This will be as brief of Exam Day notes for MST as I can make, I will eventually slowly lab the above Topology for demonstrations, but will cover all the basics first!
The information required for switches to be in the same MST Region is as follows:
- MST Region Name (Blank by default)
- MST Region # (Blank by default, must be manually configured)
- Matching Digest Value from MSTI to VLAN Mappings (All VLANs 1-4096 mapped to MST0 by default)
This means you can literally just enable MST as your STP mode on a few connected switches, and they will all be in the same region, because their default values will all match – This is because you must manually configure all these values!
Quick example of enabling the above Topology with defaults running:
SW1
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#span mode mst ?
<cr>
SW1(config)#span mode mst
SW1(config)#
*Mar 1 00:39:02.912: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
SW1(config)#
SW2
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#span mode mst
^^ No VLAN1 bounce there, must be looking good!
SW3
SW3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#span mode rapid
^^ Also no VLAN1 bounce, so all switches must be communicating, so lets verify:
SW1 “sh span” output
SW1(config)#do sh span
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 200000 128.3 P2p
Po1 Desg FWD 100000 128.512 P2p
SW1(config)#
There is a lot going on here, lets list it off bullet point style:
- Instead of VLAN# at the top we see an MST Instance #, 0 by default for VLAN1
- Shows “mstp” spanning-tree enabled just below the instance #
- SW1 in the MST Region is the Root Bridge of all 3 switches, MST or RSTP
- STP Link Costs sky rocket from PVST+ or RSTP, important values explained
Link costs to know for exam day are pretty easy to remember:
- 10mbps (Ethernet) = 2,000,000 per MST hop
- 100mbps (FastEthernet) = 200,000 per MST hop
- 1000mbps (GigEthernet) = 20,000 per MST hop
- 10gbps (10gigEthernet) = 2,000 per MST hop
Apparently my Port-Channel with 2 x FastEthernet Trunks bundled is 100k, not sure if that goes down per link you bundle, will test that during the lab.
These Link Costs are VERY Important(!!!) for exam day, because MST elects 2 different Root Bridges (which can be the same as it is here), one for the MST Region and one for the CST (Common Spanning-Tree) that the switches are connected to.
It is preferable to have your Root Bridge within your MST Region by design if possible.
The reason for a Region Root Bridge (MST Region) as well as a CST Root Bridge (Entire Topology), is because all the of the MST Region Bridges will compare their cost to the Root Bridge if outside their Region, and set their ports accordingly (Root port, Designated Port, Blocking Port).
This is also so the Bridges within the Region know what state to put their “Boundary Ports” into, which are ports connected to non-MST enabled Bridges, because of how their BPDUs differentiate.
To steal a diagram drawn up from a previous MST post, a larger Topology can be viewed in this way:
This MST Region has tons of Bridges within it, but this Topology logically in the scope of the entire CST spanning-tree looks like this:
To drive this point home, lets look at SW3’s “sh span” output from my above Topology:
SW3
SW3#sh span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32768
Address 1ce6.c7c1.c800
Cost 19
Port 3 (FastEthernet1/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 5897.1eab.ce00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Root FWD 19 128.3 P2p
Fa1/0/2 Altn BLK 19 128.4 P2p <—- Blocked!
SW3#
Note this switch is using normal STP Costs, which every hop through a CST bridged domain will add normal increments, but as soon as it starts hopping through the MST Region the costs off 200k+ start getting added to the STP Link Cost!
Also note it shows SW1 as the RSTP switches Root Bridge, because all STP uses the same BID values (Lowest Priority:Lowest MAC Address value) to elect a Root Bridge, so you can lower the Priority on any of the three switches to make it the Root Bridge as they are all at their default Priority # 32768.
Quickly squeeze in some MST random facts before delving further into details
- When MST mode is enabled, RSTP mode is auto enabled for compatibility, which is why MST Bridge Timers match that of RSTP, though still compatible with PVST
- MST BPDU “Type” # is 3, to indicate it is MST, whereas PVST+ is 0 and RSTP is 2
- There can be a maximum of 16 MST Instances within a Region
- “Edge” Port types behave the same as Portfast, Access ports that go immediately into FWD state because it is not linking to another Bridge
- P2P Port types indicate a point-to-point link to another Bridge
Why two Root Bridges are needed for an MST Region
If the Root Bridge is outside of the MST Region, the Bridges within that Region need to know their best / Least Cost Path to the Root Bridge, so that the Boundary Bridges / Ports know which ones to block and all Bridges within the Region can set their STP Port states.
