Configuring STP Interface Parameters

Just configuring the basic’s of spanning-tree may not be the best design of spanning-tree when it comes to large networks. In this lab we’ll discuss and demonstrate the configuration and verification of spanning-tree interface priority and cost which can be used to manipulate spanning-tree path selection as well as edge ports and root protection.






  • Core Knowledge

  • Lab Topology

  • Initial Configs

  • Lab Objectives

  • Lab Instruction




Core Knowledge and Real World Scenarios


So you’ve installed multiple Juniper switches and configured the root and backup root bridge on RSTP and you tell yourself that you are finished?

While this is commonly the case with nearly every network in production, unfortunately lack of knowledge can result in poor network architecture. While configuring the root and backup root bridge is important, there are other ways to engineer your network to operate more efficiently.

Most networks today however utilize ethernet link aggregation in which case multiple redundant individual ports from a spanning-tree perspective do not need to be manipulated. There are however cases where you will need to manipulate the spanning-tree utilizing port priority and port cost.

First lets take a look at how spanning tree determines the root path back to the root bridge. First it will examine all BPDU’s received from neighboring devices which include their BID (Bridge Priority) and interface priority in which the BPDU originated. Than it will determine the best path to the root by examining local interface cost, if all cost are equal it will than determine which advertising interface from a neighboring switch has the lowest port priority. If all advertised BPDU’s from the neighboring switches show that the port priority is equal it will than examine the advertising interface port id and select the lowest port identifier. Eventually this process will lead to a specific port becoming the root port in the spanning-tree.

Lets say if you want to manipulate this path manually you could configure the spanning-tree interface cost on a specific interface to make it become the root port if necessary. By default the cost is 20,000 on a Juniper EX Switch.

So for example you have two switches connected together with multiple cross connects and SW1 is the root bridge whereas switch 2 has the default settings. By default the lowest port number will be selected by SW4 to become the root port. This can be changed locally using the set spanning-tree rstp interface ge-0/0/23 cost # whereas # is the integer cost between 1 and 200000000

By setting the cost, the switch will calculate best path to the root with the port with the lowest cost. Keep in mind the interface cost is only locally significant and will not affect down stream switches root path selection. This however can be accomplished by manipulating the spanning-tree port priority.

Each time an interface advertises a BPDU it will also place its own port priority and port identifier in the BPDU so down stream switches can determine the best path to the root based on administratively advertised information. Priorities can be configured on a give switch to influence how a neighboring switch will select its root path. For example SW1 and SW2 are connected via Ge-0/0/22 and Ge-0/0/23. Using the default values, Ge-0/0/22 will become the root port however if you configure the port priority of 32 on Ge-0/0/23 than SW2 will prefer the Ge-0/0/23 link instead of the Ge-0/0/22 due to the lower port priority.

To set the port priority on Ge-0/0/23 you’ll use the set protocols rstp interface ge-0/0/23.0 priority # whereas # is a priority in increments of 16.

Port cost and Port Priority can be manipulated on a CST, VSTP and MSTP using the correct commands referencing the given protocols. ie. set protocols vstp vlan 5 interface ge-0/0/23.0 priority 16 which will set the port priority for Ge-0/0/23 on VLAN 5 to 16.

Now lets move on to what Cisco calls “Portfast”. This is a technology that will transition the configured interface to forwarding without having to wait for spanning tree to determine if the interface causes a loop or not. This is useful on devices that have extremely fast boot up time and request DHCP Addresses. On juniper this is called an edge port and is configured using the set protocols rstp interface ge-0/0/1 edge

To verify the specific operation of a Juniper EX Series switch you can use the show spanning-tree interface ge-0/0/1 detail command in user mode. An example has been provided below;

root@SW1> show spanning-tree interface ge-0/0/1 detail

Spanning tree interface parameters for instance 0

Interface name                 : ge-0/0/1.0
Port identifier                : 128.514
Designated port ID             : 128.514
Port cost                      : 20000
Port state                     : Forwarding
Designated bridge ID           : 4096.00:23:9c:1a:a3:41
Port role                      : Designated
Link type                      : Pt-Pt/EDGE
Boundary port                  : NA
Edge delay while expiry count  : 3
Rcvd info while expiry count   : 0 


root@SW1>

Next up we have root protection which Cisco likes to call root guard. This type of configuration will prevent a specific port from becoming the root port to ensure that the spanning-tree topology does not change in a manner that forwards traffic to a switch never intended to be a path to the root bridge. Exercise extreme caution when configuring root protection as it requires some design theory and understanding as to how spanning-tree will elect the root ports.

However lets look at an example where you may need root protection. Lets say you have 4 switches in a full mesh. SW1 is the root bridge and SW2 is the backup root bridge. With this in mind you know that from SW4’s perspective links towards SW3 should NEVER become the root path(s) and thus you can enable root protection on the links from SW4 to SW3 to ensure that SW3 never becomes the best path to the root.

This technology also has an indirect benefit in which you can ensure that specific switches never become the root. In this example if SW3 were to become the root, SW4 would disable the links towards SW3 to prevent unintended spanning-tree issues.



Lab Logical Topology


The following logical topology is used in all labs found through out Section 4 of the Junos Workbook;

To view the physical cabling topology please visit the Topology page.




Lab Device Initial Configurations


Prior to starting this lab please zeroize all switches. Afterwards log in using the root account and start a CLI session and load the following initial configurations by copying and pasting them into the device console.





Before you Start


This lab requires that you have access to real Juniper EX Series Switches and cannot be completed using the vSRX platform. If you do not have Juniper switches or you cannot

afford to purchase them than you can rent lab time on the Juno Lab provided by Junos Workbook where you have access to four EX3200-24 Switches and four J2320 routers which can

be used to complete this lab.


Lab Objectives


In this lab you will complete the following objectives.


  • Configure SW4 to use Ge-0/0/20 as the prefered path to the root bridge (SW1) using only interface cost.

  • Without changing any configuration on SW3, make SW3’s interface Ge-0/0/19 the preferred path to reach the root bridge (SW1)

  • Configure SW1’s Ge-0/0/1 interface to be placed into forwarding immediately upon initial link state change.

  • Configure SW4 in a manner that all interfaces connected to SW3 will not become the preferred path to the root.


One More Thing…


It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.

If you are a student preparing for the Juniper JNCIA Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the

first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.




Lab Instruction


The follow lab instruction is performed on the Juno Lab provided by Junos Workbook which use real Juniper EX3200-24T switches. This lab cannot be performed on vSRX due to the lack of switching support.

  • Configure SW4 to use Ge-0/0/21 as the prefered path to the root bridge (SW1) using only interface cost.
root@SW4> configure 
Entering configuration mode

[edit]
root@SW4# set protocols rstp interface ge-0/0/21 cost 5000 

[edit]
root@SW4# commit and-quit
commit complete
Exiting configuration mode

root@SW4> show spanning-tree interface brief

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/1.0     128:514      128:514  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/18.0    128:531      128:531  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/19.0    128:532      128:532  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/20.0    128:533      128:533   4096.00239c1aa341     20000  BLK    ALT  
ge-0/0/21.0    128:534      128:534   4096.00239c1aa341      5000  FWD    ROOT 
ge-0/0/22.0    128:535      128:535  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/23.0    128:536      128:536  32768.00239c1aafc1     20000  FWD    DESG 

root@SW4>
  • Without changing any configuration on SW3, make SW3’s interface Ge-0/0/19 the preferred path to reach the root bridge (SW1)
root@SW1> configure
Entering configuration mode

[edit]
root@SW1# set protocols rstp interface ge-0/0/19 priority 32

[edit]
root@SW1# commit and-quit
commit complete
Exiting configuration mode

root@SW1>
root@SW3> show spanning-tree interface brief

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.b0c69ad7e4c1     20000  FWD    DESG 
ge-0/0/1.0     128:514      128:514  32768.b0c69ad7e4c1     20000  FWD    DESG 
ge-0/0/18.0    128:531      128:531   4096.00239c1aa341     20000  BLK    ALT  
ge-0/0/19.0    128:532       32:532   4096.00239c1aa341     20000  FWD    ROOT 
ge-0/0/20.0    128:533      128:533   8192.28c0da375481     20000  BLK    ALT  
ge-0/0/21.0    128:534      128:534   8192.28c0da375481     20000  BLK    ALT  
ge-0/0/22.0    128:535      128:535  32768.00239c1aafc1     20000  BLK    ALT  
ge-0/0/23.0    128:536      128:536  32768.00239c1aafc1     20000  BLK    ALT  

root@SW3>
  • Configure SW1’s Ge-0/0/1 interface to be placed into forwarding immediately upon initial link state change.
root@SW1> configure 
Entering configuration mode

[edit]
root@SW1# set protocols rstp interface ge-0/0/0 edge 

[edit]
root@SW1# commit and-quit 
commit complete
Exiting configuration mode

root@SW1> show spanning-tree interface ge-0/0/0 detail 

Spanning tree interface parameters for instance 0

Interface name                 : ge-0/0/0.0
Port identifier                : 128.513
Designated port ID             : 128.513
Port cost                      : 20000
Port state                     : Forwarding
Designated bridge ID           : 4096.00:23:9c:1a:a3:41
Port role                      : Designated
Link type                      : Pt-Pt/EDGE
Boundary port                  : NA
Edge delay while expiry count  : 2
Rcvd info while expiry count   : 0 


root@SW1>
  • Configure SW4 in a manner that all interfaces connected to SW3 will not become the preferred path to the root.
root@SW4> configure 
Entering configuration mode

[edit]
root@SW4# set protocols rstp interface ge-0/0/22 no-root-port

[edit]
root@SW4# set protocols rstp interface ge-0/0/23 no-root-port

[edit]
root@SW4# commit and-quit 
commit complete
Exiting configuration mode

root@SW4>

Note that this configuration can be tested by configuing SW3 to become the root using the priority 0 and verifying the interface role on SW4 as demonstrated below;

root@SW3> configure
Entering configuration mode

[edit]
root@SW3# set protocols rstp bridge-priority 0

[edit]
root@SW3# commit and-quit
commit complete
Exiting configuration mode

root@SW3>
root@SW4> show spanning-tree interface brief

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/1.0     128:514      128:514  32768.00239c1aafc1     20000  FWD    DESG 
ge-0/0/18.0    128:531      128:531   8192.28c0da375481     20000  BLK    ALT  
ge-0/0/19.0    128:532      128:532   8192.28c0da375481     20000  BLK    ALT  
ge-0/0/20.0    128:533      128:533   4096.00239c1aa341     20000  BLK    ALT  
ge-0/0/21.0    128:534      128:534   4096.00239c1aa341      5000  FWD    ROOT 
ge-0/0/22.0    128:535      128:535      0.b0c69ad7e4c1     20000  BLK    ALT (Root-Incon)
ge-0/0/23.0    128:536      128:536      0.b0c69ad7e4c1     20000  BLK    ALT (Root-Incon)

root@SW4>



◄ Previous Lab
Next Lab ►