps ports autonegotiate or are hard set to 10 Mbps, the port cost is 100.

Setting the PVST+ Bridge ID Priority

The bridge ID priority is the priority of a VLAN when the switch is in PVST+ mode.

When the switch is in PVST+ mode without MAC address reduction enabled, you can enter a bridge priority value between 0-65535. The bridge priority value that you enter also becomes the VLAN bridge ID priority for that VLAN.

When the switch is in PVST+ mode with MAC address reduction enabled, you can enter one of 16 bridge priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, or 61440.

The bridge priority is combined with the system ID extension (that is, the ID of the VLAN) to create the bridge ID priority for the VLAN.

To set the spanning-tree bridge priority for a VLAN, perform this task in privileged mode:

Task

Command

Step 1

Set the PVST+ bridge ID priority for a VLAN.

set spantree priority bridge_ID_priority [vlan]

Step 2

Verify the bridge ID priority.

show spantree [vlan] [active]

This example shows how to set the PVST+ bridge ID priority when MAC address reduction is not enabled (default):
Console> (enable) set spantree priority 30000 1
Spantree 1 bridge priority set to 30000.
Console> (enable) show spantree 1 
VLAN 1
Spanning tree mode          PVST+
Spanning tree type          ieee
Spanning tree enabled
Designated Root             00-60-70-4c-70-00
Designated Root Priority    16384
Designated Root Cost        19
Designated Root Port        2/3
Root Max Age   14 sec   Hello Time 2 sec   Forward Delay 10 sec
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          30000
Bridge Max Age 20 sec   Hello Time 2 sec   Forward Delay 15 sec
Port                     Vlan Port-State    Cost      Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
 1/1                     1    not-connected         4   32 disabled 0
 1/2                     1    not-connected         4   32 disabled 0
 2/1                     1    not-connected       100   32 disabled 0
 2/2                     1    not-connected       100   32 disabled 0 
This example shows how to set the PVST+ bridge ID priority when MAC reduction is enabled:
Console> (enable) set spantree priority 32768 1
Spantree 1 bridge ID priority set to 32769
(bridge priority: 32768 + sys ID extension: 1)
Console> (enable) show spantree 1/1 1
VLAN 1
Spanning tree mode          PVST+
Spanning tree type          ieee
Spanning tree enabled
Designated Root             00-60-70-4c-70-00
Designated Root Priority    16384
Designated Root Cost        19
Designated Root Port        2/3
Root Max Age   14 sec   Hello Time 2 sec   Forward Delay 10 sec
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          32769 (bridge priority: 32768, sys ID ext: 1)
Bridge Max Age 20 sec   Hello Time 2 sec   Forward Delay 15 sec
Port                     Vlan Port-State    Cost      Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
 1/1                     1    not-connected         4   32 disabled 0
 1/2                     1    not-connected         4   32 disabled 0
 2/1                     1    not-connected       100   32 disabled 0
 2/2                     1    not-connected       100   32 disabled 0 
Configuring the PVST+ Port Cost

You can configure the port cost of switch ports. The ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. The possible cost is from 1-65535 when using the short method for calculating port cost and from 1-200000000 when using the long method. The default cost differs for different media. For information about calculating the port cost, see the "Calculating and Assigning Port Costs" section.

To configure the PVST+ port cost for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the PVST+ port cost for a switch port.

set spantree portcost {mod/port} cost

Step 2

Verify the port cost setting.

show spantree mod/port

Note When you enter the set spantree channelcost command, it does not appear in the configuration file. The command causes a "set spantree portcost" entry to be created for each port in the channel. See the "Setting the EtherChannel Port Path Cost" section in Chapter 6, "Configuring EtherChannel," for information on using the set spantree channelcost command.

This example shows how to configure the PVST+ port cost on a port and verify the configuration:
Console> (enable) set spantree portcost 2/3 12
Spantree port 2/3 path cost set to 12.
Console> (enable) show spantree 2/3
VLAN 1
   .
   .
   .
Port                     Vlan Port-State    Cost      Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
 1/1                     1    not-connected         4   32 disabled 0
 1/2                     1    not-connected         4   32 disabled 0
 2/1                     1    not-connected       100   32 disabled 0
 2/2                     1    not-connected       100   32 disabled 0
 2/3                     1    forwarding           12   32 disabled 0
 2/4                     1    not-connected       100   32 disabled
Configuring the PVST+ Port Priority

You can configure the port priority of switch ports in PVST+ mode. The port with the lowest priority value forwards frames for all VLANs. The possible port priority value is a multiple of 16 from 0-240. The default is 32. If all ports have the same priority value, the port with the lowest port number forwards frames.

To configure the PVST+ port priority for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the PVST+ port priority for a switch port.

set spantree portpri mod/port priority

Step 2

Verify the port priority setting.

show spantree mod/port

This example shows how to configure the PVST+ port priority for a port:
Console> (enable) set spantree portpri 2/3 48
Bridge port  2/3 port priority set to 48.
Console> (enable) show spantree 2/3
VLAN 1 
   .
   .
   .
Port                     Vlan Port-State    Cost      Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
 1/1                     1    not-connected         4   32 disabled 0
 1/2                     1    not-connected         4   32 disabled 0
 2/1                     1    not-connected       100   32 disabled 0
 2/2                     1    not-connected       100   32 disabled 0
 2/3                     1    forwarding           19   48 disabled 0
 2/4                     1    not-connected       100   32 disabled 0    
This example shows that values that are not multiples of 16 (between the values of 0-63) are converted to the nearest multiple of 16:
Console> (enable) set spantree portpri 2/3 2
Vlan port priority must be one of these numbers:0, 16, 32, 48, 64, 80,
96, 112, 128, 144,
160, 176, 192, 208, 224, 240
converting 2 to 0 nearest multiple of 16
Bridge port  2/3 port priority set to 0.
Configuring the PVST+ Default Port Cost Mode

If any switch in your network is using a port speed of 10 Gb or over and the network is using PVST+ spanning-tree mode, all switches in the network must have the same path cost defaults. You can enter the set spantree defaultcostmode command to force all VLANs that are associated with all the ports to have the same port cost default set.

Two default port cost modes are available—short and long.

•The short mode has these parameters:

–Portcost

–Portvlancost (trunk ports only)

–When UplinkFast is enabled, the actual cost is incremented by 3000

•The long mode has these parameters:

–Portcost

–Portvlancost (trunk ports only)

–When UplinkFast is enabled, the actual cost is incremented by 10,000,000

–EtherChannel computes the cost of a bundle using the formula, AVERAGE_COST/NUM_PORT

The default port cost mode is set to short in PVST+ mode. For port speeds of 10 Gb and greater, the default port cost mode must be set to long.

To configure the PVST+ default port cost mode, perform this task in privileged mode:

Task

Command

Configure the PVST+ default port cost mode.

set spantree defaultcostmode {short | long}

This example shows how to configure the PVST+ default port cost mode:
Console> (enable) set spantree defaultcostmode long
Portcost and portvlancost set to use long format default values.
Console> (enable) 
Configuring the PVST+ Port Cost for a VLAN

You can configure the port cost for a port on a per-VLAN basis. Ports with a lower port cost in the VLAN are more likely to be chosen to forward frames. You should assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. The possible cost is from 1-65535 when using the short method for calculating port cost and from 1-200000000 when using the long method. The default cost differs for different media. For information about calculating port cost, see the "Calculating and Assigning Port Costs" section.

To configure the PVST+ port VLAN cost for a port, perform this task in privileged mode:

Task

Command

Configure the PVST+ port cost for a VLAN on a port.

set spantree portvlancost {mod/port} [cost cost] [vlan_list]

Note When you use the set spantree channelcost command, it does not appear in the configuration file. The command causes a "set spantree portcost" entry to be created for each port in the channel. See the "Setting the EtherChannel Port Path Cost" section in Chapter 6, "Configuring EtherChannel," for information on using the set spantree channelcost command.

This example shows how to configure the PVST+ port VLAN cost on port 2/3 for VLANs 1-5:
Console> (enable) set spantree portvlancost 2/3 cost 20000 1-5
Port 2/3 VLANs 6-11,13-1005,1025-4094 have path cost 12.
Port 2/3 VLANs 1-5,12 have path cost 20000.
This parameter applies to trunking ports only.
Console> (enable)
Configuring the PVST+ Port Priority for a VLAN

When the switch is in PVST+ mode, you can set the port priority for a trunking port in a VLAN. The port with the lowest priority value for a specific VLAN forwards frames for that VLAN. The possible port priority value is a multiple of 16 from 0-240. The default is 16. If all ports have the same priority value for a particular VLAN, the port with the lowest port number forwards frames for that VLAN.

The port VLAN priority value must be lower than the port priority value.

