AOS-CX Simulator - MSTP Lab Guide
AOS-CX Simulator - MSTP Lab Guide
AOS-CX Simulator - MSTP Lab Guide
MSTP Fundamentals
IMPORTANT! THIS GUIDE ASSUMES THAT THE AOS-CX OVA HAS BEEN INSTALLED AND WORKS IN GNS3 OR EVE-NG.
PLEASE REFER TO GNS3/EVE-NG INITIAL SETUP LABS IF REQUIRED.
https://www.eve-ng.net/index.php/documentation/howtos/howto-add-aruba-cx-switch/
TABLE OF CONTENTS
Lab Objective ......................................................................................................................................... 1
Lab Overview ......................................................................................................................................... 1
Lab Network Layout ............................................................................................................................... 2
Lab Tasks .............................................................................................................................................. 2
Task 1 - Lab setup ................................................................................................................................. 2
Task 2 - Configure MSTP and VLAN mappings ..................................................................................... 3
Task 3 - Check configurations and output .............................................................................................. 4
Task 4 - Path Cost ................................................................................................................................. 6
Task 5 - MST timers and tuning ............................................................................................................. 7
Task 5 - Spanning tree protection .......................................................................................................... 8
Appendix – Complete Configurations ................................................................................................... 11
Lab Objective
At the end of this lab you will be able to implement the basic configuration of Multiple Spanning Tree Protocol (MSTP) and
show how MSTP creates a loop free VLAN topology with other Aruba CX switches.
The use case for MSTP is to provide a loop free redundant multipath Layer 2 network. MSTP is the default Spanning Tree
Protocol for Aruba CX switches
For further details on MSTP please refer to the latest Aruba documentation located on https://asp.arubanetworks.com/
Lab Overview
This lab set up is as shown in Figure 1 and Figure 2.This will allow the reader to observe the behavior of MSTP
• MSTP and VLAN mappings. (MSTP is the default STP for Aruba CX switches.)
1
Lab Guide
MSTP
Lab Tasks
Task 1 - Lab setup
For this lab refer to Figure 1 for topology setup .Open each switch console and log in with user “admin” and no password.
Note: Switch X will be configured later in the lab. The Virtual PC (VPC-C) is not required to be configured and just shown to
represent an access port.
configure
hostname <device host name>
int 1/1/1-1/1/3
no routing
no shutdown
int 1/1/2-1/1/3
no routing
no shutdown
• Validate LLDP neighbors appear as expected on each switch. Here we show Switch A output only.
2
Lab Guide
MSTP
If all switches have been configured as shown in Figure 1 you should see Switch B, C and D via Switch A as shown
below using LLDP. It is left to the reader to check other switches respectively.
Now set up MSTP, Root bridges and map VLANs as per Figure 2
• VLAN 10-11 assigned to MSTP instance 1, Root bridge Switch A, Secondary Root bridge Switch B
• VLAN 20-21 assigned to MSTP instance 2 Root bridge Switch B, Secondary Root bridge Switch A
• All other VLANs assigned to the default MSTP 0 as shown below Switch A
Note: Having deterministic Root and Secondary Root bridges is a typically accepted design, these are placed at the Core of
the Layer 2 domain, as shown in Figure 2, where Switch A and Switch B are the core/center of the Layer 2 domain as well as
providing Root redundancy for one another.
• On Switch A add VLAN 10-11 and 20-21. Configure STP making Switch A Root for VLAN 10-11 instance 1 and
Secondary Root for 20-21 instance 2, then trunk all VLANs for interface 1/1/1 to 1/1/3. Here also make Switch A the
Root for the CIST
SwitchA#
configure
vlan 10-11,20-21
exit
spanning-tree
spanning-tree config-name sp1
spanning-tree config-revision 1
3
Lab Guide
MSTP
• On Switch B add VLAN 10-11 and 20-21. Configure STP making Switch B Root for VLAN 20-11 instance 2 and
Secondary Root for 10-11 instance 1,then trunk all VLANs for interface 1/1/1 to 1/1/3.
SwitchB#
configure
vlan 10-11,20-21
exit
spanning-tree
spanning-tree config-name sp1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10-11
spanning-tree instance 2 vlan 20-21
spanning-tree instance 1 priority 1 < ----- MST 1 Secondary Root
spanning-tree instance 2 priority 0 < ----- MST 2 Root
int 1/1/1-1/1/3
vlan trunk allowed all
vlan trunk native 1
exit
• On Switch C and D define the VLANs and add MSTP mapping to VLANs
configure
vlan 10-11,20-21
exit
spanning-tree
spanning-tree config-name sp1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10-11
spanning-tree instance 2 vlan 20-21
int 1/1/2-1/1/3
vlan trunk allowed all
vlan trunk native 1
exit
Above we see the general MSTP configuration, check other switches in the domain, they should all be similar.