If the Root Bridge is outside of the Region, it will hold its own election using the same BID process of Priority + MAC Addy, and set its STP Port States according to STP Link Costs to the IST Master / Region Root Bridge as shown here with Path Cost increments to demo:
The Path Cost is actually descending from CST Root Bridge to demonstrate how the Root Path cost would increment, however MST Bridges would actually calculate their cost to the IST Master Bridge in the Region to determine Port States.
I am not sure how to verify the IST Master outside of looking at each Bridges Priority / MAC to see which is the Lowest Value, I will take a look once I am labbing again.
MST compatibility with other STP types, BPDUs, and MSTI0/IST Significance
When PVST+ or RSTP sends a BPDU, it will be tagged with 802.1q Trunk VLAN tags, indicating the VLANs that it knows of within the BPDU frame.
MST BPDU’s first and foremost always send MSTI0 out every port, whether it is a Trunk or an Access Port, just in case the other end of the link is a non-MST Bridge. The reason for this is the MST BPDU uses “M Records” within the BPDU for each manually added MST Instance where a normal BPDU would have a VLAN tag, however when sending BPDUs out a “Boundary Port” it will not include M Records because the switch on the other side would not understand what that is – So all M Records / MST Instances outside of MST Instance 0 are mapped to Instance 0 (or slaves to it).
Note that M Records only pertain to manually added instances, not the default MSTI0 (IST), so if there are 5 MSTI’s in a Region including Instance 0 the BPDU will only contain 4 M Records – That was the long way of getting to that point for exam day.
MST Instance 0 / The IST will not have an “M Record” in a BPDU ever. EVER. !!!
So what happens when a Boundary Port detects a non-MST Bridge?
When a BPDU is received by an MST Bridge that is not an MST BPDU (does not contain MSTI0 or any additional M Records), it will detect the neighbor type, and reformat its BPDU sent out that Boundary Port to match the STP type received so it can be read by the remote Bridge in the CST Domain.
This is why RSTP is “auto enabled” on the MST enabled switch, so it can still speak normal STP to CST Bridges, although the mode is still “MST” running on it even though you may notice the timers are the same as RSTP in “sh span” output.
Review of the important stuff that was all discussed here
- Keep in mind the MST Link Cost values, as MST Bridges will use those as well as normal STP costs when calculating Root Path cost
- 16 instances maximum
- MSTI0 = IST
- 2 Root Bridges, the CST Root Bridge, and the IST Master or Region Root
- Backwards compatible with both PVST+ and RSTP
- MSTI0 is always sent out in BPDU’s, but does not count as an “M Record”
I think that is about it, there is no easy way to condense MST, but now for the fun part.
Time to lab a little bit to check out some different behaviors and configuration
First lets take a look at our options on SW1:
SW1(config)#span mst ?
WORD MST instance range, example: 0-3,5,7-9
configuration Enter MST configuration submode
forward-time Set the forward delay for the spanning tree
hello-time Set the hello interval for the spanning tree
max-age Set the max age interval for the spanning tree
max-hops Set the max hops value for the spanning tree
This is where you will do all your configuration for MST, in MST sub-configuration mode:
SW1(config)#span mst config
SW1(config-mst)#?
abort Exit region configuration mode, aborting changes
exit Exit region configuration mode, applying changes
instance Map vlans to an MST instance
name Set configuration name
no Negate a command or set its defaults
private-vlan Set private-vlan synchronization
revision Set configuration revision number
show Display region configurations
SW1(config-mst)#
This is very good to know for exam day, you do not want to “abort” out of configuration mode if you want your changes to that switch to save, you must use “exit” from this config prompt!
SW1(config-mst)#name CCNP
SW1(config-mst)#revision 100
SW1(config-mst)#exit
SW1(config)#
*Mar 1 01:58:23.020: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 01:58:23.045: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
SW1(config)#
Now SW1 and SW2 do not have matching Region names or Revision #’s, so they are now in two separate Regions, let see how this effects “sh span” output on SW1:
SW1(config)#do sh span
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Fa1/0/1 Desg FWD 200000 128.3 P2p
Po1 Desg FWD 100000 128.512 P2p
SW1(config)#
From here everything seems to fine, lets take a look at an MST verification command:
SW1(config)#do sh span mst detail
##### MST0 vlans mapped: 1-4094
Bridge address 1ce6.c7c1.c800 priority 32768 (32768 sysid 0)
Root this switch for the CIST <<<<—- THE IST MASTER VERIFIED!!!
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
FastEthernet1/0/1 of MST0 is designated forwarding
Port info port id 128.3 priority 128 cost 200000
Designated root address 1ce6.c7c1.c800 priority 32768 cost 0
Design. regional root address 1ce6.c7c1.c800 priority 32768 cost 0
Designated bridge address 1ce6.c7c1.c800 priority 32768 port id 128.3
Timers: message expires in 0 sec, forward delay 0, forward transitions 1
Bpdus sent 93, received 4
Port-channel1 of MST0 is designated forwarding
Port info port id 128.512 priority 128 cost 100000
Designated root address 1ce6.c7c1.c800 priority 32768 cost 0
Design. regional root address 1ce6.c7c1.c800 priority 32768 cost 0
Designated bridge address 1ce6.c7c1.c800 priority 32768 port id 128.512
Timers: message expires in 0 sec, forward delay 0, forward transitions 1
Bpdus sent 94, received 1
SW1(config)#
So this really shows you everything with “sh span mst detail” as can be seen, it shows this Bridge is the CIST Root aka IST Master, the information for all of its different interfaces, however I don’t really see any sort of “neighbors” type command like to confirm if neighboring switches are in the same MST Region.
SW1(config)#do sh span mst interface po1
Port-channel1 of MST0 is designated forwarding
Edge port: no (default) port guard : none (default)
Link type: point-to-point (auto) bpdu filter: disable (default)
Boundary : internal bpdu guard : disable (default)
Bpdus sent 218, received 1
Instance Role Sts Cost Prio.Nbr Vlans mapped
——– —- — ——— ——– ——————————-
0 Desg FWD 100000 128.512 1-4094
SW1(config)#
I think this is maybe the best way to confirm, as it shows this to be “Boundary Internal” in the “sh span mst int #” command, I will join SW2 back to this Region and check on that side if it shows different once it is back in the same Region:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#
SW2(config)#span mst config
SW2(config-mst)#name CCNP
SW2(config-mst)#revision 100
SW2(config-mst)#
Aaaaand nothing happens, so lets see if it shows Boundary Internal off Port-Channel1:
SW2(config-mst)#do sh span mst int po1
Port-channel1 of MST0 is root forwarding
Edge port: no (default) port guard : none (default)
Link type: point-to-point (auto) bpdu filter: disable (default)
Boundary : boundary (RSTP) bpdu guard : disable (default)
Bpdus sent 8, received 3812
Instance Role Sts Cost Prio.Nbr Vlans mapped
——– —- — ——— ——– ——————————-
0 Root FWD 100000 128.512 1-4094
SW2(config-mst)#
I just realized I need to “exit” to commit the changes, however this clearly shows how RSTP is “auto enabled” when you enable MST on a switch, now to exit and check again:
SW2(config)#do sh span mst int po1
Port-channel1 of MST0 is root forwarding
Edge port: no (default) port guard : none (default)
Link type: point-to-point (auto) bpdu filter: disable (default)
Boundary : internal bpdu guard : disable (default)
Bpdus sent 5, received 10
Instance Role Sts Cost Prio.Nbr Vlans mapped
——– —- — ——— ——– ——————————-
0 Root FWD 100000 128.512 1-4094
SW2(config)#
Now we are showing Boundary Internal on this side as well, so that must mean that it is within the same Region, so for exam day I would say this command is how you can tell which of your switch neighbors are in your Region.
One last thing I want to check is that Port-Channel1 cost of 100k because it has 2 x FastEthernet cables bundled, I want to see if a third will reduce the cost even more:
SW1(config-if)#do sh int po1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 1ce6.c7c1.c80d (bia 1ce6.c7c1.c80d)
MTU 1500 bytes, BW 300000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Fa1/0/10 Fa1/0/11 Fa1/0/12
Added Fa1/0/10 to the channel-group, aaaaaand:
SW1(config-if)#do sh span
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 1ce6.c7c1.c800
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 1ce6.c7c1.c800
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
——————- —- — ——— ——– ——————————–
Po1 Desg FWD 66660 128.512 P2p
SW1(config-if)#
It dropped from 100k to 66,660 for cost when adding a third FastEthernet link to the bundle, so I’d just stick to knowing the basic costs and it should do for exam day.
And with that I am done reviewing MST, as much fun as it is!
I don’t anticipate a LOT of questions on this, but there are so many gotchas with M Records in BPDUs, CIST / IST Masters, Cost values, etc that I can see getting a small pool of MST questions so be sure that you somewhat commit this info to memory!
Until next time!
The DEVNET GRIND! 