To configure the port VLAN priority for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the PVST+ port priority for a VLAN on a port.

set spantree portvlanpri mod/port priority [vlans]

Step 2

Verify the port VLAN priority.

show config all

This example shows how to configure the port priority for VLAN 6 on port 2/3:
Console> (enable) set spantree portvlanpri 2/3 16 6
Port 2/3 vlans 6 using portpri 16.
Port 2/3 vlans 1-5,7-800,802-1004,1006-4094 using portpri 32.
Port 2/3 vlans 801,1005 using portpri 4.
This parameter applies to trunking ports only.
Console> (enable) show config all
   .
   .
   .
set spantree portcost    2/12,2/15 19
set spantree portcost    2/1-2,2/4-11,2/13-14,2/16-48 100
set spantree portcost    2/3 12
set spantree portpri     2/1-48 32
set spantree portvlanpri 2/1 0
set spantree portvlanpri 2/2 0
   .
   .
   .
set spantree portvlanpri 2/48 0
set spantree portvlancost 2/1 cost 99
set spantree portvlancost 2/2 cost 99
set spantree portvlancost 2/3 cost 20000 1-5,12    
Disabling the PVST+ Mode on a VLAN

When the switch is in PVST+ mode, you can disable spanning tree on individual VLANs or all VLANs. When you disable spanning tree on a VLAN, the switch does not participate in spanning tree and any BPDUs that are received in that VLAN are flooded on all ports.

Caution We do not recommend disabling spanning tree, even in a topology that is free of physical loops. Spanning tree serves as a safeguard against misconfigurations and cabling errors. Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN.

Caution Do not disable spanning tree on a VLAN unless all switches or routers in the VLAN have spanning tree disabled. You cannot disable spanning tree on some switches or routers in a VLAN and leave spanning tree enabled on other switches or routers in the VLAN. If spanning tree remains enabled on the switches and routers, they will have incomplete information about the physical topology of the network. This situation may cause unexpected results.

To disable PVST+, perform this task in privileged mode:

Task

Command

Disable PVST+ mode on a VLAN.

set spantree disable vlans [all]

This example shows how to disable PVST+ on a VLAN:
Console> (enable) set spantree disable 4
Spantree 4 disabled.
Console> (enable) 
Configuring Rapid-PVST+ on the Switch

Rapid-PVST+ is the default spanning tree protocol that is used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 6500 series switches. To configure Rapid-PVST+, you need to also configure PVST+ on your switch. You can configure PVST+ either before or after you enable Rapid-PVST+.

To configure Rapid-PVST+, perform this task in privileged mode:

Task

Command

Step 1

Enable Rapid-PVST+.

set spantree mode rapid-pvst+

Step 2

Set the link-type to point-to-point mode for the port.

set spantree link-type mod/port point-to-point

Step 3

Detect any legacy bridges on the port.

clear spantree detected-protocols mod/port

Step 4

Verify the Rapid-PVST+ configuration.

show spantree vlan

This example shows how to configure Rapid-PVST+:
Console> (enable) set spantree mode rapid-pvst+
Spantree mode set to RAPID-PVST+.
Console> (enable) set spantree link-type 3/1 point-to-point
Link type set to point-to-point on port 3/1.
Console> (enable) clear spantree detected-protocols 3/1
Spanning tree protocol detection forced on port 3/1
Console> (enable) 
This example shows how to verify the Rapid-PVST+ configuration for VLAN 1. Notice that the first line in the output displays the spanning-tree mode.
Console> show spantree 1
Spanning tree mode          RAPID-PVST+
Spanning tree type          ieee
Spanning tree enabled.
.
.
.
Port          State       Role     Cost    Prio   Type
------------  ----------- -------  -----   ----   -----------------
6/1          forwarding  ROOT     20000    16    Shared, PEER(STP)
Console> (enable)
This example shows how to verify the link type, edge port, and guard type for port 3/6:
Console> show spantree 3/6
Port 3/6
Edge Port:      No, (Configured) Default
Port Guard:     Default
Link Type:      P2P(Configured) Auto
Port     VLAN     State       Role    Cost     Prio  Type
------   -----    ----------  ------  -------- ----  -----
3/6       1       listening   DESG    20000    32    P2P
3/6       2       listening   DESG    20000    32    P2P
3/6       3       listening   DESG    20000    32    P2P
3/6       4       listening   DESG    20000    32    P2P
3/6       5       listening   DESG    20000    32    P2P
3/6       6       listening   DESG    20000    32    P2P
3/6       7       listening   DESG    20000    32    P2P
3/6       8       listening   DESG    20000    32    P2P
3/6       9       listening   DESG    20000    32    P2P
3/6       10      listening   DESG    20000    32    P2P
3/6       11      listening   DESG    20000    32    P2P
3/6       12      listening   DESG    20000    32    P2P
3/6       13      listening   DESG    20000    32    P2P
3/6       14      listening   DESG    20000    32    P2P
3/6       15      listening   DESG    20000    32    P2P
3/6       16      listening   DESG    20000    32    P2P
3/6       17      listening   DESG    20000    32    P2P
3/6       18      listening   DESG    20000    32    P2P
3/6       19      listening   DESG    20000    32    P2P
Console> (enable)
Configuring MISTP-PVST+ or MISTP on the Switch

The default spanning-tree mode on the Catalyst 6500 series switches is Rapid-PVST+ mode. If you want to use MISTP mode in your network, we recommend that you carefully follow the procedures that are described in the following sections in order to avoid losing connectivity in your network.

When you change the spanning-tree mode, the current mode stops, the information collected at runtime is used to build the port database for the new mode, and the new spanning-tree mode restarts the computation of the active topology. Information about the port states is lost; however, all of the configuration parameters are preserved for the previous mode. If you return to the previous mode, the configuration is still there.

Note We recommend that if you use MISTP mode, you should configure all of your Catalyst 6500 series switches to run MISTP.

To use MISTP mode, you first enable an MISTP instance and then map at least one VLAN to the instance. You must have at least one forwarding port in the VLAN in order for the MISTP instance to be active.

Note Map VLANs to MISTP instances on Catalyst 6500 series switches that are either in VTP server mode or transparent mode only. You cannot map VLANs to MISTP instances on switches that are in VTP client mode. To avoid VTP configuration errors that could cause problems with your MISTP configuration, see Chapter 10, "Configuring VTP" for detailed information on using VTP versions 1, 2, and 3.

If you are changing a switch from PVST+ mode to MISTP mode and you have other switches in the network that are using PVST+, you must first enable MISTP-PVST+ mode on each switch on which you intend to use MISTP so that PVST+ BPDUs can flow through the switches while you configure them.

When all switches in the network are configured in MISTP-PVST+, you can then enable MISTP on all of the switches.

These sections describe how to use MISTP-PVST+ or MISTP:

•Default MISTP and MISTP-PVST+ Configuration

•Setting the MISTP-PVST+ Mode or the MISTP Mode

•Configuring an MISTP Instance

•Enabling an MISTP Instance

•Mapping VLANs to an MISTP Instance

•Disabling MISTP-PVST+ or MISTP

Default MISTP and MISTP-PVST+ Configuration

Table 7-5 shows the default MISTP and MISTP-PVST+ configuration.

Table 7-5 MISTP and MISTP-PVST+ Default Configuration

Feature

Default Value

Enable state

Disabled until a VLAN is mapped to an MISTP instance

MAC address reduction

Disabled

Bridge priority

32768

Bridge ID priority

32769 (bridge priority plus the system ID extension of MISTP instance 1)

Port priority

32 (global)

Port cost

•10-Gigabit Ethernet: 2

•Gigabit Ethernet: 4

•Fast Ethernet: 19¹

•FDDI/CDDI: 10

•Ethernet: 100²

Default port cost mode

Short (802.1D)

Port VLAN priority

Same as port priority but configurable on a per-VLAN basis in PVST+

Port VLAN cost

Same as port cost but configurable on a per-VLAN basis in PVST+

Maximum aging time

20 seconds

Hello time

2 seconds

Forward delay time

15 seconds

¹If 10/100-Mbps ports autonegotiate or are hard set to 100 Mbps, the port cost is 19.

²If 10/100-Mbps ports autonegotiate or are hard set to 10 Mbps, the port cost is 100.

Setting the MISTP-PVST+ Mode or the MISTP Mode

If you enable MISTP in a PVST+ network, you must be careful to avoid bringing down the network. This section explains how to enable MISTP or MISTP-PVST+ on your network.

Caution If you have more than 6000 VLAN ports that are configured on your switch, changing from MISTP to either PVST+ or MISTP-PVST+ mode could bring down your network. Reduce the number of configured VLAN ports on your switch to no more than 6000 to avoid losing connectivity.

Caution If you are working from a Telnet connection to your switch, the first time that you enable MISTP-PVST+ or MISTP mode, you must do so from the switch console; do not use a Telnet connection through the data port or you will lose your connection to the switch. After you map a VLAN to an MISTP instance, you can Telnet to the switch.

To change from PVST+ to MISTP-PVST+ or MISTP, perform this task in privileged mode:

Task

Command

Set a spanning-tree mode.

set spantree mode {mistp | pvst+ | mistp-pvst+}

This example shows how to set a switch to MISTP-PVST+ mode:
Console> (enable) set spantree mode mistp-pvst+
PVST+ database cleaned up.
Spantree mode set to MISTP-PVST+.
Warning!! There are no VLANs mapped to any MISTP instance.
Console> (enable)
You can display VLAN-to-MISTP instance mapping information that is propagated from the root switch at runtime. This display is available only in the MISTP or MISTP-PVST+ mode. In the PVST+ mode, use the optional keyword config to display the list of mappings that is configured on the local switch.

