Spanning Tree Protocol

1
Spanning Tree Protocol Virtual LANs

• VLAN Concepts
• VLAN Configuration
• Troubleshooting VLANs

2
Spanning-Tree Protocol

• IEEE standard 802.1D
• Root bridge elected lowest priority wins based
  on bridge priority and MAC address
• 1 path to the root bridge is calculated using
  lowest cost link root port
• Cost based on bandwidth
• Other paths are blocked
• Bridge Protocol Data Units used to carry STP
  information

3
Elements of the Spanning Tree Protocol

• Main function of STP is to allow redundant paths
  in a switched/bridged network without incurring
  latency from the effects of loops.
• STP prevents loops by calculating a stable
  spanning-tree network topology (similar to OSPF
  operation)
• Spanning-tree frames (called bridge protocol data
  units--BPDUs) are sent and received by all
  switches in the network and are used to determine
  the spanning-tree topology

4
STP states

• Blocking
• Listening
• Learning
• Forwarding
• Disabled

5
Port States

• The ports on a switch or bridge can be configured
  for different states (stable or transitory),
  depending on the configuration of the network and
  the events occurring on the network.
• Stable states are the normal operational states
  of ports when the root bridge is available and
  all paths are functioning as expected.

6
Port States Contd

• STP devices use transitory states when the
  network configuration is undergoing some type of
  change, such as a root bridge failure.
• The transitory states prevent logical loops
  during a period of transition from one root
  bridge to another.

7
STP Example 2

• Why is CAT A the root bridge?
• Why have the links marked x been blocked?

8

• VLANS

9
Overview

• Created by software running on Layer 2 switches
• VLANs can be static or dynamic responsibility
  of the network administrator
• Segment LANs into logical groupings e.g. by
  function, project team, application
• Users must be in the same VLAN as their workgroup
  server
• VLAN is a broadcast domain
• Traffic can be switched between VLANS with a
  router

10
VLAN Operation

• Switches maintain a bridging table for each VLAN
• Switches can support multiple VLANs
• Switches perform filtering/forwarding based on
  VLAN ID

11
Benefits of VLANs

• Create broadcast domains
• Control network traffic
• Increased security
• Workstations can be moved without needing
  reconfiguration

12
VLAN Membership

• Port based
• MAC addressed based
• Protocol based
• Any VLAN is a layer 3 broadcast domain
• VLAN traffic between switches (trunks) is tagged
  (802.1q) or encapsulated (ISL) to identify VLAN
  membership

13
VLANs Across the Backbone

• VLAN configuration needs to support backbone
  transport of data between interconnected routers
  and switches.
• The backbone is the area used for inter-VLAN
  communication
• The backbone should be high-speed links,
  typically 100Mbps or greater

14
Routers Role in a VLAN

• A router provides connection between different
  VLANs
• For example, you have VLAN1 and VLAN2.
• Within the switch, users on separate VLANs cannot
  talk to each other (benefit of a VLAN!)
• However, users on VLAN1 can email users on VLAN2
  but they need a router to do it.

15
How Frames are Used in a VLAN

• Switches make filtering and forwarding decisions
  based on data in the frame.
• There are two techniques used.
• Frame Filtering--examines particular information
  about each frame (MAC address or layer 3 protocol
  type)
• Frame Tagging--places a unique identifier in the
  header of each frame as it is forwarded
  throughout the network backbone.

16
More on Frame Tagging

• Frame Tagging...
• is specified by IEEE 802.1q which states frame
  tagging is the preferred way to implement VLANs
• uniquely assigns a VLAN ID to each frame before
  it is forwarded across the backbone.
• is understood by switches prior to any broadcasts
  or transmission to other switches or routers
• places a tag in the frame...thus, frame tagging.
  So what layer?
• is removed by the switch after frame exits the
  backbone and before frame is forwarded to the end
  station

17
Ports, VLANs, and Broadcasts

• Three methods for implementing VLANs
• Port-Centric
• Static
• Dynamic
• Each switched port can be assigned to a VLAN.
  This...
• ensures ports that do not share the same VLAN do
  not share broadcasts.
• ensures ports that do share the same VLAN will
  share broadcasts.

18
Benefits of Port-Centric VLANs

• All nodes in the same VLAN are attached to the
  same router interface.
• Makes management easier ...
• assigned by router port
• VLANs are easy to admin.
• provides increased security
• packets dont leak into other domains

19
Static VLANs

• Defined
• Static VLANs are when ports on a switch are
  administratively assigned to a VLAN
• Benefits
• can be assigned by port, address, or protocol
  type
• secure, easy to configure and monitor
• works well in networks where moves are controlled

20
Dynamic VLANs

• Defined
• Switch ports can automatically determine a users
  VLAN assignment based on either/or
• MAC
• logical address
• protocol type
• When a station is initially connected to an
  unassigned port, the switch checks an entry in
  the table and dynamically configures the port
  with the right VLAN
• Benefits
• less administration (more upfront) when users are
  added or move
• centralized notification of unauthorized user

21
VLAN IOS Configuration

• Example
• Switchvlan database
• Switch(vlan)vlan 2
• Switch(vlan)name marketing
• Switch(vlan)exit
• Switch(config)interface fastethernet 0/9
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 2

22
Other VLAN/switching commands

• Switchshow vlan
• Switchshow vlan brief
• Switchshow spanning-tree
• SwitchShow interface

23
VLANs Make Changes Easier

• Traveling Users
• 20 to 40 of work force moves every year
• net admins biggest headache
• largest expense in managing networks. Moves may
  require...
• recabling
• readdressing and reconfiguration
• VLANs provide a way to control these costs. As
  long as the user still belongs to the same
  VLAN...
• simply configure the new switch port to that VLAN
• router configuration remains intact

24
VLANs Control Broadcasts

• Routers provide an effective firewall against
  broadcasts
• Adding VLANs can extend a routers firewall
  capabilities to the switch fabric
• The smaller the VLAN, the smaller the number of
  users that are effected by broadcasts

25
VLANs Improve Security

• Shared LANs are easy to penetrate...simply plug
  into the shared hub.
• VLANs increase security by ...
• restricting number of users in a VLAN
• preventing user access without authorization
• configuring all unused ports to the Disabled
  setting
• control access by
• addresses
• application types
• protocol types

26
VLANs Save Money

• Hub Replacement Segmentation
• The ports on a non-intelligent hub can only be
  assigned one VLAN.
• Replacing hubs with switches is relatively cheap
  compared to the benefit gained.
• In the graphic, replacing the core hub in an
  extended star topology with a VLAN capable switch
  effectively microsegments one shared LAN into six.