首先我们要了解的是sw1与sw2之间的F1/15是trunk,所以这两个端口不参与选举。那么根据规则BID最小的被选为根交换机,所以我们看到已经选出了根交换机sw1。
SW1\SW2\SW3\SW4\SW5\SW6
所有的交换机都是100M所以,端口优先级都是默认的128,端口成本也是默认的19
其中SW3\SW4\SW5\连接SW2的端口都处于block状态,未能有效使用其带宽。
下级交换机未使用backbonefast和uplinkfast 优化参数,当拓扑发生改变时,收敛时间较长,影响实时网络业务运行效果。
上级交换机未使用bpduguard、root guard、bpdu filter保护根交换机选举权,存在安全隐患,会被异常的交换机改变拓扑结构,引发网络异常。
--------------------------------------------------------------------------------------
二、优化建议
1.最好通过spanning-tree vlan xx root 命令,明确标示根交换机。
2在接入层交换机下连接口上启用portfast BPDU Guard,保护根交换机的存在性,拒绝非法交换机接入.
3.在接入层交换机上连链路上启用uplinkfast 命令, 优化stp收敛时间;
在冗余主干交换机上启用backbonefast命令, 优化stp收敛时间。
4.最好不要在生产环境中使用默认vlan1来工作,建议创建新的vlan来放置端口,以防备vlan攻击发生。
5.SW1\SW2\——SW3\SW4\SW5\之间的链路配置为trunk,中继流量,使端口处于转发状态,或者增加链路汇聚成channel用以增加带宽。
---------------------------------------------------------------------------------------
三、实施
1.创建vlan10、vlan20并指定sw1为vlan1和vlan2的primary root bridge,为vlan20 的secondary root bridge
|
SW1(config)#spanning-tree vlan 1 root primary % This switch is already the root of VLAN1 spanning tree VLAN 1 bridge priority set to 8192 VLAN 1 bridge max aging time unchanged at 20 VLAN 1 bridge hello time unchanged at 2 VLAN 1 bridge forward delay unchanged at 15 SW1(config)#spanning-tree vlan 10 root primary % This switch is already the root of VLAN10 spanning tree VLAN 10 bridge priority set to 8192 VLAN 10 bridge max aging time unchanged at 20 VLAN 10 bridge hello time unchanged at 2 VLAN 10 bridge forward delay unchanged at 15 SW1(config)#spanning-tree vlan 20 root sec VLAN 20 bridge priority set to 16384 VLAN 20 bridge max aging time unchanged at 20 VLAN 20 bridge hello time unchanged at 2 VLAN 20 bridge forward delay unchanged at 15 SW1(config)#int rang f1/1 - 3 SW1(config-if-range)#switchport trunk encapsulation dot1q SW1(config-if-range)#switchport mode trunk SW1(config-if-range)#switchport *Mar 1 01:56:47.039: %DTP-5-TRUNKPORTON: Port Fa1/1-3 has become dot1q trunk SW1(config-if-range)#switchport trunk allowed vlan all SW1(config-if-range)#exi |
sw2 为为vlan1和vlan2的secondary root bridge,为vlan20 的primary root bridge
|
SW2(config)#spanning-tree vlan 1 root sec |
在接入层交换机上连链路上启用uplinkfast 命令, 优化stp收敛时间
|
SW3(config)# *Mar 1 03:46:47.719: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN1 FastEthernet1/2 moved to Forwarding (UplinkFast). |
在冗余主干交换机上启用backbonefast命令, 优化stp收敛时间
显示最终结果
|
SW1#show spanning-tree brief
VLAN1
Bridge ID Priority 8192
Interface Designated
Bridge ID Priority 8192
Interface Designated
Bridge ID Priority 16384 Interface Designated Name Port ID Prio Cost Sts Cost Bridge ID Port ID -------------------- ------- ---- ----- --- ----- -------------------- ------- FastEthernet1/1 128.42 128 19 FWD 19 16384 c007.00c0.0002 128.42 FastEthernet1/2 128.43 128 19 FWD 19 16384 c007.00c0.0002 128.43 FastEthernet1/3 128.44 128 19 FWD 19 16384 c007.00c0.0002 128.44 FastEthernet1/15 128.56 128 19 FWD 0 8192 c008.00c0.0002 128.56 |
|
SW2#show spanning-tree brief
VLAN1
Bridge ID Priority 16384
Interface Designated
Bridge ID Priority 16384
Interface Designated
Bridge ID Priority 8192 Interface Designated Name Port ID Prio Cost Sts Cost Bridge ID Port ID -------------------- ------- ---- ----- --- ----- -------------------- ------- FastEthernet1/1 128.42 128 19 FWD 0 8192 c008.00c0.0002 128.42 FastEthernet1/2 128.43 128 19 FWD 0 8192 c008.00c0.0002 128.43 FastEthernet1/3 128.44 128 19 FWD 0 8192 c008.00c0.0002 128.44 FastEthernet1/15 128.56 128 19 FWD 0 8192 c008.00c0.0002 128.56 |
