3.3.2.3 Lab - Configuring Rapid PVST, PortFast, and BPDU Guard

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi friends so welcome to all in this video we are going to see the lab activity configuring rapid p vs t + port fast and bpdu guard here we can see our topology or so at dressing table and the VLAN assignments we will go through the objectives of this lab activity in part 1 build the network and the configure basic device settings in party to configure real insanity VLANs and the trunks in part 3 configure the rotor bridge and examine PVS t + convergence in part 2 for configure rapid PBS t + portfast bpdu guard and examine convergence we will go through the background the per VLAN spanning tree that is p vs t protocol is a cisco proprietary cisco so just default to p vs d rapid p vs d plus that is I Triple E 8 node 2 point 1 W is an enhanced version of p vs t + and allows for faster spanning tree calculations and the convergence in response to layer 2 topology changes rapid PBS t + defines 3 port states that is a discarding learning and forwarding and provides multiple enhancements to optimize network performance in this lab we will configure the primary and the secondary road bridge examined p vs jeepers convergence configure rapid p vs t + and compare its convergence to p vs d + in addition we will configure it g ports to transition immediately to a for reading state using port fast and prevent the edge ports from for reading BPD use using bpdu guard this is what we are going to do in this lab activity we can see the recorded resources or three switches at 260 row then 2 pcs also cables coming to part one built the network and configure basic device settings in part 1 you will set up the network topology and to configure basic settings such as the interface IP addresses device access and passwords coming to step one cable the network as a shown in the topology so first of all we will build and the connect that is topology as they're given in this lab activity to this a cisco packet tracer sure we require the troy sutures tune and 6-0 also to pcs and we will rename these devices this is s1 s2 and s3 also here we have pca and this is a PCC now we will connect these devices same device here we will use a copper crossover first return 0 still r3 to faster turns heroes large three first return 0 / 1 faster third 0 / 1 faster third 0 / 3 faster turn 0/1 then faster turn to roasts are 6 to this PC a fast return 0 / 18 to this PCC we will label these interfaces this is a fast eternity Rose large 3 here we have a same fast return 0 / 3 also here we have a fast eternal co-star 3 here we have a fast ethernet 0/1 and this is a pastor of 0/1 and this is also foster parent 0/1 this is a fast opponent su-ro / 6 and 2 here we have a fast eternal sorrow / 18 also all these links we had to configure us a trunk this is also trunk and this link also trunk also we will highlight curvy lands also we will label here this is a VLAN 10 user Oh this is also VLAN 10 user coming to step to configure PC horse so here we can see the IP address of PCA and the PCC one ninety two dot one sixty eight dot zero dot two and it 0.3 or so we can see the subnet to mask we will copy these actress coming to PC a disturb IP configuration Curie's the IP address coming to PCC desktop IP configuration [Music] 0.3 coming to step three initialize and reload the switches as necessary ok coming to step before configure basic settings for each switch disabled DNS lookup configure the device name as shown in the topology a same Cisco as the console and dvtv passwords and he enable login as in class as the encrypted privileged x ik mode password configure logging synchronous to prevent the console messages from interrupting command entry shutdown all such reports then copy the running configuration to standard configuration we will do these basic settings on these switches now first of all we will do it on s1 enable configure terminal hostname as s1 no IP domain lookup also we will enable secret as class now we will go to line vty 0 to 15 and we will set the password our Cisco login now we will go to a line console 0 password a Cisco login logging synchronous and you know we will shut down all such reports in this s1 so we will check the interfaces do show IP interface brief and here we can see all the interfaces from fastethernet 0/1 till 24 or so we can see too big of a deterrent 0 / 1 & 0 / 2 so we will go to these interfaces as a range fastethernet 0/1 till 24 also we have a Gigabit Ethernet 0 / 1 and it - you are going to shut down these ports copy running-config startup config now we will do return is to enable configure terminal hostname as s2 no IP domain lookup also we will enable secret as class we will go to line vty 0 to 15 password a Cisco Logan I will go to line console 0 password a Cisco login also logging synchronous now we will shut down all the ports in this switch is to interface range faster third 0 / 1 till 24 also Gigabit Ethernet 0 / 1 & 2 shutdown copy running-config startup config now we will do it on s3 enable configure terminal hostname as s3 also we will enable secret as class no IP domain lookup now we will go to line vty 0 to 15 and we will set the password of cisco Logan also we will go to line console 0 password a Cisco login also logging synchronous now we will let disable all the I mean a shutdown also supports so interface or range you fast return at 0 / 1 till 24 or so Gigabit Ethernet 0 / 1 and it to shutdown copy running-config startup config now we will come to party to configure VLANs native VLAN and it trunks in party - we will create VLANs same supports - VLANs configure Changu ports and change the native VLAN for all switches here are they given a note the raqa the commands of our party - are provided in appendix a test your knowledge you by trying to configure the villain's native VLAN and trunks without referring to the appendix right anyways here coming to step 1 create VLANs use the appropriate commands to create VLAN 10 and a 99 on all of the switches name be Lantern as user and a VLAN 99 as management we will create this VLANs on these switches first of all we will do it on yes one password is Cisco enable password is class configure terminal VLAN 10 name as a user also VLAN 99 name as management coming to the suit she has to configure terminal wheel and turn nameĆ­s user or so VLAN 99 named as a management now we will come to the suti s3 configure terminal VLAN 10 named as user also with a 99 name as a management coming to step to enable user ports in access mode and as a in VLANs for s1 fastethernet 0/0 and the s-300 0 / 18 here we can see those interfaces flash return 0 / 6 + 2 first return 0 / 18 right enable the ports configure them as access ports and assign them to VLAN 10 we will do that first of all we will do it on the Suchi s1 cisco enable password us class configure terminal we have to go to that interface fastethernet 0/0 and we will give a no-shit command also support the mode as access such a port access a VLAN 10 now we will go to s3 CLI password class configure terminal we will go to the interface fastethernet 0/1 no shut supporter mode as access switch port access VLAN 10 coming to step 3 configure trunk ports and has a into native VLAN 99 for ports the faster third 0 / 1 and the 0 / 3 on all switches enabled the ports configure them as a trunk ports and I seen them - native VLAN 99 coming to a topology here we can see those ports first 1/3 0 / 1 + 0 / 3 on all these three switches s1 s2 and s3 we will do we turn s1 first configure terminal interface arrange a foster parent 0 / 1 or so faster third co-stars through E no should command so to port mode as a trunk support the trunk and a TV line 99 now we will go to us to see your eye password is class configure terminal interface arranged in fast return 0 / 1 and if I stuttered 0 stars 3 no shutdown or so we will give supporter mode as a trunk support the trunk and a TV line 99 now we will come to yes 3 configure terminal interface range fast eternal 0 / 1 and the faster turn at 0 / 3 no shut support more does a trunk support the trunk and a two-wheeler 99 we can see here right now we will come to step before configure the management interface on all three switches using the addressing table configure the management interface on all switches with the appropriate IP address so here we can see each switch IP address in this addressing table so we will configure according to this addressing table first of all we will do return s1 configure terminal interface VLAN 99 now we are going to set the IP address so 192 dot 168 door to 1.11 also the subnet mask 255.255.255.0 now we will come to yes to configure terminal interface VLAN 99 IP a trousseau 192 dot 168 to door to 1.12 and it's something to mask 255.255.255.0 coming to yes 3 configure terminal interface VLAN 99 IP a trousseau 192 dot 168 tour to 1.13 and this up to mask 255.255.255.0 coming to step of 5 verify configurations and the connectivity use the show VLAN brief command on all switches to verify that all VLANs are registered in the villian table and that the corrective ports are assigned we will check that to coming to s1 chauvelin brief and two here we can see those VLANs ten and a 99 also the port's fasterthan 0/6 is a saint to VLAN 10 it's correct coming two years through a show VLAN brief here we can see the villains 10 and a 99 and the port faster on 0 / 18 is a saint - VLAN 10 and coming - yes to show we done brief here we can see the villains we created 10 and a 99 next is used the show interface Chang command on all switches to verify trunk interfaces right coming - yes one show interfaces Chun and here we can see the tracking details first appear at 0 / 1 and it zero stars 3 chunking native VLAN 99 coming to us to show interfaces a trunk ports of hosh 2/3 of 0 / 1 and the 0 / 3 it's strangling and 1080 with a 99 coming to us through e show interfaces a trunk faster of 0 / 1 and the 0 / through e trunking native VLAN 99 it's correct next is use the show running config command to own all switches to verify all other configurations or so what is the default setting for a spanning tree mode on Cisco switches so we will verify that coming - yes 1 show running config hostname enable secret and here we can see by default it's a spanning tree mod p vs g4 so here we can see interface VLAN 99 and its IP address coming two years to show running config here also we can see spanning tree mode of P VST also we will let's check of area 99 IP address it's correct coming to your 3 show running config spanning tree more the P VST and VLAN 99 IP address it's correct next is verify connectivity between PCA and the PCC was your ping successful we will check that first of all we will get the IP address of PCC here is tattoo one ninety two dot one sixty eight dot zero dot three we will copy this address coming to PC a desktop command prompt and here we are going to ping to that PC here is the IP address and here we can see we are getting the replay if you're a ping verse unsuccessful troubleshoot the configurations until the issue is resolved innovates working here it may be necessary to disable the PC firewall ok anyway we are not using the real pcs so if you are using the real pcs we have to check the firewall we have to disable this PC fire war coming to part three configure the root bridge and examine pbht plus convergence in part 3 we will determine the default route in the network and say in the primary and the secondary route and used the DB command to examine convergence of P vs T plus they given a note of the racket commands for Part III are provided in Appendix A test your knowledge by trying to configure the rotor bridge without referring to the appendix right we will do that coming to step 1 determine the current route bridge which command allows a user to determine the spanning tree status of a Cisco Catalyst switch for all VLANs obviously we can use the command is show a spanning tree or write the command in the space provided anyway right use the commander on all three switchers do to determine the answers to the following questions there are three instances of the spanning tree on each switch the default STP configuration on Cisco switches is p vs t + which creates a separate a spanning tree instance for each VLAN wheel n1 and any use or configure the VLANs so what is the bridge the priority of a suti s1 for VLAN 1 is 2 for real and one and he is 3 for VLAN 1 right we will see that using this show commanded show a spanning tree coming to yes one show spanning tree coming to VLAN 1 here we can see VLAN 1 and here we can see bridge ID priority 3 2 7 6 9 or so here we can see the MAC address coming to us to show spanning tree here we want to see only this a VLAN 1 so better we will give a VLAN 1 here so that we can see the priority of a VLAN 1 here is that ability ID priority 3 - 7 6 9 coming to us 3 show spanning-tree VLAN 1 & 2 here we can see bridge ID priority of VLAN 1 on this is 3 3 2 7 6 9 next is of which is which is the root bridge right anyway we will check according to our topology it may differ when you do yourself we will check in s1 first and - oh this switch is the root bridge see here we can see this bridge is the root that is s 1 right right next T so why was this switch elected as the root bridge in our case or a root bridge is a yes 1 here we can see by default the spanning tree elects the root ability based on the lowest Emeka truss so here we can see the MAC address of this uchi s1 here is that so compared to other switches s2 and s3 yes when is having the lowest MAC address so that's why it selected as a root bridge coming to step to configure a primary and a secondary road bridge for all existing leland's having a root bridge switch elected by Mac atras may lead to a sub optimal configuration in this lab we will configure a switch s2 as the root bridge and the s-1 as the secondary road bridge configure a suti is to to be in the primary root bridge for all existing VLANs write the command in the space provided here directly we will implement this command on the switch is to password enable password class configure terminal here we have to give a spanning tree then VLAN and here we have to specify the VLANs we have 1 comma 10 comma 99 and here we can see root configure such as route her agency primary or secondary so I specify the primary so this is the commander I'd be happy to give now we are going to press ENTER coming to be configure sushi yes want to be the secondary root bridge for all existing VLANs right the command in the space provided anyway we will implement it directly on this Suchi s1 coming to yes one password cisco enable password is class configure terminal here we are going to give a spanning tree VLAN then we have to specify those VLAN so 1 comma 10 comma 99 or so here we are going to give a route as second tree so this is the command what we have to give only switch yes one next is used the show spanning tree command to answer the following questions what is the bridge to priority of s1 for VLAN 1 and the British a priority for off is to for VLAN 1 which interface in this network is in a blocking state right we will check that first of all coming two years one show spanning tree VLAN 1 and here we can see the priority now bridge ID priority is a 2 8 6 7 3 and coming to us to show spanning tree VLAN 1 here we can see bridge ID priority 2 4 5 7 7 now we will identify which interface in the network is in a blocking stage by looking it so we can identify this port faster there are zeros large 3 on the suti asteroid is in a blocking state we can confirm that using the shore command show spanning tree and here we can see the interface faceted on 0/3 status is a blocking on this asteroid now we will come to step 3 change the layer 2 topology and the examine convergence to examine p vs t + convergence we will create a layer 2 topology th while using a debug command to monitor spanning tree events so enter the debug spanning tree events command in privileged exit mode on tsuchiya's 3 we are going to give this command debug spanning tree events so spanning tree event debugging is on create a topology change by disabling interface fastethernet 0/1 on destroy so here they are showing that output interface fastethernet 0/1 they given shut down and we can see this listening learning and for waiting so before proceeding use the debug output to verify that all VLANs on faster on 0/3 have reached a forwarding state then use the command a no debug spanning tree events to talk the debug output though with support states do each VLAN on faster on 0/3 preceded during network convergence so in this output output itself we can see those listening learning and de for waiting anyway we will let's try in our sutures we will try this a debug spanning tree events command on or switch s3 here we are going to give that debug spanning tree oh it's unrecognized to command so this debug spanning tree events it know is not supporting in packet tracer it's supporting away IEP and SW - VLAN anyway so here they given the output for this debug spanning tree events next is using the timestamp from the first and allows to STP debug message calculate the time to the nearest second that it took for that network to converge into the debug timestamp for Mattie's day to hh:mm:ss and