【switch系列一】小议企业交换网络环境——被忽略STP优化

最新推荐文章于 2022-04-21 07:56:12 发布

weixin_34128839

最新推荐文章于 2022-04-21 07:56:12 发布

阅读量108

点赞数

原文链接：http://blog.51cto.com/ciscoskys/883819

版权

【switch系列一】小议企业交换网络环境——被忽略STP优化

此文背景

最近有朋友谈起说他公司内部网络有时会莫名其妙的故障，症状多为网络突然掉线，而且之后无法ping 通网关，过一会就恢复正常，虽然无造成多大损失，可是也是很烦心的事情。

于是问他相关拓扑情况，发觉stp问题概率较大。

对于企业交换网络来说，最好的是有一个设计合理的拓扑，其次是性能良好的设备和合理的配置，最后是负责的维护。

现在来重演一下当时的环境

SW1#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     c007.00c0.0000
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     c007.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 32768 c007.00c0.0000 128.42
FastEthernet1/2      128.43   128    19 FWD     0 32768 c007.00c0.0000 128.43
FastEthernet1/3      128.44   128    19 FWD     0 32768 c007.00c0.0000 128.44
FastEthernet1/15     128.56   128    19 FWD     0 32768 c007.00c0.0000 128.56

SW2#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     c007.00c0.0000
             Cost        19
             Port        56 (FastEthernet1/15)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     c008.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD    19 32768 c008.00c0.0000 128.42
FastEthernet1/2      128.43   128    19 FWD    19 32768 c008.00c0.0000 128.43
FastEthernet1/3      128.44   128    19 FWD    19 32768 c008.00c0.0000 128.44
FastEthernet1/15     128.56   128    19 FWD     0 32768 c007.00c0.0000 128.56

SW3#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     c007.00c0.0000
             Cost        19
             Port        42 (FastEthernet1/1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     c009.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 32768 c007.00c0.0000 128.42
FastEthernet1/2      128.43   128    19 BLK    19 32768 c008.00c0.0000 128.42
FastEthernet1/15     128.56   128    19 FWD    19 32768 c009.00c0.0000 128.56

SW4#show spanning-tree brief

Bridge ID Priority    32768
             Address     c00a.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 32768 c007.00c0.0000 128.43
FastEthernet1/2      128.43   128    19 BLK    19 32768 c008.00c0.0000 128.43

SW5#show spanning-tree brief

Bridge ID Priority    32768
             Address     c00b.1028.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 32768 c007.00c0.0000 128.44
FastEthernet1/2      128.43   128    19 BLK    19 32768 c008.00c0.0000 128.44

sw6#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee
Root ID    Priority    32768
             Address     c007.00c0.0000
             Cost        38
             Port        56 (FastEthernet1/15)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     c00e.1028.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/14     128.55   128    19 FWD    38 32768 c00e.1028.0000 128.55
FastEthernet1/15     128.56   128    19 FWD    19 32768 c009.00c0.0000 128.56

一、了解情况

首先我们要了解的是sw1与sw2之间的F1/15是trunk，所以这两个端口不参与选举。那么根据规则BID最小的被选为根交换机，所以我们看到已经选出了根交换机sw1。

SW1\SW2\SW3\SW4\SW5\SW6

所有的交换机都是100M所以，端口优先级都是默认的128，端口成本也是默认的19

其中SW3\SW4\SW5\连接SW2的端口都处于block状态，未能有效使用其带宽。

下级交换机未使用backbonefast和uplinkfast 优化参数，当拓扑发生改变时，收敛时间较长，影响实时网络业务运行效果。

上级交换机未使用bpduguard、root guard、bpdu filter保护根交换机选举权，存在安全隐患，会被异常的交换机改变拓扑结构，引发网络异常。

--------------------------------------------------------------------------------------
二、优化建议

1.最好通过spanning-tree vlan xx root 命令，明确标示根交换机。

2在接入层交换机下连接口上启用portfast BPDU Guard，保护根交换机的存在性，拒绝非法交换机接入.

3.在接入层交换机上连链路上启用uplinkfast 命令，优化stp收敛时间；

在冗余主干交换机上启用backbonefast命令，优化stp收敛时间。

4.最好不要在生产环境中使用默认vlan1来工作，建议创建新的vlan来放置端口，以防备vlan***发生。

5.SW1\SW2\——SW3\SW4\SW5\之间的链路配置为trunk，中继流量，使端口处于转发状态，或者增加链路汇聚成channel用以增加带宽。

---------------------------------------------------------------------------------------

三、实施

1.创建vlan10、vlan20并指定sw1为vlan1和vlan2的primary root bridge，为vlan20 的secondary root bridge

SW1(config)#spanning-tree vlan 1 root primary
% This switch is already the root of VLAN1 spanning tree
VLAN 1 bridge priority set to 8192
VLAN 1 bridge max aging time unchanged at 20
VLAN 1 bridge hello time unchanged at 2
VLAN 1 bridge forward delay unchanged at 15
SW1(config)#spanning-tree vlan 10 root primary
% This switch is already the root of VLAN10 spanning tree
VLAN 10 bridge priority set to 8192
VLAN 10 bridge max aging time unchanged at 20
VLAN 10 bridge hello time unchanged at 2
VLAN 10 bridge forward delay unchanged at 15
SW1(config)#spanning-tree vlan 20 root sec
VLAN 20 bridge priority set to 16384
VLAN 20 bridge max aging time unchanged at 20
VLAN 20 bridge hello time unchanged at 2
VLAN 20 bridge forward delay unchanged at 15
SW1(config)#int rang f1/1 - 3
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#switchport
*Mar 1 01:56:47.039: %DTP-5-TRUNKPORTON: Port Fa1/1-3 has become dot1q trunk
SW1(config-if-range)#switchport trunk allowed vlan all
SW1(config-if-range)#exi

sw2 为为vlan1和vlan2的secondary root bridge，为vlan20 的primary root bridge

SW2(config)#spanning-tree vlan 1 root sec
VLAN 1 bridge priority set to 16384
VLAN 1 bridge max aging time unchanged at 20
VLAN 1 bridge hello time unchanged at 2
VLAN 1 bridge forward delay unchanged at 15
SW2(config)#spanning-tree vlan 10 root sec
VLAN 10 bridge priority set to 16384
VLAN 10 bridge max aging time unchanged at 20
VLAN 10 bridge hello time unchanged at 2
VLAN 10 bridge forward delay unchanged at 15
SW2(config)#spanning-tree vlan 20 root pri
VLAN 20 bridge priority set to 8192
VLAN 20 bridge max aging time unchanged at 20
VLAN 20 bridge hello time unchanged at 2
VLAN 20 bridge forward delay unchanged at 15
SW2(config)#int range f1/1 - 3
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#s
*Mar 1 01:52:19.579: %DTP-5-TRUNKPORTON: Port Fa1/1-3 has become dot1q trunk
SW2(config-if-range)#switchport trunk allowed vlan all
SW2(config-if-range)#^Z
SW2#

在接入层交换机上连链路上启用uplinkfast 命令，优化stp收敛时间

SW3(config)#
*Mar 1 03:46:47.719: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN1 FastEthernet1/2 moved to Forwarding (UplinkFast).

在冗余主干交换机上启用backbonefast命令，优化stp收敛时间

显示最终结果

SW1#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     c007.00c0.0000
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    8192
             Address     c007.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 8192 c007.00c0.0000 128.42
FastEthernet1/2      128.43   128    19 FWD     0 8192 c007.00c0.0000 128.43
FastEthernet1/3      128.44   128    19 FWD     0 8192 c007.00c0.0000 128.44
FastEthernet1/15     128.56   128    19 FWD     0 8192 c007.00c0.0000 128.56

VLAN10
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     c007.00c0.0001
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    8192
             Address     c007.00c0.0001
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 8192 c007.00c0.0001 128.42
FastEthernet1/2      128.43   128    19 FWD     0 8192 c007.00c0.0001 128.43
FastEthernet1/3      128.44   128    19 FWD     0 8192 c007.00c0.0001 128.44
FastEthernet1/15     128.56   128    19 FWD     0 8192 c007.00c0.0001 128.56

VLAN20
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     c008.00c0.0002
             Cost        19
             Port        56 (FastEthernet1/15)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    16384
             Address     c007.00c0.0002
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD    19 16384 c007.00c0.0002 128.42
FastEthernet1/2      128.43   128    19 FWD    19 16384 c007.00c0.0002 128.43
FastEthernet1/3      128.44   128    19 FWD    19 16384 c007.00c0.0002 128.44
FastEthernet1/15     128.56   128    19 FWD     0 8192 c008.00c0.0002 128.56

SW2#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     c007.00c0.0000
             Cost        19
             Port        56 (FastEthernet1/15)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    16384
             Address     c008.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD    19 16384 c008.00c0.0000 128.42
FastEthernet1/2      128.43   128    19 FWD    19 16384 c008.00c0.0000 128.43
FastEthernet1/3      128.44   128    19 FWD    19 16384 c008.00c0.0000 128.44
FastEthernet1/15     128.56   128    19 FWD     0 8192 c007.00c0.0000 128.56

VLAN10
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     c007.00c0.0001
             Cost        19
             Port        56 (FastEthernet1/15)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    16384
             Address     c008.00c0.0001
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD    19 16384 c008.00c0.0001 128.42
FastEthernet1/2      128.43   128    19 FWD    19 16384 c008.00c0.0001 128.43
FastEthernet1/3      128.44   128    19 FWD    19 16384 c008.00c0.0001 128.44
FastEthernet1/15     128.56   128    19 FWD     0 8192 c007.00c0.0001 128.56

VLAN20
Spanning tree enabled protocol ieee
Root ID    Priority    8192
             Address     c008.00c0.0002
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    8192
             Address     c008.00c0.0002
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128    19 FWD     0 8192 c008.00c0.0002 128.42
FastEthernet1/2      128.43   128    19 FWD     0 8192 c008.00c0.0002 128.43
FastEthernet1/3      128.44   128    19 FWD     0 8192 c008.00c0.0002 128.44
FastEthernet1/15     128.56   128    19 FWD     0 8192 c008.00c0.0002 128.56

SW3#show spanning-tree brief

VLAN1
Spanning tree enabled protocol ieee uplinkfast enabled
Root ID    Priority    8192
             Address     c007.00c0.0000
             Cost        3019
             Port        42 (FastEthernet1/1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    49152
             Address     c009.00c0.0000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface                                   Designated
Name                 Port ID Prio Cost Sts Cost Bridge ID            Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet1/1      128.42   128 3019 FWD     0 8192 c007.00c0.0000 128.42
FastEthernet1/2      128.43   128 3019 BLK    19 16384 c008.00c0.0000 128.42
FastEthernet1/15     128.56   128 3019 FWD 3019 49152 c009.00c0.0000 128.56

VLAN10
Spanning tree enabled protocol ieee uplinkfast enabled
Root ID    Priority    8192
             Address     c007.00c0.0001
             Cost        3019
             Port        42 (FastEthernet1/1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    49152
             Address     c009.00c0.0001
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

VLAN20
Spanning tree enabled protocol ieee uplinkfast enabled
Root ID    Priority    8192
             Address     c008.00c0.0002
             Cost        3019
             Port        43 (FastEthernet1/2)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    49152
             Address     c009.00c0.0002
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

结语

以上可以看出SW1是VLAN1\VLAN10的根交换机，VLAN20的备根交换机；

SW2是VLAN20的根交换机，VLAN1\VLAN10的备根交换机；

在vlan1和vlan10 中时是阻塞的端口，但是在vlan20中是处于转发状态；

在vlan20 中是阻塞的端口，但是在vlan1和vlan10 中是处于转发状态；

经过这样优化的stp拓扑，更有效的利用了交换机系统和带宽资源，同时也因为stp提供更短的收敛时间，可以更好地提供网络服务。

同时注意在接入层交换机下连接口启用portfast命令，一定要加上bpduguard，否则只使用portfast命令，如果下面接入一台非法交换机会造成暂时性生成树环路。

篇外语

现在有些企业boss能花在网络上的经费确实不多，却又希望能实现良好的效果，于是乎，后勤部与IT部协商后一般会花钱买较好的核心层/汇聚层交换机，对于接入层交换机一般选用H3C、TP-LINK、D-LINK等傻瓜型交换机（一个字“省”），配置的结果是，你有时真的是无法掌控你的接入层网络现状……

转载于:https://blog.51cto.com/ciscoskys/883819

weixin_34128839

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
【switch系列一】小议企业交换网络环境——被忽略STP优化

【switch系列一】小议企业交换网络环境——被忽略STP优化此文背景最近有朋友谈起说他公司内部网络有时会莫名其妙的故障，症状多为网络突然掉线，而且之后无法ping 通网关，过一会就恢复正常，虽然无造成多大损失，可是也是很烦心的事情。于是问他相关拓扑情况，发觉stp问题概率较大。对于企业交换网络来说，最好的是有一个设计合理的拓扑，其次是性能良好...
复制链接

扫一扫