Spanning Tree

Packet Captures

Sections:

Lab Topology

Scenario 

  • Goal is to examine the 802.1D Spanning Tree packets between switches in the STP domain
  • In this example I have set up a SPAN or Port Mirroring session to analyze the packets sent by Gi1/0/21 & Gi1/0/25 on HQ-Core-SW1
  • This captured outbound traffic is then copied and funneled out towards the Wireshark Analyzer off of port Gi1/0/2 on HQ-Core-SW1
  • In the later topic sections SPAN will be discussed in further detail

802.1D BPDU Packets 

Overview:

  • In 802.1D only the Root switch initiates BPDUs as per the hello timer configuration and are forwarded out of all Designated ports:
    • Non-root switches do not originate their own BPDUs
    • Hello Timer of the Root switch will take precedence over the timers configured on non-root switches
  • When a BPDU is received by a non-root switch of its root port, it will forward those Root Bridge originated BPDUs out of all its Designated ports
  • These non-root switches will not forward these BPDUs out through its root port nor any blocking ports
  • This is why Backbone Fast, a core STP network concept, is recommended to be configured globally in cases when non-root switches stop receiving BPDUs from the upstream root switch

Multicast Address: 

  • Both PVST and RPVST Cisco standards use the same multicast address for exchanging BPDUs in the Spanning Tree domain - 01:00:0c:cc:cc:cd

Root Switch Originating Packet

Packet Capture Notes:

  • Originating BPDU from the root switch HQ-Core-SW1 
    • Source Ethernet MAC: G1/0/25 on HQ-Core-SW1
    • Destination Ethernet MAC: Multicast to all switches
    • Protocol Version: STP
    • Root Path Cost: 0
    • Bridge Identifier/Root Identifier: HQ-Core-SW1
    • Bridge Priority: 4096
    • Timers
      • Max Age: 20sec
      • Hello Time: 2sec
      • Forward Delay: 15sec

Packet Capture Notes

  • Originating BPDU from the root switch HQ-Core-SW1 
    • Ethernet MAC Source: F0/1 on HQ-Distro-SW2
    • Ethernet Destination: Multicast to all switches
    • Protocol Version: STP
    • Bridge Identifier: HQ-Distro-SW2
    • Root Identifier: HQ-Core-SW1
    • Bridge Priority: 8192 (less preferred than Root switch)

802.1W BPDU Packets

Overview:

  • In RPVST, all switches originate their own BPDUs per their own configured hello timers and thus continue to forward out BPDUs even if the root switch goes offline

Root Switch Originating Packet 

Packet Capture Notes

  • Originating BPDU from the root switch HQ-Core-SW1 
    • Protocol Version: Rapid Spanning Tree
    • Bridge Identifier: HQ-Core-SW1
    • Root Identifier: HQ-Core-SW1

Packet Capture Notes

  • Originating BPDU from HQ-Distro-SW2 claiming HQ-Core-SW1 to be the root
    • Protocol Version: Rapid Spanning Tree
    • Bridge Identifier: HQ-Distro-SW2
    • Root Identifier: HQ-Core-SW1