Cisco UDLD configuration.

                                     UDLD-unidirectional link detection 

Most network communicate in two way or bidirectional, sometime due to software or hardware failure, traffic start moving in One Direction only and this kind of issues are normaly seen in network domain where  Fibre connections are introduced.

According to STP rules, what it generally governs is that, those switches  participating in STP topology should send and receive BPDU bidirectionally between each other to make STP out of loop, by chance If one of switch port failed and BPDU start moving in One Direction, then switch which not recieving BPDU frame may then considered something is wrong in uplink switch and it's incorrectly transitioned it's own blocked port into forwarding state and finally create huge switching loops .

In order to overcome such issue,  Cisco has developed UDLD feature to ensure  that bidirectional comnication is maintained. 

Switch where UDLD feature enabled do send out ID frame on a port and wait for the remote switch to respond back with its own ID frame. If remote switch do not respond back,  then UDLD will assumes that port is in unidirectional fault, 

By default UDLD send out ID frame in every 15 sec. But some Cisco switch do send it out in 7sec. 

UDLD operate in two mode.

>Normal mode

>Aggressive mode. 

Normal mode is the default mode and it doesn't shutdown the port instead set flag that port is operating in unidirectional mode. 

In aggressive mode - port is simply put into errordisable state,  which is auto recoverable if BPDU start recieve on the port,

UDLD can be configure globally with below command.

Switch(config)#udld enable 

Enable parameter set UDLD into normal mode,  and if you want to configure it's in Aggressive mode then you should set the parameter as

Switch(config)#udld aggressive 

And can be disabled by 

Switch(config)#udld disable 

And disabled statebcan be reset by 

Switch#udld reset 

Detail information for UDLD can be viewed by 

Switch#show udld

 

STP BackboneFast

                            BackboneFast

UplinkFast provides faster convergence process if directly-connected local port fail. inorder to handle indirect failures , BackboneFast was introduced in the STP technology. Let say link between SW1n SW3 fails, because of this failure, eventually Sw5 has to recalculate the STP topology and learn path through Sw4 to reach root bridge , how ever Sw5 has to wait Max Age Timer (20sec) before purging SW3's superior BPDU and accept inferior BPDU  from SW4.

So what BackboneFast feature does is it simply bypass the Max Age timer on Sw5 and immediately start accepting inferior BPDU from sw4. And Blocked port on Sw5 gradually transitioned into forwarding state and thus its essentially reduced total convergence time from 50 sec to 30 sec during Indrect failure. This is accomplished by sending out Root Link Query(RLQ) by Sw5,

Root Bridge will response to RLQ with RLQ reply in two ways.

1. If RLQ reply is received on root port (Sw5)then switch assumes that root port is stable and don't act further .

2. If RLQ reply from root bridge is received on Non Root Port then switch (Sw5) knows that it path to root bridge has been failed n it's own Max Age Timer expired immediately and start electing Root port again.

BackboneFast is enabled globally and it should enable on all switches participating in STP topology. 

Switch(config)#spanning-tree backbonefast

 

STP Uplinkfast

What are STP features to improve STP convergence process ?

1. Port-fast (already explained in the previous post )

2. UplinkFast

3. BackboneFast,

UplinkFast

Normally in STP topology, if root port on the local switch failed , let say RP on switch 3 failed due to some reason, during such situation, STP has to perform a recalculation to bring out other blocked port and so that port will transition into root port ,but this process will takes at least 30 sec , two forward-delay timer to bring port into forwarding mode, again this 30 sec delay is unavoidable in some environments, hence what UplinkFast does is it allow the blocked port to be held in Standby mode, so that when ever local switch detects there  is root port failure, UplinkFast feature immediately transitioned blocked port into forwarding state and  helps to inprove convergence process by bypassing those 30 sec forward  delay .

Note: if there are multiple blocked port , then UplinkFast will choose port having lowest root path cost n transitioned that port into forwarding state.

By default, UplinkFast is disabled and we can enable it globally for all Vlans on switch by below command .

Switch(config)# spanning-tree uplinkfast 

Actual function of UplinkFast is track the link to root bridge , hence UplinkFast is not supported on Root Bridge , it's only intended for down stream switches ,

Enabling UplinkFast feature automatically increase bridge priority to 49152

How to avoid loops in switch

SWITCHING BASIC.

STP topology of switched network is very susceptible to indefinite attack by various means,  most of the case,  intruder do introduced rouge switch into already running  STP domain and wiped out entire STP database, in order to protect STP topology such cases,  STP introduced many features as below.

1. PORT FAST.

2. BPDU guard 

3. BPDU filter

4. ROOT guard 

5. LOOP guard 

1.  PORT FAST

generally, according to spanning tree protocol rules, every port has to go through diffrent port state inorder to come into forwarding mode like blocked--->listening-->learning-->forwarding. Means port has to spent 15 sec in listening and another 15 sec in learning mode, this 30 seconday is consider as delay in network before ports get ready to send actual data packets.  Since some network environment where time and delay senstive services like voip n video streaming need good take care from these delays. Hence inorder to overcome  these delay situations we can put those ports which is connecting mentioned delay senstive servers into port fast, now tbese ports are no need to spent 30 sec in order to come into forwarding mode. I.e once cable is connected on those ports, ports will go into forwarding state n ready to send n recieve data packets. Simply you can enable port fast feature on all those ports which is connecting Workstatkons and Servers, Remember! at any Cause if any bpdu packets are received on port fast enabled ports, port will loss its port fast feature and come into normal port state.because port-fast actually does not disable STP on port , it merely accelerates STP convergence process, hence if any BPDU received on port-fast enabled port , it will transition through normal STP process state.

2. BPDU GUARD.

Bpdu guard is tecnique where you are  forcefully guarding, receiving and processing Bpdu messages on switch port where its enabled. Normally all switch port has to go through stp rules where it has to  spend 15 sec for listening and 15 sec for learning mode before making it available to send data packets. Total 30 sec,switch ports are not ready to send or receive actual data packet. this 30 sec delay is not a avoidable in some situation where delay sensitive services like VOIP and others. Inorder to overcome this 30 sec delay we confugure those port as port fast.so that they dont have to wait 30 sec and stp put those ports into forwarding state directly. Some how this isnt be mission acomplished. If a bad guy connected other stitch with better priority on that port. What will happen? Blahh. rogue switch will elected as root switch in your stp domain and Advertised better bpdu messages and all your existing stp domain will over write n reconverged. This is buge pain. In order to avoid these situations, we can configure Bpdu guard globally on switch or by port basis. If we configure bpdu globally, it will apply automatically on those ports which is configured as port fast.   Once bpdu received on those ports, bpdu guard will put those port into error mode  and will not process bpdu messages any more. Means its save your stp domain from reconverged. Shortly bpdu guard is switch feature where u can apply on those port where u r not expecting bpdu messages at all.

3.  BPDU FILTER

this is the type of method where BPDU is filtered at switch interface level. Once bpdu filter command is configured under any of switch port, and same port will stop sending or receiving BPDU to and from other switches. Issue arises when mustakenly configured this command under switch port where filter BPDU is not actually intended. once switch interface stop receiving Bpdu, so Stp thinks that there must be issue at upstream switches or its port level, because of that its not receiving or sending out BPDU. So alternatively, stp act and will put blocked port in to forwarding mode, and this cause huge l2 loops, l2 packets dont have any TTL values set  n hence it moves indefinate time.

if you dont cautiously use this command in the switching network. You are are going to loss your job soon or later.

i suggest, use this filter command as less as possible, because using this command without understanding proper network topology or stp domain, it siliently create huge switch loops.

4. ROOT GUARD

root guard is specific feafure provided by all STP types where it helps  network engineers to predict exact  Root bridge location or position in complicated stp network. They can simply asuring root bridge by making non-root switches  a non-elegible for root bridge selection by applying all there port with root guard command. After root guard command is configured on those non root switches , if superior BPDU are  recieved on those switches. Simply switch port which recieved suprior BPDU goes into root inconsistance state(error) and  avoid advertising same BPDU further to other switches. Or stop itself from root bridge election.

Subnetting tricks in easiest way.

As system admin or Network admin, the most basic things to understand is all about Subnetting. i have created cheat sheets to make newbies to understand subnetting techniques without compromising much of their  time and  energies.