Aug
07

For the sake of simplicity and enabling a wider audience we decided to post our regular CCIE brainteasers to the blog.  The winner will get a coupon worth 10% off the price of any of our training packages for R&S, Security, Voice or Service Provider or a $250 Amazon.com gift card! Note that the 10% off discount can not be used with any other discount code you may already have. Please post your solution under the comments for this blog entry – the first person to post the correct solution is the winner. Make sure you provide the correct email address in your response so we can contact you in the event you won.  On Tuesday (August 12th) we will post the solution and announce the winner.

For today the task is an easy one or at least appears to be ;-) Imagine a simple topology made of 3 switches:

STP topology

All switches are running STP for VLAN123 with SW3 being the root.  Your task is to configure the network in such a way so that SW1 port fa0/13 is the root port and SW1 port fa0/16 is the alternate port for VLAN 123.  Sound easy?  Here are the requirements:

1) Do not change any STP link cost

2) SW3 must remain the root for VLAN 123

3) The port types must be access

4) Do not use the switchport backup interface command

5) Do not try to use SPAN or RSPAN

6) Do not disable STP

Good luck!

The correct solution is:

1) Configure SW2 to tunnel STP BPDUs between SW1 and SW3. This will make SW1 thinking that that SW3 is directly connected with cost 19. STP is still active on SW2, but SW2 considers itself the root.

SW2:
interface FastEthernet 0/13
l2protocol-tunnel stp
!
interface FastEthernet 0/16
l2protocol-tunnel stp

2) Configure SW3 port Fa0/16 with lower STP priority than SW3 Fa 0/13. This will make SW1 select its connection to SW2 as the root port and the other uplink is alternate: both uplinks have equal costs, the upstream port priority is the tiebreaker.

SW3:
interface FastEthernet 0/16
spanning-tree port-priority 64

Below is a summarization of some of the close but not quite correct approaches people submitted:

1) Change interface bandwidth/speeds. This is not allowed, since the requirement was not to change spanning-tree costs.

2) Use dot1q tunnel on SW2 – this was prohibited by requirement to set port modes to access

3) Filter spanning-tree BPDUs coming to SW1 from SW3. This would break the requirement for Fa 0/16 port to be alternate path to root. Aside from that, that would result in STP loop, since this is a circular topology.

4) Disabling STP in SW2 explicitly which is prohibited by the requirements

5) Incorrectly assuming that port-priority on SW1 may influence root port selection

6) One complicated MSTP solution submitted by two people actually works but was submitted after the above solution was posted.  The solution is based on differentiation between regional root and CIST root.  Not the simplest solution but it works.  The two people that posted this solution also deserve credit for their MSTP knowledge.  We’ll do a post on MSTP inter-region operations here on the blog in the next few days.

The winner is: “Roman”
 roman.aprias@[snip].com

About Brian Dennis, CCIE #2210:

Brian Dennis has been in the networking industry for more than 22 years, with a focus on Cisco networking for the past 16 years. Brian achieved his first CCIE in Routing & Switching in 1996, and is currently the only ten year CCIE that holds five CCIE certifications. Prior to working with INE, Brian taught and developed CCIE preparation courses for various well known training organizations. Brian not only brings his years of teaching experience to the classroom, but also years of real world enterprise and service provider experience.

Find all posts by Brian Dennis, CCIE #2210 | Visit Website


You can leave a response, or trackback from your own site.

10 Responses to “CCIE Brainteaser: STP”

 
  1. Roman says:

    1)Tunnel stp for SW2 both ports
    int range fa 0/13,fa0/16
    l2protocol-tunnel stp
    Just for sure disable l2tpguard
    no errdisable detect cause l2ptguard

    2)Higher port priority on SW3 fa0/13 port
    int fa 0/13
    spanning-tree port-priority 224

  2. Antonio Soares says:

    SW1:
    !
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    !

