Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

STP Best Practice between different Service Providers

Hi All,

We resell the wireless services of another Service Provider and establish a trunk with them to which they send us the required customer vlans.

interface GigabitEthernet2/10

description Wireless Interconnect


switchport trunk encapsulation dot1q

switchport trunk allowed vlan 301-322

switchport mode trunk

load-interval 30

speed 100

duplex full

no cdp enable

They've stopped spanning tree on their end because "as part of these measure we blocked spanning tree between networks to prevent potential flooding of either network."

We run spanning tree on our end and have "spanning-tree loopguard default" enabled and as a result the vlans being allowed through Gi2/10 stopped passing traffic because it no longer received any BPDU's. Below you can see that it's in a "broken" state.

core1#sh spanning-tree int g2/10

Vlan Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

VLAN0301 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0302 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0303 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0304 Desg BKN*19 128.266 P2p *LOOP_Inc

We contacted the wireless Service Provider and they have re-enabled spanning tree on their end - "We have re-enabled access to the spanning tree feature however we ask if this is a necessary requirement between our two networks as there is potential to flood each others network with spanning tree related traffic."

I'm not really sure what the best practice in this situation is with two different Service Providers passing customer vlans through the trunk port?

My understanding of spanning tree isn't all that great so was wondering what we should be doing in this situation. Do we continue to run spanning-tree and ask the other Provider to keep spanning tree enabled on their end as well? Or does the wireless Service Provider have a valid point in that they may be flooded by BPDU's from our end? If so, do we have to turn spanning tree off on the interface then?

Any help would be greatly appreciated.



Hall of Fame Super Silver

Re: STP Best Practice between different Service Providers

Hello Andy,

STP is needed if there are multiple links between the two providers.

if the link is only one and there is no plan to add a second link you can disable STP on both sides using

spanning-tree bpdu filter enable

flooding happens in any case because it is the process of propagation of broadcast, multicast and unknown unicast traffic on each vlan = broadcast domain

Only BPDUs of permitted vlans are sent on the trunk with your configuration.

so the reasons are other ones and is that you may want to keep separated the two STP domains.

Hope to help


Re: STP Best Practice between different Service Providers

HI Andy,

You can think about enabling QnQ in your Network, if it is connection between different Service Providers.

This will help you in avoiding the VLAN overlapping, etc.,

Best Regards,

Guru Prasad R.

New Member

Re: STP Best Practice between different Service Providers

Hi Guru,

Thank you for your suggestion. We do have QnQ running with some Service Providers.



New Member

Re: STP Best Practice between different Service Providers

Hi Giuseppe,

Thank you for your reply and sorry for my late response.

I totally agree with you - but we have loopguard turned on globally with "spanning-tree loopguard default". If we then enable "spanning-tree bpdufilter enable " on the interface, the port goes into a broken state because it's no longer receiving BPDUs. Does that mean we have to turn off "spanning-tree loopguard default" globally? What are the implications of doing this?



New Member

Re: STP Best Practice between different Service Providers

Would it safe to say that we shouldn't really be sharing spanning-tree bpdu's with another service provider if there's only one interconnect to/from us to their network.

Would something like this be good to put on our interface that interconnects us to another service provider.

spanning-tree loopguard default


interface GigabitEthernet0/43

description Interconnect with ISP2

spanning-tree bpdufilter enable

spanning-tree guard none

spanning-tree portfast