Daftar Pertemuan
Pertemuan 1 Pertemuan 2 Pertemuan 3 Pertemuan 4 Pertemuan 5 Pertemuan 6 Pertemuan 7 Pertemuan 8 Pertemuan 9 Pertemuan 10 Pertemuan 11 Pertemuan 12 Pertemuan 13 Pertemuan 14 Pertemuan 15 Pertemuan 16
STP Tips
  • Root Bridge = Lowest Bridge ID
  • Bridge ID = Priority + MAC Address
  • PortFast untuk access ports
  • BPDUGuard proteksi dari loops
STP Port States
Blocking 20s
Listening 15s
Learning 15s
Forwarding -
Disabled -

Pertemuan 4: STP & RSTP Tuning

Bobot: 8%
Progress Pembelajaran 4/16
Tujuan Pembelajaran

Setelah menyelesaikan praktikum ini, mahasiswa mampu:

  • Memahami konsep Spanning Tree Protocol (STP) dan loop prevention
  • Memanipulasi root bridge election melalui priority adjustment
  • Mengkonfigurasi Rapid-PVST+ untuk faster convergence
  • Mengoptimalkan jaringan dengan PortFast, BPDUGuard, dan feature lainnya

Materi Teori - Spanning Tree Protocol

1. Konsep Dasar STP

Spanning Tree Protocol (STP) adalah protocol layer 2 yang mencegah bridging loops dalam jaringan Ethernet dengan redundant paths.

Problem: Broadcast Storms
  • Frame diduplikasi secara tak terbatas
  • MAC address table corruption
  • Network performance degradation
  • Complete network failure
Solution: STP
  • Membuat loop-free logical topology
  • Block redundant paths secara otomatis
  • Provide backup paths untuk redundancy
  • Maintain network stability
2. STP Operation dan Algorithm

STP bekerja melalui tiga langkah utama untuk membentuk loop-free topology:

Step 1: Root Bridge Election

Switch dengan lowest Bridge ID menjadi Root Bridge

Bridge ID = Priority + MAC
Lower Priority = Better
Same Priority = Lower MAC
Step 2: Root Port Selection

Setiap non-root bridge memilih port terdekat ke Root Bridge

1. Lowest Path Cost
2. Lowest Sender BID
3. Lowest Port ID
Step 3: Designated Port Selection

Satu designated port per segment untuk forwarding traffic

Per network segment:
- Root Bridge: All DP
- Others: One DP
3. STP Port States dan Timers

Setiap port dalam STP melewati beberapa state sebelum mencapai forwarding state:

Disabled
Admin Down
Port Enabled
Blocking
20s
No forwarding, BPDUs only
Max Age Timer
Listening
15s
Building active topology
Forward Delay
Learning
15s
Learning MAC addresses
Forward Delay
Forwarding
Active
Normal operation
STP Timers Default Values:
Timer Default Value Function
Hello Time 2 seconds BPDU transmission interval
Forward Delay 15 seconds Listening + Learning states
Max Age 20 seconds BPDU maximum storage time
Total Convergence Time:
Blocking → Listening: 20s (Max Age)
Listening → Learning: 15s (Forward Delay)
Learning → Forwarding: 15s (Forward Delay)
Total: 50 seconds

Root Port Change: 30-50 seconds
Direct Link Failure: 30 seconds
Indirect Link Failure: 50 seconds
4. STP Variants dan Evolusi

Beberapa versi STP yang dikembangkan untuk meningkatkan performance dan features:

Protocol Convergence VLAN Support Standard Key Features Recommendation
STP 30-50 seconds Single Instance 802.1D Original standard Not recommended
PVST+ 30-50 seconds Per-VLAN Cisco VLAN load balancing Legacy
RSTP 1-2 seconds Single Instance 802.1w Rapid convergence Small networks
Rapid-PVST+ 1-2 seconds Per-VLAN Cisco Fast + VLAN awareness Recommended
MSTP 1-2 seconds Multiple Instances 802.1s Scalable for large networks Enterprise
5. STP Optimization Features

Berbagai feature untuk mengoptimalkan STP operation dan security:

PortFast

Immediately transitions access ports to forwarding state

interface fa0/1
spanning-tree portfast
BPDUGuard

Disables port if BPDU received on PortFast port

interface fa0/1
spanning-tree bpduguard enable
BPDUFilter

Prevents BPDU transmission on specified ports

interface fa0/1
spanning-tree bpdufilter enable
UplinkFast

Fast convergence when primary uplink fails

spanning-tree uplinkfast
BackboneFast

Reduces convergence time for indirect link failures

spanning-tree backbonefast

Job Sheet Praktikum

Informasi Job Sheet
Durasi: 170 menit
Tujuan

Optimasi jaringan dengan STP & RSTP

Tools

Cisco Packet Tracer

Bobot

8%

Penilaian

Laporan Praktikum

Diagram Topologi STP dengan Redundant Links
Switch A
Root Bridge
Priority: 4096
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Root
Switch B
Secondary Root
Priority: 8192
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Designated
Switch C
Non-Root Bridge
Priority: 32768
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Non-Root
Switch A
PC1
PC2
Switch B
PC3
PC4
Switch C
PC5
PC6
Keterangan Topologi:
  • 3 Switch Cisco 2960 dengan redundant links
  • Switch A: Root Bridge (Priority 4096)
  • Switch B: Secondary Root (Priority 8192)
  • Switch C: Non-Root (Priority 32768)
  • Port Roles: Root (R), Designated (D), Alternate (A)
  • Redundant Links: Multiple paths create potential loops
  • STP Optimization: PortFast, BPDUGuard pada access ports
STP Configuration Plan
Switch Priority Expected Role Root Port Designated Ports Blocked Ports
Switch A 4096 Root Bridge - All Ports -
Switch B 8192 Designated Bridge Fa0/1 Fa0/2, Fa0/4 Fa0/3
Switch C 32768 Non-Root Bridge Fa0/1 Fa0/3, Fa0/4 Fa0/2
Port Connections Plan
Connection Ports Link Type Expected STP State
Switch A ↔ Switch B Fa0/1 - Fa0/1 Trunk Forwarding (Both)
Switch A ↔ Switch C Fa0/2 - Fa0/1 Trunk Forwarding (Both)
Switch B ↔ Switch C Fa0/2 - Fa0/2 Trunk Forwarding (B) / Blocking (C)
PC Connections All Fa0/3-4 Access Forwarding (With PortFast)
Langkah Kerja Detail
Langkah 1: Persiapan Topologi dan Basic Connectivity 20 menit

Buat topologi loop dengan redundant links dan konfigurasi trunking:

Physical Connections:
  • SwitchA Fa0/1 ↔ SwitchB Fa0/1
  • SwitchA Fa0/2 ↔ SwitchC Fa0/1
  • SwitchB Fa0/2 ↔ SwitchC Fa0/2
  • PC1-2 → SwitchA Fa0/3-4
  • PC3-4 → SwitchB Fa0/3-4
  • PC5-6 → SwitchC Fa0/3-4
Trunk Configuration:
! Pada semua switch untuk inter-switch links
configure terminal
interface range fastethernet 0/1-2
  switchport mode trunk
  switchport trunk native vlan 99
  no shutdown
exit
Pastikan:
  • Semua trunk ports dalam mode trunk
  • Native VLAN konsisten (VLAN 99)
  • STP aktif secara default (mencegah loops)
Langkah 2: Analisis STP Default Behavior 25 menit

Analisis bagaimana STP bekerja secara default tanpa konfigurasi manual:

STP Status Check:
! Cek status STP default
show spanning-tree
show spanning-tree summary
show spanning-tree root

! Identifikasi root bridge default
show spanning-tree vlan 1
show spanning-tree bridge
Expected Observations:
  • Satu switch menjadi Root Bridge (lowest MAC)
  • Satu port blocked per loop (Alternate role)
  • Root Ports selected berdasarkan path cost
  • Designated Ports pada setiap segment
Document Default Root Bridge:
Switch# show spanning-tree root

Root   Hello Max Fwd
Vlan        Root ID   Cost Time Age Dly Root Port

VLAN0001 32769 0011.bb0b.3600  19   2  20 15 Fa0/1
Langkah 3: Manipulasi Root Bridge Election 35 menit

Manipulasi STP untuk memilih root bridge sesuai design plan:

Switch A sebagai Primary Root:
! Di Switch A
configure terminal

! Method 1: Primary root command
spanning-tree vlan 1 root primary

! Method 2: Manual priority
spanning-tree vlan 1 priority 4096

! Verifikasi
show spanning-tree vlan 1
show spanning-tree root
Switch B sebagai Secondary Root:
! Di Switch B
configure terminal

! Method 1: Secondary root command
spanning-tree vlan 1 root secondary

! Method 2: Manual priority
spanning-tree vlan 1 priority 8192

! Switch C biarkan default
show spanning-tree vlan 1
! Priority tetap 32768
Priority Values:
  • 0-61440: Configurable values (increments of 4096)
  • 32768: Default priority
  • 4096: Typical root bridge priority
  • 8192: Typical secondary root priority
Langkah 4: Konfigurasi Rapid-PVST+ (RSTP) 25 menit

Upgrade dari STP ke Rapid-PVST+ untuk faster convergence:

! Pada semua switch
configure terminal

! Aktifkan Rapid-PVST+
spanning-tree mode rapid-pvst

! Verifikasi RSTP convergence
show spanning-tree
show spanning-tree interface fa0/1 detail
show spanning-tree summary

