WEBVTT 0:00:03.260000 --> 0:00:08.660000 Welcome to this video titled essential RSTP Cisco iOS commands. 0:00:08.660000 --> 0:00:11.580000 We're going to look at just some basic commands to ensure that your switch 0:00:11.580000 --> 0:00:16.900000 is running the rapid spanning tree flavor of spanning tree. 0:00:16.900000 --> 0:00:20.080000 We're going to take a look at how to deterministically set a switch as 0:00:20.080000 --> 0:00:24.360000 the root bridge, how to configure port fast, and some show or monitoring 0:00:24.360000 --> 0:00:27.100000 commands to see exactly what spanning tree is doing. 0:00:27.100000 --> 0:00:30.220000 So let's just jump right into it. 0:00:30.220000 --> 0:00:34.540000 Let's start with how you enable rapid spanning tree. 0:00:34.540000 --> 0:00:41.880000 Now, the moment you configure a VLAN on a switch and the moment that VLAN 0:00:41.880000 --> 0:00:47.700000 has at least one active port in it, it could be an access port, it could 0:00:47.700000 --> 0:00:49.240000 be a VLAN trunking port. 0:00:49.240000 --> 0:00:50.420000 It doesn't matter. 0:00:50.420000 --> 0:00:54.420000 The moment that VLAN says, oh, I have a port over which I can operate, 0:00:54.420000 --> 0:00:56.880000 spanning tree will automatically start. 0:00:56.880000 --> 0:00:58.680000 So you don't have to start up spanning tree. 0:00:58.680000 --> 0:01:03.920000 The question is, will spanning tree by default start up as the older pre 0:01:03.920000 --> 0:01:10.540000 2004 802.1d, or will it start up with rapid spanning tree? 0:01:10.540000 --> 0:01:13.240000 Most of the time it's not rapid spanning tree. 0:01:13.240000 --> 0:01:16.480000 We probably want rapid spanning tree because rapid spanning tree has some 0:01:16.480000 --> 0:01:19.880000 significant benefits which make it more rapid. 0:01:19.880000 --> 0:01:24.400000 It converges more quickly than 802.1d. 0:01:24.400000 --> 0:01:30.040000 So we can use the command spanning dash tree mode rapid dash pbst. 0:01:30.040000 --> 0:01:35.560000 So I'll go ahead and do that on one of my switches. 0:01:35.560000 --> 0:01:47.060000 Spanning dash tree mode rapid dash pbst. 0:01:47.060000 --> 0:01:52.180000 So notice it doesn't give you any message or anything to indicate that 0:01:52.180000 --> 0:01:53.940000 anything has changed. 0:01:53.940000 --> 0:01:55.800000 I'll show you in just a second. 0:01:55.800000 --> 0:01:56.620000 How do you confirm? 0:01:56.620000 --> 0:01:58.000000 Well, actually, let's just take a look at it now. 0:01:58.000000 --> 0:02:02.420000 All right. So if I was on the switch, how would I know it was doing rapid 0:02:02.420000 --> 0:02:03.700000 spanning tree mode? 0:02:03.700000 --> 0:02:10.200000 The most common command is show spanning dash tree summary. 0:02:10.200000 --> 0:02:19.020000 And notice it says right here in the output, switch is in rapid. 0:02:19.020000 --> 0:02:23.080000 Come on, is in rapid pbst mode. 0:02:23.080000 --> 0:02:27.360000 Now I explicitly configured that on this particular switch. 0:02:27.360000 --> 0:02:32.940000 Let's take a look at switch number one, who I haven't configured yet, 0:02:32.940000 --> 0:02:36.560000 and see what he displays. 0:02:36.560000 --> 0:02:47.540000 Show spanning dash tree summary. 