Config Lab: RSTP Config 2

 In 200-301 V1 Ch10: RSTP and EtherChannel, 200-301 V1 Part 3: VLANs, STP, 200-301 V1 Parts, Config Lab, Config Lab CCNA Vol 1 Part 3, Hands-on

LAN switches use many default settings that work without you having to do anything, and oftentimes, you can leave those default settings as-is. However, with Spanning Tree Protocol (STP), and its better cousin Rapid STP (RSTP), you should configure some settings based on a few design goals. This config lab works through some of the more common configuration settings to influence the choice of root switch and designated ports.

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Lab Requirements

This lab begins with a working network. It shows two PCs in each of the two separate VLANs/Subnets, with a router to router packets between the subnets. In fact, if you implement the lab as shown and use only the initial configuration, all the PCs should be able to ping each other.  In that case, STP/RSTP works with all default configuration settings.

(You may want to spend a little more time than usual checking out the detailed initial configuration. Also, if you plan to implement the lab for yourself in Cisco Packet Tracer or elsewhere, you may find it useful to implement the initial configuration and examine the VLANs, VLAN trunking, ROAS, and STP/RSTP behavior before performing the configuration.)

Once you understand the initial configuration, configure some common best practices for STP/RSTP in LANs. Specifically:

  1. Use default STP/RSTP settings unless you need the setting to implement the lab.
  2. Configure all switches to use per-vlan RSTP rather than per-vlan STP.
  3. Root Switch in VLAN 10:
    1. Configure the RSTP priority directly, as needed, so that Dist2 has the best RSTP priority and Dist1 has the second best.
    2. The priority settings on switches Access3 and Access4 may tie but must have a worse priority than Dist1 and Dist2.
    3. Configure the priority values directly. That is, do not use the spanning-tree root command.
    4. Multiple possible answers exist. To match the answers post, change the priority values as little as possible compared to the default settings. For example, if you could lower a setting by 1 or 2 to achieve the goal, lower it by 1.
  4. Root Switch in VLAN 11:
    1. Configure the RSTP priority using the spanning-tree vlan x root command so that Dist1 becomes the root switch, but Dist2 becomes the root if Dist1 fails.
    2. Switches Access3 and Access4 may tie with each other but must have a worse priority than Dist1 and Dist2.
  5. RSTP Optimizations: Portfast and BPDU Guard
    1. Configure Portfast on the switch ports connected to the PCs using interface subcommand(s).
    2. Configure BPDU Guard on those same ports, again using interface subcommand(s).

Figure 1: RSTP Topology for this Lab

 

Initial Configuration

The four switches have no pre-configuration related to RSTP. However, all the switches use VLAN trunking on the links between switches. They also use VTP mode transparent, requiring the VLANs to be configured on each switch. So, each switch shows both VLAN 10 and 11 as preconfigured. For information about the PCs and the router, look below these next four examples.

hostname Dist1
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/2
 description Trunk link to Dist2
 switchport mode trunk
!
interface GigabitEthernet1/1/3
 description Trunk link to Access3
 switchport mode trunk
!
interface GigabitEthernet1/1/4
 description Trunk link to Access4
 switchport mode trunk
!
interface GigabitEthernet1/0/1
 description Trunk to R1
 switchport mode trunk

Example 1: Dist1 Config

 

hostname Dist2
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/1
 description Trunk link to Dist1
 switchport mode trunk
!
interface GigabitEthernet1/1/3
 description Trunk link to Access3
 switchport mode trunk
!
interface GigabitEthernet1/1/4
 description Trunk link to Access4
 switchport mode trunk

Example 2: Dist2 Config

 

hostname Access3
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/1
 description Trunk link to Dist1
 switchport mode trunk
!
interface GigabitEthernet1/1/2
 description Trunk link to Dist2
 switchport mode trunk
!
interface GigabitEthernet1/0/11
 description Access link to PC11
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet1/0/21
 description Access link to PC21
 switchport mode access
 switchport access vlan 11

Example 3: Access3 Config

 

hostname Access4
!
vtp mode transparent
vlan 10,11
!
interface GigabitEthernet1/1/1
 description Trunk link to Dist1
 switchport mode trunk
!
interface GigabitEthernet1/1/2
 description Trunk link to Dist2
 switchport mode trunk
!
interface GigabitEthernet1/0/12
 description Access link to PC12
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet1/0/22
 description Access link to PC22
 switchport mode access
 switchport access vlan 11

Example 4: Access4 Config

 

The four PCs connect to two different access VLANs and subnets, as follows:

  • PC11 and PC12: VLAN 10, subnet 10.1.10.0/24, gateway 10.1.10.1.
  • PC21 and PC22: VLAN 11, subnet 10.1.11.0/24, gateway 10.1.11.1.

R1 uses a router-on-a-stick (ROAS) configuration to support the subnets. With the initial topology and device configurations, the PCs should be able to ping each other and the default gateway. Their initial configurations are shown next.

