cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4617
Views
10
Helpful
13
Replies

Prevent STP from broadcasting to ports w/o switches connected.

joealbergo
Level 1
Level 1

Hello

I would like to prevent STP broadcasts on certain ports so that the broadcasts do not hit end-user devices, like PC's, Printers, etc.


So if I have S0/1-5 all directly connected to PC's then I would like to stop the STP to those ports.

Is there a way to do this?

Thanks in advance.

Joe

4 Accepted Solutions

Accepted Solutions

Hi Joseph,

The BPDUs from STP are propagated throughout all ports of the switches.

The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.

Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).

Is this what you're looking for?

Federico.

View solution in original post

sachinraja
Level 9
Level 9

Hi Joseph

Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..

if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..

This is the STP statistics from a switchport which runs portfast & BPDU guard:

The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0

Hope this helps..

All the best..


Raj

View solution in original post

Joe

Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.

Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.

Jon

View solution in original post

In your original post you wanted  to stop the STP host ports.

You use Portfast. The benefit of the use of PortFast in your network is every time that a link becomes active and moves to the forwarding state in STP, the switch sends a special STP packet named a Topology Change Notification (TCN). The TCN is passed up to the root of the spanning tree where the TCN is propagated to all the switches. This causes all the switches to age out their table of MAC addresses with use of the forward delay parameter, which is usually set to 15 seconds. So, every time that a workstation joins the bridge group, the MAC addresses on all the switches are aged out after 15 seconds instead of the normal 300 seconds.

When a workstation becomes active, it does not change the topology to any significant degree. There is no need for all the switches in the VLAN to go through the fast-aging TCN period. If you turn on PortFast, the switch does not send TCN packets when a port becomes active.

Also already mentioned bpduguard is there to guard the port in portfast mode from receiving bpduguard (Not receive TCN). Somthing to understand about bpduguard, if the port is portfast mode receives bpdu, the port is disable.

Francisco.

View solution in original post

13 Replies 13

Hi Joseph,

The BPDUs from STP are propagated throughout all ports of the switches.

The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.

Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).

Is this what you're looking for?

Federico.

Federico!

Hello my friend.

Yes I believe that would be fine - however if I was running DHCP then I might not want to use Portfast, correct?

I heard if I use Portfast on a DHCP port then the switch will miss the DHCP request.

However at least I know that if I use Portfast - then I can prevent BPDU's from going out the port.

Thanks Federico!

Joe

Hi Joe

Im really not sure if enabling portfast would have issues with DHCP.. portfast just makes sure your STP transition is fast, by ignoring learning/listening modes of STP.. It still does forward broadcasts..

If you have storm control broadcasts configured on the port, it does affect DHCP.. but with just porfast, your DHCP would work fine. and my previous comment talks about outgoing broadcasts/BPDU's with portfast enabled.

All the best

Raj

Raj

In reply to the second post of yours.

I was referring to the beginning DHCP request a PC uses to obtain DHCP.

So I guess as long as my Switch is operational before I have the machine go on then I will be okay.

Correct?

Thanks again!

Joe

sachinraja
Level 9
Level 9

Hi Joseph

Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..

if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..

This is the STP statistics from a switchport which runs portfast & BPDU guard:

The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0

Hope this helps..

All the best..


Raj

Raj

Hello! Quick introduction to you...

I am in the learning process with the Networking Academy and using Packet Tracer for most of the time.

During simulation I see STP communication is sent out from the switch, out the switchports to other switch's as well as the PC's on the end of a port.

I would like to filter out the STP communication on the ports that I have connected directly to PC's.

I am not sure if I am filtering INCOMING information to the switch. Just the outbound from the switch to the ports with end devices.


Thanks in advance.

Joe

Joe

Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.

Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.

Jon

Jon

Okay - so I understand.

It's not to big of an issue to have the STP go out those ports.

I will always remember that from now on.

Portfast sounds like a great option.

Thanks.

Joe

Ya Joe. You are absolutely right.

Infact having STP portfast would benefit your DHCP timers.. Without portfast, your user port will take 45 + secs to start forwarding your DHCP broadcast packets, and with portfast,it just takes few seconds.. DHCP broadcast would anyway not die, with 45 + secs convergence with normal STP on ports, but it just slows the whole process.

Hope this helps.. all the best

Raj

In your original post you wanted  to stop the STP host ports.

You use Portfast. The benefit of the use of PortFast in your network is every time that a link becomes active and moves to the forwarding state in STP, the switch sends a special STP packet named a Topology Change Notification (TCN). The TCN is passed up to the root of the spanning tree where the TCN is propagated to all the switches. This causes all the switches to age out their table of MAC addresses with use of the forward delay parameter, which is usually set to 15 seconds. So, every time that a workstation joins the bridge group, the MAC addresses on all the switches are aged out after 15 seconds instead of the normal 300 seconds.

When a workstation becomes active, it does not change the topology to any significant degree. There is no need for all the switches in the VLAN to go through the fast-aging TCN period. If you turn on PortFast, the switch does not send TCN packets when a port becomes active.

Also already mentioned bpduguard is there to guard the port in portfast mode from receiving bpduguard (Not receive TCN). Somthing to understand about bpduguard, if the port is portfast mode receives bpdu, the port is disable.

Francisco.

Fransisco

Thank you for your reply.

I will retain this information for the future.

Joe

Hi Joe

As told in my previous post, its easy to filter incoming BPDU's and stop broadcasts entering the switchport.. but outbound ? disabling stp is an option, but not sure if you can disable it per port.. its not advisible to disable stp either on a per port or per vlan.. administration overhead would be too high if you want to disable it..

btw, why do you want to stop BPDU's out a port ? Its such a small packet, and does not harm PC's connected to it, in any way..

Regards

Raj

Raj

I was just concernced that it would take up traffic but now that I read what everyone has said.

I understand it is not needed.

Thank you and everyone else who has helped me today.

Joe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco