JN0-649 Ethernet Switching and Spanning Tree

Ethernet Switching and Spanning Tree Detailed Explanation

1. Ethernet Switching Overview

1.1 Core Concepts

1.1.1 MAC Address Table

• Switches operate at Layer 2 of the OSI model and forward frames based on the MAC (Media Access Control) address.
• How It Works:
  • A switch examines the source MAC address of incoming frames and stores it in a MAC address table, associating it with the incoming port.
  • For unknown destinations, the switch floods the frame to all ports except the incoming one.

1.1.2 VLANs (Virtual Local Area Networks)

• VLANs are used to segment traffic within a switch or between switches logically.

1. Types of VLANs:

   • Static VLANs: Manually assign ports to a VLAN.
   • Dynamic VLANs: Automatically assign VLANs based on MAC addresses or other criteria.

2. Benefits of VLANs:

   • Improve security by isolating traffic.
   • Reduce broadcast domains, improving network performance.

3. Configuration Example:

   set vlans vlan10 vlan-id 10
   set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan10
   

1.1.3 Trunking

• Trunk Ports: Allow traffic from multiple VLANs to pass between switches.
• 802.1Q Protocol:
  • Adds a VLAN tag to frames to identify which VLAN they belong to.
  • Tag includes the VLAN ID (12 bits, supporting up to 4094 VLANs).

1.2 Advanced Features

1.2.1 Private VLANs

• Purpose:
  • Isolate devices within the same VLAN while maintaining connectivity to an upstream network.
• Types:
  • Promiscuous Port: Communicates with all devices.
  • Isolated Port: Communicates only with the promiscuous port.
  • Community Port: Communicates with devices in the same community and the promiscuous port.

1.2.2 Q-in-Q Tunneling

• Purpose:

  • Adds an additional VLAN tag to frames, enabling Layer 2 VPNs.

• Use Case:

  • Used by service providers to separate customer VLANs.

• Configuration Example:

  set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 100
  set vlans outer-vlan vlan-id 200
  set protocols dot1q-tunneling
  

2. Spanning Tree Protocols (STP)

2.1 STP Variants

2.1.1 Rapid Spanning Tree Protocol (RSTP)

• Overview:
  • A faster version of the traditional STP.
• Advantages:
  • Converges within a few seconds (compared to 30-50 seconds for STP).
  • Uses roles like Root Port, Designated Port, and Alternate Port to quickly restore connectivity.

2.1.2 Multiple Spanning Tree Protocol (MSTP)

• Overview:
  • Maps multiple VLANs to a single STP instance, reducing CPU and memory overhead.
• Use Case:
  • Suitable for networks with a large number of VLANs.

2.1.3 VLAN Spanning Tree Protocol (VSTP)

• Overview:
  • Creates a separate STP instance for each VLAN.
• Use Case:
  • Offers per-VLAN loop prevention and path optimization.

2.2 Key Concepts

2.2.1 Bridge Protocol Data Units (BPDUs)

• Definition:
  • Special frames exchanged between switches to maintain spanning tree topology.
• Types:
  • Configuration BPDUs: Establish and maintain the topology.
  • Topology Change Notification (TCN) BPDUs: Notify switches of changes.

2.2.2 Root Bridge

• Definition:
  • The central switch in the spanning tree topology.
• Selection Criteria:
  • The switch with the lowest Bridge ID (BID) becomes the Root Bridge.
  • Bridge ID is a combination of the bridge priority (default: 32768) and MAC address.

2.3 Optimizations

2.3.1 BPDU Guard

• Purpose:

  • Protects against rogue switches sending BPDUs.

• Behavior:

  • Disables a port if a BPDU is received.

• Configuration:

  set protocols rstp bpdu-block
  

2.3.2 Root Guard

• Purpose:
  • Prevents unauthorized switches from becoming the Root Bridge.
• Behavior:
  • Blocks ports receiving superior BPDUs (indicating a better Root Bridge).

3. Configurations

3.1 VLAN Configuration

Create a VLAN and assign ports to it.

1. Create VLAN:

   set vlans vlan10 vlan-id 10
   

2. Assign Interface to VLAN:

   set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan10
   

3.2 Spanning Tree Configuration

1. Enable RSTP on an Interface:

   set protocols rstp interface ge-0/0/1
   

2. Enable BPDU Guard:

   set protocols rstp bpdu-block
   

3. Set Root Bridge Priority:

   • Lower the priority to make a switch the Root Bridge:

   set protocols rstp priority 4096
   

4. Spanning Tree Topology Examples

4.1 Basic Spanning Tree Topology

• Scenario:
  • Three switches are connected in a triangle (loop topology).
  • Without STP, this topology would cause broadcast storms due to loops.

How STP Handles This:

1. Root Bridge Election:

   • The switch with the lowest Bridge ID becomes the Root Bridge.
   • All ports on the Root Bridge are set to Designated Ports (forwarding state).

2. Non-Root Switch Behavior:

   • Each non-root switch selects one Root Port to connect to the Root Bridge.
   • Remaining ports may become Blocked Ports to prevent loops.

Visualization:

Switch1 (Root Bridge)
  /           \
Switch2       Switch3
   \         /
   [Blocked Port]

4.2 Spanning Tree with VLANs

• Scenario:
  • A network has multiple VLANs (e.g., VLAN 10 and VLAN 20).
  • MSTP or VSTP is used to optimize traffic flow by creating separate STP instances.

How MSTP Works:

1. VLANs are grouped into MST Instances.
2. Each instance has its own spanning tree topology.
3. This allows VLAN traffic to use different paths, balancing network load.

Example:

• VLAN 10 uses Switch1 as the Root Bridge.
• VLAN 20 uses Switch2 as the Root Bridge.

5. Troubleshooting Spanning Tree

5.1 Common Issues

5.1.1 Incorrect Root Bridge

• Symptom:

  • Traffic flows sub-optimally because an unintended switch becomes the Root Bridge.

• Solution:

  • Manually set the priority of the intended Root Bridge to a lower value:

    set protocols rstp priority 4096
    

5.1.2 BPDU Flooding

• Symptom:

  • A rogue switch sends BPDUs, causing topology changes.

• Solution:

  • Enable BPDU Guard to disable ports receiving rogue BPDUs:

    set protocols rstp bpdu-block
    

5.1.3 Port Stuck in Blocking State

• Symptom:

  • A port remains blocked even when it should forward traffic.

• Solution:

  • Check the STP state:

    show spanning-tree interface ge-0/0/1
    

  • Verify the root bridge and network configuration.

5.2 Useful Commands

1. View STP Status:

   show spanning-tree
   

2. Display Interface Roles:

   show spanning-tree interface
   

3. Verify Root Bridge:

   show spanning-tree bridge
   

4. Check BPDU Details:

   show spanning-tree bpdu
   

6. Real-World Use Cases

6.1 Enterprise Network with Redundancy

• Scenario:

  • An enterprise deploys redundant links between core and distribution switches for high availability.

• Solution:

  • Use RSTP for fast convergence in case of a link failure.

  • Enable Root Guard to protect the core switch as the Root Bridge:

    set protocols rstp root-protection
    

6.2 Service Provider Networks

• Scenario:
  • A service provider offers Layer 2 VPN services to customers.
• Solution:
  • Use Q-in-Q Tunneling to maintain customer VLAN tags.
  • Configure MSTP to optimize VLAN-based traffic paths.

7. Best Practices

1. Root Bridge Configuration:

   • Explicitly configure the Root Bridge and Backup Root Bridge to avoid unexpected topology changes.

2. Enable STP Optimizations:

   • Use BPDU Guard and Root Guard to enhance network stability.

3. VLAN Grouping:

   • For large VLAN environments, use MSTP to reduce the number of STP instances.

4. Monitoring and Troubleshooting:

   • Regularly monitor STP status and logs to identify potential issues.

