I would like to prevent STP broadcasts on certain ports so that the broadcasts do not hit end-user devices, like PC's, Printers, etc.
So if I have S0/1-5 all directly connected to PC's then I would like to stop the STP to those ports.
Is there a way to do this?
Thanks in advance.
In your original post you wanted to stop the STP host ports.
You use Portfast. The benefit of the use of PortFast in your network is every time that a link becomes active and moves to the forwarding state in STP, the switch sends a special STP packet named a Topology Change Notification (TCN). The TCN is passed up to the root of the spanning tree where the TCN is propagated to all the switches. This causes all the switches to age out their table of MAC addresses with use of the forward delay parameter, which is usually set to 15 seconds. So, every time that a workstation joins the bridge group, the MAC addresses on all the switches are aged out after 15 seconds instead of the normal 300 seconds.
When a workstation becomes active, it does not change the topology to any significant degree. There is no need for all the switches in the VLAN to go through the fast-aging TCN period. If you turn on PortFast, the switch does not send TCN packets when a port becomes active.
Also already mentioned bpduguard is there to guard the port in portfast mode from receiving bpduguard (Not receive TCN). Somthing to understand about bpduguard, if the port is portfast mode receives bpdu, the port is disable.
Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.
Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.
Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..
if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..
This is the STP statistics from a switchport which runs portfast & BPDU guard:
The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0
Hope this helps..
All the best..
The BPDUs from STP are propagated throughout all ports of the switches.
The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.
Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).
Is this what you're looking for?