Private VLAN (PVLAN)
What private vlan do, is split broadcast domain into multi isolated broadcast subdomains. Simple concept is VLAN inside a VLAN. Private vlan defined as a pairing of a Primary VLAN (normal vlan) with a Secondary VLAN (isolated & community vlans).
Isolated VLAN – The end point of all ports assigned to an isolated private vlan; cannot communicate with one another nor with host ports in any other private vlans.
Community VLAN – End point attached to community ports can communicate with one another, but not with ports in other private vlans.
An access port assigned to a private vlan operates in one of two modes
Host – The port inherits its behavior from the type of private vlan it is assigned to.
Promiscuous – The port can communicate with any other private vlan port in the same primary vlan. (usually connects to a router)
STP
The hello time is 2 seconds. The Max Age Timer is 10x the the hello timer. This is important. Because it's not always 20 seconds, it's 20 seconds because the hello timer is 2 seconds.
STP has 4 states: blocking, listening, learning and then forwarding.
Once a port is in blocking state, it stays there for 20 seconds. Then moves onto listening at 15 seconds, then learning at 15 seconds. That's where you get your 50 seconds.
RSTP
The max age is 3x the hello. So a max of 6 seconds. There's no blocking port in RSTP. It's discarding state. Discarding replaces blocking and listening. So only have discarding, learning and forwarding.
The main difference in RSTP is that all bridges can send BPDU, not just the root.
The BPDU's come from all switches with RSTP whereas with STP it come from the root down to the switches.
So in the instance of a switch goes down, any switch that has a link connected to it will notice (as its link has gone down) this switch will then bring up its alternative port and send out a BPDU to neighbor switch still alive to say it has done so. (so no timer need to time out, this happens almost instantly). This BPDU then travel through the network update all other switch resulting in sub second fail over and convergence of the network.
--------------------------------------------------------------------------
Loop Guard
DO NOT enable loop guard on PortFast-enabled or dynamic VLAN ports.
DO NOT enable PortFast on loop guard-enabled ports.
DO NOT enable loop guard if root guard is enabled.
DO NOT enable loop guard on ports that are connected to a shared link.
Note: Recommend that enable loop guard on root ports and alternate root ports on access switches.
Root Guard
It guards the integrity of the root bridge. In other words, rootguard makes sure that the switch you want to be the root bridge in your spanning-tree topology remains the root bridge. (Root guard forces a port to always be designated as the root port. )
Rootguard is generally configured on designated ports and prevents the port from becoming a root port
Good explanation of rootguard is http://astorinonetworks.com/2011/10/28/understanding-stp-rootguard/
No comments:
Post a Comment