11-2 STP故障抓包及边缘端口配置

拓扑1(直连故障解析)

配置

配置交换机生成树协议为STP模式，且设置LSW1的桥优先级为0，LSW2的桥优先级为4096

LSW1
sys
[Huawei]sys LSW1
[LSW1]stp mode stp /设置生成树模式为STP模式
[LSW1]stp pri 0 /设置桥优先级为0

LSW2
sys
[Huawei]sys LSW2
[LSW2]stp mode stp
[LSW2]stp pri 4096

LSW3
<Huawei>sys
[Huawei]sys LSW3
[LSW3]stp mode stp
查看端口角色
[LSW3]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
[LSW2]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
[LSW1]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE

直连故障端口状态测试

关闭LSW3的GE0/0/2口，查看GE0/0/3口角色，在GE0/0/3口抓包

[LSW3]inte gi 0/0/2
[LSW3-GigabitEthernet0/0/2]shutdown
[LSW3-GigabitEthernet0/0/2]undo shutdown
[LSW3]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT DISCARDING NONE
[LSW3]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT LEARNING NONE
15秒后查看端口角色
[LSW3]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/3 ROOT FORWARDING NONE

LSW3的GE0/0/2口关闭后，LSW3检测到桥端口关闭，GE0/0/3端口进入用户流量转发模式，端口状态从DISCARDING->LEARNING->FORWARDING(华为模拟器问题，在LEARNING状态前应该为Listening，持续时间为15秒)，总计30秒，预备端口成功将端口角色转换为桥端口，且端口状态为转发模式

抓包分析

no.42

LSW3的ge0/0/3口进入转发状态后，发送TCN BPDU给树内其他成员，通知拓扑发送变更

no.43
LSW2接收到后发送配置BPDU，flags字段中的TCN ACK和TC字段为置为1，标识接受到了拓扑更新，TC字段标识拓扑更新需要将MAC地址的老化时间设置为Forwad Delay时间（默认15秒）

no.44
LSW2将拓扑更新的消息发送给LSW1，LSW1发送配置BPDU，flags字段中的TCN ACK和TC字段为置为1给LSW2，并且再发送配置BPDU，flags字段中的TCN为1的报文给STP组其他成员，来将组内成员的MAC地址的老化时间设置为Forwad Delay时间（默认15秒）

拓扑2（STP边缘端口配置）

配置

PC1配置，PC2参考PC1

配置交换机的生成树协议为stp模式，且设置LSW1为根桥

LSW1
<Huawei>sys
[Huawei]sys LSW1
[LSW1]stp mode stp \配置STP协议模式为STP
[LSW1]stp root primary \配置为主根

LSW2
<Huawei>sys
[LSW2]sys LSW2
[LSW2]stp mode stp

LSW3
<Huawei>sys
[LSW3]sys LSW3
[LSW3]stp mode stp

LSW4
<Huawei>sys
[Huawei]sys LSW4
[LSW4]stp mode stp

配置边缘端口前

重启LSW2的GE0/0/10接口,查看端口状态
PS：由于华为模拟器问题，端口重启后状态应为BLOCKING->Listening->Learning->Forwarding

[LSW2]inte gi 0/0/10
[LSW2-GigabitEthernet0/0/10]shutdown
[LSW2-GigabitEthernet0/0/10]undo shutdown
[LSW2]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
0 GigabitEthernet0/0/10 DESI DISCARDING NONE 端口激活后为阻塞状态
[LSW2]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
0 GigabitEthernet0/0/10 DESI LEARNING NONE 端口状态进入学习状态，可以收发BPDU数据包，和学习MAC地址表，不能转发业务流量
15秒后再次查看接口状态
[LSW2]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
0 GigabitEthernet0/0/10 DESI FORWARDING NONE端口状态为转发模式，可以收发BPDU和业务数据

LSW3的GE0/0/10和GE0/0/11同理，需要等待端口转发状态才能转发业务流量，两个15秒，边缘端口连接PC终端，端口类型都为DP端口的Forwarding状态，设置边缘端口后可以直接激活端口进入DP端口的Forwarding状态

配置边缘端口后重启端口，查看端口状态

[LSW2]inte gi 0/0/10
[LSW2-GigabitEthernet0/0/10]stp edged-port enable 开启边缘端口
[LSW2-GigabitEthernet0/0/10]shutdown
[LSW2-GigabitEthernet0/0/10]undo shutdown
[LSW2]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 ALTE DISCARDING NONE
0 GigabitEthernet0/0/10 DESI FORWARDING NONE 端口状态直接为Forwarding且为DP口

LSW3的GE0/0/10和GE0/0/11口同理

[LSW3]inte gi 0/0/10
[LSW3-GigabitEthernet0/0/10]stp edged-port enable
[LSW3-GigabitEthernet0/0/1]inte gi 0/0/11
[LSW3-GigabitEthernet0/0/11]stp edged-port enable

配置边缘端口保护前

配置边缘端口前，边缘端口接受到BPDU报文将退出边缘端口状态，再次进入STP端口选举，重启GE0/0/11口查看端口状态
[LSW3]inte gi 0/0/11
[LSW3-GigabitEthernet0/0/11]shutdown
[LSW3-GigabitEthernet0/0/11]undo shutdown
[LSW3]dis stp b
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 GigabitEthernet0/0/10 DESI FORWARDING NONE
0 GigabitEthernet0/0/11 DESI FORWARDING NONE 端口状态为正常转发模式
重启LSW4的GE0/0/1端口，重启后会发送BPDU报文，LSW3 GE0/0/11会接受到
[LSW4]inte ge 0/0/1
[LSW4-GigabitEthernet0/0/1]shutdown
[LSW4-GigabitEthernet0/0/1]undo shutdown
查看LSW3的GE0/0/11的端口状态，有BLOCKING->Learning->Fowarding(PS:模拟器问题，按理应该还要Listening在blocking状态之后)
[LSW3]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 GigabitEthernet0/0/10 DESI FORWARDING NONE
0 GigabitEthernet0/0/11 DESI BLOCKING NONE
[LSW3]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 GigabitEthernet0/0/10 DESI FORWARDING NONE
0 GigabitEthernet0/0/11 DESI Learning NONE
15秒后
[LSW3]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/2 ROOT FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 GigabitEthernet0/0/10 DESI FORWARDING NONE
0 GigabitEthernet0/0/11 DESI FORWARDING NONE

配置边缘端口保护后

配置边缘端口保护后，边缘端口收到BPDU报文会直接关闭边缘端口，防止外来交换机恶意加入
[LSW3]stp bpdu-protection
重启LSW4的GE0/0/1口后观察LSW3的GE0/0/11口状态
[LSW4-GigabitEthernet0/0/1]shutdown
[LSW4-GigabitEthernet0/0/1]undo shutdown
Sep 10 2023 23:21:24-08:00 LSW4 %%01PHY/1/PHY(l)[13]: GigabitEthernet0/0/1: c
hange status to up
Sep 10 2023 23:21:24-08:00 LSW4 %%01IFNET/4/IF_STATE(l)[14]:Interface Vlanif1 ha
s turned into UP state.
Sep 10 2023 23:21:26-08:00 LSW4 %%01PHY/1/PHY(l)[15]: GigabitEthernet0/0/1: c
hange status to down
Sep 10 2023 23:21:26-08:00 LSW4 %%01IFNET/4/IF_STATE(l)[16]:Interface Vlanif1 ha
s turned into DOWN state.端口启动后接关闭了，端口重新激活后发送BPDU报文，保护机制直接关掉链路了
Sep 10 2023 23:21:28-08:00 LSW4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2
5.191.3.1 configurations have been changed. The current change number is 12, the
change loop count is 0, and the maximum number of records is 4095.