06-09-2010 08:48 AM - edited 03-06-2019 11:30 AM
Hello
I would like to prevent STP broadcasts on certain ports so that the broadcasts do not hit end-user devices, like PC's, Printers, etc.
So if I have S0/1-5 all directly connected to PC's then I would like to stop the STP to those ports.
Is there a way to do this?
Thanks in advance.
Joe
Solved! Go to Solution.
06-09-2010 08:51 AM
Hi Joseph,
The BPDUs from STP are propagated throughout all ports of the switches.
The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.
Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).
Is this what you're looking for?
Federico.
06-09-2010 08:59 AM
Hi Joseph
Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..
if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..
This is the STP statistics from a switchport which runs portfast & BPDU guard:
The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0
Hope this helps..
All the best..
Raj
06-09-2010 09:16 AM
Joe
Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.
Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.
Jon
06-09-2010 09:17 AM
In your original post you wanted to stop the STP host ports.
You use Portfast. The benefit of the use of PortFast in your network is every time that a link becomes active and moves to the forwarding state in STP, the switch sends a special STP packet named a Topology Change Notification (TCN). The TCN is passed up to the root of the spanning tree where the TCN is propagated to all the switches. This causes all the switches to age out their table of MAC addresses with use of the forward delay parameter, which is usually set to 15 seconds. So, every time that a workstation joins the bridge group, the MAC addresses on all the switches are aged out after 15 seconds instead of the normal 300 seconds.
When a workstation becomes active, it does not change the topology to any significant degree. There is no need for all the switches in the VLAN to go through the fast-aging TCN period. If you turn on PortFast, the switch does not send TCN packets when a port becomes active.
Also already mentioned bpduguard is there to guard the port in portfast mode from receiving bpduguard (Not receive TCN). Somthing to understand about bpduguard, if the port is portfast mode receives bpdu, the port is disable.
Francisco.
06-09-2010 08:51 AM
Hi Joseph,
The BPDUs from STP are propagated throughout all ports of the switches.
The recommendation is to enable Port-Fast on the ports that are directly connected to users, so that those ports transition immediatly to forwarding instead than passing through all the states.
Since the ports are Port-Fast they should not send BPDUs to the computers (BPDUs will be sent between switches only).
Is this what you're looking for?
Federico.
06-09-2010 08:57 AM
Federico!
Hello my friend.
Yes I believe that would be fine - however if I was running DHCP then I might not want to use Portfast, correct?
I heard if I use Portfast on a DHCP port then the switch will miss the DHCP request.
However at least I know that if I use Portfast - then I can prevent BPDU's from going out the port.
Thanks Federico!
Joe
06-09-2010 09:02 AM
Hi Joe
Im really not sure if enabling portfast would have issues with DHCP.. portfast just makes sure your STP transition is fast, by ignoring learning/listening modes of STP.. It still does forward broadcasts..
If you have storm control broadcasts configured on the port, it does affect DHCP.. but with just porfast, your DHCP would work fine. and my previous comment talks about outgoing broadcasts/BPDU's with portfast enabled.
All the best
Raj
06-09-2010 09:05 AM
Raj
In reply to the second post of yours.
I was referring to the beginning DHCP request a PC uses to obtain DHCP.
So I guess as long as my Switch is operational before I have the machine go on then I will be okay.
Correct?
Thanks again!
Joe
06-09-2010 08:59 AM
Hi Joseph
Fredrico is right on the portfast option.. But even with portfast enabled, TCN BPDU's are still sent out.. it just doest receive BPDU's.. Do you want to filter outgoing TCN messages ? BPDU's are not sent out only if the port is not a part of spanning tree instance..
if it was to filter incoming BPDU's, you can use BPDUguard, BPDU filtering , portfast etc... For outgoing BPDU's im not aware of any advance STP methods..
This is the STP statistics from a switchport which runs portfast & BPDU guard:
The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 198100, received 0
Hope this helps..
All the best..
Raj
06-09-2010 09:03 AM
Raj
Hello! Quick introduction to you...
I am in the learning process with the Networking Academy and using Packet Tracer for most of the time.
During simulation I see STP communication is sent out from the switch, out the switchports to other switch's as well as the PC's on the end of a port.
I would like to filter out the STP communication on the ports that I have connected directly to PC's.
I am not sure if I am filtering INCOMING information to the switch. Just the outbound from the switch to the ports with end devices.
Thanks in advance.
Joe
06-09-2010 09:16 AM
Joe
Portfast allows the port to being forwarding immediately but as you have found it doesn't turn off STP. You say that with DHCP you may not want to use portfast whereas actually it is the other way round ie. you want the port to being forwarding immediately because of things like DHCP so you should enable portfast. Note also that RSTP/Rapid-PVST+ rely heavily on end user ports being configured as portfast to decrease the convergence time.
Generally speaking you don't really ever want to disable STP on a port ie. what would happen if a user connected a switch to their port rather than their PC and then made another connection from the switch to another port ie. you now have a L2 loop.
Jon
06-09-2010 09:18 AM
Jon
Okay - so I understand.
It's not to big of an issue to have the STP go out those ports.
I will always remember that from now on.
Portfast sounds like a great option.
Thanks.
Joe
06-09-2010 09:20 AM
Ya Joe. You are absolutely right.
Infact having STP portfast would benefit your DHCP timers.. Without portfast, your user port will take 45 + secs to start forwarding your DHCP broadcast packets, and with portfast,it just takes few seconds.. DHCP broadcast would anyway not die, with 45 + secs convergence with normal STP on ports, but it just slows the whole process.
Hope this helps.. all the best
Raj
06-09-2010 09:17 AM
In your original post you wanted to stop the STP host ports.
You use Portfast. The benefit of the use of PortFast in your network is every time that a link becomes active and moves to the forwarding state in STP, the switch sends a special STP packet named a Topology Change Notification (TCN). The TCN is passed up to the root of the spanning tree where the TCN is propagated to all the switches. This causes all the switches to age out their table of MAC addresses with use of the forward delay parameter, which is usually set to 15 seconds. So, every time that a workstation joins the bridge group, the MAC addresses on all the switches are aged out after 15 seconds instead of the normal 300 seconds.
When a workstation becomes active, it does not change the topology to any significant degree. There is no need for all the switches in the VLAN to go through the fast-aging TCN period. If you turn on PortFast, the switch does not send TCN packets when a port becomes active.
Also already mentioned bpduguard is there to guard the port in portfast mode from receiving bpduguard (Not receive TCN). Somthing to understand about bpduguard, if the port is portfast mode receives bpdu, the port is disable.
Francisco.
06-09-2010 09:19 AM
Fransisco
Thank you for your reply.
I will retain this information for the future.
Joe
06-09-2010 09:30 AM
Hi Joe
As told in my previous post, its easy to filter incoming BPDU's and stop broadcasts entering the switchport.. but outbound ? disabling stp is an option, but not sure if you can disable it per port.. its not advisible to disable stp either on a per port or per vlan.. administration overhead would be too high if you want to disable it..
btw, why do you want to stop BPDU's out a port ? Its such a small packet, and does not harm PC's connected to it, in any way..
Regards
Raj
06-09-2010 09:36 AM
Raj
I was just concernced that it would take up traffic but now that I read what everyone has said.
I understand it is not needed.
Thank you and everyone else who has helped me today.
Joe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide