Tuesday, November 15, 2016

1 comment

PVST+ Calculation & Configuration

Per Vlan Spanning Tree, remember we can assign different Spanning Tree Topology, we can assign a different Spanning Tree Root Bridge for the different Vlan’s. Right now, Switch Sw2 is the Root for everybody.

             And we have got 3 Vlan’s created on the Switches. Vlan’s 100, 200 and 300, what if we wanted the Primary Root for 100 and 300 to be on Switch Sw1 and we wanted Switch Sw1 to be the secondary Root, another word, if the Primary Root went down, we would have wanted to take over that Role, we wanted to be the Secondary Root for Vlan 200.
                    And let’s say, we want Switch Sw3 to be the Primary for Vlan 200, and we wanted to be the Secondary for Vlan’s 100 and 300.   
                 And let’s make on, other change, we talked bit about, how the Port ID is works. Let’s change the fastethernet 0/1 Port ID (128.3) on Switch Sw2, let’s make that Larger Number. By making this fastetherent 0/1 from 128 to larger number 192, by making that larger, that’s gonna make fastetherent 0/2 on Switch Sw2 Port ID (128.4) more attractive, and that’s gonna make this fastethernet 0/1 on Switch SW3, that’s should make it a Blocking Port, and should make fastetherent 0/2 on Switch SW3 from Blocking Port to a Root Port. That’s our Prediction for, what’s going to happen with this topology.
                    Now Let’s examine this exact Topology. See our Prediction are correct and then make this modification we discussed, we predicted that
Ø  Which Ports would be the Root’s Ports
Ø  Which Ports would be Blocking
As our Previous Topic, we can easily identify which Port is the Root Ports. Now we will go further, and looking for, who be the Designation Port between Sw1 and Sw3, if we look at our Cost to get back to the Root in this end of the link, it would just be 19 to go from Sw1 down to Sw3, if we look at the fastetherent 0/3 end of the link, it would also be 19, it’s a Tie, So what we do know.
                     As a Tie-Breaker, we look at which end of the link has the Lowest Bridge ID, and Priorities are Equal on Sw1 and Sw3, so in this case, we saying which end of the link has the Lowest Mac-Address, and in this case, Sw3 has the Lower Mac-Address than Sw1, as a result, Sw3 end of this link (Fastetherent 0/3), The Designation Port.
                    And we said, we wanna go in, and make some manipulation before we make manipulation. Let’s make sure, we were correct, we predicted that Switch Sw2 would be the Root Bridge.
Let’s take a look and begin with Sw1 and give the command
Ø  SW1#show spanning-tree vlan 100
                         And we can see from the prospective of a Sw1, that’s we are not the Root, it say’s our Mac-Address fcfb. fb97.a980, but the Root Bridge for Vlan 100 has 0011.bbda.ea00 as a Mac-Address. So, it not us, and something might be bit curious is, notice the Priority on that Topology, we said that the Priority was 32768, but here our Priority is 32868, what’s going on here.
                  Well PVST+ were running Multiple instances of a Spanning Tree, and each Switch should have a unique Bridge ID and if we are running 3 instances of Spanning Tree on this Switch. So, what we do with PVST+ is, we take that Bridge Priority Field and we divided into two different section, and a 12 Bit field is going to be use to insert the extended system ID, here the Extended System ID for VLAN 100 and it is 100, meaning that the way we came up this 32868 number of was simple adding the Vlan ID of 100 to Priority of 32768.
Let me Prove to you, let’s do
  Ø  Sw1#show spanning-tree vlan 200
ü  And it should be 200+, 32768, another word, it should be 32968, let’s take a look at picture.

Now Let’s see on Switch Sw3
Ø Sw3#show spanning-tree vlan 100

You can see on Topology Picture, that the Port ID’s for fastetherent 0/1 and 0/2 is 128.3 and 128.4
                      Let’s make the Port ID’s of fastetherent 0/1 higher than the fastetherent 0/2. We cannot manipulate the 3 or 4, that’s based on the Switch Hardware, however we can, manipulate 128, that’s the Port Priority, let’s do it
Ø Sw2(config)#interface fastetherent 0/1
Ø Sw2(config-if)#spanning-tree port-priority 192
ü  That should start a reconvergence on Switch Sw3
Ø Sw3#show spanning-tree vlan 100