Note MAC addresses are not displayed when you specify the config keyword.

To display spanning-tree mapping, perform this task in privileged mode:

Task

Command

Step 1

Set the spanning-tree mode to MISTP.

set spantree mode mistp

Step 2

Show the spanning tree mapping.

show spantree mapping [config]

This example shows how to display the spanning-tree VLAN instance mapping in MISTP mode:
MISTP/MISTP-PVST+
Console> (enable) set spantree mode mistp
PVST+ database cleaned up.
Spantree mode set to MISTP.
Console> (enable) show spantree mapping
Inst Root Mac          Vlans
---- ----------------- --------------------------
1    00-50-3e-78-70-00 1
2    00-50-3e-78-70-00 -
3    00-50-3e-78-70-00 -
4    00-50-3e-78-70-00 -
5    00-50-3e-78-70-00 -
6    00-50-3e-78-70-00 -
7    00-50-3e-78-70-00 -
8    00-50-3e-78-70-00 -
9    00-50-3e-78-70-00 -
10   00-50-3e-78-70-00 -
11   00-50-3e-78-70-00 -
12   00-50-3e-78-70-00 -
13   00-50-3e-78-70-00 -
14   00-50-3e-78-70-00 -
15   00-50-3e-78-70-00 -
16   00-50-3e-78-70-00 -
Configuring an MISTP Instance

These sections describe how to configure MISTP instances:

•Configuring the MISTP Bridge ID Priority

•Configuring the MISTP Port Cost

•Configuring the MISTP Port Priority

•Configuring the MISTP Port Instance Cost

•Configuring the MISTP Port Instance Priority

Configuring the MISTP Bridge ID Priority

You can set the bridge ID priority for an MISTP instance when the switch is in MISTP or MISTP-PVST+ mode.

The bridge priority value is combined with the system ID extension (the ID of the MISTP instance) to create the bridge ID priority. You can set 16 possible bridge priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

To configure the bridge ID priority for an MISTP instance, perform this task in privileged mode:

Task

Command

Step 1

Configure the bridge ID priority for an MISTP instance.

set spantree priority bridge_ID_priority [mistp-instance instance]

Step 2

Verify the bridge ID priority.

show spantree mistp-instance instance [mod/port] active

This example shows how to configure the bridge ID priority for an MISTP instance:
Console> (enable) set spantree priority 32768 mistp-instance 1
Spantree 1 bridge ID priority set to 32769 
(bridge priority: 32768 + sys ID extension: 1) 
Console> (enable) show spantree mistp-instance 1 
Instance 1 
Spanning tree mode          MISTP 
Spanning tree type          ieee 
Spanning tree instance enabled 
Designated Root             00-05-31-40-64-00 
Designated Root Priority    32769  (root priority:32768, sys ID ext:1) 
Designated Root Cost        20000 
Designated Root Port        1/1 
VLANs mapped:              1,74 
Root Max Age   20 sec   Hello Time 2  sec   Forward Delay 15 sec 
Bridge ID MAC ADDR          00-d0-02-27-9c-00 
Bridge ID Priority          32769  (bridge priority:32768, sys ID ext:1) 
VLANs mapped:              1,74 
Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec 
Port                     Inst Port-State    Cost      Prio Portfast Channel_id 
------------------------ ---- ------------- --------- ---- -------- ---------- 
 1/1                     1    forwarding        20000   32 disabled 0 
 3/1                     1    forwarding       200000   32 disabled 0 
 3/25                    1    forwarding       200000   32 disabled 0 
 3/26                    1    forwarding       200000   32 disabled 0 
 3/27                    1    forwarding       200000   32 disabled 0 
 3/28                    1    forwarding       200000   32 disabled 0 
 3/29                    1    forwarding       200000   32 disabled 0 
 3/30                    1    forwarding       200000   32 disabled 0 
7/1-4                    1    blocking           5000   32 disabled 833 
 7/5                     1    forwarding        20000   32 disabled 0 
 7/6                     1    forwarding        20000   32 disabled 0 
 8/37                    1    blocking         200000   32 disabled 0 
 8/38                    1    blocking         200000   32 disabled 0 
15/1                     1    forwarding        20000   32 enabled  0 
16/1                     1    forwarding        20000   32 enabled  0 
Console> (enable) 
Configuring the MISTP Port Cost

You can configure the port cost of switch ports. The ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. The possible range of cost is from 1-65535 when using the short method for calculating port cost and from 1-200000000 when using the long method. The default cost differs for different media. For information about calculating path cost, see the "Calculating and Assigning Port Costs" section.

To configure the port cost for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the MISTP port cost for a switch port.

set spantree portcost mod/port cost

Step 2

Verify the port cost setting.

show spantree mistp-instance instance [mod/port] active

This example shows how to configure the port cost on an MISTP instance and verify the configuration:
Console> (enable) set spantree portcost 1/1 20000
Spantree port 1/1 path cost set to 20000.
Console> (enable) show spantree mistp-instance 1 active
Instance 1 
Spanning tree mode          MISTP 
Spanning tree type          ieee 
Spanning tree instance enabled 
Designated Root             00-05-31-40-64-00 
Designated Root Priority    32769  (root priority:32768, sys ID ext:1) 
Designated Root Cost        20000 
Designated Root Port        1/1 
VLANs mapped:              1,74 
Root Max Age   20 sec   Hello Time 2  sec   Forward Delay 15 sec 
Bridge ID MAC ADDR          00-d0-02-27-9c-00 
Bridge ID Priority          32769  (bridge priority:32768, sys ID ext:1) 
VLANs mapped:              1,74 
Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec 
Port                     Inst Port-State    Cost      Prio Portfast Channel_id 
------------------------ ---- ------------- --------- ---- -------- ---------- 
 1/1                     1    forwarding        20000   32 disabled 0 
 3/1                     1    forwarding       200000   32 disabled 0 
 3/25                    1    forwarding       200000   32 disabled 0 
 3/26                    1    forwarding       200000   32 disabled 0 
 3/27                    1    forwarding       200000   32 disabled 0 
 3/28                    1    forwarding       200000   32 disabled 0 
 3/29                    1    forwarding       200000   32 disabled 0 
 3/30                    1    forwarding       200000   32 disabled 0 
7/1-4                    1    blocking           5000   32 disabled 833 
 7/5                     1    forwarding        20000   32 disabled 0 
 7/6                     1    forwarding        20000   32 disabled 0 
 8/37                    1    blocking         200000   32 disabled 0 
 8/38                    1    blocking         200000   32 disabled 0 
15/1                     1    forwarding        20000   32 enabled  0 
16/1                     1    forwarding        20000   32 enabled  0 
Console> (enable) 
Configuring the MISTP Port Priority

You can configure the port priority of ports. The port with the lowest priority value forwards frames for all VLANs. The possible port priority value is a multiple of 16 from 0-240. The default is 32. If all ports have the same priority value, the port with the lowest port number forwards frames.

To configure the port priority for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the MISTP port priority for a port.

set spantree portpri mod/port

Step 2

Verify the port priority setting.

show spantree mistp-instance instance [mod/port] active

This example shows how to configure the port priority and verify the configuration:
Console> (enable) set spantree portpri 1/1 32
Bridge port 1/1 port priority set to 32.
Console> (enable) show spantree mistp-instance 1 
Instance 1 
Spanning tree mode          MISTP 
Spanning tree type          ieee 
Spanning tree instance enabled 
Designated Root             00-05-31-40-64-00 
Designated Root Priority    32769  (root priority:32768, sys ID ext:1) 
Designated Root Cost        20000 
Designated Root Port        1/1 
VLANs mapped:              1,74 
Root Max Age   20 sec   Hello Time 2  sec   Forward Delay 15 sec 
Bridge ID MAC ADDR          00-d0-02-27-9c-00 
Bridge ID Priority          32769  (bridge priority:32768, sys ID ext:1) 
VLANs mapped:              1,74 
Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec 
Port                     Inst Port-State    Cost      Prio Portfast Channel_id 
------------------------ ---- ------------- --------- ---- -------- ---------- 
 1/1                     1    forwarding        20000   32 disabled 0 
 3/1                     1    forwarding       200000   32 disabled 0 
 3/25                    1    forwarding       200000   32 disabled 0 
 3/26                    1    forwarding       200000   32 disabled 0 
 3/27                    1    forwarding       200000   32 disabled 0 
 3/28                    1    forwarding       200000   32 disabled 0 
 3/29                    1    forwarding       200000   32 disabled 0 
 3/30                    1    forwarding       200000   32 disabled 0 
7/1-4                    1    blocking           5000   32 disabled 833 
 7/5                     1    forwarding        20000   32 disabled 0 
 7/6                     1    forwarding        20000   32 disabled 0 
 8/37                    1    blocking         200000   32 disabled 0 
 8/38                    1    blocking         200000   32 disabled 0 
15/1                     1    forwarding        20000   32 enabled  0 
16/1                     1    forwarding        20000   32 enabled  0 
Console> (enable) 
Configuring the MISTP Port Instance Cost

You can configure the port instance cost for an instance of MISTP or MISTP-PVST+. Ports with a lower instance cost are more likely to be chosen to forward frames. You should assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. The default cost differs for different media. The possible value for port instance cost is 1-268435456.

To configure the port instance cost for a port, perform this task in privileged mode:

Task

Command

Configure the MISTP port instance cost on a port.

set spantree portinstancecost {mod/port} [cost cost] [instances]

This example shows how to configure the MISTP port instance cost on a port:
Console> (enable) set spantree portinstancecost 1/1 cost 110110 2
Port 1/1 instances 1,3-16 have path cost 20000.
Port 1/1 instances 2 have path cost 110110.
This parameter applies to trunking ports only.
Console> (enable) 
Configuring the MISTP Port Instance Priority

You can set the port priority for an instance of MISTP. The port with the lowest priority value for a specific MISTP instance forwards frames for that instance. The possible port instance range is 0-63. The possible port priority value is a multiple of 16 from 0-240. If all ports have the same priority value for an MISTP instance, the port with the lowest port number forwards frames for that instance.

To configure the port instance priority on an MISTP instance, perform this task in privileged mode:

Task

Command

Configure the port instance priority on an MISTP instance.

set spantree portinstancepri {mod/port} priority [instances]

This example shows how to configure the port instance priority on an MISTP instance and verify the configuration:
Console> (enable) set spantree portinstancepri 1/1 16 2
Port 1/1 MISTP Instances 2 using portpri 16.
Port 1/1 mistp-instance 1,3-16 using portpri 32.
Console> (enable) 
Enabling an MISTP Instance

You can enable up to 16 MISTP instances. Each MISTP instance defines a unique spanning-tree topology. MISTP instance 1, the default instance, is enabled by default; however, you must map a VLAN to it in order for it to be active. You can enable a single MISTP instance, a range of instances, or all instances at once using the all keyword.

Note The software does not display the status of an MISTP instance until it has a VLAN with an active port that is mapped to it.

To enable an MISTP instance, perform this task in privileged mode:

Task

Command

Step 1

Enable an MISTP instance.

set spantree enable mistp-instance instance [all]

Step 2

Verify that the instance is enabled.

show spantree mistp-instance [instance] [active] mod/port

Note Enter the active keyword to display active ports only.

This example shows how to enable an MISTP instance:
Console> (enable) set spantree enable mistp-instance 2
Spantree 2 enabled.
Console> (enable) show spantree mistp-instance 2
Instance 2
Spanning tree mode          MISTP
Spanning tree type          ieee
Spanning tree instance enabled
Mapping VLANs to an MISTP Instance

When you are using MISTP-PVST+ or MISTP on a switch, you must map at least one VLAN to an MISTP instance in order for MISTP-PVST+ or MISTP to be active. These sections describe how to configure MISTP instances:

•Determining MISTP Instances—VLAN Mapping Conflicts

•Unmapping VLANs from an MISTP Instance

Note See Chapter 11, "Configuring VLANs" for details on using and configuring VLANs.

Follow these guidelines when mapping VLANs to an MISTP instance:

•You can map only Ethernet VLANs to MISTP instances.

•At least one VLAN in the instance must have an active port in order for MISTP-PVST+ or MISTP to be active.

•You can map as many Ethernet VLANs as you wish to an MISTP instance.

•You cannot map a VLAN to more than one MISTP instance.

Note To use VLANs 1025-4094, you must enable MAC address reduction. See the "Creating Extended-Range VLANs" section on page 11-7 in Chapter 11, "Configuring VLANs" for details on using extended-range VLANs.

To map a VLAN to an MISTP instance, perform this task in privileged mode:

Task

Command

Step 1

Map a VLAN to an MISTP instance.

set vlan vlan mistp-instance instance

Step 2

Verify the VLAN is mapped.

show spantree mistp-instance [instance] [active] mod/port

This example shows how to map a VLAN to MISTP instance 1 and verify the mapping:
Console> (enable) set vlan 6 mistp-instance 1
Vlan 6 configuration successful
Console> (enable) show spantree mist-instance 1
Instance 1
Spanning tree mode          MISTP-PVST+
Spanning tree type          ieee
Spanning tree instance enabled
Designated Root             00-d0-00-4c-18-00
Designated Root Priority    49153 (root priority: 49152, sys ID ext: 1)
Designated Root Cost        0
Designated Root Port        none
VLANs mapped:               6
Root Max Age   20 sec   Hello Time 2 sec   Forward Delay 15 sec
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          49153 (bridge priority: 49152, sys ID ext: 1)
VLANs mapped:               6
Bridge Max Age 20 sec   Hello Time 2 sec   Forward Delay 15 sec
Port                     Inst Port-State    Cost      Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
 2/12                    1    forwarding     22222222   40 disabled 0 
Determining MISTP Instances—VLAN Mapping Conflicts

A VLAN can only be mapped to one MISTP instance. If you attempt to map a VLAN to more than one instance, all of its ports are set to blocking mode. You can use the show spantree conflicts command to determine to which MISTP instances you have attempted to map the VLAN.

This command prints a list of the MISTP instances that are associated with the VLAN, the MAC addresses of the root switches that are sending the BPDUs containing the VLAN mapping information, and the timers that are associated with the mapping of a VLAN to an MISTP instance. When only one entry is printed or when all the entries are associated to the same instance, the VLAN is mapped to that instance. If two or more entries in the list are associated with different MISTP instances, the VLAN is in conflict.

To clear up the conflict, you must manually remove the incorrect mapping(s) from the root switch. The remaining entry on the list becomes the official mapping.

To determine VLAN mapping conflicts, perform this task in privileged mode:

Task

Command

Determine VLAN mapping conflicts.

show spantree conflicts vlan

This example shows that there is an attempt to map VLAN 2 to MISTP instance 1 and to MISTP instance 3 on two different switches as seen from a third switch in the topology:
Console> (enable) show spantree conflicts 2
Inst MAC               Delay     Time left
---- ----------------- --------- ---------
1   00-30-a3-4a-0c-00 inactive        20
3   00-30-f1-e5-00-01 inactive        10
The Delay timer shows the time in seconds remaining before the VLAN joins the instance. The field displays inactive if the VLAN is already mapped to an instance (the timer has expired), or if the VLAN is in conflict between instances.

The Time Left timer shows the time in seconds left before the entry expires and is removed from the table. The timer is restarted every time an incoming BPDU confirms the mapping. Entries pertaining to the root switch show inactive on the root switch itself.

The following examples are with VTP version 3 enabled. The root switch is also the primary server for the nonroot switch. The root switch is not the primary server for the switch in conflict, because that switch has been partitioned.

This example is from the root switch:
Console> (enable) show spantree conflicts 1 
No conflicts for vlan 1. 
Inst MAC               Delay     Time left 
---- ----------------- --------- --------- 
  1  00-05-31-40-64-00  inactive  inactive 
Console> (enable) 
This example is from the nonroot switch:
Console> (enable) show spantree conflicts 3 
No conflicts for vlan 3. 
Inst MAC               Delay     Time left 
---- ----------------- --------- --------- 
  3  00-05-31-40-64-00  inactive        19 
Console> (enable) 
This example is from the switch in conflict (note that the switch is inactive):
Console> (enable) show spantree conflicts 6
Inst MAC               Delay     Time left 
---- ----------------- --------- --------- 
  6  00-05-31-40-64-00  inactive        18 
  5  00-09-7b-62-b0-80  inactive  inactive 
Console> (enable) 
Unmapping VLANs from an MISTP Instance

The none keyword is used to unmap the specified VLANs from the MISTP instances to which they are currently mapped. When you unmap a VLAN from an MISTP instance, the resulting state of all the ports of the VLAN (if the VLAN exists) is blocking.

To unmap a VLAN or all VLANs from an MISTP instance, perform this task in privileged mode:

Task

Command

Unmap a VLAN from an MISTP instance.

set vlan vlan mistp-instance none

This example shows how to unmap a VLAN from an MISTP instance:
Console> (enable) set vlan 6 mistp-instance none
Vlan 6 configuration successful
Disabling MISTP-PVST+ or MISTP

When the switch is in MISTP mode, you disable spanning tree on an instance, not for the whole switch.

When you disable spanning tree on an MISTP instance, the instance still exists on the switch, all of the VLANs mapped to it have all of their ports forwarding, and the instance BPDUs are flooded.

To disable an MISTP instance, perform this task in privileged mode:

Task

Command

Disable an MISTP instance.

set spantree disable mistp-instance instance [all]

This example shows how to disable an MISTP instance:
Console> (enable) set spantree disable mistp-instance 2 
MI-STP instance 2 disabled.
Configuring a Root Switch

These sections describe how to configure a root switch:

•Configuring a Primary Root Switch

•Configuring a Secondary Root Switch

•Configuring a Root Switch to Improve Convergence

•Using Root Guard—Preventing Switches from Becoming Root

•Displaying Spanning-Tree BPDU Statistics

Configuring a Primary Root Switch

You can set a root switch on a VLAN when the switch is in PVST+ mode or on an MISTP instance when the switch is in MISTP mode. You enter the set spantree root command to reduce the bridge priority (the value that is associated with the switch) from the default (32768) to a lower value, which allows the switch to become the root switch.

