4_STP高级特性.docx

键入文字央邦IT实验室键入文字BCMSN Lab4 配置STP 的PortFast和环路保护特性实验拓扑实验要求在这个实验中，SW3和SW4不参与STP，只是桌面交换机，用于级联主机大量主机保证网络中只有vlan11. 配置SW1的Fa0/13和SW2的Fa0/13口为PortFast接口，使这两个接口无需协商直接进入Forwarding状态2. 配置BPDU防护，保证在SW3和SW4被错误地连接后，网络不会出现环路3. 配置Err-disable自动恢复功能实验步骤开始实验前清空所有交换机的配置和vlan数据库：#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? confirmOK 回车Erase of nvram: complete#delete flash:vlan.datDelete filename vlan.dat? 回车Delete flash:vlan.dat? confirm 回车SW1#reload System configuration has been modified. Save? yes/no: n 选择“no”Proceed with reload? confirm 回车关闭交换机的接口：SW1：Fa0/2，Fa0/15，Fa0/24SW2：Fa0/2，Fa0/15，Fa0/24SW3：Fa0/14，Fa0/15，Fa0/20，Fa0/23SW4：Fa0/14，Fa0/15，Fa0/20，Fa0/231. 将SW3和SW4的STP功能关闭，看作级联主机的桌面Hub，关闭在打开SW1的Fa0/13口和Sw2的Fa0/13口，发现这两个口要经过很长时间（30s）才会转发SW3(config)#no spanning-tree vlan 1SW4(config)#no spanning-tree vlan 1以Sw1为例（Sw2也要做）SW1(config)#interface fastEthernet 0/13SW1(config-if)#shutdown SW1(config-if)#exitSW1#show spanning-tree vlan 1VLAN0001。- - - - - -Fa0/1 Root FWD 19 128.1 P2p Fa0/13 Desg LIS 19 128.11 P2p -经过15秒的侦听过程SW1#show spanning-tree vlan 1VLAN0001。Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.1 P2p Fa0/13 Desg LRN 19 128.11 P2p -经过15秒的学习过程SW1#show spanning-tree vlan 1VLAN0001Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.1 P2p Fa0/13 Desg FWD 19 128.11 P2p -30秒后才转发SW2的Fa0/13口情况和SW1的Fa0/13口一样如果我们将Sw1的Fa0/13口和Sw2的Fa0/13口开启PortFast功能：SW1(config)#interface fastEthernet 0/13SW1(config-if)#spanning-tree portfastSW2(config)#interface fastEthernet 0/13SW2(config-if)#spanning-tree portfast再次关闭并打开两个接口，并查看两台交换机的STP状态SW1(config)#interface fastEthernet 0/13SW1(config-if)#shutdown SW1(config-if)#exitSW1#show spanning-tree vlan 1VLAN0001。Interface Role Sts Cost Prio.Nbr Type- - - - - -Fa0/1 Root FWD 19 128.1 P2p Fa0/13 Desg FWD 19 128.11 P2p Edge -发现Fa0/11马上会进入转发状态，Sw2的Fa0/12也是一样SW1#show spanning-tree interface fastEthernet 0/13 detail Port 11 (FastEthernet0/11) of VLAN0001 is designated forwarding Port path cost 19, Port priority 128, Port Identifier 128.13. Designated root has priority 32769, address 000c.3164.8b00 Designated bridge has priority 32769, address 000c.ce01.8f00 Designated port id is 128.13, designated path cost 19 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode Link type is point-to-point by default BPDU: sent 79, received 02. 配置BPDU防护，保证在SW3和SW4被错误地连接后，网络不会出现环路SW1的Fa0/13和SW2的Fa0/13口在设计时是连接主机的接口，我们将这两个接口配置成了PortFast，使这两个接口不用协商马上进入Forwarding状态。但是由于操作不当，Sw3和Sw4被连接起来了，这样环路又出现了（在没有开启PortFast时，SW1的Fa0/13和Sw2的Fa0/13口中一定会阻塞一个，但现在两个全是转发转发）为了避免上述问题的出现，我们在配置PortFast的同时，开启BPDU防护，如果PortFast接口检测到BPDU（说明该接口下的局域网不止有一个接口处于Forwarding状态），则将接口置为err-disable状态SW1(config)#spanning-tree portfast bpduguard defaultSW2(config)#spanning-tree portfast bpduguard default打开SW3和SW4的Fa0/23口：SW3(config)#interface fastEthernet 0/23SW3(config-if)#no shutdown SW4(config)# interface fastEthernet 0/23SW4(config-if)#no shutdownSW1和SW2都出现日志：SW1#*Mar 1 02:19:09.511: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/13 with BPDU Guard enabled. Disabling port.*Mar 1 02:19:09.511: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/13, putting Fa0/11 in err-disable state*Mar 1 02:19:10.515: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/11, changed state to down*Mar 1 02:19:11.519: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to downSW2#*Mar 1 02:19:08.623: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa0/13 with BPDU Guard enabled. Disabling port.*Mar 1 02:19:08.623: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/13, putting Fa0/12 in err-disable state*Mar 1 02:19:09.623: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13 changed state to down*Mar 1 02:19:10.627: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to down两台交换机检测到了PortFast接口下的环路，马上将PortFast接口关闭（置为err-disable）状态SW1#show interfaces fa0/13FastEthernet0/13is down, line protocol is down (err-disabled)SW2#show interfaces fa0/13FastEthernet0/13 is down, line protocol is down (err-disabled)SW1#show spanning-tree summary Switch is in pvst modeRoot bridge for: noneExtended system ID is enabledPortfast Default is disabledPortFast BPDU Guard Default is enabledPortfast BPDU Filter Default is disabledLoopguard Default is disabledEtherChannel misconfig guard is enabledUplinkFast is disabledBackboneFast is disabledConfigured Pathcost method used is shortName Blocking Listening Learning Forwarding STP Active- - - - - -VLAN0001 0 0 0 1 1- - - - - -1 vlan 0 0 0 1 1Err-disable的接口只有被管理员手工开启（重启），否则一直会down我们可以启用交换机的errdisable recovery的机制，使交换机定时检查err-disable的接口，并自动恢复那些已经满足规则的接口但还是Err-disable的接口：断开SW3和SW4的链路SW3(config)#interface fastEthernet 0/23SW3(config-if)#shutdownSW1(config)#errdisable detect cause allSW1(config)#errdisable recovery cause bpduguardSW1(config)#errdisable recovery interval 30SW2(config)#errdisable detect cause all SW2(config)#errdisable recovery cause bpduguard SW2(config)#errdisable recovery interval 30ErrDisable Reason Timer Status- -arp-inspection Disabledbpduguard Enabledchannel-misconfig Disabled。sfp-config-mismatch Disabledstorm-control Disabledudld Disabledunicast-flood Disabledvmps DisabledTimer interval: 30 secondsInterfaces that will be enabled at the next timeout:等待一会儿后会发现SW1和SW2出现日志：SW1：*Mar 1 02:32:31.587: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Fa0/13*Mar 1 02:32:35.123: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to up*Mar 1 02:32:36.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to upSW2：*Mar 1 02:32:30.651: %PM-4-ERR_RECOVER