Ethernet Switching and Spanning Tree (Additional Content)

1. Native VLAN vs. Default VLAN on Trunk Ports

Key Distinction

While VLAN 1 is often the default VLAN, it’s important to understand what happens on trunk links, where multiple VLANs are carried.

• A trunk port carries traffic from multiple VLANs using 802.1Q tagging.

• However, one VLAN can be configured as the “Native VLAN”, whose traffic is transmitted untagged across the trunk.

Clarification Statement

“The Native VLAN is the VLAN whose traffic is transmitted untagged on a trunk link. By default, VLAN 1 is the native VLAN unless reconfigured.”

This is frequently tested in both certification exams and real-world interviews. Be aware that native VLAN mismatch between switches is a common misconfiguration issue that can lead to dropped or misrouted traffic.

2. Bridge Priority and Tie-Breaking in Root Bridge Election

Bridge ID Composition

The Bridge ID is used to determine the Root Bridge in STP and consists of:

• Bridge Priority (default: 32768)

• MAC Address (of the switch)

Election Process

• The switch with the lowest Bridge ID becomes the Root Bridge.

• If multiple switches share the same priority, the MAC address becomes the tie-breaker.

Clarification Statement

“If two switches have the same bridge priority, the one with the lowest MAC address is selected.”

This is a subtle detail that often appears in multiple-choice questions involving root bridge selection in simulated topologies.

3. STP vs. RSTP Port State Comparison

RSTP (Rapid Spanning Tree Protocol) introduces simplified port states and faster convergence. It merges and replaces some of the older STP states.

State Mapping Table

STP State	RSTP Equivalent
Blocking	Discarding
Listening	Discarding
Learning	Learning
Forwarding	Forwarding

• Discarding: No user data is forwarded; port is waiting.

• Learning: MAC addresses are being learned, but no forwarding yet.

• Forwarding: Fully active port.

This mapping helps in interpreting STP transitions on exam questions or CLI outputs.

4. MSTP VLAN Grouping and Design Best Practices

Why MSTP Matters

MSTP (Multiple Spanning Tree Protocol) was developed to address the inefficiency of running a separate STP instance for every VLAN (as in VSTP).

Practical Recommendation for VLAN Grouping

“Juniper recommends using 2–3 MST instances to group VLANs rather than creating one per VLAN, which would mimic VSTP and defeat the purpose.”

This advice is rooted in scalability and resource efficiency. Too many instances increase CPU and memory usage on switches unnecessarily.

• Example:

  • MSTI 0 → VLANs 1–49

  • MSTI 1 → VLANs 50–99

  • MSTI 2 → VLANs 100–200

5. Sample Output of show spanning-tree (Optional but Useful)

Understanding CLI output is essential for interpreting real-time topology roles and verifying configurations.

Sample Output

root bridge            : 32768.00:11:22:33:44:55 (this switch)
designated bridge      : 32768.00:11:22:33:44:55
root port              : none (this switch is the root)
Interface              Role      State     Cost   Prio.Nbr  Type
ge-0/0/1.0             Designated Forwarding 200000 128.1     Edge
ge-0/0/2.0             Root      Forwarding 200000 128.2     P2p
ge-0/0/3.0             Alternate Discarding 200000 128.3     P2p

• Root port: Used to reach the Root Bridge.

• Designated port: Forwarding port for the segment.

• Alternate port: Backup for the Root; blocked unless needed.

• Edge: Port connected to a host (PortFast behavior).

This output helps validate port roles, STP state, and path costs, which are common troubleshooting scenarios.

Summary of Key Enhancements

Area	Key Addition
Native VLAN	Only one VLAN is untagged on trunk links; default is VLAN 1
Root Bridge Election	MAC address is tie-breaker when priority is equal
STP vs. RSTP	RSTP merges Blocking & Listening into Discarding
MSTP Optimization	Group VLANs into 2–3 instances for performance
show spanning-tree	Helps analyze roles, costs, and port states