When you specify a switch as the primary root, the default bridge priority is modified so that it becomes the root for the specified VLANs. The switch checks the bridge priority of the current root switches for each VLAN. The bridge priority for the specified VLANs is set to 8192 if this value will cause the switch to become the root for the specified VLANs. If any root switch for the specified VLANs has a bridge priority lower than 8192, the switch sets the bridge priority for the specified VLANs to 1 less than the lowest bridge priority. Because different VLANs could potentially have different root switches, the bridge VLAN-priority chosen makes this switch the root for all the VLANs that are specified. If reducing the bridge priority as low as 1 still does not make the switch the root switch, the system displays a message.

Caution Enter the set spantree root command on backbone switches or distribution switches only; do not enter this command on access switches.

To configure a switch as the primary root switch, perform this task in privileged mode:

Task

Command

Configure a switch as the primary root switch.

set spantree root [vlans] [dia network_diameter] [hello hello_time]

This example shows how to configure the primary root switch for VLANs 1-10:
Console> (enable) set spantree root 1-10 dia 4
VLANs 1-10 bridge priority set to 8192
VLANs 1-10 bridge max aging time set to 14 seconds.
VLANs 1-10 bridge hello time set to 2 seconds.
VLANs 1-10 bridge forward delay set to 9 seconds.
Switch is now the root switch for active VLANs 1-6.
Console> (enable)
To configure a switch as the primary root switch for an instance, perform this task in privileged mode:

Task

Command

Configure a switch as the primary root switch for an instance.

set spantree root mistp-instance instance [dia network_diameter] [hello hello_time]

This example shows how to configure the primary root switch for an instance:
Console> (enable) set spantree root mistp-instance 2-4 dia 4
Instances 2-4 bridge priority set to 8192
VLInstances 2-4 bridge max aging time set to 14 seconds.
Instances 2-4 bridge hello time set to 2 seconds.
Instances 2-4 bridge forward delay set to 9 seconds.
Switch is now the root switch for active Instances 1-6.
Console> (enable) 
Configuring a Secondary Root Switch

You can set a secondary root switch on a VLAN when the switch is in PVST+ mode or on an MISTP instance when the switch is in MISTP mode.

The set spantree root secondary command reduces the bridge priority to 16,384, making it the probable candidate to become the root switch if the primary root switch fails. You can run this command on more than one switch to create multiple backup switches in case the primary root switch fails.

To configure a switch as the secondary root switch, perform this task in privileged mode:

Task

Command

Configure a switch as the secondary root switch.

set spantree root [secondary] vlans [dia network_diameter] [hello hello_time]

This example shows how to configure the secondary root switch for VLANs 22 and 24:
Console> (enable) set spantree root secondary 22,24 dia 5 hello 1
VLANs 22,24 bridge priority set to 16384.
VLANs 22,24 bridge max aging time set to 10 seconds.
VLANs 22,24 bridge hello time set to 1 second.
VLANs 22,24 bridge forward delay set to 7 seconds.
Console> (enable)
To configure a switch as the secondary root switch for an instance, perform this task in privileged mode:

Task

Command

Configure a switch as the secondary root switch for an instance.

set spantree root [secondary] mistp-instance instance [dia network_diameter]
[hello hello_time]

This example shows how to configure the secondary root switch for an instance:
Console> (enable) set spantree root secondary mistp-instance 2-4 dia 4
Instances 2-4 bridge priority set to 8192
VLInstances 2-4 bridge max aging time set to 14 seconds.
Instances 2-4 bridge hello time set to 2 seconds.
Instances 2-4 bridge forward delay set to 9 seconds.
Switch is now the root switch for active Instances 1-6.
Console> (enable)
Configuring a Root Switch to Improve Convergence

By lowering the values for the Hello Time, Forward Delay Timer, and Maximum Age Timer parameters on the root switch, you can reduce the convergence time. For information on configuring these timers, see the "Configuring Spanning-Tree Timers on the Switch" section.

Note Reducing the timer parameter values is possible only if your network has LAN links of 10 Mbps or faster. In a network with links of 10 Mbps or faster, the network diameter can reach the maximum value of 7. With WAN connections, you cannot reduce the parameters.

When a link failure occurs in a bridged network, the network reconfiguration is not immediate. Reconfiguring the default parameters (specified by IEEE 802.1D) for the Hello Time, Forward Delay Timer, and Maximum Age Timer requires a 50-second delay. This reconfiguration time depends on the network diameter, which is the maximum number of bridges between any two end stations.

To speed up convergence, use the nondefault parameter values that are permitted by 802.1D. See Table 7-6 for the nondefault parameters for a reconvergence of 14 seconds.

Table 7-6 Nondefault Parameters

Parameter

Time

Network Diameter (dia)

2

Hello Time

2 seconds

Forward Delay Timer

4 seconds

Maximum Age Timer

6 seconds

Note You can set the switch ports in PortFast mode for improved convergence. PortFast mode affects only the transition from disable (link down) to enable (link up) by moving the port immediately to the forwarding state. If a port in the PortFast mode begins blocking, it then goes through listening and learning before reaching the forwarding state. For information about PortFast, see the "Understanding How PortFast Works" section on page 9-2 in Chapter 9, "Configuring Spanning-Tree PortFast, UplinkFast, BackboneFast, and Loop Guard."

To configure the spanning tree parameters to improve convergence, perform this task in privileged mode:

Task

Command

Step 1

Configure the hello time for a VLAN or an MISTP instance.

set spantree hello interval [vlan] mistp-instance [instances]

Step 2

Verify the configuration.

show spantree [vlan | mistp-instance instances]

Step 3

Configure the forward delay time for a VLAN or an MISTP instance.

set spantree fwddelay delay [vlan] mistp-instance [instances]

Step 4

Verify the configuration.

show spantree [mod/port] mistp-instance [instances] [active]

Step 5

Configure the maximum aging time for a VLAN or an MISTP instance.

set spantree maxage agingtime [vlans] mistp-instance instances

Step 6

Verify the configuration.

show spantree [mod/port] mistp-instance [instances] [active]

This example shows how to configure the spanning-tree hello time, Forward Delay Timer, and Maximum Age Timer to 2, 4, and 4 seconds:
Console> (enable) set spantree hello 2 100
Spantree 100 hello time set to 7 seconds.
Console> (enable)
Console> (enable) set spantree fwddelay 4 100
Spantree 100 forward delay set to 21 seconds.
Console> (enable)
Console> (enable) set spantree maxage 6 100
Spantree 100 max aging time set to 36 seconds.
Console> (enable)
Console> (enable) set spantree root 1-10 dia 4
VLANs 1-10 bridge priority set to 8192
VLANs 1-10 bridge max aging time set to 14 seconds.
VLANs 1-10 bridge hello time set to 2 seconds.
VLANs 1-10 bridge forward delay set to 9 seconds.
Switch is now the root switch for active VLANs 1-6.
Console> (enable) 
Using Root Guard—Preventing Switches from Becoming Root

You may want to prevent switches from becoming the root switch. Root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch.

When you enable root guard on a per-port basis, it is automatically applied to all of the active VLANs to which that port belongs. When you disable root guard, it is disabled for the specified port(s). If a port goes into the root-inconsistent state, it automatically goes into the listening state.

To prevent switches from becoming root, perform this task in privileged mode:

Task

Command

Step 1

Enable root guard on a port.

set spantree guard {root | none} mod/port

Step 2

Verify that root guard is enabled.

show spantree guard {mod/port | vlan} {mistp-instance instance | mod/port}

This example shows how to enable root guard:
Console> (enable) set spantree guard root 5/1
Rootguard on port 5/1 is enabled.
Warning!! Enabling rootguard may result in a topolopy change.
Console> (enable)
Displaying Spanning-Tree BPDU Statistics

Enter the show spantree statistics bpdu command to display the total number of spanning-tree BPDUs (transmitted, received, processed, and dropped). The command also provides the rate of the BPDUs in seconds. The BPDU counters are cleared when you enter the clear spantree statistics bpdu command or when the system is booted.

To display the spanning-tree BPDU statistics, perform this task in normal mode (clear the statistics from privileged mode):

Task

Command

Step 1

Display spanning-tree BPDU statistics.

show spantree statistics bpdu

Step 2

Clear the BPDU statistics.

clear spantree statistics bpdu

This example shows how to display spanning-tree BPDU statistics:
Console> show spantree statistics bpdu
              Transmitted       Received      Processed        Dropped
           -------------- -------------- -------------- --------------
Total            52943073       52016589       52016422            167
Rate(/sec)            989            971            971              0
This example shows how to clear spanning-tree BPDU statistics:
Console> (enable) clear spantree statistics bpdu
Spanning tree BPDU statistics cleared on the switch.
Console> (enable)
Configuring Spanning-Tree Timers on the Switch

The spanning-tree timers affect the spanning-tree performance. You can configure the spanning-tree timers for a VLAN in PVST+ or an MISTP instance in MISTP mode. If you do not specify a VLAN when the switch is in PVST+ mode, VLAN 1 is assumed, or if you do not specify an MISTP instance when the switch is in MISTP mode, MISTP instance 1 is assumed.

These sections describe how to configure the spanning-tree timers:

•Configuring the Hello Time

•Configuring the Forward Delay Time

•Configuring the Maximum Aging Time

Caution Be careful when using these commands. For most situations, we recommend that you use the set spantree root and set spantree root secondary commands to modify the spanning tree performance parameters.

Table 7-7 describes the switch variables that affect spanning tree performance.

Table 7-7 Spanning-Tree Timers

Variable

Description

Default

Hello Time

Determines how often the switch broadcasts its hello message to other switches.

2 seconds

Maximum Age Timer

Measures the age of the received protocol information that is recorded for a port and ensures that this information is discarded when its age limit exceeds the value of the maximum age parameter that is recorded by the switch. The timeout value is the maximum age parameter of the switches.

20 seconds

Forward Delay Timer

Monitors the time that is spent by a port in the learning and listening states. The timeout value is the forward delay parameter of the switches.

15 seconds

Configuring the Hello Time

Enter the set spantree hello command to change the hello time for a VLAN, an MISTP instance, or on a per-port basis. The possible range of interval is 1-10 seconds.

To configure the spanning-tree bridge hello time for a VLAN or an MISTP instance, perform this task in privileged mode:

Task

Command

Step 1

Configure the hello time for a VLAN or an MISTP instance.

set spantree hello interval {[vlan] | mistp-instance [instances] | mst [mod/port]}

Step 2

Verify the configuration.

show spantree [vlan | mistp-instance instances]

This example shows how to configure the spanning-tree hello time for VLAN 100 to 7 seconds:
Console> (enable) set spantree hello 7 100
Spantree 100 hello time set to 7 seconds.
Console> (enable)
This example shows how to configure the spanning-tree hello time for an instance to 3 seconds:
Console> (enable) set spantree hello 3 mistp-instance 1
Spantree 1 hello time set to 3 seconds.
Console> (enable)
This example shows how to configure the spanning-tree hello time for port 4/5 to 4 seconds:
Console> (enable) set spantree hello 4 mst 4/1
MST hello time set to 4 on port 4/1.
Console> (enable)
Configuring the Forward Delay Time

Enter the set spantree fwddelay command to configure the spanning-tree forward delay time for a VLAN. The possible range of delay is 4-30 seconds.

To configure the spanning-tree forward delay time for a VLAN, perform this task in privileged mode:

Task

Command

Step 1

Configure the forward delay time for a VLAN or an MISTP instance.

set spantree fwddelay delay [vlan] mistp-instance [instances]

Step 2

Verify the configuration.

show spantree [mod/port] mistp-instance [instances] [active]

This example shows how to configure the spanning-tree forward delay time for VLAN 100 to 21 seconds:
Console> (enable) set spantree fwddelay 21 100
Spantree 100 forward delay set to 21 seconds.
Console> (enable)
This example shows how to set the bridge forward delay for an instance to 16 seconds:
Console> (enable) set spantree fwddelay 16 mistp-instance 1
Instance 1 forward delay set to 16 seconds.
Console> (enable)
Configuring the Maximum Aging Time

Enter the set spantree maxage command to change the spanning-tree maximum aging time for a VLAN or an instance. The possible range of agingtime is 6-40 seconds.

To configure the spanning-tree maximum aging time for a VLAN or an instance, perform this task in privileged mode:

Task

Command

Step 1

Configure the maximum aging time for a VLAN or an MISTP instance.

set spantree maxage agingtime [vlans] mistp-instance instances

Step 2

Verify the configuration.

show spantree [mod/port] mistp-instance [instances] [active]

This example shows how to configure the spanning-tree maximum aging time for VLAN 100 to 36 seconds:
Console> (enable) set spantree maxage 36 100
Spantree 100 max aging time set to 36 seconds.
Console> (enable)
This example shows how to set the maximum aging time for an instance to 25 seconds:
Console> (enable) set spantree maxage 25 mistp-instance 1
Instance 1 max aging time set to 25 seconds.
Console> (enable)
Configuring Multiple Spanning Tree on the Switch

These sections describe how to configure MST:

•Enabling Multiple Spanning Tree

•Mapping and Unmapping VLANs to an MST Instance

Enabling Multiple Spanning Tree

To enable and configure MST on the switch, perform this task in privileged mode:

Task

Command

Step 1

Begin in PVST+ mode.

set spantree mode pvst+ [mistp | pvst+ | mistp-pvst+ | mst]

Step 2

Display the STP ports.

show spantree active

Step 3

Configure the MST region.

set spantree mst config {[name name] | [revision number] [commit | rollback | force]}

Step 4

Verify your configuration.

show spantree mst config

Step 5

Map VLANs to the MST instance.

set spantree mst instance vlan vlan

Step 6

Commit the new region mapping.

set spantree mst config commit

Step 7

Enable MST.

set spantree mode mst [mistp | pvst+ | mistp-pvst+ | mst]

Step 8

Verify your MST configuration.

show spantree mst config

Step 9

Verify your MST instance configuration.

show spantree mst instance

Step 10

Verify your MST module and port configuration.

show spantree mst mod/port

These examples show how to enable MST:
Console> (enable) 
Console> (enable) set spantree mode pvst+
Spantree mode set to PVST+.
Console> (enable) show spantree active
VLAN 1
Spanning tree mode          PVST+
Spanning tree type          ieee
Spanning tree enabled
Designated Root             00-60-70-4c-70-00
Designated Root Priority    16384
Designated Root Cost        19
Designated Root Port        3/48
Root Max Age   14 sec   Hello Time 2  sec   Forward Delay 10 sec
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          32768
Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec
Port                     Vlan Port-State    Cost      Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
 3/48                    1    forwarding           19   32 disabled 0
 7/2                     1    forwarding            4   32 enabled  0
Console> (enable) set spantree mst config name cisco revision 1
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:              1 instance
Configuration Name:                                    Revision: 0
Instance VLANs
-------- --------------------------------------------------------------
   0     1-4094
=======================================================================
NEW MST Region Configuration (Not committed yet)       1 instance
Configuration Name: cisco                              Revision: 1
Instance VLANs
-------- --------------------------------------------------------------
   0     1-4094
=======================================================================
Edit buffer is locked by: Console (pid 143)
Console> (enable) set spantree mst 1 vlan 2-10
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) set spantree mst 2 21-30
Usage:set spantree mst <instance> vlan <vlan>
Console> (enable) set spantree mst 2 vlan 21-30
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) set spantree mst 3 vlan 31-40
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) set spantree mst 4 vlan 41-50
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:              1 instance
Configuration Name:                                    Revision: 0
Instance VLANs
-------- --------------------------------------------------------------
   0     1-4094
=======================================================================
NEW MST Region Configuration (Not committed yet)       5 instances
Configuration Name: cisco                              Revision: 1
Instance VLANs
-------- --------------------------------------------------------------
   0     1,11-20,51-4094
   1     2-10
   2     21-30
   3     31-40
   4     41-50
=======================================================================
Edit buffer is locked by: Console (pid 143)
Console> (enable) set spantree mst config commit
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:              5 instances
Configuration Name: cisco                              Revision: 1
Instance VLANs
-------- --------------------------------------------------------------
   0     1,11-20,51-4094
   1     2-10
   2     21-30
   3     31-40
   4     41-50
=======================================================================
Console> (enable) set spantree mode mst
PVST+ database cleaned up.
Spantree mode set to MST.
Console> (enable) show spantree mst 0
Spanning tree mode          MST
Instance                    0
VLANs Mapped:               1,11-20,51-4094
Designated Root             00-60-70-4c-70-00
Designated Root Priority    16384  (root priority: 16384, sys ID ext: 0)
Designated Root Cost        200000
Designated Root Port        3/48
Root Max Age   14 sec   Forward Delay 10 sec
CIST Regional Root          00-d0-00-4c-18-00
CIST Regional Root Priority 32768
CIST Internal Root Cost     0          Remaining Hops 20
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          32768  (bridge priority: 32768, sys ID ext: 0)
Bridge Max Age 20 sec   Hello Time 2  sec   Forward Delay 15 sec  Max Hops 20
Port                     State         Role Cost      Prio Type
------------------------ ------------- ---- --------- ---- --------------------
 3/48                    forwarding    ROOT    200000   32 Shared, Boundary(STP)
 7/2                     forwarding    DESG     20000   32 P2P, Edge
Console> (enable) show spantree mst 1
Spanning tree mode          MST
Instance                    1
VLANs Mapped:               2-10
Designated Root             00-00-00-00-00-00
Designated Root Priority    0  (root priority: 0, sys ID ext: 0)
Designated Root Cost        0          Remaining Hops 0
Designated Root Port        1/0
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          32769  (bridge priority: 32768, sys ID ext: 1)
Port                     State         Role Cost      Prio Type
------------------------ ------------- ---- --------- ---- --------------------
Console> (enable) show spantree mst 7/2
Edge Port:         Yes, (Configured) Enable
Link Type:         P2P, (Configured) Auto
Port Guard:    Default
Boundary:           No
Hello:               2, (Local bridge hello: 2)
Inst State         Role Cost      Prio VLANs
---- ------------- ---- --------- ---- -----------------------------------
   0 forwarding    DESG     20000   32 1
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:              5 instances
Configuration Name: cisco                              Revision: 1
Instance VLANs
-------- --------------------------------------------------------------
   0     1,11-20,51-4094
   1     2-10
   2     21-30
   3     31-40
   4     41-50
=======================================================================
Console> (enable)
Configuring the MST Bridge ID Priority

You can set the bridge ID priority for an MST instance when the switch is in MST mode.

The bridge priority value is combined with the system ID extension (the ID of the MST instance) to create the bridge ID priority. You can set 16 possible bridge priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

To configure the bridge ID priority for an MST instance, perform this task in privileged mode:

Task

Command

Step 1

Configure the bridge ID priority for an MST instance.

set spantree priority bridge_priority mst [instance]

Step 2

Verify the bridge ID priority.

show spantree mst [instance | mod/port]

The example shows how to configure the bridge ID priority for an MST instance:
Console> (enable) set spantree priority 8192 mst 3
set spantree priority 8192 mst 3
MST instance 3 bridge ID priority set to 8195
(bridge priority: 8192 + sys ID extension: 3)
Console> (enable) show spantree mst 3
Spanning tree mode          MST
Instance                    3
VLANs Mapped:               31-40
Designated Root             00-00-00-00-00-00
Designated Root Priority    0  (root priority: 0, sys ID ext: 0)
Designated Root Cost        0          Remaining Hops 0
Designated Root Port        1/0
Bridge ID MAC ADDR          00-d0-00-4c-18-00
Bridge ID Priority          8195  (bridge priority: 8192, sys ID ext: 3)
Port                     State         Role Cost      Prio Type
------------------------ ------------- ---- --------- ---- --------------------
6/1                       forwarding   MSTR     2000   32   P2P, Boundary (PVST)
6/2                       blocking     MSTR     2000   32   P2P, Boundary (PVST)
Configuring the MST Port Cost

You can configure the port cost of the switch ports. The ports with the lower port costs are more likely to be chosen to forward frames. Assign the lower numbers to the ports that are attached to faster media (such as full duplex) and higher numbers to the ports that are attached to slower media. The possible range of cost is from 1-65535 when using the short method for calculating port cost and from 1-200000000 when using the long method. The default cost differs for different media. For information about calculating the path cost, see the "Calculating and Assigning Port Costs" section.

To configure the port cost for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the MST port cost for a switch port.

set spantree portcost mod/port cost [mst]

Step 2

Verify the port cost setting.

show spantree mst [instance | mod/port]

This example shows how to configure the port cost on an MST instance and verify the configuration:
Console> (enable) set spantree portcost 6/1 10000 mst
Spantree port 6/1 path cost set to 10000.
Console> (enable)
Console> (enable) show spantree mst 6/1
Edge Port:       No,  (Configured) Default
Link Type:      P2P,  (Configured) Auto
Port Guard:   Default
Boundary:     Yes (PVST)
Inst State         Role Cost      Prio VLANs
---- ------------- ---- --------- ---------------------------------------
   0 forwarding    ROOT     10000   32 1
   1 forwarding    MSTR     10000   32 2-20
   2 forwarding    MSTR     10000   32 21-30
   3 forwarding    MSTR     10000   32 31-40
   4 forwarding    MSTR     10000   32 41-50
Console> (enable)
Configuring the MST Port Priority

You can configure the port priority of ports. The port with the lowest priority value forwards the frames for all VLANs. The possible port priority value is a multiple of 16 from 0-240. The default is 32. If all the ports have the same priority value, the port with the lowest port number forwards the frames.

To configure the port priority for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the MST port priority for a port.

set spantree portpri mod/port priority [mst]

Step 2

Verify the port priority setting.

show spantree mst [instance | mod/port]

This example shows how to configure the port priority and verify the configuration:
Console> (enable) set spantree portpri 6/1 30 mst
Bridge port  6/1 port priority set to 30.
Console> (enable)
Console> (enable) show spantree mst 6/1
Edge Port:       No,  (Configured) Default
Link Type:      P2P,  (Configured) Auto
Port Guard:   Default
Boundary:     Yes (PVST)
Inst State         Role Cost      Prio VLANs
---- ------------- ---- --------- ---------------------------------------
   0 forwarding    ROOT     10000   30 1
   1 forwarding    MSTR     10000   30 2-20
   2 forwarding    MSTR     10000   30 21-30
   3 forwarding    MSTR     10000   30 31-40
   4 forwarding    MSTR     10000   30 41-50
Console> (enable)
Configuring the MST Port Instance Cost

You can configure the port instance cost for an instance of MST. The ports with a lower instance cost are more likely to be chosen to forward frames. You should assign lower numbers to the ports that are attached to faster media (such as full duplex) and higher numbers to the ports that are attached to slower media. The default cost differs for different media. The possible value for the port instance cost is 1-268435456.

You can assign a different port instance cost for the instances within a trunk port.

To configure the port instance cost for a port, perform this task in privileged mode:

Task

Command

Step 1

Configure the MST port instance cost on a port.

set spantree portinstancecost mod/port [cost cost] mst [instances]

Step 2

Verify the path cost for the MST instances on a port.

show spantree portinstancecost mod/port mst

This example shows how to configure the MST port instance cost on a port:
Console> (enable) set spantree portinstancecost 4/1 cost 5000 mst 4
Command successful. Modified port 4/1 configuration:
        Cost       Instances
        ---------- ---------------------------------------------------------
        5000       4
Default 200000     0-3,5-4094
Console> (enable) set spantree portinstancecost 4/1 cost 6000 mst 4000
Command successful. Modified port 4/1 configuration:
        Cost       Instances
        ---------- ---------------------------------------------------------
        5000       4
        6000       4000
Default 200000     0-3,5-3999,4001-4094
Console> (enable) show spantree portinstancecost 4/1
This command is not valid when STP is in MST mode.
Console> (enable) show spantree portinstancecost 4/1 mst
Port 4/1 cost configuration:
        Cost       Instances
        ---------- ---------------------------------------------------------
        5000       4
        6000       4000
Default 200000     0-3,5-3999,4001-4094
Console> (enable)
Configuring the MST Port Instance Priority

You can set the port priority for an instance of MST. The port with the lowest priority value for a specific MST instance forwards the frames for that instance. The possible port instance range is 0-240. If all ports have the same priority value for an MST instance, the port with the lowest port priority number forwards the frames for that instance.

You can assign a different port instance priority for instances within a trunk port.

To configure the port instance priority on an MST instance, perform this task in privileged mode:

Task

Command

Step 1

Configure the port instance priority on an MST instance.

set spantree portinstancepri mod/port priority mst [instance]

Step 2

Verify the port instance priority setting.

show spantree mst [instance | mod/port]

This example shows how to configure the port instance priority on an MST instance and verify the configuration:
Console> (enable) set spantree portinstancepri 4/1 16 mst 2
Command successful. Modified port 4/1 configuration:
        Priority   Instances
        ---------- ---------------------------------------------------------
        16         2
Default 32         0-1,3-4094
Console> (enable) set spantree portinstancepri 4/1 48 mst 200
Command successful. Modified port 4/1 configuration:
        Priority   Instances
        ---------- ---------------------------------------------------------
        16         2
        48         200
Default 32         0-1,3-199,201-4094
Console> (enable) show spantree mst 4/1
Edge Port:         No, (Configured) Default
Link Type:        P2P, (Configured) Auto
Port Guard:   Default
Boundary:          No
Hello:              4, (Local port hello:4)
Inst State         Role Cost      Prio VLANs
---- ------------- ---- --------- ---- -----------------------------------
   0 forwarding    DESG    200000   32 None
   2 forwarding    DESG    200000   16 1
 200 forwarding    DESG    200000   48 2
Console> (enable)
Mapping and Unmapping VLANs to an MST Instance

By default, all VLANs are mapped to IST (instance 0). For an MST instance (MSTI) 1-15 to be active, you must map at least one VLAN to that MSTI. IST will always be active whether VLANs are mapped to IST or not. MST has separate regions, which prevents VLAN mapping conflicts. Follow these guidelines for mapping and unmapping VLANs to an MST instance:

Note See Chapter 11, "Configuring VLANs" for details on using and configuring VLANs.

•You can map only Ethernet VLANs to MST instances.

•At least one VLAN in the instance must have an active port in order for MST to be active.

•You can map as many Ethernet VLANs as you wish to an MST instance.

•You cannot map a VLAN to more than one MST instance.

•The Hello Time, Maximum Age timer, and Forward Delay timer set for mode and all spanning trees are used globally by MST.

Note To use VLANs 1025-4094, you must enable MAC address reduction. See the "Creating Extended-Range VLANs" section on page 11-7 in Chapter 11, "Configuring VLANs" for details on using extended-range VLANs.

