Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
5
Helpful
7
Replies

Spanning Tree Question

Live2 Bicycle
Level 3
Level 3

‎03-14-2005 07:13 AM - edited ‎03-02-2019 10:07 PM

I have several 2950 switchs that were recently install by an outside Cisco consulting firm. I always thought that any port on a switch that was connected to another device that provided mulitiple connections i.e Wirelss AP, Another switch, a router should have spanning tree turned off. When I asked the consultant they said it did not matter. Here is the configuration. What do you think?

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

description To AP ***MUST STAY IN VLAN 20****

switchport access vlan 10

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

Labels:
0 Helpful
7 Replies 7

glen.grant
VIP Alumni
VIP Alumni

‎03-14-2005 08:24 AM

No spanning tree should be on for any port connecting to another Cisco device , this is what prevents you from having loops in the network . Regular user ports don't neccesarily need it running but it is good practice just to leave it on , there is little overhead involved with it .

0 Helpful

7rbowenii
Level 3
Level 3

‎03-14-2005 11:04 AM

What the commands are doing in this instance is:

portfast: does not go through the spanning-tree algorhythm and comes up faster, almost instantly.

bpduguard: says that if a bpdu (spanning-tree packet) is received on this port, shutdown the port. This means that a multi-connection device (at least layer-2) should not be connected.

The idea that Spanning-tree should be turned off between Cisco devices is absolutley incorrect. If there is a possibility that a loop may be introduced in the network, then spanning-tree should be utilized to negate the loop.

0 Helpful

dddyoung
Level 1
Level 1

‎03-14-2005 11:27 AM

Between switch/router to switch/router portfast should always be off, in order to ensure proper calculation of spanning tree convergence to the root. Spanning tree should always be turned on to avoid network loop at layer 2. A layer 3 (router) can process layer 2 (blocking), provided that IP bridge-routing is supported.

0 Helpful

Live2 Bicycle
Level 3
Level 3

‎03-17-2005 04:58 AM

I think I am even more confused now.

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to Live2 Bicycle

‎03-17-2005 05:44 AM

OK, let me have a go at explaining it.

Loops in networks are bad. Packets go round and round in circles for ever, and end up consuming all your network bandwidth. So if you have a loop, you should break it.

Spanning Tree is a protocol between network devices, that detects loops, and cuts links to break any loops it detects. The clever thing about it is that it is automatic. It is enabled by default on all Cisco switches. And if the loop gets disconnected in a second place, Spanning Tree will repair the links it cut in order to repair the network.

Now the bad thing about Spanning Tree is that when it sees a new link, it takes 30 seconds to work out whether it should cut the link or not. During that time is holds it disabled. Thats not good if all you have done is plug in a PC. 'Cos we all know that a PC usually only has one connection, so cannot be a loop. So, what some NetAdmins do is, on the ports they are going to connect PCs, they bypass this "thinking time" by configuring "portfast". The Spanning tree will still cut the link if it sees a loop, but it is a bit more "gung ho!"about activating the port. But if there is a loop on that port, it can stil do the damage in the few seconds it takes to cut it. That's where the "bpdu-guard" comes in ... it says "if you detect a switch on this port, then disable the port immediately."

So ... if you got this far, then here is the crunch ... do NOT disable Spanning Tree. If you are using a port for PCs, by all means configure portfast to bypass the thinking time, but ONLY if you are connecting single-ended devices like a PC or workstation on the port.

Does that make it any clearer?

Kevin Dorrell

Luxembourg

Live2 Bicycle
Level 3
Level 3
In response to Kevin Dorrell

‎03-17-2005 08:44 AM

I think I got it, so on all the ports that our consultant left

spanning-tree portfast

spanning-tree bpduguard enable

turned on that are connected to other Switchs and Wireless access points I need to remove these commands?

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to Live2 Bicycle

‎03-17-2005 09:03 AM

Thats right. The commands are only appropriate for PC and workstation ports.

The portfast command bypasses some of the safeguards built into Spanning Tree.

The bpduguard command mitigates some of the risks involved in bypassing those safeguards.

For ports connected to other network devices, you should remove those commands and let Spanning tree get on with its job without interference.

Hope this helps.

Kevin Dorrell

Luxembourg

0 Helpful
Customers Also Viewed These Support Documents