• Check configuration and mappings from Switch A. Check System ID matches Root for the MSTP Instance
4
Lab Guide
MSTP
As shown above Switch A is Root for Instance 0 and 1 identified by the System ID, and Instance 2 Root is another device
which is expected to be Switch B based on previous configurations.
As shown above Switch B is Root for Instance 2 based on the identified System ID, and Instance 0 and 1 Root is SwitchA
System ID
Continue to check switch C and D in a similar fashion (not shown in this lab guide)
• Now examine the behavior of ports and their state, by examining spanning tree state. The logical topology in Figure
2 for each switch can be observed showing a loop free Layer 2 topology.
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-
Rx
-------------- -------------- ---------- ---------- ---------- ---------------- ---------- ---------- ---------- -----
1/1/1 Designated Forwarding 20000 128 P2P 32900 28093 10 6
1/1/2 Designated Forwarding 20000 128 P2P 32902 8 8 4
1/1/3 Designated Forwarding 20000 128 P2P 32898 5 2 3
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:8a:14:fa Priority:0
Root Address:08:00:09:8a:14:fa Priority:0
Port:0, Cost:0, Rem Hops:20
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/1 Designated Forwarding 20000 128 P2P 32900 28093 10 6
1/1/2 Designated Forwarding 20000 128 P2P 32902 8 8 4
1/1/3 Designated Forwarding 20000 128 P2P 32898 5 2 3
#### MST2
Vlans mapped: 20,21
Bridge Address:08:00:09:8a:14:fa Priority:4096
Root Address:08:00:09:12:8e:9e Priority:0
Port:1/1/1, Cost:20000, Rem Hops:19
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/1 Root Forwarding 20000 128 P2P 32900 28093 10 6
1/1/2 Designated Forwarding 20000 128 P2P 32902 8 8 4
1/1/3 Designated Forwarding 20000 128 P2P 32898 5 2 3
5
Lab Guide
MSTP
As shown above Switch A for instance 0 and 1 all ports are Designated and Forwarding, instance 2 has a Root port 1/1/1
towards Switch B the Root switch for VLANs 20-21, and other ports are Designated Forwarding leading to Switch C and D
respectively.
The reader can continue to check switch B, C and D in a similar fashion (not shown in this lab guide) and build a logical
picture of the MSTP instances as shown in Figure 2
• In Figure 3 below the Root port path cost to the Root Switch A from Switch D perspective is 20,000 via port 1/1/3
• The next alternate path is via 1/1/2 with the next lowest path being through Switch B port 1/1/1 . This next alternate
best path cost is 40,000 (20,000 (Switch D interface 1/1/2) + 20,000 (Switch B interface 1/1/1)) and is the
summation of associated link cost.
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:ee:11:82 Priority:32768
Root Address:08:00:09:8a:14:fa Priority:0
Port:1/1/3, Cost:20000, Rem Hops:19
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/2 Alternate Blocking 20000 128 P2P 25 41592 1 4
1/1/3 Root Forwarding 20000 128 P2P 31 41590 3 2
Above we see the local path costs on Switch D, port 1/1/3 being the Forwarding Root port and 1/1/2 being the Blocked
Alternate port
• Now manipulate the cost to change the MSTP instance 1 topology from Switch D perspective, by changing the cost
on Root port. To influence a change in this topology we need to increase cost to greater than 40,000, based on our
earlier calculation.
SwitchD#
configure
int 1/1/3
spanning-tree instance 1 cost 40001 < ----- change the path cost on the interface to 40001 or more
exit
#### MST1
Vlans mapped: 10,11
6
Lab Guide
MSTP
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/2 Root Forwarding 20000 128 P2P 28 79916 1 4
1/1/3 Alternate Blocking 40001 128 P2P 34 79914 3 2
As shown above by manipulating the path cost the behavior of the ports roles were changed.
Note Default cost is calculated based on port link speed for the Aruba CX OVA the ports simulate 1GbEs and are set to
20,000. Please refer to Layer 2 birding guide to get the path cost for various speed ports.
Detailed information around STP timers is beyond the scope of this lab guide. However, it is possible to change some MSTP
timers to tune and improve convergence time. However, use of such parameters depends on design and architecture of a
network as it can impact switch resources under certain conditions.
• spanning-tree forward-delay is the time spent in the listening and learning state. This time is equal to 15
seconds by default, and can be tuned between 4 and 30 seconds
• spanning-tree hello-time is the time between each Bridge Protocol Data Unit (BPDU) that are sent on a port.
The default is 2 seconds and can be tuned between 2 and 10 sec.
