In order to get a visual of the current spanning tree instances, I chose to use the open source program Dia (http://dia-installer.de/). Dia has a number of Cisco icons to be used. One problem I noticed is that if I use the straight lines to connected icons together it is impossible to make redundant links. However, using the arc line type, we can offset the lines to show redundant links.
So, using my home lab equipment, I've set up an example to show how Dia can be used to map out spanning tree instances.
I have two 3550s as Distribution Layer switches (DS1 and DS2) while two 2950s are set as Access Layer switches (AS1 and AS2). The VLANs in place are: 1, 11, 22, 33 and 44.
The black lines are the physical layer (cable) connections:
VLAN number = x
Default Gateway: 10.1.x.1 255.255.255.0
DS1: 10.1.x.11
DS2: 10.1.x.12
AS1: 10.1.x.13
AS2: 10.1.x.14
Let's start with a 'show spanning tree summary' command on each switch:
DS1:
Note that DS1 is the Root bridge for VLANs 1, 11, 22 and 33.
DS2:
Again, note that DS is the Root bridge for VLAN 44.
AS1:
AS1 is not a Root bridge for any VLANs, which is what we want and expect.
AS2:
So, here is our first sign of a problem. AS2 is showing itself as the Root bridge for VLAN 44. However, DS2 also thinks it is the Root bridge for VLAN 44. So, we obviously have a problem with our trunk links and/or spanning tree.
Next, let's take a look at the spanning tree instances:
DS1 - VLAN 1
We can see that DS1 believes it is the root for VLAN 1 and that all the trunks are Designated ports and are in FWD (forwarding) status.
So, in Dia, we copy the original layout and rename it (for example, VLAN-1.dia) and we then change the links from DS1 to green to show that they are Designated ports. To change the color of the link, double-click the link and change the drop box named 'Line Color' from black to green.
Now that VLAN 1 on DS1 is documented, let's move over to the other distribution switch.
DS2 - VLAN 1
Here we can see that the FastEthernet ports are Designated ports, Gi 0/1 is the Root port (the port that is being utilized to access the Root bridge) and that Gi 0/2 is an Alternate port and is in the Blocking state. When we look at the topology in Dia, we can see that if Gi 0/2 was in a Forwarding state that a loop would occur. To document the blocking port, I suggest changing the link color to red and using the circled X located in the SDL icon section:
It is large when it is brought over to the map, so it will be necessary to resize the icon.
I also add an arrow for the Root port to show the direction toward the Root bridge. To add an arrow, double-click the line and choose an arrow style from the drop down box labeled either 'Start Arrow' or 'End Arrow'.
Here is the diagram once DS2's perspective of the VLAN is added:
Moving on to AS1:
AS1 - VLAN 1
Here we can see that AS1 is doing most of the blocking for the triangle between DS1, DS2 and AS1. Fa0/11 is Root port back to DS1 (the root bridge) while the rest of the ports are blocking to prevent a loop between DS1, DS2 and AS1 and the loop between the dual uplinks between DS2 and AS1. Here is the updated diagram:
And now to finish it off, let's go through AS2:
AS2 - VLAN 1
Same type of blocking as before on AS1: we have a Root port back to DS1 while the rest of the trunks are in Blocking.
And so the finished map looks like this:
Everything here looks great. One link from each switch going directly to the Root bridge.
Since HSRP is being used for gateway redundancy, let's check that out using the 'show standby vlan 1' command on DS1 and DS2.
DS1 is the Active gateway. This is verified by the 'State is Active' and 'Active router is local' lines.
DS2 should appear as the standby router:
And it is. This is verified by the the 'State is Standby' and 'Active router is 10.1.1.11, priority 250' lines.
It is important to verify what router (or Layer 3 switch in this lab) is the default gateway as we will see later on.
The next four VLANs (11, 22, 33 and 44) has been intentionally misconfigured to show how to use Dia to diagram the spanning tree instances to find problems with the trunk configurations.
Part 2 will be for VLAN 11.
Thank you for reading!
No comments:
Post a Comment