Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Prevent STP from broadcasting to ports w/o switches connected.

Hello

I would like to prevent STP broadcasts on certain ports so that the broadcasts do not hit end-user devices, like PC's, Printers, etc.


So if I have S0/1-5 all directly connected to PC's then I would like to stop the STP to those ports.

Is there a way to do this?

Thanks in advance.

Joe

  • LAN Switching and Routing
4 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Prevent STP from broadcasting to non-switch ports.

Hi Joseph,

The BPDUs from STP are propagated throughout all ports of the switches.

The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.

Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).

Is this what you're looking for?

Federico.

Re: Prevent STP from broadcasting to ports w/o switches connecte

Hi Joseph

Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..

if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..

This is the STP statistics from a switchport which runs portfast & BPDU guard:

The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0

Hope this helps..

All the best..


Raj

Hall of Fame Super Blue

Re: Prevent STP from broadcasting to ports w/o switches connecte

Joe

Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.

Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.

Jon

Re: Prevent STP from broadcasting to ports w/o switches connecte

In your original post you wanted  to stop the STP host ports.

You use Portfast. The benefit of the use of PortFast in your network is every time that a link becomes active and moves to the forwarding state in STP, the switch sends a special STP packet named a Topology Change Notification (TCN). The TCN is passed up to the root of the spanning tree where the TCN is propagated to all the switches. This causes all the switches to age out their table of MAC addresses with use of the forward delay parameter, which is usually set to 15 seconds. So, every time that a workstation joins the bridge group, the MAC addresses on all the switches are aged out after 15 seconds instead of the normal 300 seconds.

When a workstation becomes active, it does not change the topology to any significant degree. There is no need for all the switches in the VLAN to go through the fast-aging TCN period. If you turn on PortFast, the switch does not send TCN packets when a port becomes active.

Also already mentioned bpduguard is there to guard the port in portfast mode from receiving bpduguard (Not receive TCN). Somthing to understand about bpduguard, if the port is portfast mode receives bpdu, the port is disable.

Francisco.

13 REPLIES

Re: Prevent STP from broadcasting to non-switch ports.

Hi Joseph,

The BPDUs from STP are propagated throughout all ports of the switches.

The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.

Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).

Is this what you're looking for?

Federico.

New Member

Re: Prevent STP from broadcasting to non-switch ports.

Federico!

Hello my friend.

Yes I believe that would be fine - however if I was running DHCP then I might not want to use Portfast, correct?

I heard if I use Portfast on a DHCP port then the switch will miss the DHCP request.

However at least I know that if I use Portfast - then I can prevent BPDU's from going out the port.

Thanks Federico!

Joe

Re: Prevent STP from broadcasting to non-switch ports.

Hi Joe

Im really not sure if enabling portfast would have issues with DHCP.. portfast just makes sure your STP transition is fast, by ignoring learning/listening modes of STP.. It still does forward broadcasts..

If you have storm control broadcasts configured on the port, it does affect DHCP.. but with just porfast, your DHCP would work fine. and my previous comment talks about outgoing broadcasts/BPDU's with portfast enabled.

All the best

Raj

New Member

Re: Prevent STP from broadcasting to non-switch ports.

Raj

In reply to the second post of yours.

I was referring to the beginning DHCP request a PC uses to obtain DHCP.

So I guess as long as my Switch is operational before I have the machine go on then I will be okay.

Correct?

Thanks again!

Joe

Re: Prevent STP from broadcasting to ports w/o switches connecte

Hi Joseph

Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..

if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..

This is the STP statistics from a switchport which runs portfast & BPDU guard:

The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0

Hope this helps..

All the best..


Raj

New Member

Re: Prevent STP from broadcasting to ports w/o switches connecte

Raj

Hello! Quick introduction to you...

I am in the learning process with the Networking Academy and using Packet Tracer for most of the time.

During simulation I see STP communication is sent out from the switch, out the switchports to other switch's as well as the PC's on the end of a port.

I would like to filter out the STP communication on the ports that I have connected directly to PC's.

I am not sure if I am filtering INCOMING information to the switch. Just the outbound from the switch to the ports with end devices.


Thanks in advance.

Joe

Hall of Fame Super Blue

Re: Prevent STP from broadcasting to ports w/o switches connecte

Joe

Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.

Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.

Jon

New Member

Re: Prevent STP from broadcasting to ports w/o switches connecte

Jon

Okay - so I understand.

It's not to big of an issue to have the STP go out those ports.

I will always remember that from now on.

Portfast sounds like a great option.

Thanks.

Joe

Re: Prevent STP from broadcasting to ports w/o switches connecte

Ya Joe. You are absolutely right.

Infact having STP portfast would benefit your DHCP timers.. Without portfast, your user port will take 45 + secs to start forwarding your DHCP broadcast packets, and with portfast,it just takes few seconds.. DHCP broadcast would anyway not die, with 45 + secs convergence with normal STP on ports, but it just slows the whole process.

Hope this helps.. all the best

Raj

1509
Views
10
Helpful
13
Replies
This widget could not be displayed.