Thank you for your reply...   Filter the Bridge Protocol Data Unit?  I'm not sure how to do that.

Speaking of Spanning Tree, After I told wireshark to Filter out the Traffic from b8:be:bf:a9:93:84 I then ran across the Following:

Where:

54:78:1a:e5:fe:24  I have no Idea. Seems like its part of the Test SG300 from below.

54:78:1a:e5:fe:08 is the SG300 That I'm using for testing and Port Mirroring, so only the VLAN 101 and Wireshark are on it

00:22:6b:1b:2d:a7 is a SFE2000P - Its a PoE that is on the same Subnet as VLAN 101 and has all Avaya IP Phones

No.     Time           Source                Destination           Protocol Length Info
  11001 3129.413142000 Cisco_e5:fe:24        Spanning-tree-(for-bridges)_00 STP      60     RST. TC + Root = 32768/0/00:22:6b:1b:2d:a7  Cost = 20000  Port = 0x804c

Frame 11001: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
    Interface id: 0
    WTAP_ENCAP: 1
    Arrival Time: Jan  8, 2013 16:37:21.853048000 Pacific Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1357691841.853048000 seconds
    [Time delta from previous captured frame: 0.482385000 seconds]
    [Time delta from previous displayed frame: 1.999897000 seconds]
    [Time since reference or first frame: 3129.413142000 seconds]
    Frame Number: 11001
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:llc:stp]
    [Coloring Rule Name: Broadcast]
    [Coloring Rule String: eth[0] & 1]
IEEE 802.3 Ethernet
    Destination: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00)
        Address: Spanning-tree-(for-bridges)_00 (01:80:c2:00:00:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: Cisco_e5:fe:24 (54:78:1a:e5:fe:24)
        Address: Cisco_e5:fe:24 (54:78:1a:e5:fe:24)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Length: 39
    Padding: 00000000000000
Logical-Link Control
    DSAP: Spanning Tree BPDU (0x42)
    IG Bit: Individual
    SSAP: Spanning Tree BPDU (0x42)
    CR Bit: Command
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information (0x00)
        .... ..11 = Frame type: Unnumbered frame (0x03)
Spanning Tree Protocol
    Protocol Identifier: Spanning Tree Protocol (0x0000)
    Protocol Version Identifier: Rapid Spanning Tree (2)
    BPDU Type: Rapid/Multiple Spanning Tree (0x02)
    BPDU flags: 0x7d (Agreement, Forwarding, Learning, Port Role: Designated, Topology Change)
        0... .... = Topology Change Acknowledgment: No
        .1.. .... = Agreement: Yes
        ..1. .... = Forwarding: Yes
        ...1 .... = Learning: Yes
        .... 11.. = Port Role: Designated (3)
        .... ..0. = Proposal: No
        .... ...1 = Topology Change: Yes
    Root Identifier: 32768 / 0 / 00:22:6b:1b:2d:a7
        Root Bridge Priority: 32768
        Root Bridge System ID Extension: 0
        Root Bridge System ID: 00:22:6b:1b:2d:a7
    Root Path Cost: 20000
    Bridge Identifier: 32768 / 0 / 54:78:1a:e5:fe:08
        Bridge Priority: 32768
        Bridge System ID Extension: 0
        Bridge System ID: 54:78:1a:e5:fe:08
    Port identifier: 0x804c
    Message Age: 1
    Max Age: 20
    Hello Time: 2
    Forward Delay: 15
    Version 1 Length: 0

-Tom
Please mark answered for helpful posts

Thank you for your reply...

I noticed that your STP is disabled for the port you are changing to Filtering from Flooding.  So you are not using STP on that Specific Port.   So that makes sence.

If I read about STP correctly, its there to prevent Layer 2 Looping and infinate Packet forwarding.  All of the switches I have are cascaded. There are no redundant links from any one switchg to any other switches.  Sure there might be a posibility of someone mistakingly connect up one switch to multiple uplink Switched and it does take the network down, though I'd rather find that then have the Switch 'fix' it.   We have a Server Room with some switches and a few remote closets connected by Fiber.  All of the remogte Closets have the one Connection to the server room and any sub switch is connected to the switch that has the incoming fiber.   Seems like I should be able to turn off STP on all of these switches, or am i misreading about STP?

Thank you,

   Scott<-

You're right, spanning tree's intention is to prevent network loops. But this technology comes with penalties. A network loop can destroy a whole network in seconds, it can be a catastrophe that is easily made. So the small concept of preventing network loops is a massive counter-measure.

A lot of problems are introduced with spanning-tree and the way it interacts switch a switch. There are 2 types of BPDU, a TCN and configuration. The problem is, every time a TCN (topology change notification) is generated the spanning-tree topolgy will eventually receive an update. If for whatever reason you have a port flapping or several users connect/disconnect or similar situations, when the root bridge updates the topology, the max age timer will expire then update the configuration BPDU.

As a result of this, the cam table will drop. If the cam table drops, you will get a lot of ARP. So, let's filter the BPDU and see if it clears up. Or, disable spanning-tree all together, either or, which I don't recommend removing spanning tree because if someone decides to get smart and hook up a small hub and make a loop, you will get hurt, quickly.

-Tom
Please mark answered for helpful posts

Seems like the BPDU setting is used only if STP is disabled?

BPDU Handling
—Select how Bridge Protocol Data Unit (BPDU) packets are managed when STP is disabled on the port or the switch. BPDUs are used to transmit spanning tree information.

I think I know enought to be dangerous! (-;  so It would seem like I would want STP and Flooding enabled on the core Switch and any of the Ports that then connect to other Managed switches.

If I have some SR2024's that connect up the remote Fiber Closets, there is no configuring of them, so I would not need to enable STP on the ports that Connect up to those switches and thus any sub switch that they connect to.

I think I'm almost there!   Thank you for your help!

Scott<-