To map a VLAN to an MST instance, perform this task in privileged mode:

Task

Command

Step 1

Map a VLAN to an MST instance.

set spantree mst instance vlan vlan

Step 2

Make the new region mapping effective.

set spantree mst config commit

Step 3

Verify that the VLAN is mapped.

show spantree mst [instance] [active] mod/port

This example shows how to map a VLAN to MST instance 1 and verify the mapping:
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:             3 instances
Configuration Name:arthur                             Revision:23703
Instance VLANs
-------- --------------------------------------------------------------
   0     1,31-4094
   2     2-20
   3     21-30
=======================================================================
Console> (enable) set spantree mst 1400 vlan 900-999
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:             3 instances
Configuration Name:arthur                             Revision:23703
Instance VLANs
-------- --------------------------------------------------------------
   0     1,31-4094
   2     2-20
   3     21-30
=======================================================================
NEW MST Region Configuration (Not committed yet)       4 instances
Configuration Name:arthur                             Revision:23703
Instance VLANs
-------- --------------------------------------------------------------
   0     1,31-899,1000-4094
   2     2-20
   3     21-30
1400     900-999
=======================================================================
Edit buffer is locked by:Console (pid 143)
Console> (enable) clear spantree mst 1400 vlan 900-998
Edit Buffer modified.
Use 'set spantree mst config commit' to apply the changes
Console> (enable) set spantree mst config commit
Console> (enable) show spantree mst config
Current (NVRAM) MST Region Configuration:             4 instances
Configuration Name:arthur                             Revision:23703
Instance VLANs
-------- --------------------------------------------------------------
   0     1,31-998,1000-4094
   2     2-20
   3     21-30
1400     999
=======================================================================
Console> (enable)
Configuring BPDU Skewing on the Switch

Commands that support the spanning-tree BPDU skewing allow you to perform these functions:

•Enable or disable BPDU skewing. The default is disabled.

•Modify the show spantree summary output to show if the skew detection is enabled and for which VLANs or PVST+ or MISTP instances the skew was detected.

•Provide a display of the VLAN, PVST+, or MISTP instance and the port that is affected by the skew, including this information:

–The last skew duration (in absolute time)

–The worst skew duration (in absolute time)

–The date and time of the worst duration

To change how spanning tree performs BPDU skewing statistics gathering, enter the set spantree bpdu-skewing command. The bpdu-skewing command is disabled by default.

To configure the BPDU skewing statistics gathering for a VLAN, perform this task in privileged mode:

Task

Command

Step 1

Configure BPDU skewing.

set spantree bpdu-skewing [enable | disable]

Step 2

Verify the configuration.

show spantree bpdu-skewing vlan [mod/port]

show spantree bpdu-skewing mistp-instance [instance] [mod/port]

This example shows how to configure BPDU skewing and display the skewing statistics:
Console> (enable) set spantree bpdu-skewing 
Usage:set spantree bpdu-skewing <enable|disable>
Console> (enable) set spantree bpdu-skewing enable
Spantree bpdu-skewing enabled on this switch.
Console> (enable)
Console> (enable) show spantree bpdu-skewing 1 
Bpdu skewing statistics for vlan 1
Port    Last Skew ms   Worst Skew ms     Worst Skew Time
------  -------------  -------------  -------------------------
8/2              5869         108370  Tue Nov 21 2000, 06:25:59
8/4              4050         113198  Tue Nov 21 2000, 06:26:04
8/6            113363         113363  Tue Nov 21 2000, 06:26:05
8/8              4111         113441  Tue Nov 21 2000, 06:26:05
8/10           113522         113522  Tue Nov 21 2000, 06:26:05
8/12             4111         113600  Tue Nov 21 2000, 06:26:05
8/14           113678         113678  Tue Nov 21 2000, 06:26:05
8/16             4111         113755  Tue Nov 21 2000, 06:26:05
8/18           113833         113833  Tue Nov 21 2000, 06:26:05
8/20             4111         113913  Tue Nov 21 2000, 06:26:05
8/22           113917         113917  Tue Nov 21 2000, 06:26:05
8/24             4110         113922  Tue Nov 21 2000, 06:26:05
8/26           113926         113926  Tue Nov 21 2000, 06:26:05
8/28             4111         113931  Tue Nov 21 2000, 06:26:05
Console> (enable) 
This example shows how to configure BPDU skewing for VLAN 1 on module 8, port 2 and display the skewing statistics:
Console> (enable) show spantree bpdu-skewing 1 8/4
Bpdu skewing statistics for vlan 1
Port    Last Skew ms   Worst Skew ms     Worst Skew Time
------  -------------  -------------  -------------------------
8/4              5869         108370  Tue Nov 21 2000, 06:25:59
You will receive a similar output when MISTP is running.

The show spantree summary command displays if BPDU skew detection is enabled and also lists the VLANs or instances that are affected in the skew. This example shows the output when using the show spantree summary command:
Console> (enable) show spantree summary
Root switch for vlans: 1
BPDU skewing detection enabled for the bridge
BPDU skewed for vlans: 1
Portfast bpdu-guard disabled for bridge.
Portfast bpdu-filter disabled for bridge.
Uplinkfast disabled for bridge.
Backbonefast disabled for bridge.
Summary of connected spanning tree ports by vlan
VLAN  Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
    1        6         4        2           0        12
      Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total      6         4        2        0            12
Console> (enable) 
Configuring Layer 2 PDU Rate Limiting on the Switch

Note This feature is only supported with PFC3A or later PFC.

Note This feature does not work in truncated mode.

You can use the Layer 2 PDU rate limiters to limit the number of packets to a normal rate and to avoid abnormal incoming rates.

The commands that support Layer 2 PDU rate limiting allow you to perform these functions:

•Enable, disable, or set rate limiting for the spanning-tree BPDUs—IEEE and PVST/Shared Spanning Tree Protocol (SSTP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), UniDirectional Link Detection (UDLD), VLAN Trunking Protocol (VTP), Link Aggregation Control Protocol (LACP), and Port Aggregation Protocol (PAgP)—globally on the switch.

•Enable, disable, or set rate limiting for the Layer 2 protocol tunnel-encapsulated PDUs globally on the switch.

•Enable, disable, or set the 802.1X port security rate limiters globally on the switch.

All three types of rate limiters work independently of each other.

To enable or disable Layer 2 PDU rate limiting, enter the set rate-limit {l2pdu | l2port-security | l2protocol-tunnel} {enable | disable} command. Layer 2 PDU rate limiting is disabled by default.

To configure Layer 2 PDU rate limiting, perform this task in privileged mode:

Task

Command

Step 1

Enable Layer 2 PDU rate limiting.

set rate-limit {l2pdu | l2port-security | l2protocol-tunnel} enable

Step 2

Set the rate limiter value.

set rate-limit {l2pdu | l2port-security | l2protocol-tunnel} rate rate

Step 3

Verify the configuration.

show rate-limit

show rate-limit config

Use the l2pdu keyword for rate limiting the Layer 2 protocol packets including the following:

•Spanning-tree IEEE—destination MAC address 01-80-c2-00-00-00

•PVST/SSTP—destination MAC address 01-00-0C-CC-CC-CD

•CDP/DTP/UDLD/LACP/PAgP/VTP—destination MAC address 01-00-0C-CC-CC-CC

Note Rate limiting Layer 2 protocols works as follows: 1) Frames are classified as Layer 2 control frames by the destination MAC address (listed above). 2) The software allocates an LTL index for these frames. 3) The LTL index is submitted to the forwarding engine for (aggregate) rate limiting of all the associated frames.

Use the l2port-security keyword for rate limiting the Layer 2 802.1X port security packets.

Use the l2protocol-tunnel keyword for rate limiting the Layer 2 protocol tunnel-encapsulated packets with the MAC address (01-00-0C-CD-CD-D0).

This example shows how to enable Layer 2 rate limiting, set the rate limiter value, and verify the configuration:
Console>(enable) set rate-limit l2pdu enable
Layer 2 rate limiter for PDUs enabled on the switch.
Console>(enable)
Console>(enable) set rate-limit l2pdu rate 1000
Layer 2 rate limiter for PDU rate set to 1000.
Console>(enable)
Console>(enable) set rate-limit l2protocol-tunnel disable
Layer 2 rate limiter for l2protocol-tunnel disabled on the switch.
Console>(enable)
Console>(enable) show rate-limit
Configured Rate Limiter Settings:
Rate Limiter Type    Status  Rate (pps)     Burst
-------------------- ------  -------------- -----
VACL LOG             On      2500           1
ARP INSPECTION       On      500            1
L2 PDU               On      1000           1
L2 PROTOCOL TUNNEL   On      1000           1
L2 PORT SECURITY     On      1000           1
MCAST NON RPF        Off     *              *
MCAST DFLT ADJ       Off     *              *
MCAST DIRECT CON     Off     *              *
ACL INGRESS BRIDGE   Off     *              *
ACL EGRESS BRIDGE    Off     *              *
L3 SEC FEATURES      Off     *              *
FIB RECEIVE          Off     *              *
FIB GLEAN            Off     *              *
MCAST PARTIAL SC     Off     *              *
RPF FAIL             Off     *              *
TTL FAIL             Off     *              *
NO ROUTE             Off     *              *
ICMP UNREACHABLE     Off     *              *
ICMP REDRECT         Off     *              *
MTU FAIL             Off     *              *
Console>(enable) 
This example shows how to display the Layer 2 rate-limiter administrative and operation status information:

Console> show rate-limit config
Rate Limiter Type    Admin Status Oper Status
-------------------- ------------ -----------
l2pdu                On           On
l2protocol-tunnel    On           On
l2port-security      On           On
Console> 