! Perhatikan perbedaan state
show spanning-tree vlan 1
! Look for "RSTP" in output
RSTP Port States vs STP:
STP State RSTP State Convergence Time
Blocking, Listening Discarding Immediate
Learning Learning Forward Delay
Forwarding Forwarding Immediate
Langkah 5: Optimasi dengan PortFast dan BPDUGuard 30 menit

Konfigurasi optimasi untuk access ports dengan PortFast dan BPDUGuard:

PortFast Configuration:
! Pada semua switch untuk access ports
configure terminal
interface range fastethernet 0/3-4
  spanning-tree portfast
  ! Port immediately goes to forwarding
exit

! Global PortFast (optional)
spanning-tree portfast default
BPDUGuard Configuration:
! Aktifkan BPDUGuard pada PortFast ports
interface range fastethernet 0/3-4
  spanning-tree bpduguard enable
  ! Port shuts down if BPDU received
exit

! Global BPDUGuard (alternative)
spanning-tree portfast bpduguard default
BPDUFilter (Optional):
interface range fastethernet 0/3-4
  spanning-tree bpdufilter enable
  ! Prevents BPDU transmission
exit
Verification:
show spanning-tree interface fa0/3 detail
show spanning-tree summary
show interfaces status | include err-disabled
Langkah 6: Advanced STP Features 20 menit

Konfigurasi advanced features untuk optimasi tambahan:

UplinkFast dan BackboneFast:
! UplinkFast pada Switch B dan C
spanning-tree uplinkfast
  ! Fast convergence for uplink failure

! BackboneFast pada semua switch
spanning-tree backbonefast
  ! Reduces convergence for indirect failures
Path Cost dan Port Priority:
! Manipulasi path selection dengan cost
interface fastethernet 0/1
  spanning-tree cost 1700000
  ! Make path less preferred
exit

! Manipulasi port priority
interface fastethernet 0/2
  spanning-tree port-priority 0
exit
Langkah 7: Testing dan Verification 15 menit

Lakukan comprehensive testing untuk memverifikasi STP operation:

STP Verification:
! Verifikasi root bridge election
show spanning-tree root
show spanning-tree vlan 1

! Test convergence time
! Putus link antara Switch A dan Switch B
! Ukur waktu convergence dengan ping
ping 192.168.1.10 -t
! Ganti dengan IP PC yang sesuai
BPDUGuard Testing:
! Test BPDUGuard protection
! Coba hubungkan switch lain ke port dengan BPDUGuard
! Amati port status (harus error-disable)

! Recovery dari error-disable
interface fa0/3
  shutdown
  no shutdown
exit
Convergence Time Measurement:
Scenario STP Convergence RSTP Convergence
Direct Link Failure 30 seconds 1-2 seconds
Indirect Link Failure 50 seconds 1-2 seconds
Root Bridge Change 50 seconds 1-2 seconds

Kriteria Penilaian

Kriteria Indikator Bobot Status
Root Bridge Manipulation Root bridge berhasil dimanipulasi sesuai plan dengan priority yang tepat 2.5% Check
RSTP Implementation Rapid-PVST+ berhasil diimplementasikan dan diverifikasi 2.0% Check
PortFast & BPDUGuard PortFast dan BPDUGuard terkofigurasi dengan benar pada access ports 1.5% Check
Convergence Analysis Convergence time terukur dan dianalisis (STP vs RSTP comparison) 1.0% Check
Advanced Features UplinkFast, BackboneFast, dan path cost manipulation berfungsi 0.5% Check
Troubleshooting Mampu identifikasi dan selesaikan STP-related issues 0.5% Check
Total 8% Complete

Tips dan Best Practices STP

Security Best Practices
  • Selalu gunakan BPDUGuard pada PortFast ports untuk mencegah STP manipulation attacks
  • Implementasi Root Guard pada ports yang tidak seharusnya menjadi root bridge
  • Gunakan Loop Guard untuk mencegah alternate ports menjadi designated karena BPDU loss
  • Monitor untuk BPDU rate limiting attacks
Configuration Tips
  • Selalu manually configure root bridge priorities daripada mengandalkan MAC address
  • Gunakan Rapid-PVST+ daripada legacy STP untuk faster convergence
  • Implementasi PortFast hanya pada access ports yang terhubung ke end devices
  • Documentasikan STP topology dan expected port roles
Common STP Issues and Solutions:
  • Network loops: Verifikasi STP operation dan port states
  • Slow convergence: Upgrade ke RSTP atau optimasi timer
  • Unstable root bridge: Configure manual root bridge priorities
  • BPDU filtering issues: Pastikan BPDUFilter tidak menyebabkan loops
Pertemuan 3 Pertemuan 5: OSPF Single-Area