• spanning-tree max-age is the interval, specified in the BPDU, that BPDU data remains valid after its reception.
The bridge re-computes the spanning tree topology if it does not receive a new BPDU before max-age expiry.
Default is 20 Seconds and can be changed between 6 and 20 Seconds.
The above three parameters are mentioned for completeness. For this lab guide we will explore :
• spanning-tree port-type admin-edge which is primarily designed to optimize ports that are connected to end
points to allow the ports to transition directly to forwarding, circumventing the learning and listening phase.
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:16:7b:7e Priority:32768
Root Address:08:00:09:8a:14:fa Priority:0
Port:1/1/2, Cost:20000, Rem Hops:19
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/2 Root Forwarding 20000 128 P2P 0 2 0 0
1/1/3 Alternate Blocking 20000 128 P2P 0 2 0 0
1/1/9 Designated Forwarding 20000 128 P2P 2 0 0 0
In the above we can see the newly configured switch port act like a regular P2P port and we know that it will go into a
learning and listening phase which is undesirable for ports connected to endpoints.
7
Lab Guide
MSTP
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:16:7b:7e Priority:32768
Root Address:08:00:09:8a:14:fa Priority:0
Port:1/1/2, Cost:20000, Rem Hops:19
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/2 Root Forwarding 20000 128 P2P 0 2195 0 0
1/1/3 Alternate Blocking 20000 128 P2P 0 2195 0 0
1/1/9 Designated Forwarding 20000 128 P2P Edge 1028 0 0 0
In the above we can now see the newly configured switch port is in a different mode “P2P Edge”. This port will now go into
forwarding mode when an endpoint is connected.
BPDU protection secures the active MSTP topology by preventing spoofed BPDU packets from entering the MSTP
domain. Typically BPDU protection would be applied to edge ports connected to end user devices that do not run MSTP. If
MSTP BPDU packets are received on a protected port, this feature disables the port and an alerts can be sent out
accordingly.
Observe the output on Switch D. It can be observed that the port 1/1/8 is disabled as we received a BPDU on port 1/1/8
from Switch X. Timeouts can be configured to re-enable the port, not covered in this guide.
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:ee:11:82 Priority:32768
Root Address:08:00:09:8a:14:fa Priority:0
Port:1/1/2, Cost:40000, Rem Hops:18
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/2 Root Forwarding 20000 128 P2P 9 210294 0 8
1/1/3 Alternate Blocking 40001 128 P2P 11 210295 4 4
1/1/8 Disabled Bpdu-Error 20000 128 P2P 31 0 0 0
Below observe the state of the interface 1/1/8 is down as expected, due to Bpdu-Error.
SwitchD#show int 1/1/8
8
Lab Guide
MSTP
Description:
Hardware: Ethernet, MAC Address: 08:00:09:ee:11:82
MTU 1500
Type --
Full-duplex
qos trust none
Speed 1000 Mb/s
Auto-negotiation is on
Flow-control: off
Note: On Switch X OVA Simulator toggle the port “shut” to “no shut” may be required to enable BPDU initially.
Root Protection. Secures the active MSTP topology by preventing other switches declaring their ability to propagate
superior BPDU, containing both better information on the root bridge and path cost to the root bridge,
which would normally replace the current root bridge selection.
In this lab setup enable Root guard on Switch A 1/1/2 and Switch B 1/1/3 respectively and then try and make Switch C the
Root for Instance 1 and observe the behavior.
SwitchA#
configure
interface 1/1/2
spanning-tree root-guard
exit
SwithB#
configure
interface 1/1/3
spanning-tree root-guard
exit
SwitchC#
configure
spanning-tree instance 1 priority 0 < ----- Make Switch C Root for instance 1
exit
Below observe that or instance 1 both Switch A and B ports go into Root Inconsistent Alternate for instance 1. Thus
protecting the rest of the network from the information that Switch C is sending “better” BPDUs, and maintaining Layer 2
stability.
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-
Rx
-------------- -------------- ---------- ---------- ---------- ---------------- ---------- ---------- ---------- -----
1/1/1 Designated Forwarding 20000 128 P2P 217571 217573 11 14
1/1/2 Designated Forwarding 20000 128 P2P 217566 565 15 8
1/1/3 Designated Forwarding 20000 128 P2P 217573 27 13 7
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:8a:14:fa Priority:0
Root Address:08:00:09:8a:14:fa Priority:0
Port:0, Cost:0, Rem Hops:20
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/1 Designated Forwarding 20000 128 P2P 217571 217573 11 14
1/1/2 Alternate Root-Inc 20000 128 P2P 217566 565 15 8
1/1/3 Designated Forwarding 20000 128 P2P 217573 27 13 7
#### MST2
Vlans mapped: 20,21
Bridge Address:08:00:09:8a:14:fa Priority:4096
9
Lab Guide
MSTP
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/1 Root Forwarding 20000 128 P2P 217571 217573 11 14
1/1/2 Designated Forwarding 20000 128 P2P 217566 565 15 8
1/1/3 Designated Forwarding 20000 128 P2P 217573 27 13 7
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-
Rx
-------------- -------------- ---------- ---------- ---------- ---------------- ---------- ---------- ---------- -----
1/1/1 Root Forwarding 20000 128 P2P 217900 217897 14 11
1/1/2 Designated Forwarding 20000 128 P2P 217902 25 13 1
1/1/3 Designated Forwarding 20000 128 P2P 217900 895 12 2
#### MST1
Vlans mapped: 10,11
Bridge Address:08:00:09:12:8e:9e Priority:4096
Root Address:08:00:09:8a:14:fa Priority:0
Port:1/1/1, Cost:20000, Rem Hops:19
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/1 Root Forwarding 20000 128 P2P 217900 217897 14 11
1/1/2 Designated Forwarding 20000 128 P2P 217902 25 13 1
1/1/3 Alternate Root-Inc 20000 128 P2P 217900 895 12 2
#### MST2
Vlans mapped: 20,21
Bridge Address:08:00:09:12:8e:9e Priority:0
Root Address:08:00:09:12:8e:9e Priority:0
Port:0, Cost:0, Rem Hops:20
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
-------------- -------------- ---------- ------- ---------- ---------------- ---------- ---------- ---------- --------
1/1/1 Designated Forwarding 20000 128 P2P 217900 217897 14 11
1/1/2 Designated Forwarding 20000 128 P2P 217902 25 13 1
1/1/3 Designated Forwarding 20000 128 P2P 217900 895 12 2
10
Lab Guide
MSTP
• If configs are the same, try powering off/powering on the switches to reboot them
Switch A
hostname SwitchA
!
!
ssh server vrf mgmt
vlan 1,10-11,20-21
spanning-tree
spanning-tree priority 0
spanning-tree config-name sp1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10,11
spanning-tree instance 1 priority 0
spanning-tree instance 2 vlan 20,21
spanning-tree instance 2 priority 1
interface mgmt
no shutdown
ip dhcp
interface 1/1/1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
interface 1/1/2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
spanning-tree root-guard
interface 1/1/3
no shutdown
no routing
vlan trunk native 1
Switch B
hostname SwithcB
!
!
ssh server vrf mgmt
vlan 1,10-11,20-21
spanning-tree
spanning-tree config-name sp1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10,11
spanning-tree instance 1 priority 1
spanning-tree instance 2 vlan 20,21
spanning-tree instance 2 priority 0
interface mgmt
no shutdown
ip dhcp
interface 1/1/1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
interface 1/1/2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
interface 1/1/3
no shutdown
11
Lab Guide
MSTP
no routing
vlan trunk native 1
vlan trunk allowed all
spanning-tree root-guard
!
!
https-server vrf mgmt
Switch C
hostname SwitchC
!
!
ssh server vrf mgmt
vlan 1,10-11,20-21
spanning-tree
spanning-tree config-name sp1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10,11
spanning-tree instance 1 priority 0
spanning-tree instance 2 vlan 20,21
interface mgmt
no shutdown
ip dhcp
interface 1/1/2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
interface 1/1/3
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
interface 1/1/9
no shutdown
no routing
vlan access 10
spanning-tree port-type admin-edge
!
!
https-server vrf mgmt
Switch D
hostname SwitchD
!
!
ssh server vrf mgmt
vlan 1,10-11,20-21
spanning-tree
spanning-tree config-name sp1
spanning-tree config-revision 1
spanning-tree instance 1 vlan 10,11
spanning-tree instance 2 vlan 20,21
interface mgmt
no shutdown
ip dhcp
interface 1/1/2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
spanning-tree instance 2 cost 40001
interface 1/1/3
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
spanning-tree instance 1 cost 40001
interface 1/1/8
no shutdown
no routing
vlan access 10
spanning-tree bpdu-guard
!
12
Lab Guide
MSTP
!
https-server vrf mgmt
Switch X
hostname SwitchX
!
ssh server vrf mgmt
vlan 1
spanning-tree
interface mgmt
no shutdown
ip dhcp
interface 1/1/8
no shutdown
no routing
vlan access 1
!
!
!
!
!
https-server vrf mgmt
13
www.arubanetworks.com
3333 Scott Blvd. Santa Clara, CA 95054
1.844.472.2782 | T: 1.408.227.4500 | FAX: 1.408.227.4550 | [email protected]
14