    SW2:
    !
    interface FastEthernet0/13
    switchport mode access
    switchport access vlan 123
    l2protocol-tunnel stp
    !
    interface FastEthernet0/16
    switchport mode access
    switchport access vlan 123
    l2protocol-tunnel stp
    !
    SW3:
    !
    spanning-tree vlan 123 priority 0
    !
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    spanning-tree vlan 123 port-priority 0
    !

  3. Matt LaSota says:

    Configure SW1 and SW2 to participate in a MST instance named CCIE. Use MST instance 0. Configure the bridge ID of SW2 to be lower than SW1 but not lower than SW3. This will ensure that it is the MST Regional Root and cause SW1 FA0/16 to be ALT Blocking and FA0/13 to be it’s root port and forwarding.

    Relevant portions of config:

    SW1
    spanning-tree mode mst
    spanning-tree extend system-id
    !
    spanning-tree mst configuration
    name CCIE
    revision 1
    !
    spanning-tree mst 0 priority 28672

    SW2
    spanning-tree mode mst
    spanning-tree extend system-id
    !
    spanning-tree mst configuration
    name CCIE
    revision 1
    !
    spanning-tree mst 0-1 priority 24576

    SW3
    spanning-tree mode pvst
    spanning-tree extend system-id
    spanning-tree vlan 123 priority 16384

    Show Commands From SW1
    SW1#show spanning-tree

    MST0
    Spanning tree enabled protocol mstp
    Root ID Priority 16507
    Address 000c.3045.4180
    Cost 200000
    Port 15 (FastEthernet0/13)
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 28672 (priority 28672 sys-id-ext 0)
    Address 001b.d490.7c00
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Root FWD 200000 128.15 P2p
    Fa0/16 Altn BLK 200000 128.18 P2p Bound(STP)

    Show Commands From SW2
    SW2#show spanning-tree

    MST0
    Spanning tree enabled protocol mstp
    Root ID Priority 16507
    Address 000c.3045.4180
    Cost 200000
    Port 18 (FastEthernet0/16)
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 24576 (priority 24576 sys-id-ext 0)
    Address 001b.d4df.ec80
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 200000 128.15 P2p
    Fa0/16 Root FWD 200000 128.18 P2p Bound(STP)

    SW2#show span mst 0

    ##### MST0 vlans mapped: 1-4094
    Bridge address 001b.d4df.ec80 priority 24576 (24576 sysid 0)
    Root address 000c.3045.4180 priority 16507 (16384 sysid 123)
    port Fa0/16 path cost 200000
    Regional Root this switch
    Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
    Configured hello time 2 , forward delay 15, max age 20, max hops 20

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 200000 128.15 P2p
    Fa0/16 Root FWD 200000 128.18 P2p Bound(STP)

    Show Commands From SW3
    SW3#show spanning-tree

    VLAN0123
    Spanning tree enabled protocol ieee
    Root ID Priority 16507
    Address 000c.3045.4180
    This bridge is the root
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 16507 (priority 16384 sys-id-ext 123)
    Address 000c.3045.4180
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 19 128.13 P2p
    Fa0/16 Desg FWD 19 128.16 P2p

  4. bam says:

    You gotta love MST!

    1. Configure the links on SW1, SW2, and SW3
    SW1, SW2, SW3:
    !
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access

    2. Configure SW3 as the root bridge for vlan 123

    SW3(config)#spanning-tree vlan 123 root primary

    SW3#sh span

    VLAN0123
    Spanning tree enabled protocol ieee
    Root ID Priority 24699
    Address 001e.7a89.5880
    This bridge is the root
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 24699 (priority 24576 sys-id-ext 123)
    Address 001e.7a89.5880
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 19 128.15 P2p
    Fa0/16 Desg FWD 19 128.18 P2p

    SW1#sh span

    VLAN0123
    Spanning tree enabled protocol ieee
    Root ID Priority 24699
    Address 001e.7a89.5880
    Cost 19
    Port 18 (FastEthernet0/16)
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 32891 (priority 32768 sys-id-ext 123)
    Address 001e.f703.3c80
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 19 128.15 P2p
    Fa0/16 Root FWD 19 128.18 P2p

    SW2#sh span

    VLAN0123
    Spanning tree enabled protocol ieee
    Root ID Priority 32891
    Address 001e.7a89.5880
    Cost 19
    Port 18 (FastEthernet0/16)
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 32891 (priority 32768 sys-id-ext 123)
    Address 001f.260c.1500
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 15

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Altn BLK 19 128.15 P2p
    Fa0/16 Root FWD 19 128.18 P2p

    3. Configure SW1 and Sw2 in the same MST region

    SW1(config)#spann mst config
    SW1(config-mst)#name RGN12
    SW1(config-mst)#rev 1
    SW1(config-mst)#instance 0 vlan 123
    SW1(config-mst)#exit
    SW1(config)#spanning-tree mode mst

    SW2(config)#spanning-tree mst config
    SW2(config-mst)#name RGN12
    SW2(config-mst)#rev 1
    SW2(config-mst)#instance 0 vlan 123
    SW2(config-mst)#exit
    SW2(config)#spanning-tree mode mst

    5. Change SW2′s bridge priority so that SW2 is the Regional Root, but not the root bridge for the spanning tree (i.e. to a value greater than SW3′s priority)

    SW2(config)#spanning-tree mst 0 priority 28672

    And there we have it, SW3 is the root bridge for vlan 123….

    SW3#sh span

    VLAN0123
    Spanning tree enabled protocol ieee
    Root ID Priority 24699
    Address 001e.7a89.5880
    This bridge is the root
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 24699 (priority 24576 sys-id-ext 123)
    Address 001e.7a89.5880
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 19 128.15 P2p
    Fa0/16 Desg FWD 19 128.18 P2p

    And SW1 F0/13 is the root and F0/16 is the ALT….

    SW1#sh span

    MST0
    Spanning tree enabled protocol mstp
    Root ID Priority 24699
    Address 001e.7a89.5880
    Cost 200000
    Port 15 (FastEthernet0/13)
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
    Address 001e.f703.3c80
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Root FWD 200000 128.15 P2p
    Fa0/16 Altn BLK 200000 128.18 P2p Bound(STP)

  5. Rick Mur says:

    But you indirectly change a stp link cost, when you do that.

    I thought of l2protocol-tunnel stp on both ports at sw3

  6. Uri and Vladimir says:

    To solve such a query problem we recommend you to use “L2 protocol tunneling” and tune STP port priority on SW3 Fa0/16.

    Solution:

    !
    ! Sw2
    !
    interface FastEthernet0/1[36]
    switchport access vlan 123
    switchport mode access
    l2protocol-tunnel stp
    !
    ! Sw3
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    spanning-tree vlan 123 port-priority 0
    !

    This commands will definitly help!

    Best regards,
    Uri and Vladimir.

  7. Gianluca says:

    !!!!!!!!!! SW1 !!!!!!!!!!
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access

    !!!!!!!!!! SW2 !!!!!!!!!
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    l2protocol-tunnel stp
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    l2protocol-tunnel stp

    !!!!!!!!!! SW3 !!!!!!!!!!
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    spanning-tree port-priority 112

  8. zeus says:

    Here you go..

    First goal is to make SW2 transparent from this topology because STP four step decision process is here and Sw1 will never select fa0/13 as root port.

