Spanning tree questions

Hi guys,

 

i was listening to the old Audio bootcamp by scot morris and there are 2 points i didn't get about spanning tree (section4):

 

1) at 16:00 he said that there is only one timer i can't change which is initial block time which must be 20 sec,

i don't get it what is that timer and when it happens???

2) at 36:05 he said about applying BPDU guard globally ,when SW recieve a bpdu it will revert to a normal port which i am not sure if it's correct because i know Regardless of how This feature is activated (Globally or interface) , a BPDUGuard-protected port that receives BPDU will be immediately err-disabled.

 

any confirmations to clear the confusion here?!!

Comments

  • 1) When a port comes up for the very first time, a 20-second blocking timer applies. Blocking time and max-age timer have nothing to do with one another. They are both 20 seconds which is why people get confused by them. You cannot configure the blocking timer it is always 20 seconds unless you enable portfast.

    2)  At the global level, you enable BPDU guard on PortFast-enabled ports by using thespanning-tree portfast bpduguard defaultglobal configuration command. Spanning tree shuts down ports that are in a Port Fast-operational state if any BPDU is received on them. In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port means an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. When this happens, the switch shuts down the entire port on which the violation occurred.- So you must have the ports in Port-Fast enabled state, you can do it either via global ot interface level config command. At the interface level, you enable BPDU guard on any port by using the spanning-tree bpduguard enable interface configuration command without also enabling the Port Fast feature. When the port receives a BPDU, it is put in the error-disabled state.- so no Port-Fast configuration needed.

  • bobby thanks for replay so,

    1) the first time a port comes up we have to wait 50 sec [blocking timer (20 sec) + forward delay (30 sec)!! , i thought we have to wait only 30 sec which is listening+learning stages.

     

    2) so i am right, in both cases (global or interface) the interface will be in err-disable state if it receive bpdu and not just interface like mr.scott said.

  • Hi all,

    Very good post.  I too would like to know about triggering initial block timer.  How to observe in lab environment.

    Best Regards

  • I stand corrected (said the man in the orthopedic shoes!).

     

    I have just retested on my lab 3550s and 3560s. After no shutting an interface it takes 30 seconds to go from admin down to STP forwarding:

     

    debug spanning-tree events

    int f0/20

    no shut

    *Mar  1 00:16:24.895: STP: VLAN0001 Fa0/20 -> listening

    *Mar  1 00:16:39.895: STP: VLAN0001 Fa0/20 -> learning

    *Mar  1 00:16:54.895: STP: VLAN0001 Fa0/20 -> forwarding

     

    I have tested in both mode pvst and rapid-pvst. Same behaviour in both – no sign of the 20 second "blocking phase". It takes 30 seconds – not 50 for a non-portfast interface to go into forwarding. Maybe this changed at some point in the code?

     

    Point 2 is absolutely correct. I have just tested it and both global and interface level BPDU guard err-disable the interface if they receive a BPDU. Like I said above, the global command only applies to portfast enabled interfaces.

  • Thanks bobby,

     

    that's what i thought :)

Sign In or Register to comment.