Spanning Tree MST

Spanning Tree MST works on the principal that your infrastructure doesn't really physically change, you simply setup a layer 2 path then associate vlans with that path.

You create regions/instances and associate vlans with the region.

Check your current VLANs.

Switch#
sh vlan brief

You will need to setup each switch individually with the following code:

Switch(config)#
spanning-tree mode mst
spanning-tree mst configuration
name CISCO
revision 1
instance 1 vlan 10-50,60
instance 2 vlan 70-100,110,130
show current ! this will show the current (blank) mst configuration
show pending ! this will show the changes to be commited on exit
exit


This will create two MST instances and put the named vlans in them.

Switch#
show span mst config

To set the root bridge on each MST instance use:

SwitchALPHA(config)#
spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary

SwitchBETA(config)#
spanning-tree mst 1 root secondary
spanning-tree mst 2 root primary


Other commands

Switch#
show spanning-tree mst 1 detail
show spanning-tree interface vlan 20 detail

Troubleshooting

Some old IOS may have pre-ieee mst standard which when you do a 'sh spann' the type field is shown as
- Bound PVST
- Pre-STD-Rx

The normal/default is p2p.

Bound PVST means the switch has fallen back to slow legacy PVST.
Pre-STD-Rx means the neibour is running a pre-ieee cisco propriotary version of mst.

Upgrade the older switch or hard code on the interface configure:
spanning-tree mst pre-standard
This will turn off the automatic/detection which is not 100% reliable.

Ideally all mst switch interface types should be: p2p.

Clear Spanning Tree

Shutdown interfaces or clear the detected-protocols on EVERY switch.

Switch(config)#
interface range g0/1-2
shut
no shut

Switch#
clear spanning-tree detected-protocol

Spanning Tree States

Blocking

• port is in non-designate role
• does not forward or send traffic
• can receive BPDU's to determine what roles its ports need to be and also to where the root bridge is located.
• 20 sec in this stage by default.

Listening 

• stp determines that the port can forward traffic according to the BPDU's that have been recieved.
• switchport is receiving BPDU's and also sending its own BPDU's
• 15 sec in this state

Learning

•   switchport prepares to forward traffic by populating the CAM table (MAC) from source MAC's that it learns from traffic received. 
• 15 sec in this state 

Forwarding

• Layer 2 port is considered part of the active topology and forwards frames.
• sends and receives BPDU's

  Disabled

• Switchport does not participate in spanning tree
• does not forward frames.
  

Spanning Tree Tips

Show blocked ports STP
show spanning-tree blockedports

Port Priorities
Set your root bridge on vlan 1 with:
Switch1(config)# spanning-tree vlan 1 root primary
This will set the priority to 24576

On the secondary switch use:
Switch2(config)# spanning-tree vlan 1 root secondary

This will set the priority to 28672

Say you have two trunk links bettween switches and you want to use one port over the other, for example:

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------------
Fa0/7 Desg FWD 19 128.9 P2p
Fa0/8 Desg FWD 19 128.10 P2p

The current Port priority is 128, this is the default.

To change individual priorities use:
Switch1(config-if)# spanning-tree port-priority 112

Now when you show spanning-tree:

Switch1# sh span

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------------
Fa0/7 Desg FWD 19 128.9 P2p
Fa0/8 Desg FWD 19 112.10 P2p

This will then send out a topology change. The remote switch connected to fa0/8 will now use the port with the lower priority instead of the default fa0/7.

Switch2# sh span

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------------------
Fa0/7 Altn BLK 19 128.13 P2p
Fa0/8 Root FWD 19 128.14 P2p

The process of choosing which links to use and which to turn off include, lowest root priority, lowest port priority, lowest switchport/mac address.

PortFast
When configuring switchports for a host you can use:

Switch(config)# int range fa0/1-22
Switch(config-if-range)# switch mode access
Switch(config-if-range)# spanning-tree portfast

This will staticly make the port an access port and will not negotiate trunk links etc, which is the default.

If you use switchport host this will do access and portfast for you.

Switch(config)# int range fa0/1-22
Switch(config)# switch host

To verify the port fast configuration use the command

show spanning-tree interface Fa0/2 portfast

Trunk Links
To turn off DTP (dynamic trunking protocol) on your trunk link use:
Switch(config)# switch nonegotiate

If you trunk a Cisco switch with a non-Cisco switch, this is best practise as the other switch does not understand the DTP messages.
This will also speed up convergence time to up to 2 seconds on boot. This is recommended on all 'stable' trunk links, cisco-to-cisco or cisco-to-other.

Alias
Switch1(config)# alias configure fa int range fa
Switch1(config)# fa 0/1-24
Switch1(config-if-range)#

Portfast on trunks

Portfast can be enable on trunk links, this is useful when connect to a server that needs VLAN's configured. (Vmware). This can only used on switchport trunks that do not connect to other switches. as this may cause a layer 2 loop
Switch1(config)# interface gig0/1
Switch1(config int)#spanningtree portfast trunk

BPDU Guard
This should be set on access layer ports or ports that should not go to another switch or device that creates BPDU's. I will shutdown the port in err-disabled state.