CCNPv7.

1 SWITCH

Chapter 4 Lab 4-2– Multiple Spanning Tree

Topology.

Objectives
• Implement Multiple Spanning Tree
• Leverage VTP version 3 with MST

Background
Cisco’s Per VLAN Spanning Tree (PVST) provides a significant step up from standard spanning tree in terms of
flexibility, allowing each VLAN to have its own independent spanning tree, thereby make better use of available
links in the network. A drawback to PVST is that there is an instance of PVST running for each VLAN in the
network, regardless of whether there are actually different spanning-tree topologies required. This presents the
potential for overwhelming the switch CPU and memory. Additionally, Cisco switches like those used in these labs
allow only a limited number of PVST instances – usually 128. If more than 128 VLANs are created, some of them
will not have any STP running, and therefore not have any switching loop protection. PVST and Rapid PVST are
simply unusable in that kind of environment. Lastly, PVST and Rapid PVST are Cisco-proprietary protocols and
generally unusable in mixed vendor environments.

Cisco was involved in the early development of Multiple Spanning Tree. MST was standardized as IEEE 802.1s in
2002 and merged into 802.1Q in 2005. MST is an open protocol derived from RSTP, sharing all its rapid
convergence properties, and in fact, the only standardized spanning-tree protocol for VLAN-based networks
supported by multiple vendors. MST is a compromise between common spanning-tree and per-VLAN spanning
tree. An MST instance represents a unique spanning-tree topology. Multiple MST instances can be created to
account for each of the required spanning-tree topologies in a network, and an arbitrary number of VLANs can be
mapped to a single MST instance.

In this lab you will set up two instances of MST, one for VLANs 99 and 100 and the other for VLANs 110 and 120.
All other VLANs will be mapped to the default MST instance (also referred to as IST or Internal Spanning Tree).
Note: This lab uses Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2)SE6 IP Services and LAN
Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates “dual-ipv4-and-
ipv6 routing” and “lanbase-routing”, respectively. Depending on the switch model and Cisco IOS Software version,
the commands available and output produced might vary from what is shown in this lab. Catalyst 3650 switches
(running any Cisco IOS XE release) and Catalyst 2960-Plus switches (running any comparable Cisco IOS image)
can be used in place of the Catalyst 3560 switches and the Catalyst 2960 switches.

Required Resources
• 2 Cisco 2960 with the Cisco IOS Release 15.0(2)SE6 C2960-LANBASEK9-M or comparable
• 2 Cisco 3560v2 with the Cisco IOS Release 15.0(2)SE6 C3560-IPSERVICESK9-M or comparable
• Computer with terminal emulation software
• Ethernet and console cables

Step 1: Prepare the switches for the lab

Use the reset.tcl script you created in Lab 1 “Preparing the Switch” to set your switches up for this lab. Then
load the file BASE.CFG into the running-config with the command copy flash:BASE.CFG running-config. An
example from DLS1:

DLS1# tclsh reset.tcl

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Reloading the switch in 1 minute, type reload cancel to halt

Proceed with reload? [confirm]

*Mar 7 18:41:40.403: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

*Mar 7 18:41:41.141: %SYS-5-RELOAD: Reload requested by console. Reload Reason:
Reload command.
<switch reloads - output omitted>

Would you like to enter the initial configuration dialog? [yes/no]: n

Switch> en
*Mar 1 00:01:30.915: %LINK-5-CHANGED: Interface Vlan1, changed state to
administratively down
Switch# copy BASE.CFG running-config
Destination filename [running-config]?
184 bytes copied in 0.310 secs (594 bytes/sec)
DLS1#

Step 2: Configure Trunking

Next configure interfaces F0/7 through F0/12 as 802.1Q trunk ports on all four switches. Additionally,
configure all four switches VTP Servers. An example from DLS1:
DLS1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)# vtp mode server
Setting device to VTP Server mode for VLANS.
DLS1(config)# int ran f0/7-12
DLS1(config-if-range)# switchport trunk encap dot1q
DLS1(config-if-range)# switchport trunk native vlan 666
DLS1(config-if-range)# switchport trunk allowed vlan except 1,999
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# switchport nonegotiate
DLS1(config-if-range)# no shut
DLS1(config-if-range)# exit
DLS1(config)#
Step 3: Configure VTP and VLANs
To simplify the lab configuration, configure VTP version 2 on DLS1 with no password, and configure VLANs
for use in the network. This configuration will propagate to the other switches in the network.
DLS1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)# vtp domain SWLAB
Changing VTP domain name from NULL to SWLAB
DLS1(config)# vtp version 2
DLS1(config)# vlan 99
DLS1(config-vlan)# name MANAGEMENT
DLS1(config-vlan)# vlan 100
DLS1(config-vlan)# name SERVERS
DLS1(config-vlan)# vlan 110
DLS1(config-vlan)# name GUEST
 DLS1(config-vlan)# vlan 120
DLS1(config-vlan)# name OFFICE
DLS1(config-vlan)# vlan 999
DLS1(config-vlan)# name PARKING_LOT
DLS1(config-vlan)# state suspend
DLS1(config-vlan)# vlan 666
DLS1(config-vlan)# name NATIVE_DO_NOT_USE
DLS1(config-vlan)# exit
*Mar 1 00:18:41.431: %SW_VLAN-6-VTP_DOMAIN_NAME_CHG: VTP domain name changed to
SWLAB.
DLS1(config)#

Verify that all of the VLANs propagate and that there is a single root bridge for all of the VLANs.

Step 4: Implement Multiple Spanning Tree

In this step you will implement MST on DLS1 and DLS2; we will ignore ALS1 and ALS2 for now.
Issue the global configuration command spanning-tree mode mst and then the privileged exec
command clear spanning-tree detected-protocols.
An example from DLS1:
DLS1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)# spanning-tree mode mst
DLS1(config)#exit
DLS1# clear spanning-tree detected-protocols
DLS1#
DLS1# show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 32768
Step 5: Observe default MST configuration
At this point, MST is running with default parameters. On DLS1, issue the command show spanning-tree
mst configuration to see the configuration information:

DLS1# show span mst configuration

Name []
Revision 0 Instances configured 1

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-4094
-------------------------------------------------------------------------------
DLS1#

The output diplays:

• The region is un-named
• The revision number is 0
• There is one instance of MST, number 1, and VLANS 1-4094 are mapped to that instance
For MST to work, the region must be named and given a revision number (this revision number does not work
like VTP, it is just an administrator-assigned value). All the switches in the same region must have the same
region name and revision number, and have the same VLAN-to-instance mapping.

Step 6: Manually Configure MST

Now configure MST on both DLS1 and DLS2 with the following information (you must configure each switch
manually):
• Region Name: CCNP
• Revision Number: 1
• VLAN Mappings: Instance 1: VLAN 99 and VLAN 100

MST region configuration is performed in a special mode under the global configuration that is entered using
the spanning-tree mst configuration command. You have to make the changes and exit from
configuration mode to have the changes applied; the changes are not applied until you exit. While in MST
configuration mode, you can use the show current and show pending commands to see how the
configuration stands. From DLS1:

DLS1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)# spanning-tree mst configuration
DLS1(config-mst)# name CCNP
DLS1(config-mst)# revision 1
DLS1(config-mst)# instance 1 vlan 99,100
DLS1(config-mst)#
DLS1(config-mst)# show current
Current MST configuration
Name []
Revision 0 Instances configured 1

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-4094
-------------------------------------------------------------------------------
DLS1(config-mst)#
DLS1(config-mst)# show pending
Pending MST configuration
Name [CCNP]
Revision 1 Instances configured 2

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-98,101-4094
1 99-100
-------------------------------------------------------------------------------
DLS1(config-mst)#
DLS1(config-mst)#exit
DLS1(config)#end
DLS1#
DLS1# show span mst config
Name [CCNP]
Revision 1 Instances configured 2

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-98,101-4094
1 99-100
-------------------------------------------------------------------------------
DLS1#
Wait a moment to let the topology settle and then issue the show spanning-tree mst command on
DLS1:
DLS1# show spanning-tree mst

##### MST0 vlans mapped: 1-98,101-4094

Bridge address e840.406f.7280 priority 32768 (32768 sysid 0)
Root address e840.406f.6e00 priority 32768 (32768 sysid 0)
port Fa0/11 path cost 0
Regional Root address e840.406f.6e00 priority 32768 (32768 sysid 0)
internal cost 200000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BLK 200000 128.9 P2p Bound(PVST)
Fa0/8 Desg BLK 200000 128.10 P2p Bound(PVST)
Fa0/9 Desg BLK 200000 128.11 P2p Bound(PVST)
Fa0/10 Desg BLK 200000 128.12 P2p Bound(PVST)
Fa0/11 Root FWD 200000 128.13 P2p
Fa0/12 Altn BLK 200000 128.14 P2p

##### MST1 vlans mapped: 99-100

Bridge address e840.406f.7280 priority 32769 (32768 sysid 1)
Root address e840.406f.6e00 priority 32769 (32768 sysid 1)
port Fa0/11 cost 200000 rem hops 19

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg BLK 200000 128.9 P2p Bound(PVST)
Fa0/8 Desg BLK 200000 128.10 P2p Bound(PVST)
Fa0/9 Desg BLK 200000 128.11 P2p Bound(PVST)
 Fa0/10 Desg BLK 200000 128.12 P2p Bound(PVST)
Fa0/11 Root FWD 200000 128.13 P2p
Fa0/12 Altn BLK 200000 128.14 P2p

DLS1

As you can see from the output above, the VLANs are mapped to the correct instance and the root bridge for
instance 1 is not the local switch (it is DLS2 in this case).
Notice the type entry P2p Bound(PVST). This is the entry shown when the device connected at the other
end of the given interface is not running MST; in this case, ALS1 and ALS2 are running the default PVST.

Step 7: Propagate MST configurations with VTP

Manual configuration of MST is not particularly difficult until the network scales to a large size. For switches to
form a single MST region, they must match in all region parameters: region name, configuration revision,
VLAN-to-instance mappings. Switches that differ in their MST region configuration will form separate regions,
each region having its own internal root bridges for the defined MST instances and independent internal
topologies. While having multiple regions is not an error per se, and some large networks are even partitioned
into multiple regions intentionally, running multiple MST regions as a result of region misconfiguration is
undesirable.
VTP version 3 allows for the sharing of the MST database amongst switches, which simplifies this process
considerably.
To use VTP version 3 to propagate the MST region configuration to all switches in the VTP domain, convert
all switches to VTP version 3 and set them as servers or clients for MST. Then designate one switch as the
VTP primary for MST. Do not forget to activate MST on all switches; VTP version 3 will synchronize only the
region configuration across all switches and will not affect the STP version running on the switch.
From DLS2:
DLS2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS2(config)# vtp version 3
DLS2(config)#
*Mar 1 00:49:27.386: %SW_VLAN-6-OLD_CONFIG_FILE_READ: Old version 2 VLAN
configuration file detected and read OK. Version 3
files will be written in the future.
DLS2(config)#
DLS2(config)# vtp mode server mst
Setting device to VTP Server mode for MST.
DLS2(config)# end
 DLS2# vtp primary mst
This system is becoming primary server for feature mst
No conflicting VTP3 devices found.
Do you want to continue? [confirm]
DLS2#
*Mar 1 00:55:45.217: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: e840.406f.7380 has become the
primary server for the MST VTP feature

From ALS1 (the same configuration must be applied at ALS2):

ALS1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ALS1(config)# spanning-tree mode mst
ALS1(config)# vtp version 3
ALS1(config)# vtp mode server mst
Setting device to VTP Server mode for MST.
ALS1(config)# end
 Note: An identical MST region configuration will be propagated to all switches within a VTPv3 domain, and
consequently they will all form a single region. As a result, there is always a one-to-one mapping between a
VTPv3 domain and an MST region.

Step 8: Verify Initial MST Configuration

After the entire configuration is done, VTP version 3 will propagate the MST configuration to the other
switches. Verify this by checking ALS2:

ALS2# show spanning-tree mst configuration

Name [CCNP]
Revision 1 Instances configured 2

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-98,101-4094
1 99-100
-------------------------------------------------------------------------------

ALS2# show span mst

##### MST0 vlans mapped: 1-98,101-4094

Bridge address 5017.ff84.0a80 priority 32768 (32768 sysid 0)
Root this switch for the CIST
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 200000 128.7 P2p
Fa0/8 Desg FWD 200000 128.8 P2p
Fa0/9 Desg FWD 200000 128.9 P2p
Fa0/10 Desg FWD 200000 128.10 P2p
Fa0/11 Desg FWD 200000 128.11 P2p
Fa0/12 Desg FWD 200000 128.12 P2p
 ##### MST1 vlans mapped: 99-100
Bridge address 5017.ff84.0a80 priority 32769 (32768 sysid 1)
Root this switch for MST1

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 200000 128.7 P2p
Fa0/8 Desg FWD 200000 128.8 P2p
Fa0/9 Desg FWD 200000 128.9 P2p
Fa0/10 Desg FWD 200000 128.10 P2p
Fa0/11 Desg FWD 200000 128.11 P2p
Fa0/12 Desg FWD 200000 128.12 P2p

Step 9: Modify MST Configuration

To further illustrate the convenience of MST and VTP version 3, add another instance on DLS2, mapping
VLANs 110 and 120 to it.

DLS2# conf t
 Enter configuration commands, one per line. End with CNTL/Z.
DLS2(config)# spanning-tree mst config
DLS2(config-mst)# instance 2 vlan 110,120
DLS2(config-mst)# show pending
Pending MST configuration
Name [CCNP]
Revision 1 Instances configured 3

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-98,101-109,111-119,121-4094
1 99-100
2 110,120
-------------------------------------------------------------------------------
DLS2(config-mst)#
DLS2(config-mst)# exit
DLS2(config)# end
DLS2#

And then verify on that the changes propagated to another switch:

DLS1# show span mst config

Name [CCNP]
Revision 1 Instances configured 3

Instance Vlans mapped

-------- ---------------------------------------------------------------------
0 1-98,101-109,111-119,121-4094
1 99-100
2 110,120
DLS1# show span mst

##### MST0 vlans mapped: 1-98,101-109,111-119,121-4094

Bridge address e840.406f.7280 priority 32768 (32768 sysid 0)
Root address 5017.ff84.0a80 priority 32768 (32768 sysid 0)
port Fa0/9 path cost 0
Regional Root address 5017.ff84.0a80 priority 32768 (32768 sysid 0)
internal cost 200000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Altn BLK 200000 128.9 P2p
Fa0/8 Altn BLK 200000 128.10 P2p
Fa0/9 Root FWD 200000 128.11 P2p
Fa0/10 Altn BLK 200000 128.12 P2p
Fa0/11 Altn BLK 200000 128.13 P2p
Fa0/12 Altn BLK 200000 128.14 P2p

##### MST1 vlans mapped: 99-100

Bridge address e840.406f.7280 priority 32769 (32768 sysid 1)
Root address 5017.ff84.0a80 priority 32769 (32768 sysid 1)
port Fa0/9 cost 200000 rem hops 19

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Altn BLK 200000 128.9 P2p
Fa0/8 Altn BLK 200000 128.10 P2p
Fa0/9 Root FWD 200000 128.11 P2p
Fa0/10 Altn BLK 200000 128.12 P2p
Fa0/11 Altn BLK 200000 128.13 P2p
Fa0/12 Altn BLK 200000 128.14 P2p
 ##### MST2 vlans mapped: 110,120
Bridge address e840.406f.7280 priority 32770 (32768 sysid 2)
Root address 5017.ff84.0a80 priority 32770 (32768 sysid 2)
port Fa0/9 cost 200000 rem hops 19