the millisecond right so coming to this output here we can see it's 5856 and here we can see it's a 59 26 here we can see the convergence at time approximately 30 seconds now we will come to party for configure rapid p vs d+ portfast bpdu guard and examine convergence in part 4 we will configure a rapid a PBS t plus on all switches we will configure port fast and bpdu guard on all access ports and then use the debug command to examine a rapid p vs d plus convergence they given a not here the Rakata commands for part 4 are provided in appendix a test your knowledge you by trying to configure the rapid p vs T plus port fast and bpdu guard without referring to the appendix right so coming to step 1 configure a rapid p vs d + configure s1 for rapid p vs t + write the command in the space provided anyway we will implement to directly on our sutures here we are going to give this a rapid p vs t + command on es 1 so coming to the suci s1 configure terminal here we are going to give a spanning tree mod us rapid p vs T so this is the command what we have to use coming to be configure s 2 and s 3 also for a rapid p vs t + so coming two years to password cisco enable password class configure terminal spanning tree mode rapid PBS G coming to your three configure terminal spanning tree mode rapid pbht right coming to see verify configurations with the show running config included spanning tree mode command right coming to yes one show running config you will try that include spanning tree Maude here we can see a spanning tree mode rapid P VST or simply we can give a show running config and here we can see spanning tree mode rapid T vs T now we will check it on is to here is that command spanning tree more rapid P VSD coming two years three spanning tree mode rapid pbht coming to step to configure port fast and the bpdu guard on access ports port fast is a feature of spanning tree that transitions a port immediately to a forwarding state as soon as it is attained on this is useful in connecting house so that they can start communicating on the VLAN instantly rather than waiting on a spanning tree to prevent the port's that are configured with the port faster from for waiting BPD use which could change the spanning tree topology bpdu guard can be enabled at the received of a bpdu bpdu guard disables a port configured with portfast configured interface fastethernet 0/0 six on es one with the port fast write the command in the space provided anyway we will implement it directly on the suti s1 coming to the suti s1 here we are going to give that command configure terminal we have to go to that interface which is connecting to our PC that is interface fastethernet 0/0 and here we are going to give spanning-tree portfast coming to be configure interphase faster turns grow star six on s1 with the bpdu guard write the command in that space provided right we are going to implement directly on s1 here in this interface we have to give spanning-tree bpdu guard enable coming to see globally configure all non Chungking ports on Suchi s3 with the port fast write the command in the space provided right coming to us three here we are going to give the command you have to go to global configuration more the configure terminal and spanning-tree portfast default coming 2d globally configure all non trunking port fast ports on suits s3 with the bpdu guard write the command in the space provided so coming to es 3 here we are going to give spanning-tree portfast bpdu guard default in Weld input detected at 2 bpdu guard I think this command is not supporting in this a packet tracer in the vase no you'll come to step 3 examine a rapid p vs t + convergence enter the debug spanning tree events command in privilege to exit mode on switch is 3 create a topology change by enabling interface fastethernet 0/1 on switch is 3 here we can see that also we can see the output utilizing port faster third 0 / 1 here we can see transmitting an agreement on faster third of 0 / 1 as a response to a proposal right using the timestamp from the first and allows to RSTP debug message calculate the time that it took for the network to converge if you observe the output here we can see initializing port the FS 0 / 1 here we can see that time 28 37 right so here we can see 28 37 it's almost under a second 6 2 2 5 8 8 we can see only the changes in milliseconds right now we will come to these are reflection questions what is the main benefit of using rapid pv st plus obviously rapid PBS t + or decreases the time of layer 2 convergence significantly / p vs t + coming to the second question how does configuring a port with the pot fast hello for a faster convergence here what fast allows for an access port to immediately transition into a 4 waiting State which decreases layer 2 convergence time and coming to the final question what protection does bpdu guard provide obviously BPD OCAD protects the STP domain by disabling access ports that receive a bpdu BPD use can be used in a denial of service attack that changes it domains Road bridge and the forces and STP recalculation well here we can see appendix us all these switch configurations anyways we have done all these friends so that's all in this lab activity that is a configuring rapid PBS t + port fast and bpdu guard furnace if you have any doubt in this lab activity please comment below also if you like my video give a thumb and share to your friends and don't forget to subscribe this channel so that you will get latest uploading video info directly into our Gmail thank you
Info
Channel: Tech Acad
Views: 24,224
Rating: undefined out of 5
Keywords: PortFast, BPDU Guard
Id: o2t2c0GngME
Channel Id: undefined
Length: 41min 51sec (2511 seconds)
Published: Fri May 18 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.