0:02:47.540000 --> 0:02:53.920000 So notice in his case, in this switch's case, it says switch is in pbst 0:02:53.920000 --> 0:02:58.720000 mode. So that is not doing rapid spanning tree. 0:02:58.720000 --> 0:03:02.560000 Bear in mind the way that Cisco switches have worked since the last several 0:03:02.560000 --> 0:03:09.500000 decades is that each VLAN is running its own independent instance of spanning 0:03:09.500000 --> 0:03:12.780000 tree. That's what we call per VLAN spanning tree. 0:03:12.780000 --> 0:03:17.300000 The more VLANs you create, the more spanning trees the CPU has to take 0:03:17.300000 --> 0:03:21.140000 care of and monitoring track, which is harder for the CPU. 0:03:21.140000 --> 0:03:24.580000 So there are some upper limits as far as how many spanning trees you can 0:03:24.580000 --> 0:03:27.980000 actually have running concurrently in a Cisco switch. 0:03:27.980000 --> 0:03:32.360000 Now, when it says pbst mode like this, that means it's doing the original 0:03:32.360000 --> 0:03:37.720000 spanning tree, the pre-2004 version, the older spanning tree. 0:03:37.720000 --> 0:03:45.800000 As we just saw, when instead it says rapid pbst, that means we're still 0:03:45.800000 --> 0:03:51.480000 doing an individual instance of pbst on each individual VLAN, but now 0:03:51.480000 --> 0:04:01.160000 those spanning tree instances are doing rapid spanning tree. 0:04:01.160000 --> 0:04:05.980000 As it mentions, rapid spanning is backwards compatible with the legacy 0:04:05.980000 --> 0:04:08.840000 pre-rapid spanning tree. 0:04:08.840000 --> 0:04:16.020000 Now, we want rapid spanning tree to be able to identify our edge ports. 0:04:16.020000 --> 0:04:22.220000 For example, if we go here on switch two, who's currently running rapid 0:04:22.220000 --> 0:04:28.360000 spanning tree, show spanning dash tree, we have to select a particular 0:04:28.360000 --> 0:04:30.340000 VLAN that we're interested in. 0:04:30.340000 --> 0:04:38.340000 So notice that all of his ports say shared. 0:04:38.340000 --> 0:04:43.240000 Now, a port will say shared when it is in half duplex mode. 0:04:43.240000 --> 0:04:46.200000 And actually, that's not a good thing. 0:04:46.200000 --> 0:04:51.120000 In order to get the best benefits of rapid spanning and have it converge 0:04:51.120000 --> 0:04:55.420000 the fastest, you want your ports to be in point to point mode. 0:04:55.420000 --> 0:04:57.680000 In other words, full duplex. 0:04:57.680000 --> 0:05:01.220000 Just by the nature of this particular topology and how it's set up, that's 0:05:01.220000 --> 0:05:03.100000 why they're showing as shared. 0:05:03.100000 --> 0:05:05.240000 But you can't get around that. 0:05:05.240000 --> 0:05:13.900000 For example, I could go to interface gigabit 1 slash 1 and say, say, spanning 0:05:13.900000 --> 0:05:17.460000 dash tree, let's see, what is it? 0:05:17.460000 --> 0:05:22.280000 Link type, point to point. 0:05:22.280000 --> 0:05:29.980000 And now, even though it's doing half duplex, it now sees that link as 0:05:29.980000 --> 0:05:32.420000 a point to point link, which is good. 0:05:32.420000 --> 0:05:36.620000 Because the things that make rapid spanning tree rapid that make it faster 0:05:36.620000 --> 0:05:42.240000 than 802.1d, the original can only be done on point to point links. 0:05:42.240000 --> 0:05:45.520000 Now, in a real network environment, chances are when you're connecting 0:05:45.520000 --> 0:05:49.420000 things up to your switches, you will be doing it in full duplex mode. 0:05:49.420000 --> 0:05:51.280000 It'll just default to that. 0:05:51.280000 --> 0:05:55.100000 And so your rapid spanning tree will see the interfaces as point to point. 0:05:55.100000 --> 0:05:57.780000 You won't have to do that command that I just did. 0:05:57.780000 --> 0:06:00.460000 But in the event that you do, there it is. 0:06:00.460000 --> 0:06:04.240000 On the interface, you say spanning dash tree, link dash type, point to 0:06:04.240000 --> 0:06:10.300000 point. Now, notice though, no mention of edge ports here. 0:06:10.300000 --> 0:06:13.160000 Nothing saying that anything is an edge port. 0:06:13.160000 --> 0:06:17.640000 Let's go to switch three for a second. 