Fastetherent 0/1 is now Blocking, notice it’s not based on our Local Port ID’s, it’s based on Port ID at the far end of these links, which is the Port ID’s on Switch Sw2.
Ø  Sw2#show spanning-tree vlan 300
          Notice that fastetherent 0/1, now has a Higher Port ID, we adjusted the Port Priority from 128 to 192, that’s make it less attractive and by doing them on Switch Sw2, we were able to influence which Port on SW3 became the Root Port.
                       By the way, there is another way to manipulate this, notice that, we had an equal Cost, based on the interface speed to get back to the Root, cost of 19 on Switch Sw3, what if we manipulated that.
                    Right now, fastethernet 0/1 is Blocking on Sw3, what if we reduce this Cost, if we artificially brought that Cost down, let’s go do it.
Ø  Sw3(config)#interface fastetherent 0/1
Ø  Sw3(config-if)#spanning-tree cost 18
Once we do that, let’s take a look, we transition from Blocking to Listening, then we Learning and we should be Forwarding State.
                       You now know, what happened, we look to the Cost value first in determining the Root Port, but if they were Tie, which they were, then we look at the far end Port ID but now it’s no longer Tie, we no longer have a Tie of 19. Now fastetherent 0/1 has a Cost of 18, that’s makes it more attractive and since it clearly a lower Cost, we don’t even have to considered the Port ID at far end links.
Now we take advantage of PVST+, if we make Switch Sw1 the Primary Root for Vlan’s 100 and 300, and secondary Root for vlan 200.
Ø  Sw1(config)#spanning-tree vlan 100 priority <lowest priority value>
We can set Priority value or give a value, and if we made it less than the default of 32768, then this would become Root Bridge for Vlan 100. However, i wanna show you yet another approach that to say
Ø  Sw1(config)#spanning-tree vlan 100 root primary
Ø  Sw1(config)#spanning-tree vlan 300 root primary
Ø  Sw1(config)#spanning-tree vlan 200 root secondary
Now Let’s make Switch Sw3 Primary Root for Vlan 200, if the Primary Root fails then Switch Sw1 to be secondary Root.
Ø  Sw3(config)#spanning-tree vlan 100 root secondary
Ø  Sw3(config)#spanning-tree vlan 300 root secondary
Ø Sw3(config)#spanning-tree vlan 200 root primary
Now let’s take a look on Switches Sw1 and Sw3, and if they now taken these Roles, now let’s see their Bridge ID
Ø  Sw3#show spanning-tree vlan 100
              We should be the Secondary Root. We can see that Priority of Root is 24676. Well our Switch Sw3 Priority is 28772, our is better than the default to 32768 but it’s not as good as the Root, and we can see our Mac-Address and Mac-Address of Root.
We think Switch Sw1 is the Root for Vlan 100, and let’s go over to that Switch, and confirm that
Ø  Sw1#show spanning-tree vlan 100

                  We are the Root Bridge and we have a Priority of 24676 and like we said on Switch Sw3 have a Priority of 28772, that still more attractive than the default 32768, but it’s not as low as 24676. Therefore, SW3 is the secondary Root but Switch Sw1 it’s the Primary Root for Vlan 100.
                  We able do in this exercise is, verify that our calculation on Paper work indeed correct, we able to accurately predict the Root Bridge, the Root Ports the Designated Ports, and the Blocking Port’s, we look at 2 different ways that make as Switch a Root Bridge, we could set the Priority to a numeric value or we could use the Root Primary and Root secondary arguments to have a switch automatically calculate a Bridge Priority, and we saw a couple of ways of influencing which path a Switch would use to get back to the Root, if it had more then on path to get back to the Root. We saw that, we would go with the Lowest Port Cost which by default is a function of Interface Speed, but we saw how to manually configure that, but if the Root Costs were equal that Switch, Switch is going to look at the far end Port ID’s and it’s gonna be link connected to the lowest far end Port ID, and the Port ID was made up of  a Port Priority and then a DOT (.), then a number represent the location of Port in that Switch, we not able to manipulate that Hardware value, but we were able to manipulate the Port Priority and by inflating the Port Priority on Switch Sw2’s fastethernet 0/1 interface, we able to make the 2 Port’s on Sw3 coming back to the Root, we were able to make them Swap Roles because the far end the sending Port ID’s had changed.

                  If You Like the Post. Don’t forget 
            to “Subscribe/Share/Comment”. Thank You.

1 comment:

  1. Great Article
    Cyber Security Projects

    projects for cse

    Networking Security Projects

    JavaScript Training in Chennai


    Training in Chennai

    The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals,

    Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer.

    Angular Training