cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10566
Views
0
Helpful
7
Replies

no spanning-tree vlan

dgj1
Level 1
Level 1

Can anyone tell me a valid reason why disabling spanning-tree should be considered. Everything I have read cautions against it. Just wondering if there is something I missing.

Here is an example of some of the configs I am running into on switches in the network that I am new to. No one else can tell me why this was done.

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

no spanning-tree vlan 33,64,66-67,120,152-156,176,180,184,197,202,225,402,671

no spanning-tree vlan 701,703-705,777,997,999-1000

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Deanna,

there are no good enough reasons to disable STP on a Vlan.

However, depending on the switch platforms some of them with PVST have some scalability limits:

you can find some C2950 or other that can run only 64 instances of STP.

The same devices usually have also a limit on how many vlans they can learn from VTP but the two limits can be different.

In a device like this vlans created /learned after having reached the limit are automatically in STP off and you see lines as the ones you have placed in your post.

So I would suggest you to explore this network by noticing also switch model, IOS version, number of vlans defined in the campus.

use sh vlan

sh spanning-tree summary

If instead these are C6500 or C4500 what you see is a human choice that can be discussed

Hope to help

Giuseppe

View solution in original post

7 Replies 7

Istvan_Rabai
Level 7
Level 7

Hi Deanna,

If someone is absolutely sure that there is no possibility for layer2 loops to form then he/she can disable spanning tree.

The benefit you can gain from it is less processor utilization and less bandwidth utilization, as the switch will not send bpdus on the disabled vlans and will not have to process the spanning-tree algorithm for those vlans.

Otherwise I wouldn't recommend to disable it.

Cheers:

Istvan

Jon Marshall
Hall of Fame
Hall of Fame

Personally i would be extremely reluctant to turn off STP on any switch just in case of a misconfiguration either accidental or malicious.

You could turn it off if you have designed a network that has no redundant L2 links, a good example being a L3 routed network in both the access/distribution and core network but i would still leave STP on to be honest.

Jon

Edison Ortiz
Hall of Fame
Hall of Fame

I've seen that implemented in some networks to gain the fastest Layer2 re-convergence possible.

As the other posters indicated, you need to make sure there isn't any Layer2 loop before taking this approach.

HTH,

__

Edison.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Deanna,

there are no good enough reasons to disable STP on a Vlan.

However, depending on the switch platforms some of them with PVST have some scalability limits:

you can find some C2950 or other that can run only 64 instances of STP.

The same devices usually have also a limit on how many vlans they can learn from VTP but the two limits can be different.

In a device like this vlans created /learned after having reached the limit are automatically in STP off and you see lines as the ones you have placed in your post.

So I would suggest you to explore this network by noticing also switch model, IOS version, number of vlans defined in the campus.

use sh vlan

sh spanning-tree summary

If instead these are C6500 or C4500 what you see is a human choice that can be discussed

Hope to help

Giuseppe

Thank you. Just at a quick glance most of them do appear to be C2950 switches. There are 89 vlans defined and 64 VLANs reflected in the sho spanning-tree summary. Just to double check; can I assume that means that each VLAN is equivalent to one instance of STP. The information that you have provided is greatly appreciated, I didn't realize that this could occur without someone intentionally configuring it that way. Good to know.

Hello Deanna,

in PVST+ each Vlan requires its own STP instance: if 89 vlans exist and 64 Vlans are in the sh spanning-tree summary and devices are C2950 you are facing the STP limits of these switches.

Thanks for your kind remarks.

I discovered this limitation a few years ago while performing L2 security tests we added a C2950 to a lab with C6509 and we started to see this kind of things.

Best Regards

Giuseppe

Hi Giuseppe,

you wrote "In a device like this vlans created /learned after having reached the limit are automatically in STP off and you see lines as the ones you have placed in your post. " in your previous meassage.

Several years ago I noticed an even worse behaviour of Cisco 3500XL switches:

After reaching the STP instance limit, one VLAN has disabled its STP. But not the VLAN last created, just one random VLAN :-(

This was terrible that time, I hope it's fixed in current IOS.

BR,

Milan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: