Categories
CCNP Enterprise Core (350-401) Cisco Datalink Layer

Lab: Configuring Multiple Spanning Tree (MSP)

Goal: To experiment with MSP (Multiple Spanning Tree)

Topology and Setup

In this deployment we’ll test with three L2/L3 switches in the following topology

On switches 1,2,3:

Configure the hostname

SW1(config)#hostname SW1

Configure VLANs 2,3,4,5

SW1(config)#vlan 2,3,4,5

Change spanning tree mode to MST

SW1(config)#spanning-tree mode mst

Map VLANs 2,3,4,5 to instance 1

SW1(config)#spanning-tree mst configuration
SW1(config-mst)#instance 1 vlan 2,3,4,5

Assign SW1 as Root bridge:

SW1(config)#spanning-tree mst 0 root primary
SW1(config)#spanning-tree mst 1 root primary

Configure each interconnected port as trunk and include all VLANs

SW1(config)#interface range e0/0 - 1
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport trunk allowed vlan 1,2,3,4,5
SW1(config-if-range)#switchport mode trunk


SW2(config)#interface range ethernet 0/0, e0/2
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport trunk allowed vlan 1,2,3,4,5
SW2(config-if-range)#switchport mode trunk

SW3(config-vlan)#interface range ethernet 0/1 - 2
SW3(config-if-range)#switchport trunk encapsulation dot1q
SW3(config-if-range)#switchport trunk allowed vlan 1,2,3,4,5
SW3(config-if-range)#switchport mode trunk

Review the situation of MST on SW1:

SW1#show spanning-tree mst
 MST0    vlans mapped:   1,6-4094
 Bridge        address aabb.cc00.1000  priority      24576 (24576 sysid 0)
 Root          this switch for the CIST
 Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6
 Configured    hello time 2 , forward delay 15, max age 20, max hops    20
 Interface        Role Sts Cost      Prio.Nbr Type
 
 Et0/0            Desg FWD 2000000   128.1    Shr
 Et0/1            Desg FWD 2000000   128.2    Shr
 Et0/2            Desg FWD 2000000   128.3    Shr
 Et0/3            Desg FWD 2000000   128.4    Shr
 MST1    vlans mapped:   2-5
 Bridge        address aabb.cc00.1000  priority      24577 (24576 sysid 1)
 Root          this switch for MST1
 Interface        Role Sts Cost      Prio.Nbr Type
 
 Et0/0            Desg FWD 2000000   128.1    Shr
 Et0/1            Desg FWD 2000000   128.2    Shr

The Importance of MST Regions and Trunked VLANs

This was described in Multiple Spanning Tree Instances (MSTIs)MST Misconfiguration Scenarios

All ports for MST0 and MST1 are designated, with SW1 being root we would expect the e0/2 link between SW2 and SW3 to be blocked on one port; SW3 is blocked on e0/2 due to having a higher MAC address than SW2.

VLANs 1,2,3,4,5 will travel from SW2, to SW1, to SW3.

If we remove VLAN3 from SW1 to SW2; will it disrupt communications due to the blocked port to SW3?

We’ll remove VLAN3 from the trunk on SW2:

SW2#show run int e0/0
 Building configuration…
 Current configuration : 125 bytes
 !
 interface Ethernet0/0
  switchport trunk allowed vlan 1-5
  switchport trunk encapsulation dot1q
  switchport mode trunk
 end
SW2(config)#interface e0/0
 SW2(config-if)#switchport trunk allowed vlan remove 3
SW2#show run int e0/0
 Building configuration…
 Current configuration : 129 bytes
 !
 interface Ethernet0/0
  switchport trunk allowed vlan 1,2,4,5
  switchport trunk encapsulation dot1q
  switchport mode trunk
 end

SW2 no longer has a VLAN3 link to SW1 to reach SW3. But it does have a direct link to SW3 – Is that now unblocked? Let’s check on SW3

SW3#show spanning-tree vlan 3
 MST1
   Spanning tree enabled protocol mstp
   Root ID    Priority    24577
              Address     aabb.cc00.1000
              Cost        2000000
              Port        2 (Ethernet0/1)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
              Address     aabb.cc00.3000
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Interface           Role Sts Cost      Prio.Nbr Type
 
 Et0/1               Root FWD 2000000   128.2    Shr
 Et0/2               Altn BLK 2000000   128.3    Shr

The port is still being blocked, VLAN3 communication is broken!

It is important that if a group of VLANs are included in a MST region, that that their trunking set-up is also similar.

We’ll move VLAN3 to it’s own MST region on all three switches:

SW3(config)#spanning-tree mst configuration
SW3(config-mst)#instance 2 vlan 3

On SW1 we’ll keep it as the root:

SW1(config)#spanning-tree mst 2 root primary

Does VLAN3 now have a route to SW3 from SW2?

SW3#show spanning-tree mst 2
 MST2    vlans mapped:   3
 Bridge        address aabb.cc00.3000  priority      32770 (32768 sysid 2)
 Root          address aabb.cc00.1000  priority      24578 (24576 sysid 2)
               port    Et0/1           cost          2000000   rem hops 19
 Interface        Role Sts Cost      Prio.Nbr Type
 
 Et0/1            Root FWD 2000000   128.2    Shr
 Et0/2            Desg FWD 2000000   128.3    Shr

Yes! To make sure that SW2 is also not blocking any ports:

SW2#show spanning-tree mst 2
 MST2    vlans mapped:   3
 Bridge        address aabb.cc00.2000  priority      32770 (32768 sysid 2)
 Root          address aabb.cc00.1000  priority      24578 (24576 sysid 2)
               port    Et0/2           cost          4000000   rem hops 18
 Interface        Role Sts Cost      Prio.Nbr Type
 
 Et0/2            Root FWD 2000000   128.3    Shr
 SW2#

To complete the MST instance layout, here is the output for SW1:

SW1#show spanning-tree mst 2
 MST2    vlans mapped:   3
 Bridge        address aabb.cc00.1000  priority      24578 (24576 sysid 2)
 Root          this switch for MST2
 Interface        Role Sts Cost      Prio.Nbr Type
 
 Et0/0            Desg FWD 2000000   128.1    Shr
 Et0/1            Desg FWD 2000000   128.2    Shr

Mixing Spanning Tree Modes

This was described in Multiple Spanning Tree Boundaries

We’ll now mix in multiple spanning tree modes to see how MSTP works in a multi STP topology network, the previous labs configuration will be used:

On SW4, SW5, SW6, we’ll create VLANS 2,3,4,5, trunk them together and across to the MST switches.

SW6(config)#hostname SW6
SW6(config)#vlan 2,3,4,5
SW6(config-vlan)#interface range e0/0 - 2
SW6(config-if-range)#switchport trunk encapsulation dot1q
SW6(config-if-range)#switchport trunk allowed vlan 1,2,3,4,5
SW6(config-if-range)#switchport mode trunk
Switch(config)#hostname SW5
SW5(config)#vlan 2,3,4,5
SW5(config-vlan)#interface range e0/0 - 1
SW5(config-if-range)#switchport trunk encapsulation dot1q
SW5(config-if-range)#switchport trunk allowed vlan 1,2,3,4,5
SW5(config-if-range)#switchport mode trunk


Switch(config)#hostname SW4
SW4(config)#vlan 2,3,4,5
SW4(config-vlan)#interface range e0/0 - 2
SW4(config-if-range)#switchport trunk encapsulation dot1q
SW4(config-if-range)#switchport trunk allowed vlan 1,2,3,4,5
SW4(config-if-range)#switchport mode trunk

We’ll add the new trunk configuration to switches SW2 and SW3 too:

SW2(config)#int e0/1
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport trunk allowed vlan 1,2,3,4,5
SW2(config-if)#switchport mode trunk

SW3(config)#int e0/0
SW3(config-if)#switchport trunk encapsulation dot1q
SW3(config-if)#switchport trunk allowed vlan 1,2,3,4,5
SW3(config-if)#switchport mode trunk

At this time, the root bridge is a MST running switch, the PVST switch SW4 sees the root for all VLANs across the boundary:

SW4#show spanning-tree interface e0/0
 Vlan                Role Sts Cost      Prio.Nbr Type
 
 VLAN0001            Root FWD 100       128.1    Shr Peer(STP)
 VLAN0002            Root FWD 100       128.1    Shr Peer(STP)
 VLAN0003            Root FWD 100       128.1    Shr Peer(STP)
 VLAN0004            Root FWD 100       128.1    Shr Peer(STP)
 VLAN0005            Root FWD 100       128.1    Shr Peer(STP)
 SW4#

Let’s change VLAN4 root to a PVST enabled switch and observe want happens.

SW5(config)#spanning-tree vlan 4 root

SW4 detects this change:

SW4#show spanning-tree interface e0/1
 Vlan                Role Sts Cost      Prio.Nbr Type
 
 VLAN0001            Desg FWD 100       128.2    Shr
 VLAN0002            Desg FWD 100       128.2    Shr
 VLAN0003            Desg FWD 100       128.2    Shr
 VLAN0004            Root FWD 100       128.2    Shr
 VLAN0005            Desg FWD 100       128.2    Shr

SW3 is now blocking the link between itself and SW4:

SW3#show spanning-tree vlan 4
 MST1
   Spanning tree enabled protocol mstp
   Root ID    Priority    24577
              Address     aabb.cc00.1000
              Cost        2000000
              Port        2 (Ethernet0/1)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
              Address     aabb.cc00.3000
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Interface           Role Sts Cost      Prio.Nbr Type
 
 Et0/0               Desg BKN*2000000   128.1    Shr Bound(PVST) *PVST_Inc
 Et0/1               Root FWD 2000000   128.2    Shr
 Et0/2               Altn BLK 2000000   128.3    Shr

Along with SW2, this has isolated both of the STP topologies from each other:

SW2#show spanning-tree vlan 4
 MST1
   Spanning tree enabled protocol mstp
   Root ID    Priority    24577
              Address     aabb.cc00.1000
              Cost        2000000
              Port        1 (Ethernet0/0)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
              Address     aabb.cc00.2000
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
 Interface           Role Sts Cost      Prio.Nbr Type
 
 Et0/0               Root FWD 2000000   128.1    Shr
 Et0/1               Desg BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 Et0/2               Desg FWD 2000000   128.3    Shr

The change to this port status is to protect the STP topology from any networking loops. Since VLAN4 is receiving a better BPDU in comparison to the other VLANs in the same MST instance (2 and 5), it will block it.

We will need to move VLAN4 to it’s own MST instance or set the PVST to be the root for VLANs 2 and 5 too. We will set the PVST to be root for VLANs 2 and 5 and observe.

SW5(config)#spanning-tree vlan 2 root primary
SW5(config)#spanning-tree vlan 5 root primary

We’ll now check the boundary interface between SW4 and SW3.

SW3#show spanning-tree interface ethernet 0/0
 Mst Instance        Role Sts Cost      Prio.Nbr Type
 
 MST0                Desg BKN*2000000   128.1    Shr Bound(PVST) *PVST_Inc
 MST1                Desg BKN*2000000   128.1    Shr Bound(PVST) *PVST_Inc
 MST2                Desg BKN*2000000   128.1    Shr Bound(PVST) *PVST_Inc

Still blocked! Even though VLANs 2,4,5 (The entire region 1) roots are now in the PVST VLAN.

Let’s attempt letting the PVST instance take control of VLAN1, which is region 0 in the MST.

SW5(config)#spanning-tree vlan 1 root primary

A message generated on SW3:

*Mar 22 22:13:52.362: %SPANTREE-2-PVSTSIM_OK: PVST Simulation inconsistency cleared on port Ethernet0/0.

The port has transitioned to a blocking state!

SW3#show spanning-tree interface ethernet 0/0
 Mst Instance        Role Sts Cost      Prio.Nbr Type
 
 MST0                Altn BLK 2000000   128.1    Shr Bound(PVST)
 MST1                Altn BLK 2000000   128.1    Shr Bound(PVST)
 MST2                Altn BLK 2000000   128.1    Shr Bound(PVST)

Let’s check our other interconnection into the PVST network.

SW2#show spanning-tree interface ethernet 0/1
 Mst Instance        Role Sts Cost      Prio.Nbr Type
 
 MST0                Mstr BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 MST1                Mstr BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 MST2                Mstr BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 SW2#

Still blocking – could it be VLAN1? Let’s try adjusting that to let the PVST network take control of it:

SW1(config)#spanning-tree mst 0 priority 32768
SW2#show spanning-tree interface ethernet 0/1
 Mst Instance        Role Sts Cost      Prio.Nbr Type
 
 MST0                Root BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 MST1                Mstr BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 MST2                Mstr BKN*2000000   128.2    Shr Bound(PVST) *PVST_Inc
 SW2#

Does not to be appear the case – though a clue did appear in the message buffer:

*Mar 22 22:20:55.945: %SPANTREE-2-PVSTSIM_FAIL: Blocking root port Et0/1: Inconsitent inferior PVST BPDU received on VLAN 3, claiming root 24576:aabb.cc00.1000

Aimed with this error message, we can look for some guidance on what to do on this situation. Here is a great summary on the community Cisco forum.

Either configure your MST switch so that its priority in MSTI 0 is lower than the priority of any PVST switch in any VLAN in the PVST region.

This will make the MST switch to become the root switch for MSTI0 as well as a root switch for each and every VLAN in the PVST region.

Or configure the PVST switch so that it becomes the root for both the PVST and MST regions:

In VLAN 1, it has a priority lower than the priority of the current MSTI 0 root

In VLANs 2-4094, it has a priority lower than its own priority in VLAN 1

Peter Paluch; Cisco Community Forum

The goal here was to allow the PVST switch to be the root. Aimed with this knowledge we decreased the priority further of VLANs 2 and left VLAN1 as it was:

SW5(config)#spanning-tree vlan 2-5 priority 16384

And we reached success!

SW2#show spanning-tree interface e0/1
 Mst Instance        Role Sts Cost      Prio.Nbr Type
 
 MST0                Root FWD 2000000   128.2    Shr Bound(PVST)
 MST1                Mstr FWD 2000000   128.2    Shr Bound(PVST)
 MST2                Mstr FWD 2000000   128.2    Shr Bound(PVST)
SW3#show spanning-tree interface e0/0
 Mst Instance        Role Sts Cost      Prio.Nbr Type
 
 MST0                Altn BLK 2000000   128.1    Shr Bound(PVST)
 MST1                Altn BLK 2000000   128.1    Shr Bound(PVST)
 MST2                Altn BLK 2000000   128.1    Shr Bound(PVST)
 SW3#

It seems easier to have the MST switch as the root; but if you wish to have PVST as the root it is important to make sure your VLAN numbers above 1 are lower priority than VLAN1 itself.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.