    1. Lowest Root ID
    2. Lowest Root Path Cost
    3. Lowest Sender BID
    4. Lowest Port ID

    On SW2

    interface fa0/13
    l2protocol-tunnel cdp
    l2protocol-tunnel stp
    l2protocol-tunnel vtp
    no cdp enable

    inteface fa0/16
    l2protocol-tunnel cdp
    l2protocol-tunnel stp
    l2protocol-tunnel vtp
    no cdp enable

    On SW3 yes the Root switch!

    interface fa0/16
    spanning-tree vlan 123 port-priority 64
    switchpoort
    switchport mode access
    switchport access vlan 123
    no shut

  9. Chayd says:

    ok let me try:

    We have to make SW2 transparent so on SW2 the following is required:

    interface fa0/13
    l2protocol-tunnel cdp
    l2protocol-tunnel stp
    l2protocol-tunnel vtp
    no cdp enable

    inteface fa0/16
    l2protocol-tunnel cdp
    l2protocol-tunnel stp
    l2protocol-tunnel vtp
    no cdp enable

    We have to ensure that SW3 is the root:

    spanning-tree vlan 123 root primary

    and we have to ensure that port 16 has a lower priority than port 13 or else SW1 will choose Fa 16 as his root:

    interface fa0/16
    spanning-tree vlan 123 port-priority 64

    all ports are access ports, memeber of vlan 123.

    and that’s it!

  10. Nicolae Matau says:

    Hello,

    one posible solution is (starting with default configuration on switches):

    SW3:
    !
    spanning-tree vlan 123 priority 24576
    !
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    spanning-tree port-priority 0
    end

    SW2:
    !
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    l2protocol-tunnel stp
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    l2protocol-tunnel stp
    end

    SW1:
    !
    interface FastEthernet0/13
    switchport access vlan 123
    switchport mode access
    !
    interface FastEthernet0/16
    switchport access vlan 123
    switchport mode access
    end
    ————————-

    SW3#sh spanning-tree vlan 123

    VLAN0123
    Spanning tree enabled protocol ieee
    Root ID Priority 24699
    Address 0014.69af.c000
    This bridge is the root
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

    Bridge ID Priority 24699 (priority 24576 sys-id-ext 123)
    Address 0014.69af.c000
    Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
    Aging Time 300

    Interface Role Sts Cost Prio.Nbr Type
    —————- —- — ——— ——– ——————————–
    Fa0/13 Desg FWD 19 128.13 P2p
    Fa0/16 Desg FWD 19 0.16 P2p

    SW3#

    SW1#sh spanning-tree vlan 123 detail

    VLAN0123 is executing the ieee compatible Spanning Tree protocol
    Bridge Identifier has priority 32768, sysid 123, address 0019.2f41.ca80
    Configured hello time 2, max age 20, forward delay 15
    Current root has priority 24699, address 0014.69af.c000
    Root port is 13 (GigabitEthernet0/13), cost of root path is 19
    Topology change flag not set, detected flag not set
    Number of topology changes 4 last change occurred 00:15:36 ago
    from GigabitEthernet0/16
    Times: hold 1, topology change 35, notification 2
    hello 2, max age 20, forward delay 15
    Timers: hello 0, topology change 0, notification 0, aging 300

    Port 13 (GigabitEthernet0/13) of VLAN0123 is forwarding
    Port path cost 19, Port priority 128, Port Identifier 128.13.
    Designated root has priority 24699, address 0014.69af.c000
    Designated bridge has priority 24699, address 0014.69af.c000
    Designated port id is 0.16, designated path cost 0
    Timers: message age 1, forward delay 0, hold 0
    Number of transitions to forwarding state: 2
    Link type is point-to-point by default
    BPDU: sent 79, received 580

    Port 16 (GigabitEthernet0/16) of VLAN0123 is blocking
    Port path cost 19, Port priority 128, Port Identifier 128.16.
    Designated root has priority 24699, address 0014.69af.c000
    Designated bridge has priority 24699, address 0014.69af.c000
    Designated port id is 128.13, designated path cost 0
    Timers: message age 1, forward delay 0, hold 0
    Number of transitions to forwarding state: 1
    Link type is point-to-point by default
    BPDU: sent 4, received 645

    SW1#

    regards,
    Nicolae

 

Leave a Reply

Categories

CCIE Bloggers