Config Lab: RSTP Config 2

Wendell Odom
By Wendell Odom September 7, 2021 11:05

LAN switches use many default settings that work without you having to do anything, and oftentimes, you can leave those default settings as-is. However, with Spanning Tree Protocol (STP), and its better cousin Rapid STP (RSTP), you should configure some settings based on a few design goals. This config lab works through some of the more common configuration settings to influence the choice of root switch and designated ports.

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Lab Requirements

This lab begins with a working network. It shows two PCs in each of the two separate VLANs/Subnets, with a router to router packets between the subnets. In fact, if you implement the lab as shown and use only the initial configuration, all the PCs should be able to ping each other.  In that case, STP/RSTP works with all default configuration settings.

(You may want to spend a little more time than usual checking out the detailed initial configuration. Also, if you plan to implement the lab for yourself in Cisco Packet Tracer or elsewhere, you may find it useful to implement the initial configuration and examine the VLANs, VLAN trunking, ROAS, and STP/RSTP behavior before performing the configuration.)

Once you understand the initial configuration, configure some common best practices for STP/RSTP in LANs. Specifically:

  1. Use default STP/RSTP settings unless you need the setting to implement the lab.
  2. Configure all switches to use per-vlan RSTP rather than per-vlan STP.
  3. Root Switch in VLAN 10:
    1. Configure the RSTP priority directly, as needed, so that Dist2 has the best RSTP priority and Dist1 has the second best.
    2. The priority settings on switches Access3 and Access4 may tie but must have a worse priority than Dist1 and Dist2.
    3. Configure the priority values directly. That is, do not use the spanning-tree root command.
    4. Multiple possible answers exist. To match the answers post, change the priority values as little as possible compared to the default settings. For example, if you could lower a setting by 1 or 2 to achieve the goal, lower it by 1.
  4. Root Switch in VLAN 11:
    1. Configure the RSTP priority using the spanning-tree vlan x root command so that Dist1 becomes the root switch, but Dist2 becomes the root if Dist1 fails.
    2. Switches Access3 and Access4 may tie with each other but must have a worse priority than Dist1 and Dist2.
  5. RSTP Optimizations: Portfast and BPDU Guard
    1. Configure Portfast on the switch ports connected to the PCs using interface subcommand(s).
    2. Configure BPDU Guard on those same ports, again using interface subcommand(s).

Figure 1: RSTP Topology for this Lab

 

Initial Configuration

The four switches have no pre-configuration related to RSTP. However, all the switches use VLAN trunking on the links between switches. They also use VTP mode transparent, requiring the VLANs to be configured on each switch. So, each switch shows both VLAN 10 and 11 as preconfigured. For information about the PCs and the router, look below these next four examples.

Example 1: Dist1 Config

 

Example 2: Dist2 Config

 

Example 3: Access3 Config

 

Example 4: Access4 Config

 

The four PCs connect to two different access VLANs and subnets, as follows:

  • PC11 and PC12: VLAN 10, subnet 10.1.10.0/24, gateway 10.1.10.1.
  • PC21 and PC22: VLAN 11, subnet 10.1.11.0/24, gateway 10.1.11.1.

R1 uses a router-on-a-stick (ROAS) configuration to support the subnets. With the initial topology and device configurations, the PCs should be able to ping each other and the default gateway. Their initial configurations are shown next.

 

Example 5: PC11 Configuration Settings

Example 6: PC12 Configuration Settings

Example 7: PC21 Configuration Settings

Example 8: PC22 Configuration Settings

 

Example 9: Router R1 Configuration Settings

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

Network Device Info:

This table lists the interfaces used in the lab exercise documentation that differ from those used in the sample CML file.

Device Lab Port  CML Port
Dist1 G1/1/2 G1/2
Dist1 G1/1/3 G1/3
Dist1 G1/1/4 G1/0
Dist1 G1/0/1 G0/1
Dist2 G1/1/2 G1/2
Dist2 G1/1/3 G1/3
Dist2 G1/1/4 G1/0
Access3 G1/1/1 G1/1
Access3 G1/1/2 G1/2
Access3 G1/0/11 G0/1
Access3 G1/0/21 G0/2
Access4 G1/1/1 G1/1
Access4 G1/1/2 G1/2
Access4 G1/0/12 G0/1
Access4 G1/0/22 G0/2

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Lab Answers

Example: Dist1 Config

 

Example: Dist2 Config

 

Example: Access3 Config

 

Example: Access4 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Lab Commentary

The lab gives different requirements for RSTP in VLAN 10 versus VLAN 11. In production networks, engineers often do the same, making one distribution switch act as the root switch in some VLANs and another distribution switch act as root in other VLANs. Additionally, it makes the most sense to use only distribution switches as root switches, so configuring both distribution switches with lower STP/RSTP priority makes good sense.

For this lab, the configuration should change the base priority as follows:

VLAN 10:

  • Dist1: 28,672
  • Dist2: 24,576

VLAN 11:

  • Dist1: 24,576
  • Dist1: 28,672

The lab asked you to use two different styles to configure those settings. For VLAN 10, you were to set the base priority using the number (for example, the spanning-tree vlan 10 priority 28672 global command on Dist1) while using the spanning-tree vlan 11 root primary and the spanning-tree vlan 11 root secondary commands for VLAN 11. For VLAN 11, the switches look at the then-current VLAN 11 priority settings, choose appropriate values, and configure the spanning-tree vlan 11 priority command. Make sure to look in the configuration file once you complete the configuration steps.

The other lab requirement asked you to configure portfast and BPDU guard on the access ports. To do so, add the spanning-tree portfast and spanning-tree bpduguard enable commands to those ports.

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 VLAN trunking requires the switchport trunk encapsulation command Old Cisco switches supported both ISL (older) and 802.1Q (newer) trunking protocol options, so those switches required the switchport trunk encapsulation command to be configured on VLAN trunks. Cisco Packet Tracer switches use this same logic, while Cisco switches produced since around 2010 support 802.1Q only.
2 Packet Tracer does not support multiple VLANs in the global vlan command The initial configuration shows the command vlan 10,11 – legal on real Cisco switches but rejected by Cisco Packet Tracer. Instead, configure the VLANs on separate vlan commands.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. Verify VLAN 10 STP/RSTP as follows:
    1. Issue the show spanning-tree vlan 10 command on all the switches. Note the root switch’s STP/RSTP Bridge ID (BID) and check to confirm that Dist2 is the root switch.
    2. From that same command, examine the base priority of each of the four switches. Dist2 should have a priority of 24,576, Dist1 should have a priority of 28,672, with Access3 and Access4 using default settings of 32,768.
  2. Verify VLAN 11 STP/RSTP as follows:
    1. Issue the show spanning-tree vlan 11 command on all the switches. Note the root switch’s STP/RSTP Bridge ID (BID) and check to confirm that Dist1 is the root switch.
    2. From that same command, examine the base priority of each of the four switches. Dist1 should have a priority of 24,576, Dist2 should have a priority of 28,672, with Access3 and Access4 using default settings of 32,768.
    3. Examine the running-config on Dist1 and Dist2. Note that the spanning-tree root primary and spanning-tree root secondary commands should not exist in the configuration; instead, you should see the spanning-tree vlan 11 priority command.
  3. Confirm that the access ports have portfast and BPDU Guard enabled on the access ports in switches Access3 and Access4:
    1. Issue the show spanning-tree detail command on each switch.
    2. Search for two separate lines for each access interface: one that mentions that Portfast mode and the other mentions that BPDU Guard is enabled.

More Labs with Related Content!

Config Lab: RSTP Config 1
Config Lab: L2 EtherChannel 1
Wendell Odom
By Wendell Odom September 7, 2021 11:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories