Cisco 3750 switch configuration commands pdf

Continue

Cisco 3750 switch configuration commands pdf

This chapter provides the concepts and procedures to manage Catalyst 3750-X switch stacks. Note The LAN base feature set supports switch stacks only when all switches in the stack are run the LAN base feature set. The switch command reference has command syntax and usage information. This chapter consists of these sections: For other switch stack-related information, such as cabling the switches through their StackWise Plus ports and using the LEDs to display switch stack status, see the hardware installation guide. The Catalyst 3750-X stackable switch also supports StackPower, where up to four switches can be connected with power stack cables to allow the switch power supplies to share the load across multiple systems in a stack. Switches in a power stack must be members of the same switch (data) stack. For information about StackPower, see Chapter9, "Configuring Catalyst 3750-X StackPower" Note This chapter describes how to manage Catalyst 3750-X-only switch stacks. For information about managing hardware and software stacks and about using universal software images with software licenses, see the Cisco IOS Software Installation document on . After changing a virtual routing and forwarding (VRF) configuration, followed by the switchover of the master switch, can cause the VRF functionality to not work correctly. Reload the entire switch stack after the VRF configuration change for the VRF functionality to work correctly after a switchover. That is, change the VRF configuration, save the configuration, and reload the entire switch stack. A switch stack is a set of up to nine stacking-capable switches connected through their StackWise Plus or StackWise ports. You can connect only one switch type in a stack, or you can connect a mix of Catalyst 3750-X, Catalyst 3750-E, and Catalyst 3750 switches in the stack. Catalyst 3750-X and Catalyst 3750-E stack members have StackWise Plus ports, and Catalyst 3750 members have StackWise ports. The stack can have one of these configurations: Homogeneous stack--A Catalyst 3750-E-only stack with only Catalyst 3750-E switches as stack members or a Catalyst 3750-X-only stack with only Catalyst 3750-X switches as stack members. Mixed stack Note Mixed stacks are not supported with switches running the LAN base feature set. ? A mixed hardware stack with a mixture of Catalyst 3750-X, Catalyst 3750-E, and 3750 switches as stack members. For example, a stack with Catalyst 3750-X and 3750 switches supporting the IP services features. ? A mixed software stack with only Catalyst 3750-X, only Catalyst 3750-E, or only Catalyst 3750 switches supporting different features as stack members. For example, a Catalyst 3750-X-only stack with some members running the IP base feature set, other members running the IP services feature set, and the remaining members running the IP services feature set. ? A mixed hardware and software stack with Catalyst 3750-X, Catalyst 3750-E, and Catalyst 3750 switches supporting different features as stack members. For example, a stack with the Catalyst 3750-X members running the IP services feature set and the Catalyst 3750 members running the IP services software image. For information about Catalyst 3750 switches, see the "Managing Switch Stacks" chapter in the Catalyst 3750 Switch Software Configuration Guide. One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are all stack members. The Catalyst 3750-E stack members use the Cisco StackWise Plus technology to work together as a unified system. Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network. Note Switch stacks running the LAN base feature set do not support Layer 3 features. The stack master is the single point of stack-wide management. From the stack master, you configure: System-level (global) features that apply to all stack members Interface-level features for each stack member A switch stack is identified in the network by its bridge ID and, if it is operating as a Layer 3 device, its router MAC address. The bridge ID and router MAC address are determined by the MAC address of the stack master. Every stack member is identified by its own stack member number. All stack members are eligible to be stack masters. If the stack master becomes unavailable, the remaining stack members elect a new stack master from among themselves. The switch with the highest stack member priority value becomes the new stack master. The system-level features supported on the stack master are supported on the entire switch stack. If a switch in the stack is running the IP base or IP services feature set and the cryptographic (that is, supporting encryption) universal software image, we recommend that this switch be the stack master. Encryption features are unavailable if the stack master is running the IP base or IP services feature set and the noncryptographic software image. Note In a mixed stack, Catalyst 3750 or Catalyst 3750-E switches running Cisco IOS Release 12.2(53)SE and earlier could be running a noncryptographic image. Catalyst 3750-X switches and Catalyst 3750 and 3750-E switches with Cisco IOS Releases later than 12.2(53)SE run only the cryptographic software image. The stack master contains the saved and running configuration files for the switch stack. The configuration files include the system-level settings for the switch stack and the interface-level settings for each stack member. Each stack member has a current copy of these files for back-up purposes. You manage the switch stack through a single IP address. The IP address is a system-level setting and is not specific to the stack master or to any other stack member. You can manage the stack through the same IP address even if you remove the stack master or any other stack member from the stack. You can use these methods to manage switch stacks: Network Assistant (available on ) Command-line interface (CLI) over a serial connection to the console port of any stack member or the Ethernet management port of a stack member A network management application through the Simple Network Management Protocol (SNMP) Use SNMP to manage network features across the switch stack that are defined by supported MIBs. The switch does not support MIBs to manage stacking-specific features such as stack membership and election. CiscoWorks network management software To manage switch stacks, you should understand: These concepts on how switch stacks are formed: ? Switch Stack Membership ? Stack Master Election and Re-Election These concepts on how switch stacks and stack members are configured: ? Switch Stack Bridge ID and Router MAC Address ? Stack Member Numbers ? Stack Member Priority Values ? Switch Stack Offline Configuration ? Hardware Compatibility and SDM Mismatch Mode in Switch Stacks ? Switch Stack Software Compatibility Recommendations ? Stack Protocol Version Compatibility ? Major Version Number Incompatibility Among Switches ? Minor Version Number Incompatibility Among Switches ? Incompatible Software and Stack Member Image Upgrades ? Switch Stack Configuration Files ? Additional Considerations for System-Wide Configuration on Switch Stacks ? Switch Stack Management Connectivity ? Switch Stack Configuration Scenarios Note A switch stack is different from a switch cluster. A switch cluster is a set of switches connected through their LAN ports, such as the 10/100/1000 ports. For more information about how switch stacks differ from switch clusters, see the "Planning and Creating Clusters" chapter in the Getting Started with Cisco Network Assistant on . A switch stack has up to nine stack members connected through their StackWise Plus ports. A switch stack always has one stack master. A standalone switch is a switch stack with one stack member that also operates as the stack master. You can connect one standalone switch to another (Figure 5-1) to create a switch stack containing two stack members, with one of them as the stack master. You can connect standalone switches to an existing switch stack (Figure 5-2) to increase the stack membership. If you replace a stack member with an identical model, the new switch functions with exactly the same configuration as the replaced switch, assuming that the new switch is using the same member number as the replaced switch. For information about the benefits of provisioning a switch stack, see the "Switch Stack Offline Configuration" section. For information about replacing a failed switch, see the "Troubleshooting" chapter in the hardware installation guide. The operation of the switch stack continues uninterrupted during membership changes unless you remove the stack master or you add powered-on standalone switches or switch stacks. Note Make sure that you power off the switches that you add to or remove from the switch stack. After adding or removing stack members, make sure that the switch stack is operating at full bandwidth (64 Gb/s). Press the Mode button on a stack member until the Stack mode LED is on. The last two right port LEDs on all switches in the stack should be green. Depending on the switch model, the last two right ports are 10-Gigabit Ethernet ports or small form-factor pluggable (SFP) module ports (10/100/1000 ports). If one or both of these LEDs are not green on any of the switches, the stack is not operating at full bandwidth. Adding powered-on switches (merging) causes the stack masters of the merging switch stacks to elect a stack master from among themselves. The re-elected stack master retains its role and configuration and so do its stack members. All remaining switches, including the former stack masters, reload and join the switch stack as stack members. They change their stack member numbers to the lowest available numbers and use the stack configuration of the re-elected stack master. Removing powered-on stack members causes the switch stack to divide (partition) into two or more switch stacks, each with the same configuration. This can cause an IP address configuration conflict in your network. If you want the switch stacks to remain separate, change the IP address or addresses of the newly created switch stacks. If you did not intend to partition the switch stack: a. Power off the switches in the newly created switch stacks. b. Reconnect them to the original switch stack through their StackWise Plus ports. c. Power on the switches. For more information about cabling and powering switch stacks, see the "Switch Installation" chapter in the hardware installation guide. Figure 5-1 Creating a Switch Stack from Two Standalone Switches Figure 5-2 Adding a Standalone Switch to a Switch Stack The stack master is elected or re-elected based on one of these factors and in the order listed: 1. The switch that is currently the stack master. 2. The switch with the highest stack member priority value. Note We recommend assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master if a re-election occurs. 3. The switch that is not using the default interface-level configuration. 4. The switch with the higher priority feature set and software image combination. These combinations are listed from highest to lowest priority. Note The noncryptographic images apply only to mixed stacks that include Catalyst 3750-E or 3750 switches running Cisco IOS Release 12.2(53)SE or earlier. Catalyst 3750-X switches and Catalyst 3750-E or 3750 switches running later releases support only the cryptographic image. ? IP services feature set and the cryptographic software image ? IP services feature set and the noncryptographic software image ? IP base feature set and the cryptographic software image ? IP base feature set and the noncryptographic software image Note In a switch stacks running the LAN base feature set, all switches in the stack must run the LAN base feature set. During the stack master switch election, differences in start-up times between the feature sets determine the stack master. The switch with the shorter start-up time becomes the stack master. For example, a switch running the IP services feature set has a higher priority than the switch running the IP base feature set, but the switch running the IP base feature set becomes the stack master because the other switch takes 10 seconds longer to start. To avoid this problem, upgrade the switch running the IP base feature set to same feature set and software image as the other switch, or manually start the master switch and wait at least 8 seconds before starting the new member switch that running the IP base feature set. 5. The switch with the lowest MAC address. A stack master retains its role unless one of these events occurs: The switch stack is reset. * The stack master is removed from the switch stack. The stack master is reset or powered off. The stack master fails. The switch stack membership is increased by adding powered-on standalone switches or switch stacks. * In the events marked by an asterisk (*), the current stack master might be re-elected based on the listed factors. When you power on or reset an entire switch stack, some stack members might not participate in the stack master election. Stack members that are powered on within the same 20-second time frame participate in the stack master election and have a chance to become the stack master. Stack members that are powered on after the 20second time frame do not participate in this initial election and become stack members. All stack members participate in re-elections. For all powering considerations that affect stack-master elections, see the "Switch Installation" chapter in the hardware installation guide. The new stack master becomes available after a few seconds. In the meantime, the switch stack uses the forwarding tables in memory to minimize network disruption. The physical interfaces on the other available stack members are not affected during a new stack master election and reset. After a new stack master is elected and the previous stack master becomes available, the previous stack master does not resume its role as stack master. As described in the hardware installation guide, you can use the Master LED on the switch to see if the switch is the stack master. The bridge ID and router MAC address identify the switch stack in the network. When the switch stack initializes, the MAC address of the stack master determines the bridge ID and router MAC address. If the stack master changes, the MAC address of the new stack master determines the new bridge ID and router MAC address. However, when the persistent MAC address feature is enabled, the stack MAC address changes in approximately 4 minutes. During this time period, if the previous stack master rejoins the stack, the stack continues to use its MAC address as the stack MAC address, even if the switch is now a stack member and not a stack master. If the previous stack master does not rejoin the stack during this period, the switch stack takes the MAC address of the new stack master as the stack MAC address. See Enabling Persistent MAC Address for more information. The stack member number (1 to 9) identifies each member in the switch stack. The member number also determines the interface-level configuration that a stack member uses. You can display the stack member number by using the show switch user EXEC command. A new, out-of-the-box switch (one that has not joined a switch stack or has not been manually assigned a stack member number) ships with a default stack member number of 1. When it joins a switch stack, its default stack member number changes to the lowest available member number in the stack. Stack members in the same switch stack cannot have the same stack member number. Every stack member, including a standalone switch, retains its member number until you manually change the number or unless the number is already being used by another member in the stack. If you manually change the stack member number by using the switch current-stack-member-number renumber new-stack-member-number global configuration command, the new number goes into effect after that stack member resets (or after you use the reload slot stack-member-number privileged EXEC command) and only if that number is not already assigned to any other members in the stack. For more information, see the "Assigning a Stack Member Number" section. Another way to change the stack member number is by changing the SWITCH_NUMBER environment variable, as explained in the "Controlling Environment Variables" section. If the number is being used by another member in the stack, the switch selects the lowest available number in the stack. If you manually change the number of a stack member and no interface-level configuration is associated with that new member number, that stack member resets to its default configuration. For more information about stack member numbers and configurations, see the "Switch Stack Configuration Files" section. You cannot use the switch current-stack-member-number renumber new-stack-member-number global configuration command on a provisioned switch. If you do, the command is rejected. If you move a stack member to a different switch stack, the stack member retains its number only if the number is not being used by another member in the stack. If it is being used, the switch selects the lowest available number in the stack. If you merge switch stacks, the switches that join the switch stack of a new stack master select the the lowest available numbers in the stack. For more information about merging switch stacks, see the "Switch Stack Membership" section. As described in the hardware installation guide, you can use the switch port LEDs in Stack mode to visually determine the stack member number of each stack member. A higher priority value for a stack member increases its likelihood of being elected stack master and retaining its stack member number. The priority value can be 1 to 15. The default priority value is 1. You can display the stack member priority value by using the show switch user EXEC command. Note We recommend assigning the highest priority value to the switch that you prefer to be the stack master. This ensures that the switch is re-elected as stack master. You can change the priority value for a stack member by using the switch stack-member-number priority new-p riority-value global configuration command. For more information, see the "Setting the Stack Member Priority Value" section. Another way to change the member priority value is by changing the SWITCH_PRIORITY environment variable, as explained in the "Controlling Environment Variables" section. The new priority value takes effect immediately but does not affect the current stack master. The new priority value helps determine which stack member is elected as the new stack master when the current stack master or the switch stack resets. You can use the offline configuration feature to provision (to supply a configuration to) a new switch before it joins the switch stack. You can configure in advance the stack member number, the switch type, and the interfaces associated with a switch that is not currently part of the stack. The configuration that you create on the switch stack is called the provisioned configuration . The switch that is added to the switch stack and that receives this configuration is called the provisioned switch . You manually create the provisioned configuration through the switch stack-member-number provision type global configuration command. The provisioned configuration is automatically created when a switch is added to a switch stack and when no provisioned configuration exists. When you configure the interfaces associated with a provisioned switch (for example, as part of a VLAN), the switch stack accepts the configuration, and the information appears in the running configuration. The interface associated with the provisioned switch is not active, operates as if it is administratively shut down, and the no shutdown interface configuration command does not return it to active service. The interface associated with the provisioned switch does not appear in the display of the specific feature; for example, it does not appear in the show vlan user EXEC command output. The switch stack retains the provisioned configuration in the running configuration whether or not the provisioned switch is part of the stack. You can save the provisioned configuration to the startup configuration file by entering the copy running-config startup-config privileged EXEC command. The startup configuration file ensures that the switch stack can reload and can use the saved information whether or not the provisioned switch is part of the switch stack. When you add a provisioned switch to the switch stack, the stack applies either the provisioned configuration or the default configuration. Table 5-1 lists the events that occur when the switch stack compares the provisioned configuration with the provisioned switch. Table 5-1 Results of Comparing the Provisioned Configuration with the Provisioned Switch Scenario Result The stack member numbers and the switch types match. 1. If the stack member number of the provisioned switch matches the stack member number in the provisioned configuration on the stack, and 2. If the switch type of the provisioned switch matches the switch type in the provisioned configuration on the stack. The switch stack applies the provisioned configuration to the provisioned switch and adds it to the stack. The stack member numbers match but the switch types do not match. 1. If the stack member number of the provisioned switch matches the stack member number in the provisioned configuration on the stack, but 2. The switch type of the provisioned switch does not match the switch type in the provisioned configuration on the stack. The switch stack applies the default configuration to the provisioned switch and adds it to the stack. The provisioned configuration is changed to reflect the new information. The stack member number is not found in the provisioned configuration. The switch stack applies the default configuration to the provisioned switch and adds it to the stack. The provisioned configuration is changed to reflect the new information. The stack member number of the provisioned switch is in conflict with an existing stack member. The stack master assigns a new stack member number to the provisioned switch. The stack member numbers and the switch types match: 1. If the new stack member number of the provisioned switch matches the stack member number in the provisioned configuration on the stack, and 2. If the switch type of the provisioned switch matches the switch type in the provisioned configuration on the stack. The switch stack applies the provisioned configuration to the provisioned switch and adds it to the stack. The provisioned configuration is changed to reflect the new information. The stack member numbers match, but the switch types do not match: 1. If the stack member number of the provisioned switch matches the stack member number in the provisioned configuration on the stack, but 2. The switch type of the provisioned switch does not match the switch type in the provisioned configuration on the stack. The switch stack applies the default configuration to the provisioned switch and adds it to the stack. The provisioned configuration is changed to reflect the new information. The stack member number of the provisioned switch is not found in the provisioned configuration. The switch stack applies the default configuration to the provisioned switch and adds it to the stack. If you add a provisioned switch that is a different type than specified in the provisioned configuration to a powered-down switch stack and then apply power, the switch stack rejects the (now incorrect) switch stack-member-number provision type global configuration command in the startup configuration file. However, during stack initialization, the nondefault interface configuration information in the startup configuration file for the provisioned interfaces (potentially of the wrong type) is executed. Depending on the differences between the actual switch type and the previously provisioned switch type, some commands are rejected, and some commands are accepted. For example, suppose the switch stack is provisioned for a 48-port switch with Power over Ethernet (PoE), the configuration is saved, and the stack is powered down. Then a 24-port switch without PoE support is connected to the switch stack, and the stack is powered up. In this situation, the configuration for ports 25 through 48 is rejected, and error messages appear during initialization. In addition, any configured PoE-related commands that are valid only on PoE-capable interfaces are rejected, even for ports 1 through 24. Note If the switch stack does not contain a provisioned configuration for a new switch, the switch joins the stack with the default interface configuration. The switch stack then adds to its running configuration a switch stack-member-number provision type global configuration command that matches the new switch. For configuration information, see the "Provisioning a New Member for a Switch Stack" section. When a provisioned switch in a switch stack fails, is removed from the stack, and is replaced with another switch, the stack applies either the provisioned configuration or the default configuration to it. The events that occur when the switch stack compares the provisioned configuration with the provisioned switch are the same as those described in the "Effects of Adding a Provisioned Switch to a Switch Stack" section. If you remove a provisioned switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as provisioned information. To completely remove the configuration, use the no switch stack-member-number provision global configuration command. The Catalyst 3750-X switch supports only the desktop Switch Database Management (SDM) templates. All stack members use the SDM template configured on the stack master. Version-mismatch (VM) mode has priority over SDM-mismatch mode. If a VM-mode condition and an SDM-mismatch mode exist, the switch stack first attempts to resolve the VM-mode condition. You can use the show switch privileged EXEC command to see if any stack members are in SDM-mismatch mode. For more information about SDM templates and SDM-mismatch mode, see Chapter8, "Configuring SDM Templates" For information about mixed hardware stacks, see the Cisco IOS Software Installation document on . To ensure complete compatibility between stack members, use the information in this section and also in the "Hardware Compatibility and SDM Mismatch Mode in Switch Stacks" section. All stack members must run the same Cisco IOS software image and feature set to ensure compatibility between stack members. For example, all stack members should run the universal software image and have the IP services feature set enabled for the Cisco IOS Release 12.2(53)SE2 or later. For more information, see the "Stack Protocol Version Compatibility" section and the Cisco IOS Software Installation document on . For information about mixed hardware and software stacks, see the Cisco IOS Software Activation document on . Each software image includes a stack protocol version. The stack protocol version has a major version number and a minor version number (for example 1.4, where 1 is the major version number and 4 is the minor version number). Both version numbers determine the level of compatibility among the stack members. You can display the stack protocol version by using the show platform stack-manager all privileged EXEC command. Switches with the same Cisco IOS software version have the same stack protocol version. Such switches are fully compatible, and all features function properly across the switch stack. Switches with the same Cisco IOS software version as the stack master immediately join the switch stack. If an incompatibility exists, the fully functional stack members generate a system message that describes the cause of the incompatibility on the specific stack members. The stack master sends the message to all stack members. For more information, see the Major Version Number Incompatibility Among Switches and the Minor Version Number Incompatibility Among Switches. Switches with different major Cisco IOS software versions usually have different stack protocol versions. Switches with different major version numbers are incompatible and cannot exist in the same switch stack. Switches with the same major version number but with a different minor version number are considered partially compatible. When connected to a switch stack, a partially compatible switch enters version-mismatch (VM) mode and cannot join the stack as a fully functioning member. The software detects the mismatched software and tries to upgrade (or downgrade) the switch in VM mode with the switch stack image or with a tar file image from the switch stack flash memory. The software uses the automatic upgrade (auto-upgrade) and the automatic advise (auto-advise) features. For more information, see the "Understanding Auto-Upgrade and Auto-Advise" section. To see if there are switches in VM mode, use the show switch user EXEC command. The port LEDs on switches in VM mode stay off. Pressing the Mode button does not change the LED mode. You can use the boot auto-download-sw global configuration command to specify a URL pathname for the master switch to use to get an image in case of version mismatch. When the software detects mismatched software and tries to upgrade the switch in VM mode, two software processes are involved: automatic upgrade and automatic advise. The automatic upgrade (auto-upgrade) process includes an auto-copy process and an auto-extract process. By default, auto-upgrade is enabled (the boot auto-copy-sw global configuration command is enabled). You can disable autoupgrade by using the no boot auto-copy-sw global configuration command on the stack master. You can check the status of auto-upgrade by using the show boot privileged EXEC command and by checking the Auto upgrade line in the display. ? Auto-copy automatically copies the software image running on any stack member to the switch in VM mode to upgrade (auto-upgrade) it. Auto-copy occurs if auto-upgrade is enabled, if there is enough flash memory in the switch in VM mode, and if the software image running on the switch stack is suitable for the switch in VM mode. Note A switch in VM mode might not run all released software. For example, new switch hardware is not recognized in earlier versions of software. ? Automatic extraction (auto-extract) occurs when the auto-upgrade process cannot find the appropriate software in the stack to copy to the switch in VM mode. In that case, the auto-extract process searches all switches in the stack, whether they are in VM mode or not, for the tar file needed to upgrade the switch stack or the switch in VM mode. The tar file can be in any flash file system in the switch stack (including the switch in VM mode). If a tar file suitable for the switch in VM mode is found, the process extracts the file and automatically upgrades that switch. The auto-upgrade (auto-copy and auto-extract) processes wait for a few minutes after the mismatched software is detected before starting. When the auto-upgrade process is complete, the switch that was in VM mode reloads and joins the stack as a fully functioning member. If you have both StackWise Plus cables connected during the reload, network downtime does not occur because the switch stack operates on two rings. Note Auto-upgrade performs the upgrade only when the two feature sets are the same type. For example, it does not automatically upgrade a switch in VM mode from IP services feature set to IP base feature set (or the reverse). Automatic advise (auto-advise) occurs when the auto-upgrade process cannot find appropriate stack member software to copy to the switch in VM mode. This process tells you the command (archive copy-sw or archive download-sw privileged EXEC command) and the image name (tar filename) needed to manually upgrade the switch stack or the switch in VM mode. The recommended image can be the running switch stack image or a tar file in any flash file system in the switch stack (including the switch in VM mode). If an appropriate image is not found in the stack flash file systems, the auto-advise process tells you to install new software on the switch stack. Auto-advise cannot be disabled, and there is no command to check its status. The auto-advise software does not give suggestions when the switch stack software and the software of the switch in VM mode do not contain the same feature sets. For example, if the switch stack is running the IP base image and you add a switch that is running the IP services image, the auto-advise software does not provide a recommendation. You can use the archive-download-sw /allow-feature-upgrade privileged EXEC command to allow installing an different software image. When you add a switch that has a different minor version number to the switch stack, the software displays messages in sequence (assuming that there are no other system messages generated by the switch). This example shows that the switch stack detected a new switch that is running a different minor version number than the switch stack. Auto-copy starts, finds suitable software to copy from a stack member to the switch in VM mode, upgrades the switch in VM mode, and then reloads it: *Mar 11 20:31:19.247:%STACKMGR-6-STACK_LINK_CHANGE:Stack Port 2 Switch 2 has changed to state UP *Mar 11 20:31:23.232:%STACKMGR-6-SWITCH_ADDED_VM:Switch 1 has been ADDED to the stack (VERSION_MISMATCH) *Mar 11 20:31:23.291:%STACKMGR-6-SWITCH_ADDED_VM:Switch 1 has been ADDED to the stack (VERSION_MISMATCH) (Stack_1-3) *Mar 11 20:33:23.248:%IMAGEMGR-6-AUTO_COPY_SW_INITIATED:Auto-copy-software process initiated for switch number(s) 1 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Searching for stack member to act *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:as software donor... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Found donor (system #2) for *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:member(s) 1 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:System software to be uploaded: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:System Type: 0x00000000 *Mar 11 20:36:15.038:%IMAGEMGR-6AUTO_COPY_SW:archiving c3750e-universal-mz.122-35.SE2(directory) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving c3750e-universal-mz.122-35.SE2/c3750e-universal-mz.122-35.SE2.bin (4945851 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving c3750e-universalmz.122-35.SE2/info (450 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:archiving info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:examining image... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6AUTO_COPY_SW:extracting c3750e-universal-mz.122-35.SE2/info (450 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Stacking Version Number:1.4 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:System Type: 0x00000000 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Ios Image File Size: 0x004BA200 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Total Image File Size:0x00818A00 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Minimum Dram required:0x08000000 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Image Suffix:ipservices-122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Image Directory:c3750e-universal-mz.122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Image Name:c3750e-universal-mz.122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Image Feature:IP|LAYER_3|PLUS|MIN_DRAM_MEG=128 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Old image for switch 1:flash1:c3750e-universal-mz.122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: Old image will be deleted after download. *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6AUTO_COPY_SW:Extracting images from archive into flash on switch 1... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:c3750e-universal-mz.122-0.0.313.SE (directory) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting c3750e-universal-mz.122-0.0.313.SE/c3750e-universal-mz.12235.SE2 (4945851 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting c3750e-universal-mz.122-35.SE2/info (450 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:extracting info (104 bytes) *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Installing (renaming):`flash1:update/c3750e-universal-mz.122-0.0.313.SE2' -> *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: `flash1:c3750e-universal-mz.122-35.SE2' *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:New software image installed in flash1:c3750e-i5-mz.122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Removing old image:flash1:c3750e-universal-mz.122-35.SE2 *Mar 11 20:36:15.038:%IMAGEMGR-6AUTO_COPY_SW: *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:All software images installed. *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Requested system reload in progress... *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Software successfully copied to *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:system(s) 1 *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Done copying software *Mar 11 20:36:15.038:%IMAGEMGR-6-AUTO_COPY_SW:Reloading system(s) 1 This example shows that the switch stack detected a new switch that is running a different minor version number than the switch stack. Auto-copy starts but cannot find software in the switch stack to copy to the VM-mode switch to make it compatible with the switch stack. The auto-advise process starts and recommends that you download a tar file from the network to the switch in VM mode: *Mar 1 00:01:11.319:%STACKMGR-6-STACK_LINK_CHANGE:Stack Port 2 Switch 2 has changed to state UP *Mar 1 00:01:15.547:%STACKMGR-6-SWITCH_ADDED_VM:Switch 1 has been ADDED to the stack (VERSION_MISMATCH) stack_2# *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW_INITIATED:Auto-copysoftware process initiated for switch number(s) 1 *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW:Searching for stack member to act *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW:as software donor... *Mar 1 00:03:15.554:%IMAGEMGR-6AUTO_COPY_SW:Software was not copied *Mar 1 00:03:15.562:%IMAGEMGR-6-AUTO_ADVISE_SW_INITIATED:Auto-advise-software process initiated for switch number(s) 1 *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:Systems with incompatible software *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:have been added to the stack. The *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:storage devices on all of the stack *Mar 1 00:04:22.537:%IMAGEMGR-6AUTO_ADVISE_SW:members have been scanned, and it has *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:been determined that the stack can be *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW:repaired by issuing the following *Mar 1 00:04:22.537:%IMAGEMGR-6AUTO_ADVISE_SW:command(s): *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: archive download-sw /force-reload /overwrite /dest 1 flash1:c3750e-universal-mz.122-35.SE2.tar *Mar 1 00:04:22.537:%IMAGEMGR-6-AUTO_ADVISE_SW: For information about using the archive download-sw privileged EXEC command, see the "Working with Software Images" section. Note Auto-advise and auto-copy identify which images are running by examining the info file and by searching the directory structure on the switch stack. If you download your image by using the copy tftp: boot loader command instead of the archive download-sw privileged EXEC command, the proper directory structure is not created. For more information about the info file, see the "File Format of Images on a Server or " section. You can upgrade a switch that has an incompatible universal software image by using the archive copy-sw privileged EXEC command. It copies the software image from an existing stack member to the one with incompatible software. That switch automatically reloads and joins the stack as a fully functioning member. For more information, see the "Copying an Image File from One Stack Member to Another" section. The configuration files record these settings: System-level (global) configuration settings--such as IP, STP, VLAN, and SNMP settings--that apply to all stack members Stack member interface-specific configuration settings that are specific for each stack member The stack master has the saved and running configuration files for the switch stack. All stack members periodically receive synchronized copies of the configuration files from the stack master. If the stack master becomes unavailable, any stack member assuming the role of stack master has the latest configuration files. Note The interface-specific settings of the stack master are saved if the stack master is replaced without saving the running configuration to the startup configuration. When a new, out-of-box switch joins a switch stack, it uses the system-level settings of that switch stack. If a switch is moved to a different switch stack, that switch loses its saved configuration file and uses the system-level configuration of the new switch stack. The interface-specific configuration of each stack member is associated with the stack member number. As mentioned in the "Stack Member Numbers" section, stack members retain their numbers unless they are manually changed or they are already used by another member in the same switch stack. If an interface-specific configuration does not exist for that member number, the stack member uses its default interface-specific configuration. If an interface-specific configuration exists for that member number, the stack member uses the interface-specific configuration associated with that member number. If a stack member fails and you replace with it with an identical model, the replacement switch automatically uses the same interface-specific configuration as the failed switch. Hence, you do not need to reconfigure the interface settings. The replacement switch must have the same stack member number as the failed switch. For information about the benefits of provisioning a switch stack, see the "Switch Stack Offline Configuration" section. You back up and restore the stack configuration in the same way as you would for a standalone switch configuration. For more information about file systems and configuration files, see Appendix B, "Working with the Cisco IOS File System, Configuration Files, and Software Images." These sections provide additional considerations for configuring system-wide features on switch stacks: You manage the switch stack and the stack member interfaces through the stack master. You can use the CLI, SNMP, Network Assistant, and CiscoWorks network management applications. You cannot manage stack members on an individual switch basis. These sections provide switch stack connectivity information: The switch stack is managed through a single IP address. The IP address is a system-level setting and is not specific to the stack master or to any other stack member. You can still manage the stack through the same IP address even if you remove the stack master or any other stack member from the stack, provided there is IP connectivity. Note Stack members retain their IP addresses when you remove them from a switch stack. To avoid a conflict by having two devices with the same IP address in your network, change the IP addresses of any switches that you remove from the switch stack. For related information about switch stack configurations, see the "Switch Stack Configuration Files" section. In a mixed stack, Secure Shell (SSH) connectivity to the switch stack can be lost if a stack master running the cryptographic software image and the IP base or IP services feature set fails and is replaced by a switch that is running the noncryptographic image and the same feature set. We recommend that a switch running the

cryptographic software image and the IP base or IP services feature set be the stack master. Encryption features are unavailable if the stack master is running the noncryptographic software image. Note The noncryptographic software image was available only on Catalyst 3750 or Catalyst 3750-E switches running Cisco IOS Release 12.2(53)SE and earlier. The Catalyst 3750-X switches run only the cryptographic software image. You can connect to the stack master by using one of these methods: You can connect a terminal or a PC to the stack master through the console port of one or more stack members. You can connect a PC to the stack master through the Ethernet management ports of one or more Catalyst 3750-X stack members. For more information about connecting to the switch stack through Ethernet management ports, see the "Using the Ethernet Management Port" section. Be careful when using multiple CLI sessions to the stack master. Commands that you enter in one session are not displayed in the other sessions. Therefore, it is possible that you might not be able to identify the session from which you entered a command. We recommend using only one CLI session when managing the switch stack. If you want to configure a specific stack member port, you must include the stack member number in the CLI command interface notation. For more information, see the "Using Interface Configuration Mode" section. To debug a specific stack member, you can access it from the stack master by using the session stack-member-number privileged EXEC command. The stack member number is appended to the system prompt. For example, Switch-2# is the prompt in privileged EXEC mode for stack member 2, and the system prompt for the stack master is Switch. Only the show and debug commands are available in a CLI session to a specific stack member. Table 5-2 provides switch stack configuration scenarios. Most of the scenarios assume that at least two switches are connected through their StackWise Plus ports. Table 5-2 Switch Stack Configuration Scenarios Scenario Result Stack master election specifically determined by existing stack masters Connect two powered-on switch stacks through the StackWise Plus ports. Only one of the two stack masters becomes the new stack master. None of the other stack members become the stack master. Stack master election specifically determined by the stack member priority value 1. Connect two switches through their StackWise Plus ports. 2. Use the switch stackmember-number priority new- priority-number global configuration command to set one stack member with a higher member priority value. 3. Restart both stack members at the same time. The stack member with the higher priority value is elected stack master. Stack master election specifically determined by the configuration file Assuming that both stack members have the same priority value: 1. Make sure that one stack member has a default configuration and that the other stack member has a saved (nondefault) configuration file. 2. Restart both stack members at the same time. The stack member with the saved configuration file is elected stack master. Stack master election specifically determined by the cryptographic software image and the IP services feature set and the IP services feature set Assuming that all stack members have the same priority value: 1. Make sure that one stack member has the cryptographic image installed and the IP services feature set enabled and that the other stack member has the noncryptographic image installed and the IP services feature set enabled. 2. Restart both stack members at the same time. The stack member with the cryptographic image and the IP services feature set is elected stack master. Note Only Catalyst 3650-E or 3750 switches running Cisco IOS Release 12.2(53)SE or earlier could be running the noncyrptographic image. Stack master election specifically determined by the cryptographic software image and the IP base feature set Assuming that all stack members have the same priority value: 1. Make sure that one stack member has the cryptographic image installed and the IP base feature set enabled and that the other stack member has the noncryptographic image installed and the IP base feature set enabled. 2. Restart both stack members at the same time. The stack member with the cryptographic image and the IP base feature set is elected stack master. Note Only Catalyst 3650-E or 3750 switches running Cisco IOS Release 12.2(53)SE or earlier could be running the noncyrptographic image. Stack master election specifically determined by the MAC address Assuming that both stack members have the same priority value, configuration file, and feature set, restart both stack members at the same time. The stack member with the lower MAC address is elected stack master. Stack member number conflict Assuming that one stack member has a higher priority value than the other stack member: 1. Ensure that both stack members have the same stack member number. If necessary, use the switch current-stack-member-number renumber new-stack-member-number global configuration command. 2. Restart both stack members at the same time. The stack member with the higher priority value retains its stack member number. The other stack member has a new stack member number. Add a stack member 1. Power off the new switch. 2. Through their StackWise Plus ports, connect the new switch to a powered-on switch stack. 3. Power on the new switch. The stack master is retained. The new switch is added to the switch stack. Stack master failure Remove (or power off) the stack master. Based on the factors described in the "Stack Master Election and Re-Election" section, one of the remaining stack members becomes the new stack master. All other stack members in the stack remain as stack members and do not reboot. Add more than nine stack members 1. Through their StackWise Plus ports, connect ten switches. 2. Power on all switches. Two switches become stack masters. One stack master has nine stack members. The other stack master remains as a standalone switch. Use the Mode button and port LEDs on the switches to identify which switches are stack masters and which switches belong to each stack master. For information about using the Mode button and the LEDs, see the hardware installation guide. These sections contain this configuration information: Table 5-3 shows the default switch stack configuration. Table 5-3 Default Switch Stack Configuration Feature Default Setting Stack MAC address timer Disabled. Stack member number 1 Stack member priority value 1 Offline configuration The switch stack is not provisioned. The switch stack MAC address is determined by the MAC address of the stack master. When a stack master is removed from the stack and a new stack master takes over, the default is for the MAC address of the new stack master to immediately become the new stack MAC router address. However, you can enable the persistent MAC address feature to allow a time delay before the stack MAC address changes. During this time period, if the previous stack master rejoins the stack, the stack continues to use its MAC address as the stack MAC address, even if the switch is now a stack member and not a stack master. If the previous stack master does not rejoin the stack during this period, the switch stack takes the MAC address of the new stack master as the stack MAC address.You can also configure stack MAC persistency so that the stack never switches to the MAC address of the new stack master. Note When you enter the command to configure this feature, a warning message appears containing the consequences of your configuration. You should use this feature cautiously. Using the old stack master MAC address elsewhere in the same domain could result in lost traffic. You can configure the time period as 0 to 60 minutes. If you enter the command with no value, the default delay is 4 minutes. We recommend that you always enter a value. If the command is entered without a value, the time delay appears in the running-config file with an explicit timer value of 4 minutes. If you enter 0, the stack MAC address of the previous stack master is used until you enter the no stack-mac persistent timer command, which immediately changes the stack MAC address to that of the current stack master. If you do not enter the no stack-mac persistent timer command, the stack MAC address never changes. If you enter a time delay of 1 to 60 minutes, the stack MAC address of the previous stack master is used until the configured time period expires or until you enter the no stack-mac persistent timer command. Note If the entire switch stack reloads, it uses the MAC address of the stack master as the stack MAC address. Beginning in privileged EXEC mode, follow these steps to enable persistent MAC address. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 stack-mac persistent timer [ 0 | time-value ] Enable a time delay after a stack-master change before the stack MAC address changes to that of the new stack master. If the previous stack master rejoins the stack during this period, the stack uses that MAC address as the stack MAC address. Enter the command with no value to set the default delay of approximately 4 minutes. We recommend that you always configure a value. Enter 0 to continue using the MAC address of the current stack master indefinitely. Enter a time-value from 1 to 60 minutes to configure the time period before the stack MAC address changes to the new stack master. Note When you enter this command, a warning states that traffic might be lost if the old master MAC address appears elsewhere in the network domain. If you enter the no stack-mac persistent timer command after a new stack master takes over, before the time expires, the switch stack moves to the current stack master MAC address. Step 3 end Return to privileged EXEC mode. Step 4 show running-config or Verify that the stack MAC address timer is enabled. If enabled, the output shows stack-mac persistent timer and the time in minutes. Step 5 show switch If enabled, the display includes: Mac persistency wait time, the number of minutes configured, and the current stack MAC address. Step 6 copy running-config startupconfig (Optional) Save your entries in the configuration file. Use the no stack-mac persistent timer global configuration command to disable the persistent MAC address feature. This example shows how to configure the persistent MAC address feature for a 7-minute time delay and to verify the configuration: Switch(config)# stack-mac persistent timer 7 WARNING: The stack continues to use the base MAC of the old Master WARNING: as the stack MAC after a master switchover until the MAC WARNING: persistency timer expires. During this time the Network WARNING: Administrators must make sure that the old stack-mac does WARNING: not appear elsewhere in this network domain. If it does, WARNING: user traffic may be blackholed. Switch(config)# end Switch# show switch Switch/Stack Mac Address : 0016.4727.a900 Mac persistency wait time: 7 mins H/W Current Switch# Role Mac Address Priority Version State --------------------------------------------------------- *1 Master 0016.4727.a900 1 0 Ready These sections describe how to assign stack member information: Note This task is available only from the stack master. Beginning in privileged EXEC mode, follow these steps to assign a member number to a stack member. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 switch current-stack-member-number renumber new-stack-member-number Specify the current stack member number and the new stack member number for the stack member. The range is 1 to 9. You can display the current stack member number by using the show switch user EXEC command. Step 3 end Return to privileged EXEC mode. Step 4 reload slot stack-member-number Reset the stack member. Step 5 show switch Verify the stack member number. Step 6 copy running-config startup-config Save your entries in the configuration file. Note This task is available only from the stack master. Beginning in privileged EXEC mode, follow these steps to assign a priority value to a stack member: This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 switch stack-member-number priority new- priority-number Specify the stack member number and the new priority for the stack member. The stack member number range is 1 to 9. The priority value range is 1 to 15. You can display the current priority value by using the show switch user EXEC command. The new priority value takes effect immediately but does not affect the current stack master. The new priority value helps determine which stack member is elected as the new stack master when the current stack master or switch stack resets. Step 3 end Return to privileged EXEC mode. Step 4 reload slot stack-member-number Reset the stack member, and apply this configuration change. Step 5 show switch stackmember-number Verify the stack member priority value. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Note This task is available only from the stack master. Beginning in privileged EXEC mode, follow these steps to provision a new member for a switch stack. This procedure is optional. Command Purpose Step 1 show switch Display summary information about the switch stack. Step 2 configure terminal Enter global configuration mode. Step 3 switch stack-member-number provision type Specify the stack member number for the preconfigured switch. By default, no switches are provisioned. For stack-member-number, the range is 1 to 9. Specify a stack member number that is not already used in the switch stack. See Step 1. For type, enter the model number of a supported switch that is listed in the command-line help strings. Step 4 end Return to privileged EXEC mode. Step 5 show running-config Verify the correct numbering of interfaces in the running configuration file. Step 6 show switch stack-member-number Verify the status of the provisioned switch. For stack-member-number, enter the same number as in Step 1. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove provisioned information and to avoid receiving an error message, remove the specified switch from the stack before you use the no form of this command. For example, if you are removing a provisioned switch in a stack with this configuration: The stack has four members Stack member 1 is the master Stack member 3 is a provisioned switch and want to remove the provisioned information and to avoid receiving an error message, you can remove power from stack member 3, disconnect the StackWise Plus cables between the stack member 3 and switches to which it is connected, reconnect the cables between the remaining stack members, and enter the no switch stack-member-number provision global configuration command. This example shows how to provision a switch with a stack member number of 2 for the switch stack. The show running-config command output shows the interfaces associated with the provisioned switch: Switch(config)# switch 2 provision switch_PID Switch(config)# end Switch# show running-config | include switch 2 ! interface GigabitEthernet2/0/1 ! interface GigabitEthernet2/0/2 ! interface GigabitEthernet2/0/3 Note This task is only for debugging purposes, and is only available from the master. You can access all or specific members by using the remote command { all | stack-member-number } privileged EXEC command. The stack member number range is 1 to 9. You can access specific members by using the session stack-member-number privileged EXEC command. The member number is appended to the system prompt. For example, the prompt for member 2 is Switch-2#, and system prompt for the master is Switch#. Enter exi t to return to the CLI session on the master. Only the show and debug commands are available on a specific member. To display saved configuration changes after resetting a specific member or the stack, use these privileged EXEC commands: Table 5-4 Commands for Displaying Stack Information Command Description show platform stack manager all Display all stack information, such as the stack protocol version. show platform stack ports { buffer | history } Display the stack port events and history. show switch Display summary information about the stack, including the status of provisioned switches and switches in version-mismatch mode. show switch stack-member-number Display information about a specific member. show switch detail Display detailed information about the stack ring. show switch neighbors Display the stack neighbors. show switch stack-ports [ summary ] Display port information for the stack. Use the summary keyword to display the stack cable length, the stack link status, and the loopback status. show switch stack-ring activity [ detail ] Display the number of frames per member that are sent to the stack ring. The detail keyword displays the number of frames per member that are sent to the stack ring, the receive queues, and the ASIC. If a stack port is flapping and causing instability in the stack ring, to disable the port, enter the switch stack-member-number stack port port-number disable privileged EXEC command. To re-enable the port, enter the switch stack-member-number stack port portnumber enable command. Note Be careful when using the switch stack-member-number stack port port-number disable command. When you disable the stack port, the stack operates at half bandwidth. A stack is in the full-ring state when all members are connected through the stack ports and are in the ready state. The stack is in the partial-ring state when ? All members are connected through the stack ports, but some all are not in the ready state. ? Some members are not connected through the stack ports. When you enter the switch stack-member-number stack port port-number disable privileged EXEC command and The stack is in the full-ring state, you can disable only one stack port. This message appears: Enabling/disabling a stack port may cause undesired stack changes. Continue?[confirm] The stack is in the partial-ring state, you cannot disable the port. This message appears: Disabling stack port not allowed with current stack configuration. Stack Port 1 on Switch 1 is connected to Port 2 on Switch 4. If Port 1 is flapping, disable Port 1 with the switch 1 stack port 1 disable privileged EXEC command. While Port 1 on Switch 1 is disabled and Switch 1 is still powered on: 1. Disconnect the stack cable between Port 1 on Switch 1 and Port 2 on Switch 4. 2. Remove Switch 4 from the stack. 3. Add a switch to replace Switch 4 and assign it switch-number 4. 4. Reconnect the cable between Port 1 on Switch 1 and Port 2 on Switch 4 (the replacement switch). 5. Re-enable the link between the switches. Enter the switch 1 stack port 1 enable privileged EXEC command to enable Port 1 on Switch 1. 6. Power on Switch 4. Caution Powering on Switch 4 before enabling the Port 1 on Switch 1 might cause one of the switches to reload. If Switch 4 is powered on first, you might need to enter the switch 1 stack port 1 enable and the switch 4 stack port 2 enable privileged EXEC commands to bring up the link. Only Port 1 on stack member 2 is disabled. Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 OK 3 50 cm Yes Yes Yes 1 No 1/2 Down None 3 m Yes No Yes 1 No 2/1 Down None 3 m Yes No Yes 1 No 2/2 OK 3 50 cm Yes Yes Yes 1 No 3/1 OK 2 50 cm Yes Yes Yes 1 No 3/2 OK 1 50 cm Yes Yes Yes 1 No Table 5-5 show switch stack-ports summary Command Output Field Description Switch#/Port# Member number and its stack port number. Stack Port Status Absent--No cable is detected on the stack port. Down--A cable is detected, but either no connected neighbor is up, or the stack port is disabled. OK--A cable is detected, and the connected neighbor is up. Neighbor Switch number of the active member at the other end of the stack cable. Cable Length Valid lengths are 50 cm, 1 m, or 3 m. If the switch cannot detect the cable length, the value is no cable. The cable might not be connected, or the link might be unreliable. Link OK This shows if the link is stable. The link partner is a stack port on a neighbor switch. No--The link partner receives invalid protocol messages from the port. Yes--The link partner receives valid protocol messages from the port. Link Active This shows if the stack port is in the same state as its link partner. No--The port cannot send traffic to the link partner. Yes--The port can send traffic to the link partner. Sync OK No--The link partner does not send valid protocol messages to the stack port. Yes-- The link partner sends valid protocol messages to the port. # Changes to LinkOK This shows the relative stability of the link. If a large number of changes occur in a short period of time, link flapping can occur. In Loopback No--At least one stack port on the member has an attached stack cable. Yes--None of the stack ports on the member has an attached stack cable. In a stack with three members, stack cables connect all the members. Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ------------ -------- 1/1 OK 3 50 cm Yes Yes Yes 1 No 1/2 OK 2 3 m Yes Yes Yes 1 No 2/1 OK 1 3 m Yes Yes Yes 1 No 2/2 OK 3 50 cm Yes Yes Yes 1 No 3/1 OK 2 50 cm Yes Yes Yes 1 No 3/2 OK 1 50 cm Yes Yes Yes 1 No If you disconnect the stack cable from Port 1 on Switch 1, these messages appear: 01:09:55: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 3 has changed to state DOWN 01:09:56: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 Absent None No cable No No No 1 No 1/2 OK 2 3 m Yes Yes Yes 1 No 2/1 OK 1 3 m Yes Yes Yes 1 No 2/2 OK 3 50 cm Yes Yes Yes 1 No 3/1 OK 2 50 cm Yes Yes Yes 1 No 3/2 Down None 50 cm No No No 1 No If you disconnect the stack cable from Port 2 on Switch 1, the stack splits. Switch 2 and Switch 3 are now in a two-member stack connected through stack cables. Switch# show sw stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK ------- ------ -------- -------- ---- ------ ---- --------- -------- 2/1 Down None 3 m No No No 1 No 2/2 OK 3 50 cm Yes Yes Yes 1 No 3/1 OK 2 50 cm Yes Yes Yes 1 No 3/2 Down None 50 cm No No No 1 No Switch 1 is a standalone switch. Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 Absent None No cable No No No 1 Yes 1/2 Absent None No cable No No No 1 Yes Catalyst 3750 switch port status: Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 Absent None No cable Yes No Yes 1 Yes 1/2 Absent None No cable Yes No Yes 1 Yes Catalyst 3750-E or 3750-X switch port status: Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 Absent None No cable No No No 1 Yes 1/2 Absent None No cable No No No 1 Yes On Port 1 on Switch 1, the port status is Down, and a cable is connected. On Port 2 on Switch 1, the port status is Absent, and no cable is connected. Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 Down None 50 Cm No No No 1 No 1/2 Absent None No cable No No No 1 No In a physical loopback, a cable connects both stack ports on a switch. You can use this configuration to test ? Cables on a switch that is running properly ? Stack ports with a cable that works properly Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 2/1 OK 2 50 cm Yes Yes Yes 1 No 2/2 OK 2 50 cm Yes Yes Yes 1 No The port status shows that ? Switch 2 is a standalone switch. ? The ports can send and receive traffic. The show platform stack ports buffer privileged EXEC command output shows the hardware loopback values. Switch# show platform stack ports buffer Stack Debug Event Data Trace ============================================================== Event type LINK: Link status change Event type RAC: RAC changes to Not OK Event type SYNC: Sync changes to Not OK ============================================================== Event Stack Stack PCS Info Ctrl-Status Loopback Cable Count Port IOS / HW length ========= ===== =================================== =========== ======== ======== Event type: LINK OK Stack Port 1 0000000011 1 FF08FF00 860302A5 AA55FFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable 0000000011 2 FF08FF00 86031805 55AAFFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable Event type: LINK OK Stack Port 2 0000000012 1 FF08FF00 860302A5 AA55FFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable 0000000012 2 FF08FF00 86031805 55AAFFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable Event type: RAC 0000000013 1 FF08FF00 860302A5 AA55FFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable 0000000013 2 FF08FF00 86031805 55AAFFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable On a Catalyst 3750 member, If at least one stack port has an connected stack cable, the Loopback HW value for both stack ports is No. If neither stack port has an connected stack cable, the Loopback HW value for both stack ports is Yes. On a Catalyst 3750-E or Catalyst 3750X member, If a stack port has an connected stack cable, the Loopback HW value for the stack port is No. If the stack port does not have an connected stack cable, the Loopback HW value for the stack port is Yes. On a Catalyst 3750 switch: Switch# show platform stack ports buffer Stack Debug Event Data Trace ============================================================== Event type LINK: Link status change Event type RAC: RAC changes to Not OK Event type SYNC: Sync changes to Not OK ============================================================== Event Stack Stack PCS Info CtrlStatus Loopback Cable Count Port IOS / HW length ========= ===== =================================== =========== ======== ======== Event type: LINK OK Stack Port 1 0000000008 1 FF08FF00 8603F083 55AAFFFF FFFFFFFF 0CE60C10 No /No 50 cm 0000000008 2 FF08FF00 0001DBDF 01000B00 FFFFFFFF 0CE60C10 No /No No cable Event type: RAC 0000000009 1 FF08FF00 8603F083 55AAFFFF FFFFFFFF 0CE60C10 No /No 50 cm 0000000009 2 FF08FF00 0001DC1F 02000100 FFFFFFFF 0CE60C10 No /No No cable On a Catalyst 3750-E or 3750-X switch: Switch# show platform stack ports buffer Stack Debug Event Data Trace ============================================================== Event type LINK: Link status change Event type RAC: RAC changes to Not OK Event type SYNC: Sync changes to Not OK ============================================================== Event Stack Stack PCS Info Ctrl-Status Loopback Cable Count Port IOS / HW length ========= ===== =================================== =========== ======== ======== Event type: LINK OK Stack Port 1 0000000153 1 FF01FF00 860351A5 55A5FFFF FFFFFFFF 0CE60C10 No /No 50 cm 0000000153 2 FF01FF00 00017C07 00000000 0000FFFF 0CE60C10 No /No 3 m Event type: RAC 0000000154 1 FF01FF00 860351A5 55A5FFFF FFFFFFFF 0CE60C10 No /No 50 cm 0000000154 2 FF01FF00 00017C85 00000000 0000FFFF 0CE60C10 No /No 3 m On a Catalyst 3750 switch: Switch# show platform stack ports buffer Stack Debug Event Data Trace ============================================================== Event type LINK: Link status change Event type RAC: RAC changes to Not OK Event type SYNC: Sync changes to Not OK ============================================================== Event Stack Stack PCS Info Ctrl-Status Loopback Cable Count Port IOS / HW length ========= ===== =================================== =========== ======== ======== Event type: LINK OK Stack Port 2 0000000005 1 FF08FF00 0001FBD3 0801080B EFFFFFFF 0C100CE6 No /No No cable 0000000005 2 FF08FF00 8603E4A9 5555FFFF FFFFFFFF 0C100CE6 No /No 50 cm Event type: RAC 0000000006 1 FF08FF00 0001FC14 08050204 EFFFFFFF 0C100CE6 No /No No cable 0000000006 2 FF08FF00 8603E4A9 5555FFFF FFFFFFFF 0C100CE6 No /No 50 cm Event type: LINK NOT OK Stack Port 2 0000000939 1 FF08FF00 00016879 00010000 EFFFFFFF 0C100C14 No /No No cable 0000000939 2 FF08FF00 0001901F 00000000 FFFFFFFF 0C100C14 No /No No cable Event type: RAC 0000000940 1 FF08FF00 000168BA 00010001 EFFFFFFF 0C100C14 No /No No cable 0000000940 2 FF08FF00 0001905F 00000000 FFFFFFFF 0C100C14 No /No No cable Event type: LINK OK Stack Port 1 0000000956 1 FF08FF00 86034DAC 5555FFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable 0000000956 2 FF08FF00 86033431 55AAFFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable Event type: LINK OK Stack Port 2 0000000957 1 FF08FF00 86034DAC 5555FFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable 0000000957 2 FF08FF00 86033431 55AAFFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable Event type: RAC 0000000958 1 FF08FF00 86034DAC 5555FFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable 0000000958 2 FF08FF00 86033431 55AAFFFF FFFFFFFF 1CE61CE6 Yes/Yes No cable On a Catalyst 3750-E or 3750-X switch: Switch# show platform stack ports buffer Stack Debug Event Data Trace ============================================================== Event type LINK: Link status change Event type RAC: RAC changes to Not OK Event type SYNC: Sync changes to Not OK ============================================================== Event Stack Stack PCS Info CtrlStatus Loopback Cable Count Port IOS / HW length ========= ===== =================================== =========== ======== ======== Event type: LINK OK Stack Port 1 0000000014 1 FF01FF00 860204A7 5555FFFF 00000000 0CE60CA6 No /No 50 cm 0000000014 2 FF01FF00 85020823 AAAAFFFF 00000000 0CE60CA6 No /No 3 m Event type: RAC 0000000015 1 FF01FF00 860204A7 5555FFFF 00000000 0CE60CA6 No /No 50 cm 0000000015 2 FF01FF00 85020823 AAAAFFFF 00000000 0CE60CA6 No /No 3 m Event type: LINK OK Stack Port 2 0000000029 1 FF01FF00 860204A7 5555FFFF 00000000 1CE61CE6 No /No 50 cm 0000000029 2 FF01FF00 86020823 AAAAFFFF 00000000 1CE61CE6 No /No 3 m Event type: RAC 0000000030 1 FF01FF00 860204A7 5555FFFF 00000000 1CE61CE6 No /No 50 cm 0000000030 2 FF01FF00 86020823 AAAAFFFF 00000000 1CE61CE6 No /No 3 m Event type: LINK NOT OK Stack Port 1 0000009732 1 FF01FF00 00015B12 5555FFFF A49CFFFF 0C140CE4 No /No 50 cm 0000009732 2 FF01FF00 86020823 AAAAFFFF 00000000 0C140CE4 No /No 3 m Event type: RAC 0000009733 1 FF01FF00 00015B4A 5555FFFF A49CFFFF 0C140CE4 No /No 50 cm 0000009733 2 FF01FF00 86020823 AAAAFFFF 00000000 0C140CE4 No /No 3 m Event type: LINK NOT OK Stack Port 2 0000010119 1 FF01FF00 00010E69 25953FFF FFFFFFFF 0C140C14 No /Yes No cable 0000010119 2 FF01FF00 0001D98C 81AAC7FF 0300FFFF 0C140C14 No /No 3 m Event type: RAC 0000010120 1 FF01FF00 00010EEA 25953FFF FFFFFFFF 0C140C14 No /Yes No cable 0000010120 2 FF01FF00 0001DA0C 81AAC7FF 0300FFFF 0C140C14 No /No 3 m Stack cables connect all stack members. Port 2 on Switch 1 connects to Port 1 on Switch 2. This is the port status for the members: Switch# show switch stackports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 OK 2 50 cm Yes Yes Yes 0 No 1/2 OK 2 50 cm Yes Yes Yes 0 No 2/1 OK 1 50 cm Yes Yes Yes 0 No 2/2 OK 1 50 cm Yes Yes Yes 0 No If you disconnect the cable from Port 2 on Switch 1, these messages appear: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN This is now the port status: Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 OK 2 50 cm Yes Yes Yes 1 No 1/2 Absent None No cable No No No 2 No 2/1 Down None 50 cm No No No 2 No 2/2 OK 1 50 cm Yes Yes Yes 1 No Only one end of the cable connects to a stack port, Port 1 on Switch 2. The Stack Port Status value for Port 2 on Switch 1 is Absent, and the value for Port 1 on Switch 2 is Down. The Cable Length value is No cable. Diagnosing the problem: Verify the cable connection for Port 2 on Switch 1. Port 2 on Switch 1 has a port or cable problem if ? The In Loopback value is Yes. or ? The Link OK, Link Active, or Sync OK value is No. Stack cables connect all members. Port 2 on Switch 1 connects to Port 1 on Switch 2. This is the port status: Switch# show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 OK 2 50 cm Yes Yes Yes 1 No 1/2 Down None 50 cm No No No 2 No 2/1 Down None 50 cm No No No 2 No 2/2 OK 1 50 cm Yes Yes Yes 1 No Diagnosing the problem: The Stack Port Status value is Down. Link OK, Link Active, and Sync OK values are No. The Cable Length value is 50 cm. The switch detects and correctly identifies the cable. The connection between Port 2 on Switch 1 and Port 1 on Switch 2 is unreliable on at least one of the connector pins. Page 2 This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on the Catalyst 3750-X or 3560-X switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard. A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID. Unless otherwise noted, the term switch refers to a Catalyst 3750-X or 3560-X standalone switch and to a Catalyst 3750-X switch stack. For information about the Multiple Spanning Tree Protocol (MSTP) and how to map multiple VLANs to the same spanning-tree instance, see Chapter20, "Configuring MSTP" For information about other spanning-tree features such as Port Fast, UplinkFast, root guard, and so forth, see Chapter21, "Configuring Optional Spanning-Tree Features" Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release. This chapter consists of these sections: These sections contain this conceptual information: For configuration information, see the "Configuring Spanning-Tree Features" section. For information about optional spanning-tree features, see Chapter21, "Configuring Optional Spanning-Tree Features" STP is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages. Switches might also learn end-station MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network. Spanning-tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments. The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology: Root--A forwarding port elected for the spanning-tree topology Designated--A forwarding port elected for every switched LAN segment Alternate--A blocked port providing an alternate path to the root bridge in the spanning tree Backup--A blocked port in a loopback configuration The switch that has all of its ports as the designated role or as the backup role is the root switch. The switch that has at least one of its ports in the designated role is called the designated switch. Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path. Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at regular intervals. The switches do not forward these frames but use them to construct a loop-free path. BPDUs contain information about the sending switch and its ports, including switch and MAC addresses, switch priority, port priority, and path cost. Spanning tree uses this information to elect the root switch and root port for the switched network and the root port and designated port for each switched segment. When two ports on a switch are part of a loop, the spanning-tree port priority and path cost settings control which port is put in the forwarding state and which is put in the blocking state. The spanning-tree port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed. Note By default, the switch sends keepalive messages (to ensure the connection is up) only on interfaces that do not have small form-factor pluggable (SFP) modules. You can change the default for an interface by entering the [no] keepalive interface configuration command with no keywords. The stable, active spanning-tree topology of a switched network is controlled by these elements: The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch. In a switch stack, all switches use the same bridge ID for a given spanning-tree instance. The spanning-tree path cost to the root switch. The port identifier (port priority and MAC address) associated with each Layer 2 interface. When the switches in a network are powered up, each functions as the root switch. Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains this information: The unique bridge ID of the switch that the sending switch identifies as the root switch The spanning-tree path cost to the root The bridge ID of the sending switch Message age The identifier of the sending interface Values for the hello, forward delay, and max-age protocol timers When a switch receives a configuration BPDU that contains superior information (lower bridge ID, lower path cost, and so forth), it stores the information for that port. If this BPDU is received on the root port of the switch, the switch also forwards it with an updated message to all attached LANs for which it is the designated switch. If a switch receives a configuration BPDU that contains inferior information to that currently stored for that port, it discards the BPDU. If the switch is a designated switch for the LAN from which the inferior BPDU was received, it sends that LAN a BPDU containing the up-to-date information stored for that port. In this way, inferior information is discarded, and superior information is propagated on the network. A BPDU exchange results in these actions: One switch in the network is elected as the root switch (the logical center of the spanning-tree topology in a switched network). In a switch stack, one stack member is elected as the stack root switch. The stack root switch contains the outgoing root port (Switch 1), as shown in Figure 19-1. For each VLAN, the sw itch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch. The switch priority value occupies the most significant bits of the bridge ID, as shown in Table 19-1. A root port is selected for each switch (except the root switch). This port provides the best path (lowest cost) when the switch forwards packets to the root switch. When selecting the root port on a switch stack, spanning tree follows this sequence: ? Selects the lowest root bridge ID ? Selects the lowest path cost to the root switch ? Selects the lowest designated bridge ID ? Selects the lowest designated path cost ? Selects the lowest port ID Only one outgoing port on the stack root switch is selected as the root port. The remaining switches in the stack become its designated switches (Switch 2 and Switch 3) as shown in Figure 19-1. The shortest distance to the root switch is calculated for each switch based on the path cost. A designated switch for each LAN segment is selected. The designated switch incurs the lowest path cost when forwarding packets from that LAN to the root switch. The port through which the designated switch is attached to the LAN is called the designated port. Figure 19-1 Spanning-Tree Port States in a Switch Stack All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. The IEEE 802.1D standard requires that each switch has an unique bridge identifier (bridge ID), which controls the selection of the root switch. Because each VLAN is considered as a different logical bridge with PVST+ and rapid PVST+, the same switch must have a different bridge IDs for each configured VLAN. Each VLAN on the switch has a unique 8-byte bridge ID. The 2 most-significant bytes are used for the switch priority, and the remaining 6 bytes are derived from the switch MAC address. The switch supports the IEEE 802.1t spanning-tree extensions, and some of the bits previously used for the switch priority are now used as the VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs can be supported, all while maintaining the uniqueness of the bridge ID. As shown in Table 19-1 , the 2 bytes previously used for the switch priority are reallocated into a 4-bit priority value and a 12-bit extended system ID value equal to the VLAN ID. Table 19-1 Switch Priority Value and Extended System ID Switch Priority Value Extended System ID (Set Equal to the VLAN ID) Bit 16 Bit 15 Bit 14 Bit 13 Bit 12 Bit 11 Bit 10 Bit 9 Bit 8 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 32768 16384 8192 4096 2048 1024 512 256 128 64 32 16 8 4 2 1 Spanning tree uses the extended system ID, the switch priority, and the allocated spanning-tree MAC address to make the bridge ID unique for each VLAN. Because the switch stack appears as a single switch to the rest of the network, all switches in the stack use the same bridge ID for a given spanning tree. If the stack master fails, the stack members recalculate their bridge IDs of all running spanning trees based on the new MAC address of the new stack master. Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the switch priority of a VLAN. For example, when you change the switch priority value, you change the probability that the switch will be elected as the root switch. Configuring a higher value decreases the probability; a lower value increases the probability. For more information, see the "Configuring the Root Switch" section, the "Configuring a Secondary Root Switch" section, and the "Configuring the Switch Priority of a VLAN" section. Propagation delays can occur when protocol information passes through a switched LAN. As a result, topology changes can take place at different times and at different places in a switched network. When an interface transitions directly from nonparticipation in the spanning-tree topology to the forwarding state, it can create temporary data loops. Interfaces must wait for new topology information to propagate through the switched LAN before starting to forward frames. They must allow the frame lifetime to expire for forwarded frames that have used the old topology. Each Layer 2 interface on a switch using spanning tree exists in one of these states: Blocking--The interface does not participate in frame forwarding. Listening--The first transitional state after the blocking state when the spanning tree decides that the interface should participate in frame forwarding. Learning--The interface prepares to participate in frame forwarding. Forwarding--The interface forwards frames. Disabled--The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no spanning-tree instance running on the port. An interface moves through these states: From initialization to blocking From blocking to listening or to disabled From listening to learning or to disabled From learning to forwarding or to disabled From forwarding to disabled Figure 19-2 Figure 19-2 illustrates how an interface moves through the states. Figure 19-2 Spanning-Tree Interface States When you power up the switch, spanning tree is enabled by default, and every interface in the switch, VLAN, or network goes through the blocking state and the transitory states of listening and learning. Spanning tree stabilizes each interface at the forwarding or blocking state. When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this process occurs: 1. The interface is in the listening state while spanning tree waits for protocol information to move the interface to the blocking state. 2. While spanning tree waits the forward-delay timer to expire, it moves the interface to the learning state and resets the forward-delay timer. 3. In the learning state, the interface continues to block frame forwarding as the switch learns end-station location information for the forwarding database. 4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state, where both learning and frame forwarding are enabled. A Layer 2 interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU is sent to each switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root switch. If there is only one switch in the network, no exchange occurs, the forward-delay timer expires, and the interface moves to the listening state. An interface always enters the blocking state after switch initialization. An interface in the blocking state performs these functions: Discards frames received on the interface Discards frames switched from another interface for forwarding Does not learn addresses Receives BPDUs The listening state is the first state a Layer 2 interface enters after the blocking state. The interface enters this state when the spanning tree decides that the interface should participate in frame forwarding. An interface in the listening state performs these functions: Discards frames received on the interface Discards frames switched from another interface for forwarding Does not learn addresses Receives BPDUs A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the learning state from the listening state. An interface in the learning state performs these functions: Discards frames received on the interface Discards frames switched from another interface for forwarding Learns addresses Receives BPDUs A Layer 2 interface in the forwarding state forwards frames. The interface enters the forwarding state from the learning state. An interface in the forwarding state performs these functions: Receives and forwards frames received on the interface Forwards frames switched from another interface Learns addresses Receives BPDUs A Layer 2 interface in the disabled state does not participate in frame forwarding or in the spanning tree. An interface in the disabled state is nonoperational. A disabled interface performs these functions: Discards frames received on the interface Discards frames switched from another interface for forwarding Does not learn addresses Does not receive BPDUs If all switches in a network are enabled with default spanning-tree settings, the switch with the lowest MAC address becomes the root switch. In Figure 19-3, Switch A is elected as the root switch because the switch priority of all the switches is set to the default (32768) and Switch A has the lowest MAC address. However, because of traffic patterns, number of forwarding interfaces, or link types, Switch A might not be the ideal root switch. By increasing the priority (lowering the numerical value) of the ideal switch so that it becomes the root switch, you force a spanning-tree recalculation to form a new topology with the ideal switch as the root. Figure 19-3 Spanning-Tree Topology When the spanning-tree topology is calculated based on default parameters, the path between source and destination end stations in a switched network might not be ideal. For instance, connecting higher-speed links to an interface that has a higher number than the root port can cause a root-port change. The goal is to make the fastest link the root port. For example, assume that one port on Switch B is a Gigabit Ethernet link and that another port on Switch B (a 10/100 link) is the root port. Network traffic might be more efficient over the Gigabit Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. You can create a redundant backbone with spanning tree by connecting two switch interfaces to another device or to two different devices, as shown in Figure 19-4. Spanning tree automatically disables one interface but enables it if the other one fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value. Figure 19-4 Spanning Tree and Redundant Connectivity You can also create redundant links between switches by using EtherChannel groups. For more information, see Chapter39, "Configuring EtherChannels and Link-State Tracking" IEEE 802.1D specifies 17 multicast addresses, ranging from 0x00180C2000000 to 0x0180C2000010, to be used by different bridge protocols. These addresses are static addresses that cannot be removed. Regardless of the spanning-tree state, each switch in the stack receives but does not forward packets destined for addresses between 0x0180C2000000 and 0x0180C200000F. If spanning tree is enabled, the CPU on the switch or on each switch in the stack receives packets destined for 0x0180C2000000 and 0x0180C2000010. If spanning tree is disabled, the switch or each switch in the stack forwards those packets as unknown multicast addresses. The default for aging dynamic addresses is 5 minutes, the default setting of the mac address-table aging-time global configuration command. However, a spanning-tree reconfiguration can cause many station locations to change. Because these stations could be unreachable for 5 minutes or

more during a reconfiguration, the address-aging time is accelerated so that station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. Because each VLAN is a separate spanning-tree instance, the switch accelerates aging on a per-VLAN basis. A spanning-tree reconfiguration on one VLAN can cause the dynamic addresses learned on that VLAN to be subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch. The switch supports these spanning-tree modes and protocols: PVST+--This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network. The PVST+ provides Layer 2 load-balancing for the VLAN on which it runs. You can create different logical topologies by using the VLANs on your network to ensure that all of your links are used but that no one link is oversubscribed. Each instance of PVST+ on a VLAN has a single root switch. This root switch propagates the spanning-tree information associated with that VLAN to all other switches in the network. Because each switch has the same information about the network, this process ensures that the network topology is maintained. Rapid PVST+--This spanning-tree mode is the same as PVST+ except that is uses a rapid convergence based on the IEEE 802.1w standard. To provide rapid convergence, the rapid PVST+ immediately deletes dynamically learned MAC address entries on a per-port basis upon receiving a topology change. By contrast, PVST+ uses a short aging time for dynamically learned MAC address entries. The rapid PVST+ uses the same configuration as PVST+ (except where noted), and the switch needs only minimal extra configuration. The benefit of rapid PVST+ is that you can migrate a large PVST+ install base to rapid PVST+ without having to learn the complexities of the MSTP configuration and without having to reprovision your network. In rapid-PVST+ mode, each VLAN runs its own spanning-tree instance up to the maximum supported. MSTP--This spanning-tree mode is based on the IEEE 802.1s standard. You can map multiple VLANs to the same spanning-tree instance, which reduces the number of spanning-tree instances required to support a large number of VLANs. The MSTP runs on top of the RSTP (based on IEEE 802.1w), which provides for rapid convergence of the spanning tree by eliminating the forward delay and by quickly transitioning root ports and designated ports to the forwarding state. In a switch stack, the cross-stack rapid transition (CSRT) feature performs the same function as RSTP. You cannot run MSTP without RSTP or CSRT. The most common initial deployment of MSTP is in the backbone and distribution layers of a Layer 2 switched network. For more information, see Chapter20, "Configuring MSTP" For information about the number of supported spanning-tree instances, see the next section. In PVST+ or rapid-PVST+ mode, the switch or switch stack supports up to 128 spanning-tree instances. In MSTP mode, the switch or switch stack supports up to 65 MST instances. The number of VLANs that can be mapped to a particular MST instance is unlimited. For information about how spanning tree interoperates with the VLAN Trunking Protocol (VTP), see the "Spanning-Tree Configuration Guidelines" section. Table 19-2 lists the interoperability and compatibility among the supported spanning-tree modes in a network. Table 19-2 PVST+, MSTP, and Rapid-PVST+ Interoperability PVST+ MSTP Rapid PVST+ PVST+ Yes Yes (with restrictions) Yes (reverts to PVST+) MSTP Yes (with restrictions) Yes Yes (reverts to PVST+) Rapid PVST+ Yes (reverts to PVST+) Yes (reverts to PVST+) Yes In a mixed MSTP and PVST+ network, the common spanning-tree (CST) root must be inside the MST backbone, and a PVST+ switch cannot connect to multiple MST regions. When a network contains switches running rapid PVST+ and switches running PVST+, we recommend that the rapidPVST+ switches and PVST+ switches be configured for different spanning-tree instances. In the rapid-PVST+ spanning-tree instances, the root switch must be a rapid-PVST+ switch. In the PVST+ instances, the root switch must be a PVST+ switch. The PVST+ switches should be at the edge of the network. All stack members run the same version of spanning tree (all PVST+, all rapid PVST+, or all MSTP). The IEEE 802.1Q standard for VLAN trunks imposes some limitations on the spanning-tree strategy for a network. The standard requires only one spanning-tree instance for all VLANs allowed on the trunks. However, in a network of Cisco switches connected through IEEE 802.1Q trunks, the switches maintain one spanning-tree instance for each VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+. The switch combines the spanning-tree instance of the IEEE 802.1Q VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch. However, all PVST+ or rapid-PVST+ information is maintained by Cisco switches separated by a cloud of non-Cisco IEEE 802.1Q switches. The non-Cisco IEEE 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches. PVST+ is automatically enabled on IEEE 802.1Q trunks, and no user configuration is required. The external spanning-tree behavior on access ports and Inter-Switch Link (ISL) trunk ports is not affected by PVST+. For more information on IEEE 802.1Q trunks, see Chapter14, "Configuring VLANs" Cisco VLAN-bridge spanning tree is used with the fallback bridging feature (bridge groups), which forwards non-IP protocols such as DECnet between two or more VLAN bridge domains or routed ports. The VLAN-bridge spanning tree allows the bridge groups to form a spanning tree on top of the individual VLAN spanning trees to prevent loops from forming if there are multiple connections among VLANs. It also prevents the individual spanning trees from the VLANs being bridged from collapsing into a single spanning tree. To support VLAN-bridge spanning tree, some of the spanning-tree timers are increased. To use the fallback bridging feature, you must have the IP services feature set enabled on your switch. For more information, see Chapter49, "Configuring Fallback Bridging" These statements are true when the switch stack is operating in PVST+ or rapid-PVST+ mode: A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID for a given spanning tree. The bridge ID is derived from the MAC address of the stack master. When a new switch joins the stack, it sets its bridge ID to the stack-master bridge ID. If the newly added switch has the lowest ID and if the root path cost is the same among all stack members, the newly added switch becomes the stack root. When a stack member leaves the stack, spanning-tree reconvergence occurs within the stack (and possibly outside the stack). The remaining stack member with the lowest stack port ID becomes the stack root. If the stack master fails or leaves the stack, the stack members elect a new stack master, and all stack members change their bridge IDs of the spanning trees to the new master bridge ID. If the switch stack is the spanning-tree root and the stack master fails or leaves the stack, the stack members elect a new stack master, and a spanning-tree reconvergence occurs. If a neighboring switch external to the switch stack fails or is powered down, normal spanning-tree processing occurs. Spanning-tree reconvergence might occur as a result of losing a switch in the active topology. If a new switch external to the switch stack is added to the network, normal spanning-tree processing occurs. Spanning-tree reconvergence might occur as a result of adding a switch in the network. For more information about switch stacks, see Chapter5, "Managing Switch Stacks" These sections contain this configuration information: Table 19-3 shows the default spanning-tree configuration. Table 19-3 Default Spanning-Tree Configuration Feature Default Setting Enable state Enabled on VLAN 1. For more information, see the "Supported Spanning-Tree Instances" section. Spanning-tree mode PVST+. (Rapid PVST+ and MSTP are disabled.) Switch priority 32768. Spanning-tree port priority (configurable on a per-interface basis) 128. Spanning-tree port cost (configurable on a per-interface basis) 1000 Mb/s: 4. 100 Mb/s: 19. 10 Mb/s: 100. Spanning-tree VLAN port priority (configurable on a per-VLAN basis) 128. Spanning-tree VLAN port cost (configurable on a per-VLAN basis) 1000 Mb/s: 4. 100 Mb/s: 19. 10 Mb/s: 100. Spanning-tree timers Hello time: 2 seconds. Forward-delay time: 15 seconds. Maximum-aging time: 20 seconds. Transmit hold count: 6 BPDUs Each stack member runs its own spanning tree, and the entire stack appears as a single switch to the rest of the network. If more VLANs are defined in the VTP than there are spanning-tree instances, you can enable PVST+ or rapid PVST+ on only 128 VLANs on the switch or each switch stack. The remaining VLANs operate with spanning tree disabled. However, you can map multiple VLANs to the same spanning-tree instances by using MSTP. For more information, see Chapter20, "Configuring MSTP" If 128 instances of spanning tree are already in use, you can disable spanning tree on one of the VLANs and then enable it on the VLAN where you want it to run. Use the no spanning-tree vlan vlan-id global configuration command to disable spanning tree on a specific VLAN, and use the spanning-tree vlan vlan-id global configuration command to enable spanning tree on the desired VLAN. Caution Switches that are not running spanning tree still forward BPDUs that they receive so that the other switches on the VLAN that have a running spanning-tree instance can break loops. Therefore, spanning tree must be running on enough switches to break all the loops in the network; for example, at least one switch on each loop in the VLAN must be running spanning tree. It is not absolutely necessary to run spanning tree on all switches in the VLAN. However, if you are running spanning tree only on a minimal set of switches, an incautious change to the network that introduces another loop into the VLAN can result in a broadcast storm. Note If you have already used all available spanning-tree instances on your switch, adding another VLAN anywhere in the VTP domain creates a VLAN that is not running spanning tree on that switch. If you have the default allowed list on the trunk ports of that switch, the new VLAN is carried on all trunk ports. Depending on the topology of the network, this could create a loop in the new VLAN that will not be broken, particularly if there are several adjacent switches that have all run out of spanning-tree instances. You can prevent this possibility by setting up allowed lists on the trunk ports of switches that have used up their allocation of spanning-tree instances. Setting up allowed lists is not necessary in many cases and can make it more labor-intensive to add another VLAN to the network. Spanning-tree commands control the configuration of VLAN spanning-tree instances. You create a spanning-tree instance when you assign an interface to a VLAN. The spanning-tree instance is removed when the last interface is moved to another VLAN. You can configure switch and port parameters before a spanning-tree instance is created; these parameters are applied when the spanning-tree instance is created. The switch supports PVST+, rapid PVST+, and MSTP, but only one version can be active at any time. (For example, all VLANs run PVST+, all VLANs run rapid PVST+, or all VLANs run MSTP.) In Catalyst 3750-E-only and mixed switch stacks, all stack members run the same version of spanning tree. For information about the different spanning-tree modes and how they interoperate, see the "Spanning-Tree Interoperability and Backward Compatibility" section. For configuration guidelines about UplinkFast, BackboneFast, and cross-stack UplinkFast, see the "Optional Spanning-Tree Configuration Guidelines" section. Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. The switch supports three spanning-tree modes: PVST+, rapid PVST+, or MSTP. By default, the switch runs the PVST+ protocol. Beginning in privileged EXEC mode, follow these steps to change the spanning-tree mode. If you want to enable a mode that is different from the default mode, this procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree mode { pvst | mst | rapid-pvst } Configure a spanning-tree mode. All stack members run the same version of spanning-tree. Select pvst to enable PVST+ (the default setting). Select mst to enable MSTP (and RSTP). For more configuration steps, see Chapter20, "Configuring MSTP" Select rapid-pvst to enable rapid PVST+. Step 3 interface interface-id (Recommended for rapid-PVST+ mode only) Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical ports, VLANs, and port channels. The VLAN ID range is 1 to 4094. The port-channel range is 1 to 48. Step 4 spanning-tree link-type point-to-point (Recommended for rapid-PVST+ mode only) Specify that the link type for this port is point-to-point. If you connect this port (local port) to a remote port through a point-to-point link and the local port becomes a designated port, the switch negotiates with the remote port and rapidly changes the local port to the forwarding state. Step 5 end Return to privileged EXEC mode. Step 6 clear spanning-tree detected-protocols (Recommended for rapid-PVST+ mode only) If any port on the switch is connected to a port on a legacy IEEE 802.1D switch, restart the protocol migration process on the entire switch. This step is optional if the designated switch detects that this switch is running rapid PVST+. Step 7 show spanning-tree summary and show spanning-tree interface interface-id Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Spanning tree is enabled by default on VLAN 1 and on all newly created VLANs up to the spanning-tree limit specified in the "Supported Spanning-Tree Instances" section. Disable spanning tree only if you are sure there are no loops in the network topology. Caution When spanning tree is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance. Beginning in privileged EXEC mode, follow these steps to disable spanning-tree on a per-VLAN basis. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no spanning-tree vlan vlan-id For vlan-id, the range is 1 to 4094. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree vlan vlan-id Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To re-enable spanning-tree, use the spanning-tree vlan vlan-id global configuration command. The switch maintains a separate spanning-tree instance for each active VLAN configured on it. A bridge ID, consisting of the switch priority and the switch MAC address, is associated with each instance. For each VLAN, the switch with the lowest bridge ID becomes the root switch for that VLAN. To configure a switch to become the root for the specified VLAN, use the spanning-tree vlan vlan-id root global configuration command to modify the switch priority from the default value (32768) to a significantly lower value. When you enter this command, the software checks the switch priority of the root switches for each VLAN. Because of the extended system ID support, the switch sets its own priority for the specified VLAN to 24576 if this value will cause this switch to become the root for the specified VLAN. If any root switch for the specified VLAN has a switch priority lower than 24576, the switch sets its own priority for the specified VLAN to 4096 less than the lowest switch priority. (4096 is the value of the least-significant bit of a 4-bit switch priority value as shown in Table 19-1.) Note The spanning-tree vlan vlan-id root global configuration command fails if the value necessary to be the root switch is less than 1. Note If your network consists of switches that both do and do not support the extended system ID, it is unlikely that the switch with the extended system ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Note The root switch for each spanning-tree instance should be a backbone or distribution switch. Do not configure an access switch as the spanning-tree primary root. Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of switch hops between any two end stations in the Layer 2 network). When you specify the network diameter, the switch automatically sets an optimal hello time, forward-delay time, and maximum-age time for a network of that diameter, which can significantly reduce the convergence time. You can use the hello keyword to override the automatically calculated hello time. Note After configuring the switch as the root switch, we recommend that you avoid manually configuring the hello time, forward-delay time, and maximum-age time through the spanning-tree vlan vlan-id hello-time, spanning-tree vlan vlan-id forward-time, and the spanning-tree vlan vlan-id max-age global configuration commands. Beginning in privileged EXEC mode, follow these steps to configure a switch to become the root for the specified VLAN. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree vlan vlan-id root primary [ diameter net-diameter [ hello-time seconds ]] Configure a switch to become the root for the specified VLAN. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. (Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations. The range is 2 to 7. (Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default is 2. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree detail Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. When you configure a switch as the secondary root, the switch priority is modified from the default value (32768) to 28672. The switch is then likely to become the root switch for the specified VLAN if the primary root switch fails. This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. You can execute this command on more than one switch to configure multiple backup root switches. Use the same network diameter and hello-time values that you used when you configured the primary root switch with the spanning-tree vlan vlan-id root primary global configuration command. Beginning in privileged EXEC mode, follow these steps to configure a switch to become the secondary root for the specified VLAN. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree vlan vlan-id root secondary [ diameter net-diameter [ hello-time seconds ]] Configure a switch to become the secondary root for the specified VLAN. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. (Optional) For diameter net-diameter, specify the maximum number of switches between any two end stations. The range is 2 to 7. (Optional) For hello-time seconds, specify the interval in seconds between the generation of configuration messages by the root switch. The range is 1 to 10; the default is 2. Use the same network diameter and hello-time values that you used when configuring the primary root switch. See the "Configuring the Root Switch" section. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree detail Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the forwarding state. You can assign higher priority values (lower numerical values) to interfaces that you want selected first and lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Note If your switch is a member of a switch stack, you must use the spanning-tree [vlan vlan-id] cost cost interface configuration command instead of the spanning-tree [vlan vlan-id] port-priority priority interface configuration command to select an interface to put in the forwarding state. Assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last. For more information, see the "Configuring Path Cost" section. Beginning in privileged EXEC mode, follow these steps to configure the port priority of an interface. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical ports and port-channel logical interfaces (port-channel port-channel-number). Step 3 spanning-tree port-priority priority Configure the port priority for an interface. For priority, the range is 0 to 240, in increments of 16; the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority. Step 4 spanning-tree vlan vlan-id port-priority priority Configure the port priority for a VLAN. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. For priority, the range is 0 to 240, in increments of 16; the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority. Step 5 end Return to privileged EXEC mode. Step 6 show spanning-tree interface interface-id or show spanning-tree vlan vlan-id Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Note The show spanning-tree interface interface-id privileged EXEC command displays information only if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return to the default setting, use the no spanning-tree [ vlan vlan-id ] port-priority interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the "Configuring Trunk Ports for Load Sharing" section. The spanning-tree path cost default value is derived from the media speed of an interface. If a loop occurs, spanning tree uses cost when selecting an interface to put in the forwarding state. You can assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last. If all interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Beginning in privileged EXEC mode, follow these steps to configure the cost of an interface. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical ports and port-channel logical interfaces (port-channel port-channel-number). Step 3 spanning-tree cost cost Configure the cost for an interface. If a loop occurs, spanning tree uses the path cost when selecting an interface to place into the forwarding state. A lower path cost represents higher-speed transmission. For cost, the range is 1 to 200000000; the default value is derived from the media speed of the interface. Step 4 spanning-tree vlan vlan-id cost cost Configure the cost for a VLAN. If a loop occurs, spanning tree uses the path cost when selecting an interface to place into the forwarding state. A lower path cost represents higher-speed transmission. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. For cost, the range is 1 to 200000000; the default value is derived from the media speed of the interface. Step 5 end Return to privileged EXEC mode. Step 6 show spanning-tree interface interface-id or show spanning-tree vlan vlan-id Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Note The show spanning-tree interface interface-id privileged EXEC command displays information only for ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. To return to the default setting, use the no spanning-tree [ vlan vlan-id ] cost interface configuration command. For information on how to configure load sharing on trunk ports by using spanning-tree path costs, see the "Configuring Trunk Ports for Load Sharing" section. You can configure the switch priority and make it more likely that a standalone switch or a switch in the stack will be chosen as the root switch. Note Exercise care when using this command. For most situations, we recommend that you use the spanning-tree vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands to modify the switch priority. Beginning in privileged EXEC mode, follow these steps to configure the switch priority of a VLAN. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree vlan vlan-id priority priority Configure the switch priority of a VLAN. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. For priority, the range is 0 to 61440 in increments of 4096; the default is 32768. The lower the number, the more likely the switch will be chosen as the root switch. Valid priority values are 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree vlan vlan-id Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Table 19-4 describes the timers that affect the entire spanning-tree performance. Table 19-4 Spanning-Tree Timers Variable Description Hello timer Controls how often the switch broadcasts hello messages to other switches. Forward-delay timer Controls how long each of the listening and learning states last before the interface begins forwarding. Maximum-age timer Controls the amount of time the switch stores protocol information received on an interface. Transmit hold count Controls the number of BPDUs that can be sent before pausing for 1 second. The sections that follow provide the configuration steps. You can configure the interval between the generation of configuration messages by the root switch by changing the hello time. Note Exercise care when using this command. For most situations, we recommend that you use the spanning-tree vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands to modify the hello time. Beginning in privileged EXEC mode, follow these steps to configure the hello time of a VLAN. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree vlan vlan-id hello-time seconds Configure the hello time of a VLAN. The hello time is the interval between the generation of configuration messages by the root switch. These messages mean that the switch is alive. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. For seconds, the range is 1 to 10; the default is 2. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree vlan vlan-id Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Beginning in privileged EXEC mode, follow these steps to configure the forwarding-delay time for a VLAN. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree vlan vlan-id forward-time seconds Configure the forward time of a VLAN. The forward delay is the number of seconds an interface waits before changing from its spanning-tree learning and listening states to the forwarding state. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. For seconds, the range is 4 to 30; the default is 15. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree vlan vlan-id Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id forward-time global configuration command. Beginning in privileged EXEC mode, follow these steps to configure the maximum-aging time for a VLAN. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree vlan vlan-id max-age seconds Configure the maximum-aging time of a VLAN. The maximum-aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration. For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094. For seconds, the range is 6 to 40; the default is 20. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree vlan vlan-id Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. You can configure the BPDU burst size by changing the transmit hold count value. Note Changing this parameter to a higher value can have a significant impact on CPU utilization, especially in Rapid-PVST mode. Lowering this value can slow down convergence in certain scenarios. We recommend that you maintain the default setting. Beginning in privileged EXEC mode, follow these steps to configure the transmit hold-count. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 spanning-tree transmit hold-count value Configure the number of BPDUs that can be sent before pausing for 1 second. For value, the range is 1 to 20; the default is 6. Step 3 end Return to privileged EXEC mode. Step 4 show spanning-tree detail Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree transmit holdcount valu e global configuration command. To display the spanning-tree status, use one or more of the privileged EXEC commands in Table 19-5 : Table 19-5 Commands for Displaying Spanning-Tree Status Command Purpose show spanning-tree active Displays spanning-tree information on active interfaces only. show spanning-tree detail Displays a detailed summary of interface information. show spanning-tree interface interface-id Displays spanning-tree information for the specified interface. show spanning-tree summary [ totals ] Displays a summary of interface states or displays the total lines of the STP state section. You can clear spanning-tree counters by using the clear spanning-tree [ interface interface-id ] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Page 3 This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the Catalyst 3750-X or 3560-X switch. Note The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard. The MSTP enables multiple VLANs to be mapped to the same spanning-tree instance, reducing the number of spanning-tree instances needed to support a large number of VLANs. The MSTP provides for multiple forwarding paths for data traffic and enables load-balancing. It improves the fault tolerance of the network because a failure in one instance (forwarding path) does not affect other instances (forwarding paths). The most common initial deployment of MSTP is in the backbone and distribution layers of a Layer 2 switched network. This deployment provides the highly available network required in a service-provider environment. When the switch is in the MST mode, the Rapid Spanning Tree Protocol (RSTP), which is based on IEEE 802.1w, is automatically enabled. The RSTP provides rapid convergence of the spanning tree through explicit handshaking that eliminates the IEEE 802.1D forwarding delay and quickly transitions root ports and designated ports to the forwarding state. Both MSTP and RSTP improve the spanning-tree operation and maintain backward compatibility with equipment that is based on the (original) IEEE 802.1D spanning tree, with existing Cisco-proprietary Multiple Instance STP (MISTP), and with existing Cisco per-VLAN spanning-tree plus (PVST+) and rapid per-VLAN spanning-tree plus (rapid PVST+). For information about PVST+ and rapid PVST+, see Chapter19, "Configuring STP" For information about other spanning-tree features such as Port Fast, UplinkFast, root guard, and so forth, see Chapter21, "Configuring Optional Spanning-Tree Features" A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same switch ID. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release. This chapter consists of these sections: MSTP, which uses RSTP for rapid convergence, enables VLANs to be grouped into a spanning-tree instance, with each instance having a spanning-tree topology independent of other spanning-tree instances. This architecture provides multiple forwarding paths for data traffic, enables load-balancing, and reduces the number of spanning-tree instances required to support a large number of VLANs. These sections describe how the MSTP works: For configuration information, see the "Configuring MSTP Features" section. For switches to participate in multiple spanning-tree (MST) instances, you must consistently configure the switches with the same MST configuration information. A collection of interconnected switches that have the same MST configuration comprises an MST region as shown in Figure 20-1. The MST configuration controls to which MST region each switch belongs. The configuration includes the name of the region, the revision number, and the MST VLAN-to-instance assignment map. You configure the switch for a region by using the spanning-tree mst configuration global configuration command, after which the switch enters the MST configuration mode. From this mode, you can map VLANs to an MST instance by using the instance MST configuration command, specify the region name by using the name MST configuration command, and set the revision number by using the revision MST configuration command. A region can have one or multiple members with the same MST configuration. Each member must be capable of processing RSTP bridge protocol data units (BPDUs). There is no limit to the number of MST regions in a network, but each region can support up to 65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. Unlike PVST+ and rapid PVST+ in which all the spanning-tree instances are independent, the MSTP establishes and maintains two types of spanning trees: An internal spanning tree (IST), which is the spanning tree that runs in an MST region. Within each MST region, the MSTP maintains multiple spanning-tree instances. Instance 0 is a special instance for a region, known as the internal spanning tree (IST). All other MST instances are numbered from 1 to 4094. The IST is the only spanning-tree instance that sends and receives BPDUs. All of the other spanning-tree instance information is contained in M-records, which are encapsulated within MSTP BPDUs. Because the MSTP BPDU carries information for all instances, the number of BPDUs that need to be processed to support multiple spanning-tree instances is significantly reduced. All MST instances within the same region share the same protocol timers, but each MST instance has its own topology parameters, such as root switch ID, root path cost, and so forth. By default, all VLANs are assigned to the IST. An MST instance is local to the region; for example, MST instance 1 in region A is independent of MST instance 1 in region B, even if regions A and B are interconnected. A common and internal spanning tree (CIST), which is a collection of the ISTs in each MST region, and the common spanning tree (CST) that interconnects the MST regions and single spanning trees. The spanning tree computed in a region appears as a subtree in the CST that encompasses the entire switched domain. The CIST is formed by the spanning-tree algorithm running among switches that support the IEEE 802.1w, IEEE 802.1s, and IEEE 802.1D standards. The CIST inside an MST region is the same as the CST outside a region. For more information, see the "Operations Within an MST Region" section and the "Operations Between MST Regions" section. Note The implementation of the IEEE 802.1s standard, changes some of the terminology associated with MST implementations. For a summary of these changes, see Table 19-1. The IST connects all the MSTP switches in a region. When the IST converges, the root of the IST becomes the CIST regional root (called the IST master before the implementation of the IEEE 802.1s standard) as shown in Figure 20-1. It is the switch within the region with the lowest switch ID and path cost to the CIST root. The CIST regional root is also the CIST root if there is only one region in the network. If the CIST root is outside the region, one of the MSTP switches at the boundary of the region is selected as the CIST regional root. When an MSTP switch initializes, it sends BPDUs claiming itself as the root of the CIST and the CIST regional root, with both of the path costs to the CIST root and to the CIST regional root set to zero. The switch also initializes all of its MST instances and claims to be the root for all of them. If the switch receives superior MST root information (lower switch ID, lower path cost, and so forth) than currently stored for the port, it relinquishes its claim as the CIST regional root. During initialization, a region might have many subregions, each with its own CIST regional root. As switches receive superior IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. For correct operation, all switches in the MST region must agree on the same CIST regional root. Therefore, any two switches in the region only synchronize their port roles for an MST instance if they converge to a common CIST regional root. If there are multiple regions or legacy IEEE 802.1D switches within the network, MSTP establishes and maintains the CST, which includes all MST regions and all legacy STP switches in the network. The MST instances combine with the IST at the boundary of the region to become the CST. The IST connects all the MSTP switches in the region and appears as a subtree in the CIST that encompasses the entire switched domain. The root of the subtree is the CIST regional root. The MST region appears as a virtual switch to adjacent STP switches and MST regions. Figure 20-1 shows a network with three MST regions and a legacy IEEE 802.1D switch (D). The CIST regional root for region 1 (A) is also the CIST root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. The RSTP runs in all regions. Figure 20-1 MST Regions, CIST Masters, and CST Root Only the CST instance sends and receives BPDUs, and MST instances add their spanning-tree information into the BPDUs to interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example, hello time, forward time, max-age, and max-hops) are configured only on the CST instance but affect all MST instances. Parameters related to the spanning-tree topology (for example, switch priority, port VLAN cost, and port VLAN priority) can be configured on both the CST instance and the MST instance. MSTP switches use Version 3 RSTP BPDUs or IEEE 802.1D STP BPDUs to communicate with legacy IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. Some MST naming conventions used in Cisco's prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network. Because the CIST is the only spanning-tree instance that spans the whole network, only the CIST parameters require the external rather than the internal or regional qualifiers. The CIST root is the root switch for the unique instance that spans the whole network, the CIST. The CIST external root path cost is the cost to the CIST root. This cost is left unchanged within an MST region. Remember that an MST region looks like a single switch for the CIST. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region. The CIST regional root was called the IST master in the prestandard implementation. If the CIST root is in the region, the CIST regional root is the CIST root. Otherwise, the CIST regional root is the closest switch to the CIST root in the region. The CIST regional root acts as a root switch for the IST. The CIST internal root path cost is the cost to the CIST regional root in a region. This cost is only relevant to the IST, instance 0. Table 20-1 compares the IEEE standard and the Cisco prestandard terminology. Table 20-1 Prestandard and Standard Terminology IEEE Standard Cisco Prestandard Cisco Standard CIST regional root IST master CIST regional root CIST internal root path cost IST master path cost CIST internal path cost CIST external root path cost Root path cost Root path cost MSTI regional root Instance root Instance root MSTI internal root path cost Root path cost Root path cost The IST and MST instances do not use the message-age and maximum-age information in the configuration BPDU to compute the spanning-tree topology. Instead, they use the path cost to the root and a hop-count mechanism similar to the IP time-to-live (TTL) mechanism. By using the spanning-tree mst max-hops global configuration command, you can configure the maximum hops inside the region and apply it to the IST and all MST instances in that region. The hop count achieves the same result as the message-age information (triggers a reconfiguration). The root switch of the instance always sends a BPDU (or M-record) with a cost of 0 and the hop count set to the maximum value. When a switch receives this BPDU, it decrements the received remaining hop count by one and propagates this value as the remaining hop count in the BPDUs it generates. When the count reaches zero, the switch discards the BPDU and ages the information held for the port. The message-age and maximum-age information in the RSTP portion of the BPDU remain the same throughout the region, and the same values are propagated by the region designated ports at the boundary. In the Cisco prestandard implementation, a boundary port connects an MST region to a single spanning-tree region running RSTP, to a single spanning-tree region running PVST+ or rapid PVST+, or to another MST region with a different MST configuration. A boundary port also connects to a LAN, the designated switch of which is either a single spanning-tree switch or a switch with a different MST configuration. There is no definition of a boundary port in the IEEE 802.1s standard. The IEEE 802.1Q-2002 standard identifies two kinds of messages that a port can receive: internal (coming from the same region) and external. When a message is external, it is received only by the CIST. If the CIST role is root or alternate, or if the external BPDU is a topology change, it could have an impact on the MST instances. When a message is internal, the CIST part is received by the CIST, and each MST instance receives its respective M-record. The Cisco prestandard implementation treats a port that receives an external message as a boundary port. This means a port cannot receive a mix of internal and external messages. An MST region includes both switches and LANs. A segment belongs to the region of its designated port. Therefore, a port in a different region than the designated port for a segment is a boundary port. This definition allows two ports internal to a region to share a segment with a port belonging to a different region, creating the possibility of receiving both internal and external messages on a port. The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode. Note If there is a legacy STP switch on the segment, messages are always considered external. The other change from the prestandard implementation is that the CIST regional root switch ID field is now inserted where an RSTP or legacy IEEE 802.1Q switch has the sender switch ID. The whole region performs like a single virtual switch by sending a consistent sender switch ID to neighboring switches. In this example, switch C would receive a BPDU with the same consistent sender switch ID of root, whether or not A or B is designated for the segment. The Cisco implementation of the IEEE MST standard includes features required to meet the standard, as well as some of the desirable prestandard functionality that is not yet incorporated into the published standard. The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco's implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port. Two cases exist now: The boundary port is the root port of the CIST regional root--When the CIST instance port is proposed and is in sync, it can send back an agreement and move to the forwarding state only after all the corresponding MSTI ports are in sync (and thus forwarding). The MSTI ports now have a special master role. The boundary port is not the root port of the CIST regional root--The MSTI ports follow the state and role of the CIST port. The standard provides less information, and it might be difficult to understand why an MSTI port can be alternately blocking when it receives no BPDUs (MRecords). In this case, although the boundary role no longer exists, the show commands identify a port as boundary in the type column of the output. Because automatic detection of prestandard switches can fail, you can use an interface configuration command to identify prestandard ports. A region cannot be formed between a standard and a prestandard switch, but they can interoperate by using the CIST. Only the capability of load-balancing over different instances is lost in that particular case. The CLI displays different flags depending on the port configuration when a port receives prestandard BPDUs. A syslog message also appears the first time a switch receives a prestandard BPDU on a port that has not been configured for prestandard BPDU transmission. Figure 20-2 illustrates this scenario. Assume that A is a standard switch and B a prestandard switch, both configured to be in the same region. A is the root switch for the CIST, and thus B has a root port (BX) on segment X and an alternate port (BY) on segment Y. If segment Y flaps, and the port on BY becomes the alternate before sending out a single prestandard BPDU, AY cannot detect that a prestandard switch is connected to Y and continues to send standard BPDUs. The port BY is thus fixed in a boundary, and no load-balancing is possible between A and B. The same problem exists on segment X, but B might transmit topology changes. Figure 20-2 Standard and Prestandard Switch Interoperation Note We recommend that you minimize the interaction between standard and prestandard MST implementations. This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops. When a designated port detects a conflict, it keeps its role, but reverts to discarding state because disrupting connectivity in case of inconsistency is preferable to opening a bridging loop. Figure 20-3 illustrates a unidirectional link failure that typically creates a bridging loop. Switch A is the root switch, and its BPDUs are lost on the link leading to switch B. RSTP and MST BPDUs include the role and state of the sending port. With this information, switch A can detect that switch B does not react to the superior BPDUs it sends and that switch B is the designated, not root switch. As a result, switch A blocks (or keeps blocking) its port, thus preventing the bridging loop. Figure 20-3 Detecting Unidirectional Link Failure A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same switch ID for a given spanning tree. The switch ID is derived from the MAC address of the stack master. If a switch that does not support MSTP is added to a switch stack that does support MSTP or the reverse, the switch is put into a version mismatch state. If possible, the switch is automatically upgraded or downgraded to the same version of software that is running on the switch stack. When a new switch joins the stack, it sets its switch ID to the stack master switch ID. If the newly added switch has the lowest ID and if the root path cost is the same among all stack members, the newly added switch becomes the stack root. A topology change occurs if the newly added switch contains a better root port for the switch stack or a better designated port for the LAN connected to the stack. The newly added switch

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download