An STP dispute mechanism verifies that the BPDUs received on an interface are consistent with the port’s role and condition. This aids in the detection of broken unidirectional links and the prevention of bridging loops. When a specific port identifies an issue, it will retain its port role but modify its state to drop all traffic until the problem is resolved. While it’s not ideal, but cutting off all traffic is a better solution than a bridging loop.
Let’s Configure:-
Let’s examine an illustration. I’m going to utilize these two switches:
A total of two links are used to establish a connection between SW1 and SW2. The topology of the spanning tree is as follows:
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 P2p
Et0/1 Desg FWD 100 128.2 P2p
SW2#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address aabb.cc00.0100
Cost 100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 100 128.1 P2p
Et0/1 Altn BLK 100 128.2 P2p
You can see that SW1 is the root bridge and that all of the connections have the right port state. Let’s make a mac access list on SW1 to deny all spanning tree traffic. Let’s turn on debugging on SW2 before we make it and turn it on:
SW2#debug spanning-tree events
Spanning Tree event debugging is on
Let’s make the access list that filters traffic for spanninfg tree:
SW1(config)#mac access-list extended DENY_STP
SW1(config-ext-macl)#deny any host aabb.cc00.0200
SW1(config-ext-macl)#permit any any
Also, make sure that it is activated on the inbound interfaces of SW1