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Altn BLK 200000 128.9 P2p
Fa0/8 Altn BLK 200000 128.10 P2p
Fa0/9 Root FWD 200000 128.11 P2p
Fa0/10 Altn BLK 200000 128.12 P2p
Fa0/11 Altn BLK 200000 128.13 P2p
Fa0/12 Altn BLK 200000 128.14 P2p

Step 10: Manipulate the spanning tree

To this point, we have left election of the root bridge up to the protocol defaults (which are the same as PVST
with the exception of port cost values), still based on the physical interface’s bandwidth which use much
larger numbers.

An example of the show spanning-tree root command at DLS1 provides proof that the root bridge is
elsewhere:
DLS1# show spanning-tree root

Root Hello Max Fwd

MST Instance Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
MST0 32768 5017.ff84.0a80 0 2 20 15 Fa0/9
MST1 32769 5017.ff84.0a80 200000 2 20 15 Fa0/9
MST2 32770 5017.ff84.0a80 200000 2 20 15 Fa0/9
DLS1#
Port costs, which are summed to find a path cost in the quest for a root bridge, are different in MST:
• 10 Mbps—2,000,000
• 100 Mbps—200,000
• 1 Gigabit Ethernet—20,000
• 10 Gigabit Ethernet—2,000

MST uses the same basic commands and values to manipulate the operation.

To manually configure a bridge to be the primary MST root, use the command spanning-tree mst
instance-list root {primary | secondary} global configuration command. You can also manually
set the bridge priority using the spanning-tree mst instance-list priority priority global
configuration command. In the example below, DLS1 is configured as the primary root for instance 0 and 1,
and the secondary root for instance 2:

DLS1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS1(config)# spanning-tree mst 0-1 root primary
DLS1(config)# spanning-tree mst 2 root secondary
DLS1(config)# end
DLS1#

DSL2 is configured with a complementary set of instructions; root primary for instance 2 and root secondary
for instances 0 and 1:

DLS2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS2(config)# spanning-tree mst 0-1 root secondary
DLS2(config)# spanning-tree mst 2 root primary
DLS2(config)# end
DLS2#
The results of these configuration changes are evident using the show spanning-tree root command.
From ALS1, which shows Fa0/7 (connected to DLS1) as the Root Port for instances 0 and 1 and Fa0/9
(connected to DLS2) for instance 2:

ALS1# show spanning-tree root

Root Hello Max Fwd

MST Instance Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
MST0 24576 e840.406f.7280 0 2 20 15 Fa0/7
MST1 24577 e840.406f.7280 200000 2 20 15 Fa0/7
MST2 24578 e840.406f.6e00 200000 2 20 15 Fa0/9
ALS1#

As with PVST, Root Port selection is based on total path cost to the root bridge. Path cost is the sum of Port
Costs. You can configure the port costs using the spanning-tree mst instance cost value
interface configuration command, which sets the cost for that instance alone.

As an implementation example, we will shutdown interfaces Fa0/9-10 on DLS2 and then change the port cost
value of ALS2’s interface Fa0/7 to a lower number, causing the spanning tree for instance 2 to go through
ALS2.
On ALS2:
ALS2# config t
ALS2(config)# int f0/1
ALS2(config-if)# spanning-tree mst 2 cost 1000
ALS2(config-if)# exit
ALS2(config)# end
 On DLS2:
DLS2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
DLS2(config)# interface ran e0/3,e1/0
DLS2(config-if-range)# shutdown
DLS2(config-if-range)# end

And then finally examining ALS1:

ALS1# show spanning-tree root
Root Hello Max Fwd
MST Instance Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
MST0 24576 e840.406f.7280 0 2 20 15 Fa0/7
MST1 24577 e840.406f.7280 200000 2 20 15 Fa0/7
MST2 24578 e840.406f.6e00 201000 2 20 15 Fa0/11
ALS1#

Step 11: End of Lab

Do not save your configurations. The equipment will be reset for the next lab.