STP & portfast

Answered Question
Aug 27th, 2007

Hello,


I have a question about STP.


STP (rstp) is enabled on several switchs for a vlan which doesn't need it (there are no loops possible). On this vlan there are edge ports which doesn't have the portfast option activated.


Each time I plug or unplug a port in this vlan, I have a quite (30 sec) long outage due to the recomputation of the STP protocol.


My question : I would like to solve this problem, either by disabling STP for this vlan, either by setting the portfast option on the edge ports.


What is the best way to solve the problem, without generating a new outage ?


In other words, can I desactivate the STP (one switch after the other) without generating an outage. And can I set the portfast option on a port without generating an outage.


Thanks a lot


Regards

Guillaume


Correct Answer by lamav about 9 years 6 months ago

Guillaume:


It is a BAD practice to disable STP. STP has very little bandwidth overhead and can save you from a disaster. I would not disable it.


Simply add portfast to the access ports, as the gentlemen have described, and then enable bpduguard.


HTH

Hello,


1. I think it is better to use portfast (with bpdu guard)instead of turning off the stp in that particular vlan. In that case portfast will not cause any outage as it puts the port into forwarding state as connected but still prevent from bridging loop to occur if inadvertently connect a switch as stp takes care of that.

2. In order to disable stp per vlan and let run in others obviously needs pvstp (per vlan stp) and will not cause outage if disabled per vlan.


Krisztian



Correct Answer by rajatsetia about 9 years 6 months ago

Hi


You can configure edge "access" ports for portfast option without any outage.


use this command "spanning-tree portfast" under interface config.


along with that I will recommend to use

"spanning-tree portfast bpduguard default" in global config.


So that BPDU-guard is enabled on the portfast enabled interfaces, in case another switch is connected to any of the portfast interface by mistake , the concerned interface will be disabled.


HTH


rgds

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (4 ratings)
Loading.
Correct Answer
rajatsetia Mon, 08/27/2007 - 02:21

Hi


You can configure edge "access" ports for portfast option without any outage.


use this command "spanning-tree portfast" under interface config.


along with that I will recommend to use

"spanning-tree portfast bpduguard default" in global config.


So that BPDU-guard is enabled on the portfast enabled interfaces, in case another switch is connected to any of the portfast interface by mistake , the concerned interface will be disabled.


HTH


rgds

Correct Answer

Hello,


1. I think it is better to use portfast (with bpdu guard)instead of turning off the stp in that particular vlan. In that case portfast will not cause any outage as it puts the port into forwarding state as connected but still prevent from bridging loop to occur if inadvertently connect a switch as stp takes care of that.

2. In order to disable stp per vlan and let run in others obviously needs pvstp (per vlan stp) and will not cause outage if disabled per vlan.


Krisztian



Correct Answer
lamav Mon, 08/27/2007 - 04:29

Guillaume:


It is a BAD practice to disable STP. STP has very little bandwidth overhead and can save you from a disaster. I would not disable it.


Simply add portfast to the access ports, as the gentlemen have described, and then enable bpduguard.


HTH

jorgenolla Mon, 08/27/2007 - 04:37

If there are no loops on your topology, you should have no instances of STP (RSTP) running.


#show spanning-tree


Should show that there are no instances of STP running. To remove the forward delay time on the interfaces, you need to use portfast on the edge ports.


Regards

lamav Mon, 08/27/2007 - 04:48

Jorgenolla:


I had to sound brash, but you are wrong, my friend. it is a Cisco "best practice" to always enable STP becuase you dont know how th etoplogy might change in the future and it prevents accidents, like someone plugging a switch into what is supposed to be an access port.


Of course, in the end, it is up to the net admin to decide what he/she wants to do, but disabling SZTP buys you almost zero and can leave you vulnerable.

lamav Mon, 08/27/2007 - 04:51

oops, I meant to say that I "hate" to sound brash..

jorgenolla Mon, 08/27/2007 - 04:59

To: lamav


Thanks my friend, but I think you re missing the point.


You are very correct in your statement: "best practice" to always enable STP".


STP is enabled by default; and I did not say to disable STP!


But when there are no present loops in the Topology, there will be no instances of STP running!!!!!!!!!!!!!!!!!


If a loop is formed at some point, then STP will have an instance for each VLAN in the network.


Best Regards

lamav Mon, 08/27/2007 - 05:11

"But when there are no present loops in the Topology, there will be no instances of STP running!!!!!!!!!!!!!!!!!"


That is an incorrect statement, Jorge. Please see my post to you on the other thread you commented on this morning.


And by the way, 1 exclamation point would have been enough!...!!!!!!! (smile).


jorgenolla Mon, 08/27/2007 - 05:35

Just replied to you on the other post lamav.


Once again I think you've misunderstood. I said "Instance of STP", which is different than "STP".


Best regards

Jon Marshall Wed, 08/29/2007 - 06:17

Hi Jorge


I'm not sure i understand your point. You seem to be suggesting that if you have no loops in your network then you will have no instances of STP and to prove the point you say that the output of a "sh spanning-tree" will not show any instances.


This is the output of a "sh spanning-tree" on a 3560 which is connected via a trunk link to a 3550 ie. only one link no loops.


=============================================


lab_sw1#sh spanning-tree


VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 000a.b8b3.a980

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000a.b8b3.a980

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300


Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/48 Desg FWD 19 128.52 P2p



VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 32778

Address 000a.b8b3.a980

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Address 000a.b8b3.a980

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300


Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/21 Desg FWD 19 128.23 Edge P2p

Fa0/48 Desg FWD 19 128.52 P2p



VLAN0011

Spanning tree enabled protocol ieee

Root ID Priority 32779

Address 000a.b8b3.a980

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Bridge ID Priority 32779 (priority 32768 sys-id-ext 11)

Address 000a.b8b3.a980

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300


Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/48 Desg FWD 19 128.52 P2p


=============================================


Could you clarify what you mean by "no instances" ?



Jon

jorgenolla Wed, 08/29/2007 - 08:55

Jon & and Lamav:


I don't know what was I thinking! I was incorrect, and thanks for clarifying that Jon.


I was thinking about MST and the command

spanning-tree mst configuration


Best Regards

Actions

This Discussion