 

Address: 10.1.10.11
Mask: 255.255.255.0
Gateway: 10.1.10.1

Example 5: PC11 Configuration Settings

Address: 10.1.10.12
Mask: 255.255.255.0
Gateway: 10.1.10.1

Example 6: PC12 Configuration Settings

Address: 10.1.11.21
Mask: 255.255.255.0
Gateway: 10.1.11.1

Example 7: PC21 Configuration Settings

Address: 10.1.11.22
Mask: 255.255.255.0
Gateway: 10.1.11.1

Example 8: PC22 Configuration Settings

 

hostname R1
!
interface gigabitethernet0/1
 no shutdown
!
interface gigabitethernet0/1.10
 encapsulation dot1q 10
 ip address 10.1.10.1 255.255.255.0
!
interface gigabitethernet0/1.11
 encapsulation dot1q 11
 ip address 10.1.11.1 255.255.255.0

Example 9: Router R1 Configuration Settings

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

Network Device Info:

This table lists the interfaces used in the lab exercise documentation that differ from those used in the sample CML file.

Device Lab Port  CML Port
Dist1 G1/1/2 G1/2
Dist1 G1/1/3 G1/3
Dist1 G1/1/4 G1/0
Dist1 G1/0/1 G0/1
Dist2 G1/1/2 G1/2
Dist2 G1/1/3 G1/3
Dist2 G1/1/4 G1/0
Access3 G1/1/1 G1/1
Access3 G1/1/2 G1/2
Access3 G1/0/11 G0/1
Access3 G1/0/21 G0/2
Access4 G1/1/1 G1/1
Access4 G1/1/2 G1/2
Access4 G1/0/12 G0/1
Access4 G1/0/22 G0/2

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Lab Answers

spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 28672
spanning-tree vlan 11 root primary

Example: Dist1 Config

 

spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 24576 
spanning-tree vlan 11 root secondary

Example: Dist2 Config

 

spanning-tree mode rapid-pvst
!
interface GigabitEthernet1/0/11
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21 
 spanning-tree portfast 
 spanning-tree bpduguard enable

Example: Access3 Config

 

spanning-tree mode rapid-pvst
!
interface GigabitEthernet1/0/12
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
 spanning-tree portfast
 spanning-tree bpduguard enable

Example: Access4 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Lab Commentary

The lab gives different requirements for RSTP in VLAN 10 versus VLAN 11. In production networks, engineers often do the same, making one distribution switch act as the root switch in some VLANs and another distribution switch act as root in other VLANs. Additionally, it makes the most sense to use only distribution switches as root switches, so configuring both distribution switches with lower STP/RSTP priority makes good sense.

For this lab, the configuration should change the base priority as follows:

VLAN 10:

  • Dist1: 28,672
  • Dist2: 24,576

VLAN 11:

  • Dist1: 24,576
  • Dist1: 28,672

The lab asked you to use two different styles to configure those settings. For VLAN 10, you were to set the base priority using the number (for example, the spanning-tree vlan 10 priority 28672 global command on Dist1) while using the spanning-tree vlan 11 root primary and the spanning-tree vlan 11 root secondary commands for VLAN 11. For VLAN 11, the switches look at the then-current VLAN 11 priority settings, choose appropriate values, and configure the spanning-tree vlan 11 priority command. Make sure to look in the configuration file once you complete the configuration steps.

The other lab requirement asked you to configure portfast and BPDU guard on the access ports. To do so, add the spanning-tree portfast and spanning-tree bpduguard enable commands to those ports.

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 VLAN trunking requires the switchport trunk encapsulation command Old Cisco switches supported both ISL (older) and 802.1Q (newer) trunking protocol options, so those switches required the switchport trunk encapsulation command to be configured on VLAN trunks. Cisco Packet Tracer switches use this same logic, while Cisco switches produced since around 2010 support 802.1Q only.
2 Packet Tracer does not support multiple VLANs in the global vlan command The initial configuration shows the command vlan 10,11 – legal on real Cisco switches but rejected by Cisco Packet Tracer. Instead, configure the VLANs on separate vlan commands.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. Verify VLAN 10 STP/RSTP as follows:
    1. Issue the show spanning-tree vlan 10 command on all the switches. Note the root switch’s STP/RSTP Bridge ID (BID) and check to confirm that Dist2 is the root switch.
    2. From that same command, examine the base priority of each of the four switches. Dist2 should have a priority of 24,576, Dist1 should have a priority of 28,672, with Access3 and Access4 using default settings of 32,768.
  2. Verify VLAN 11 STP/RSTP as follows:
    1. Issue the show spanning-tree vlan 11 command on all the switches. Note the root switch’s STP/RSTP Bridge ID (BID) and check to confirm that Dist1 is the root switch.
    2. From that same command, examine the base priority of each of the four switches. Dist1 should have a priority of 24,576, Dist2 should have a priority of 28,672, with Access3 and Access4 using default settings of 32,768.
    3. Examine the running-config on Dist1 and Dist2. Note that the spanning-tree root primary and spanning-tree root secondary commands should not exist in the configuration; instead, you should see the spanning-tree vlan 11 priority command.
  3. Confirm that the access ports have portfast and BPDU Guard enabled on the access ports in switches Access3 and Access4:
    1. Issue the show spanning-tree detail command on each switch.
    2. Search for two separate lines for each access interface: one that mentions that Portfast mode and the other mentions that BPDU Guard is enabled.

More Labs with Related Content!

Config Lab: RSTP Config 1
Config Lab: L2 EtherChannel 1
Subscribe
Notify of
guest

16 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
wm

Hi, how do I confirm that the access ports have portfast and BPDU Guard enabled on the access ports in switches Access3 and Access4 using the show spanning-tree detail command on each switch. Did not find any line indicating the Portfast mode and that BPDU Guard is enabled.

certskills

Hi WM,
I agree, that command doesn’t tell you the status for portfast or for BPDUGuard. I’d suggest a show running-config for starters. Then **show spanning-tree interface g1/0/11 detail” confirms portfast. Couldn’t find a command supported in PT that shows the BPDU Guard state. 🙁

Pedro

Hi Wendell,
For the section which asks to configure switch Dist2 with a better priority than switch Dist1 for vlan 10, I configured Dist 2 with priority 28672. I left the default for Dist1 and configured priority number 40960 for both access switches. Does my approach satisfy the lab’s requirement? Thank you for your time.

certskills

Pedro,
Short answer is “yes”. Most importantly, sounds like you understand how it works! I’m much less interested in configuring a lab per the words in the lab, and much more interested that folks learn how the features work. All good here!
Wendell

John r

Hello Wendell,

Firstly thank you for the lab.

Do you mind I ask with regards, to the spanning-tree portfast
spanning-tree bpduguard enable
Commands

The command was not mentioned in chapter 10, but it was mentioned in the chapter 10 Appendixs.

So therefore, could it come in the exam?

certskills

Hi John,
You’re quite welcome!
Honestly, my little blog, a free-to-all labor of love, suffers a bit in regards to older posts versus the current exams. I’ve got useful posts here in the blog from 10 years ago, for instance. But Each CCNA exam both removes and adds topics, so sometimes you have old posts that I wrote when a topic was in the then-current books, but time passed, exams changed, and the now-current books don’t cover a topic. This one’s just such an example.
So, on anything about scope, trust the books, not the blog site.
On your core question, I couldn’t answer if a specific command or fact is or isn’t on the exam. I can give you my opinion about what’s in the exam topics, and those would be opinions. But Cisco doesn’t tell the world what’s in any of their exams to that level of specificity. However, if you didn’t happen to read it, check out the heading “The Context Surrounding the Exam Topics” in the Introduction to either the CCNA 200-301 Volume 1 or 2 books. That gives some good background info. And on this specific command, note that the exam topics about Spanning Tree do not use the “configure” verb…
Hope this helps,
Wendell

Jay Mahannah

2022 Update for Packet Tracer 8.2 (Mac) shows the BPDU command as the following:

(config-if)# spanning-tree guard root

Luu

hi,

looks like the interfaces in the “lab answer” for acces4 are not typing correctly with the image

image for acces sw 4:

interface GigabitEthernet1/0/12
interface GigabitEthernet1/0/22

lab answer for access sw 4

interface GigabitEthernet1/0/11
nterface GigabitEthernet1/0/21

Suranga Kulasekara

Hi Wendell, I’m studyng with your CCNA book and have question about STP root cost, as attached screenshot, how do you get root cost as “5” in this topology? SW3, g0/1 cost is 5 in this example and need to know how it become 5. as if it is gig interface, cost is 4.

Newbi

posted answers for Access3 and Access4 configs are mirrored. threw me off for a sec when comparing answers. Access4 interfaces should be G1/0/12 and G1/0/22

Eliseo_CL

Here are my configurations 😁.
With this second lab I noticed my priorities were wrong in 1st Lab (because I forgot that higher priority is worse).

Also, regarding the portfast and BPDU guard I didn’t know the commands, then looked in my Volume 1 book for reference but I didn’t find any command reference neither in chapter 9 nor 10 (probably there are some references in Appendix, but at the moment I’ve only read until page 257. So had to look for these commands in internet 😅)

Dist1
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 24576
 #(c)#spanning-tree vlan 11 root primary
 #(c)#do wr
 #(c)#end
 
Dist2
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 20480
 #(c)#spanning-tree vlan 11 root secondary
 #(c)#do wr
 #(c)#end
 
Access3
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 28672
 #(c)#interface Gi1/0/11
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#interface Gi1/0/21
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#do wr
 #(c-if)#end
 
 Access4
 >enable
 #configure terminal
 #(c)#spanning-tree mode rapid-pvst
 #(c)#spanning-tree vlan 10 priority 28672
 #(c)#interface Gi1/0/12
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#interface Gi1/0/22
 #(c-if)#spanning-tree portfast edge
 #(c-if)#spanning-tree bpduguard enable
 #(c-if)#do wr
 #(c-if)#end

Last edited 2 months ago by Eliseo_CL
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

16
0
Would love your thoughts, please comment.x
()
x