0:06:17.640000 --> 0:06:20.820000 Actually, no, we can stick on switch two. 0:06:20.820000 --> 0:06:26.600000 So on switch two, if we... 0:06:26.600000 --> 0:06:36.240000 Let's see here. Where is it? 0:06:36.240000 --> 0:06:40.620000 Okay, so switch two, his gig zero two interface. 0:06:40.620000 --> 0:06:46.160000 This one right there is actually connecting to an edge device. 0:06:46.160000 --> 0:06:47.900000 It's connecting to a router. 0:06:47.900000 --> 0:06:51.900000 So we don't have any worries about broadcast going to that router and 0:06:51.900000 --> 0:06:53.060000 circling around again. 0:06:53.060000 --> 0:06:54.520000 That's not going to happen. 0:06:54.520000 --> 0:06:58.980000 That's no different than if we were connected to a laptop or a PC. 0:06:58.980000 --> 0:07:04.360000 So what we can do is we can safely go to that interface and configure 0:07:04.360000 --> 0:07:07.520000 the port fast feature. 0:07:07.520000 --> 0:07:11.280000 What port fast does is the moment it detects electrical connectivity on 0:07:11.280000 --> 0:07:14.860000 an interface, that interface instantly goes into the spanning tree forwarding 0:07:14.860000 --> 0:07:18.700000 state. It bypasses all intermediary states. 0:07:18.700000 --> 0:07:20.140000 That's the benefit of it. 0:07:20.140000 --> 0:07:27.020000 And as a byproduct of that, rapid spanning tree sees that as an edge port. 0:07:27.020000 --> 0:07:30.160000 And it treats that port a little bit differently than it would a normal 0:07:30.160000 --> 0:07:37.820000 port. So what we need to do is we need to make sure the gig zero slash 0:07:37.820000 --> 0:07:40.440000 two is viewed as an edge port. 0:07:40.440000 --> 0:07:42.020000 There's a couple of ways we could do that. 0:07:42.020000 --> 0:07:46.700000 We can go right to that interface and say spanning dash tree port fast. 0:07:46.700000 --> 0:07:51.780000 If we were actually trunking to that router, we could say spanning tree 0:07:51.780000 --> 0:07:53.640000 port fast trunk. 0:07:53.640000 --> 0:07:59.020000 Or at the global configuration level, we can say spanning tree port fast 0:07:59.020000 --> 0:08:04.380000 default. And any interfaces that are up that are not trunking ports, that 0:08:04.380000 --> 0:08:08.660000 are access ports, will have port fast applied to them automatically. 0:08:08.660000 --> 0:08:11.600000 So let's do that. 0:08:11.600000 --> 0:08:21.540000 Interface gig size zero two, spanning dash tree port fast. 0:08:21.540000 --> 0:08:25.960000 We get a little warning, but that's okay. 0:08:25.960000 --> 0:08:29.920000 It's just warning us that port fast could invoke a bridging loop. 0:08:29.920000 --> 0:08:33.940000 If you did it on a port that's actually connected to another switch and 0:08:33.940000 --> 0:08:37.720000 not to a host, that is a thing that could happen with port fast if you 0:08:37.720000 --> 0:08:39.760000 can figure down the wrong interface. 0:08:39.760000 --> 0:08:50.680000 And the last thing is we probably have a switch that is maybe our bigger 0:08:50.680000 --> 0:08:55.580000 switch. It has more CPU power, more memory, and it's like in the core 0:08:55.580000 --> 0:09:00.280000 of our network. And that's the switch that we want to make our root bridge. 0:09:00.280000 --> 0:09:03.060000 So how can we do that? 0:09:03.060000 --> 0:09:04.220000 There's two ways. 0:09:04.220000 --> 0:09:06.120000 One is not any better than the other. 0:09:06.120000 --> 0:09:08.120000 They just operate a little bit differently. 0:09:08.120000 --> 0:09:12.800000 We could say spanning dash tree VLAN, the VLAN ID root primary. 0:09:12.800000 --> 0:09:13.980000 How's that work? 0:09:13.980000 --> 0:09:16.400000 Well, let's take a look. 0:09:16.400000 --> 0:09:22.220000 First of all, I'm going to go to switch one. 0:09:22.220000 --> 0:09:25.940000 And I'm not going to explain this command just yet. 0:09:25.940000 --> 0:09:29.740000 We'll do this in just a second. 0:09:29.740000 --> 0:09:36.420000 Okay. So now let's go to switch two. 0:09:36.420000 --> 0:09:40.840000 Now, how can I tell if he's the root or not? 0:09:40.840000 --> 0:09:45.140000 Well, that is the command show spanning tree. 0:09:45.140000 --> 0:09:48.280000 VLAN and then the VLAN you're interested in, the tree you're interested 0:09:48.280000 --> 0:09:52.080000 in. I want to see the tree for VLAN one. 0:09:52.080000 --> 0:09:55.280000 So we can see right now that he is not the root. 0:09:55.280000 --> 0:09:56.420000 How do we know that? 0:09:56.420000 --> 0:10:02.380000 Well, in the output of this command right here, this first sort of paragraph 0:10:02.380000 --> 0:10:06.460000 of information gives you information about the root bridge. 0:10:06.460000 --> 0:10:10.920000 If this switch actually was the root bridge, it would say, plain as day, 0:10:10.920000 --> 0:10:13.860000 this switch is the root, or this bridge is the root. 0:10:13.860000 --> 0:10:15.200000 It would tell you that. 0:10:15.200000 --> 0:10:19.280000 Another way that you know he's not is that the information just below 0:10:19.280000 --> 0:10:24.980000 that, this information is about the switch you're currently on right now, 0:10:24.980000 --> 0:10:26.940000 which is switch two. 0:10:26.940000 --> 0:10:31.660000 Well, switch two, his priority is 32, 769. 0:10:31.660000 --> 0:10:34.440000 The root bridge is 12, 289. 0:10:34.440000 --> 0:10:38.220000 That's why he was the root because he had a lower bridge ID. 0:10:38.220000 --> 0:10:41.520000 So let's go ahead and make switch two the root bridge. 0:10:41.520000 --> 0:10:45.640000 We actually want switch two to be the root bridge, not this other guy. 0:10:45.640000 --> 0:10:53.020000 So the first command that does that is this, spanning-tree VLAN one root 0:10:53.020000 --> 0:10:59.680000 primary. And what that'll do is that switch will say, okay, what is the 0:10:59.680000 --> 0:11:01.540000 priority of the current root bridge? 0:11:01.540000 --> 0:11:05.460000 Oh, in this case, it's 12, 289. 0:11:05.460000 --> 0:11:11.880000 If I match that number, then we would see whoever's MAC address is lowest. 0:11:11.880000 --> 0:11:15.720000 If I match that number, would I become the root bridge because my MAC 0:11:15.720000 --> 0:11:17.040000 address is lower? 0:11:17.040000 --> 0:11:22.700000 If the answer is yes, then this command will have him match 12, 289, and 0:11:22.700000 --> 0:11:28.180000 he would win. But in this case, we can see, well, actually that would 0:11:28.180000 --> 0:11:34.880000 work because look, if this guy right here was not 32, 769, but instead 0:11:34.880000 --> 0:11:41.320000 he was 12, 289, and they ended up comparing each other's MAC addresses, 0:11:41.320000 --> 0:11:46.720000 then the current root bridge who is 00AF would be competing against my 0:11:46.720000 --> 0:11:53.740000 local switch who is 00AA, and AA is lower than AF. 0:11:53.740000 --> 0:11:56.120000 So as soon as I hit enter here, that's what we should see. 0:11:56.120000 --> 0:12:00.300000 We should see this switch matches the priority of the current root bridge, 0:12:00.300000 --> 0:12:09.380000 but this switch becomes the winner based on his MAC address being lower. 0:12:09.380000 --> 0:12:13.220000 Let's find out. And it did. 0:12:13.220000 --> 0:12:18.200000 See, this bridge is the root. 0:12:18.200000 --> 0:12:22.340000 All right, what if I did that command on switch one? 0:12:22.340000 --> 0:12:25.980000 Let's go ahead and configure him to be rapid spanning tree mode. 0:12:25.980000 --> 0:12:38.300000 Okay. Now let's go ahead and do do show spanning-tree VLAN one. 0:12:38.300000 --> 0:12:41.680000 Okay, so he says, look, I'm 12, 289. 0:12:41.680000 --> 0:12:45.920000 The root bridge is 12, 289, but he beat me because his MAC addresses lower 0:12:45.920000 --> 0:12:55.000000 than me. Now if I went to this guy and I said spanning-tree VLAN one root 0:12:55.000000 --> 0:13:01.240000 primary, now he'd say, well, my priority already matches, but I lost because 0:13:01.240000 --> 0:13:02.920000 my MAC address is too high. 0:13:02.920000 --> 0:13:05.220000 Why don't I lower my priority? 0:13:05.220000 --> 0:13:09.520000 So now this switch will find what the next increment down is from 4096. 0:13:09.520000 --> 0:13:17.420000 You know, so if we subtracted 4096 from 12 to 88, that would actually 0:13:17.420000 --> 0:13:23.340000 give us, I believe 8192, I believe is what number that would give us. 0:13:23.340000 --> 0:13:39.100000 And then he will win. 0:13:39.100000 --> 0:13:41.640000 And now this switch is the root. 0:13:41.640000 --> 0:13:47.540000 His priority was reduced to the next increment down that he could do, 0:13:47.540000 --> 0:13:51.740000 which was 8192, and that allowed him to be the root. 0:13:51.740000 --> 0:13:54.920000 A lot of people like that command, because you don't even have to worry 0:13:54.920000 --> 0:13:56.980000 about what priority value to set. 0:13:56.980000 --> 0:14:00.660000 The bridge will automatically do what he needs to do to become the root 0:14:00.660000 --> 0:14:05.280000 bridge. All right, now let's go to switch two. 0:14:05.280000 --> 0:14:07.720000 Let's do it again. 0:14:07.720000 --> 0:14:16.520000 Root primary. All right, now this guy should be the winner. 0:14:16.520000 --> 0:14:26.340000 He is. Let's do it again over here on switch one. 0:14:26.340000 --> 0:14:30.480000 On and on we go switch one. 0:14:30.480000 --> 0:14:32.280000 There's actually a reason why I'm doing this. 0:14:32.280000 --> 0:14:33.520000 Switch one is now the root. 0:14:33.520000 --> 0:14:35.160000 So now let's go back to switch two. 0:14:35.160000 --> 0:14:39.760000 Do it again on switch two. 0:14:39.760000 --> 0:14:44.400000 And notice it only takes effect once. 0:14:44.400000 --> 0:14:46.160000 It's not a recurring command. 0:14:46.160000 --> 0:14:50.960000 In other words, it doesn't make the root persistent on this device. 0:14:50.960000 --> 0:14:55.300000 If somebody comes in who's better, they will take over the role. 0:14:55.300000 --> 0:14:58.800000 Okay, so here's what I want you to see. 0:14:58.800000 --> 0:15:00.640000 Here on switch one now. 0:15:00.640000 --> 0:15:04.920000 Switch one says I'm not the root. 0:15:04.920000 --> 0:15:10.360000 The root bridge has the same priority as me, 4096, but he's got a lower 0:15:10.360000 --> 0:15:14.420000 MAC address. Now you might think, oh, okay, well, you know, Keith, you 0:15:14.420000 --> 0:15:18.400000 did tell me that zero is a valid priority, which is the next increment 0:15:18.400000 --> 0:15:26.740000 down from 4096. So if I do that command again, it should just knock me 0:15:26.740000 --> 0:15:29.620000 down to zero and he should be the winner, right? 0:15:29.620000 --> 0:15:35.760000 And it doesn't see that's the one downside of this root primary macro 0:15:35.760000 --> 0:15:42.200000 command. The lowest it can take your priority is 4096 and that's it. 0:15:42.200000 --> 0:15:46.180000 So right now we just got this message saying, sorry, I can't go any lower 0:15:46.180000 --> 0:15:47.300000 than I already am. 0:15:47.300000 --> 0:15:51.700000 So if I truly want to knock this switch down to zero to make him the root, 0:15:51.700000 --> 0:15:55.000000 that's where I have to use the second command on the bottom here, spanning 0:15:55.000000 --> 0:16:01.200000 -tree VLAN the number priority and explicitly set the priority value. 0:16:01.200000 --> 0:16:09.160000 Give him a priority of zero. 0:16:09.160000 --> 0:16:14.380000 And now he is the root bridge. 0:16:14.380000 --> 0:16:19.860000 Now keep in mind, if I went back to switch to and I also gave him a priority 0:16:19.860000 --> 0:16:21.380000 of zero, guess what? 0:16:21.380000 --> 0:16:31.420000 He would win because he's got the lower MAC address than switch one. 0:16:31.420000 --> 0:16:34.300000 And lastly, how do we verify the root bridge? 0:16:34.300000 --> 0:16:37.060000 Well, I've already shown you the second command, show spanning-tree VLAN, 0:16:37.060000 --> 0:16:40.280000 VLAN ID. We've seen that. 0:16:40.280000 --> 0:16:43.220000 This first section right here tells you who the root bridge is. 0:16:43.220000 --> 0:16:45.220000 You'll either say, hey, I am the root. 0:16:45.220000 --> 0:16:54.300000 I'm the winner or it will show you that you are not the root and what 0:16:54.300000 --> 0:16:58.040000 interface, what root port you use to get to the root, which is gigabit 0:16:58.040000 --> 0:16:59.740000 one-three in this case. 0:16:59.740000 --> 0:17:03.980000 Another command you can do, if you say, hey, I want to see who the root 0:17:03.980000 --> 0:17:05.520000 bridges are for all my VLANs. 0:17:05.520000 --> 0:17:07.200000 Right now I'm just looking at VLAN one. 0:17:07.200000 --> 0:17:10.140000 Well, if I've got like 20 VLANs, you tell me I have to do this command 0:17:10.140000 --> 0:17:13.660000 20 times, show spanning-tree VLAN one, show spanning-tree VLAN two, VLAN 0:17:13.660000 --> 0:17:15.840000 three. No, you don't. 0:17:15.840000 --> 0:17:20.300000 You can type show, spanning-tree root. 0:17:20.300000 --> 0:17:24.040000 And it'll show you all the VLANs you know about and who the root bridge 0:17:24.040000 --> 0:17:28.880000 is. Now, how do you tell if you are the root bridge? 0:17:28.880000 --> 0:17:31.280000 Well, let's go back here to switch one here for a second. 0:17:31.280000 --> 0:17:36.180000 Show spanning-tree root. 0:17:36.180000 --> 0:17:38.320000 All right, so notice this. 0:17:38.320000 --> 0:17:44.240000 This column gives you your cost to reach the root. 0:17:44.240000 --> 0:17:49.640000 Anytime your cost shows as zero, that means you are the root bridge. 0:17:49.640000 --> 0:17:52.120000 It doesn't cost you anything to get to yourself. 0:17:52.120000 --> 0:17:55.260000 So switch one right now is the root bridge for VLAN one. 0:17:55.260000 --> 0:18:00.440000 And he's also the root bridge that looks like for VLANs five through or 0:18:00.440000 --> 0:18:04.620000 95 through VLAN 99. 0:18:04.620000 --> 0:18:10.520000 So that concludes this video on the basic iOS commands for configuring 0:18:10.520000 --> 0:18:16.400000 rapid spanning-tree, verifying rapid spanning -tree, and configuring deterministic 0:18:16.400000 --> 0:18:19.740000 root placement within rapid spanning-tree.