Boring repeat of the same old Topology, but works perfectly for review, so lets do it!
To review the STP timers the command “show span vlan #” is used depending on which VLAN you are looking for, in this case it is VLAN 30 throughout this lab:
SW2#sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32798
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
Highlighted in red is the STP Timers for the Root Bridge, highlighted in blue is the Local Bridge STP timers, and both are set to default STP Timer values.
The “Aging Time” highlighted in green refers to the 300 second default hold timer for dynamically learned MAC addresses, meaning the switch will remove a dynamic MAC entry from the table if it does not receive a frame from a dynamically learned host for 300 seconds, this is what the Aging Time is in STP (which is why it is shown under the local Bridge ID segment only).
For example, I will disable the Aging Timer for the MAC Table, and verify the change:
SW2(config)#mac address-table aging-time ?
<0-0> Enter 0 to disable aging
<10-1000000> Aging time in seconds
SW2(config)#mac address-table aging-time 0
SW2(config)#do sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32798
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 0 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
So a couple good notes there, the lowest value to set an aging timer to without disabling it is 10, and if the value in the output of “show spanning-tree …” shows anything other than 300 seconds it means the MAC tables Aging Timer has been manually changed or disabled.
Now for the STP Timers themselves, here are the default values again, and functions:
- Hello Time = 2 seconds by default, this is the frequency that the Root Bridge originates a Config BPDU
- Max Age = 20 seconds by default, the duration the switch retains the Superior Config BPDU, if none received the switch transitions the STP Port into a non-Forwarding state
- Forward Delay = 15 seconds by default, this is the duration of the Listening and Learning stages when a port transitions into Forwarding
The “Config BPDU” is the main type of BPDU exchanged between switches to select Root Bridges / Paths, I wanted to make clear that it is not a TCN (Topology Change Notification) or TCA (Topology Change Acknowledgement) BPDU types, as those are triggered by changes only and are not related to STP timers!
Also note that these timers are for 802.1d Spanning-Tree, not 802.1w RSTP (Rapid Spanning-Tree Protocol), as RSTP Port Transition process and timer usage (or lack of usage) is very different and will be shown in future studies of that topic.
The configurable values can be seen here, directly from the CLI, along with the commands to manually change them per VLAN:
SW2(config)#spanning-tree vlan 30 ?
forward-time Set the forward delay for the spanning tree
hello-time Set the hello interval for the spanning tree
max-age Set the max age interval for the spanning tree
priority Set the bridge priority for the spanning tree
root Configure switch as root
<cr>
SW2(config)#spanning-tree vlan 30 forward-time ?
<4-30> number of seconds for the forward delay timer
SW2(config)#spanning-tree vlan 30 hello-time ?
<1-10> number of seconds between generation of config BPDUs
SW2(config)#spanning-tree vlan 30 max-age ?
<6-40> maximum number of seconds the information in a BPDU is valid
So some values to remember for exam day:
- Forward Time = 4 – 30
- Hello Time = 1 – 10
- Max Age = 6 – 40
No timers can be disabled with 0, some sort of value has to be set for each timer!
My first thought when seeing these, is what would happen if the Hello Timer was set higher than the Max Age Timer? Total Anarchy?
Lets find out!
SW2(config)#spanning-tree vlan 30 max 6
SW2(config)#spanning
SW2(config)#spanning-tree vlan 30 hello 10
SW2(config)#
*Mar 1 00:59:17.172: stp: Value 10 rejected: hello-time has to be smaller than max-age to be useful
SW2(config)#
Denied!
The switch will detect the Hello value exceeds the Max Age, and rejects the Hello change, but it does keep the Max Age change as it was accepted first as verified here:
SW2(config)#do sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32798
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 6 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
Highlighted in green is the timer change to verify that the timers have been changed locally highlighted in blue in the Bridge ID information, however the Root ID timers highlighted in red are the timers the local switch / bridge is using.
This difference in timers can be used to verify a switch is a non-Root, because if they are different that indicates the switch is not a Root Bridge, as the Root Bridge cannot have different Root and Bridge ID timers.
That being said, it cannot be entirely verified that you are NOT on a Root or non-Root Bridge, because a non-Root bridge can be configured with the same timers as the Root Bridge values – So that is something to watch out for on exam day.
It is crucial to understand that concept for exam day, as seeing this in “show spanning-tree …” output on exam day, this may be the criteria needed to verify you are not looking at output from the Root Bridge!
Shown is a step by step configuration on the Root Bridge of the lowest possible timer settings, and the verification commands to demonstrate this concept:
SW1 (Root):
SW1(config)#span vlan 30 forward 4
SW1(config)#span vlan 30 hello 1
SW1(config)#span vlan 30 max 6
SW1(config)#do sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32798
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 1ce6.c7c1.c800
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg FWD 19 128.4 P2p
SW2 (non-Root):
SW2(config)#do sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32798
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 6 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
However if every switch in the network is configured for the lowest possible timer values for faster convergence time, you may not be able to verify its a non-Root Bridge:
SW2(config)#span vlan 30 forward 4
SW2(config)#span vlan 30 hello 1
SW2(config)#span vlan 30 max 6
SW2(config)#do sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 32798
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Bridge ID Priority 32798 (priority 32768 sys-id-ext 30)
Address 5897.1eab.c800
Hello Time 1 sec Max Age 6 sec Forward Delay 4 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p
So the output is similar to a Root Switch highlighted in red, then highlighted in blue is the contrast of information verifying this is a non-Root bridge, so these are things to be aware of to quickly extract the correct answer from the output and move to the next question on exam day!
So to give a once over crunch review of the three timers default and ranges:
- Forward Time = 4 – 30 (default 15)
- Hello Time = 1 – 10 (default 2)
- Max Age = 6 – 40 (default 20)
- Times cannot be disabled!
Also one thing that isn’t on the blueprint particularly and I haven’t seen much in training material, is just knowing about the existence of the command for switches to dynamically change their STP timers:
Configuration:
SW2(config)#span vlan 30 ?
forward-time Set the forward delay for the spanning tree
hello-time Set the hello interval for the spanning tree
max-age Set the max age interval for the spanning tree
priority Set the bridge priority for the spanning tree
root Configure switch as root
<cr>
SW2(config)#span vlan 30 root ?
primary Configure this switch as primary root for this spanning tree
secondary Configure switch as secondary root
SW2(config)#span vlan 30 root secondary ?
diameter Network diameter of this spanning tree
<cr>
SW2(config)#span vlan 30 root secondary diameter ?
<2-7> Maximum number of bridges between any two end nodes
SW2(config)#span vlan 30 root secondary diameter 2 ?
hello-time Hello interval for this spanning tree
<cr>
SW2(config)#span vlan 30 root secondary diameter 2
Verification:
SW2(config)#do sh span vlan 30
VLAN0030
Spanning tree enabled protocol ieee
Root ID Priority 28702
Address 5897.1eab.c800
This bridge is the root
Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec
Bridge ID Priority 28702 (priority 28672 sys-id-ext 30)
Address 5897.1eab.c800
Hello Time 2 sec Max Age 10 sec Forward Delay 7 sec
Aging Time 4 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 19 128.3 P2p
Fa1/0/2 Desg LRN 19 128.4 P2p
I won’t go into the intricacies of the command parameters as this again is NOT on the CCNP SWITCH blueprint at the time of this writing, however I did want to review the behavior of configuring this.
This gets into hardcoding Root and Secondary switches which I will expand on at another time, however I did want to point out that because SW1 is not hardcoded as the “Primary Root” Bridge, SW2 is now the Root Bridge for VLAN 30 even though it was configured as a “Secondary Root” Bridge on that particular VLAN.
None of these configurations have impacted any other VLAN than the VLAN 30 being dissected on the CLI.
SW1 is now the Root Bridge for VLANs 1, 20, and 40, but SW2 owns VLAN 30 as the Root Bridge, which is going beyond the scope of basic STP timers so I will halt here.
Next will be review of Primary and Secondary switches in a wider switched network along with all the considerations that go with it!
The DEVNET GRIND! 