Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1881
Views
5
Helpful
4
Replies

Adding new switch to network & it should not participate in STP

suhasmanju
Level 1
Level 1

‎07-20-2016 05:11 AM - edited ‎03-08-2019 06:42 AM

Please tell me how avoid participating new switch ito STP? We are adding new switch & it should not participate in STP?

Labels:
0 Helpful
4 Replies 4

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-20-2016 05:23 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Often you just turn off STP on the switch.  Or, you might suppress sending and/or receiving BPDUs on individual ports.

BTW, not running some form of STP is often inadvisable.  Even when your topology has not designed with multiple L2 paths, STP is generally kept active to deal with someone creating an accidental L2 loop.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Joseph W. Doherty

‎07-20-2016 07:00 AM

Dear friends,

Please allow me to join.

I agree with Joseph - preventing a newly added switch from participating in STP is not advisable, because the loop protection in switched networks depends on all switches running STP and cooperating in creating a single, contiguous loop-free topology. If one or more switches do not participate in STP, protection against switching loops is only partial.

Deactivating STP on a switch can cause it either to drop all received BPDUs, or to flood them transparently. The first option is actually worse because dropping BPDUs means that STP will be unable to detect a loop even if there is one. The second option is slightly better, as STP will treat such a switch simply as a shared network segment (a "cable" if you will), and will at least be able to block ports on the "end of that cable". The inside of that "cable" won't be protected against loops, though.

If the newly added switch is fully under your control then it would be a bad practice to prevent it from participating in your STP, and I cannot recommend it. If you are concerned that adding the switch will cause a temporary network outage then it would perhaps be advisable to schedule a maintenance window for that (the outage, should it happen, should be under 50 seconds; with RSTP and MSTP, under 1 second, and in general, adding a new non-root switch will not cause any outage at all). Certainly, this inconvenience is much better than dealing with a switching loop that got caused just because you have prevented the switch from participating in your STP.

If the switch is not under your administration then I suggest using the Root Guard to prevent that switch from becoming a root switch but still allow it to participate in your STP as long as it behaves well. A Root Guard is activated on a per-port basis and prevents that port from becoming a root port (and consequently, prevents the attached switch from becoming a root switch):

interface FastEthernet0/1
 spanning-tree guard root

If you absolutely insist on preventing that switch from interacting with your STP, then you can use the BPDU Filter feature that prevents a port from sending and receiving BPDUs, effectively creating a boundary in the STP domain. This practice comes at your own risk - with the BPDU Filter in place, it is your responsibility to make sure that there are no physical loops in the network behind the boundary or through it, because STP will no longer be able to detect and eliminate them.

interface FastEthernet0/1
 spanning-tree bpdufilter enable

Best regards,
Peter

nonoyyao
Level 1
Level 1
In response to Peter Paluch

‎04-10-2018 06:58 AM

Hi Peter, 

 

From what I know If you configure the bpdu filter in global config it will enable to all portfast ports and it will disable the bpdu filter when it receives a bpdu in the first 10 seconds upon bootup.

 

Does configuring the bpdu filter per interface will have the same effect?

 

And if so , how do you prevent the switch to STP? Boot the switch and wait for 10 seconds before plugging it to trunk links?

 

Thank you!

 

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to nonoyyao

‎04-10-2018 07:39 AM

Hi, 

At the interface level, you can enable BPDU filtering on any interface by using the spanning-tree bpdufilter enable interface configuration command without also enabling the Port Fast feature. This command prevents the interface from sending or receiving BPDUs.

 

When we are using this command under the global configuration, it will apply only on the port-fast enabled interface. 

 

Caution:  Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops.
You can enable the BPDU filtering feature for the entire switch or for an interface.

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card