Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
13831
Views
0
Helpful
7
Replies

no spanning-tree vlan

Go to solution
dgj1
Level 1
Level 1

‎10-06-2008 10:28 AM - edited ‎03-06-2019 01:47 AM

Can anyone tell me a valid reason why disabling spanning-tree should be considered. Everything I have read cautions against it. Just wondering if there is something I missing.

Here is an example of some of the configs I am running into on switches in the network that I am new to. No one else can tell me why this was done.

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

no spanning-tree vlan 33,64,66-67,120,152-156,176,180,184,197,202,225,402,671

no spanning-tree vlan 701,703-705,777,997,999-1000

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-06-2008 02:06 PM

Hello Deanna,

there are no good enough reasons to disable STP on a Vlan.

However, depending on the switch platforms some of them with PVST have some scalability limits:

you can find some C2950 or other that can run only 64 instances of STP.

The same devices usually have also a limit on how many vlans they can learn from VTP but the two limits can be different.

In a device like this vlans created /learned after having reached the limit are automatically in STP off and you see lines as the ones you have placed in your post.

So I would suggest you to explore this network by noticing also switch model, IOS version, number of vlans defined in the campus.

use sh vlan

sh spanning-tree summary

If instead these are C6500 or C4500 what you see is a human choice that can be discussed

Hope to help

Giuseppe

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Istvan_Rabai
Level 7
Level 7

‎10-06-2008 10:36 AM

Hi Deanna,

If someone is absolutely sure that there is no possibility for layer2 loops to form then he/she can disable spanning tree.

The benefit you can gain from it is less processor utilization and less bandwidth utilization, as the switch will not send bpdus on the disabled vlans and will not have to process the spanning-tree algorithm for those vlans.

Otherwise I wouldn't recommend to disable it.

Cheers:

Istvan

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-06-2008 10:37 AM

Personally i would be extremely reluctant to turn off STP on any switch just in case of a misconfiguration either accidental or malicious.

You could turn it off if you have designed a network that has no redundant L2 links, a good example being a L3 routed network in both the access/distribution and core network but i would still leave STP on to be honest.

Jon

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎10-06-2008 01:59 PM

I've seen that implemented in some networks to gain the fastest Layer2 re-convergence possible.

As the other posters indicated, you need to make sure there isn't any Layer2 loop before taking this approach.

HTH,

__

Edison.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-06-2008 02:06 PM

Hello Deanna,

there are no good enough reasons to disable STP on a Vlan.

However, depending on the switch platforms some of them with PVST have some scalability limits:

you can find some C2950 or other that can run only 64 instances of STP.

The same devices usually have also a limit on how many vlans they can learn from VTP but the two limits can be different.

In a device like this vlans created /learned after having reached the limit are automatically in STP off and you see lines as the ones you have placed in your post.

So I would suggest you to explore this network by noticing also switch model, IOS version, number of vlans defined in the campus.

use sh vlan

sh spanning-tree summary

If instead these are C6500 or C4500 what you see is a human choice that can be discussed

Hope to help

Giuseppe

0 Helpful

Go to solution
dgj1
Level 1
Level 1
In response to Giuseppe Larosa

‎10-06-2008 03:12 PM

Thank you. Just at a quick glance most of them do appear to be C2950 switches. There are 89 vlans defined and 64 VLANs reflected in the sho spanning-tree summary. Just to double check; can I assume that means that each VLAN is equivalent to one instance of STP. The information that you have provided is greatly appreciated, I didn't realize that this could occur without someone intentionally configuring it that way. Good to know.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to dgj1

‎10-06-2008 11:05 PM

Hello Deanna,

in PVST+ each Vlan requires its own STP instance: if 89 vlans exist and 64 Vlans are in the sh spanning-tree summary and devices are C2950 you are facing the STP limits of these switches.

Thanks for your kind remarks.

I discovered this limitation a few years ago while performing L2 security tests we added a C2950 to a lab with C6509 and we started to see this kind of things.

Best Regards

Giuseppe

0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to Giuseppe Larosa

‎10-07-2008 03:43 AM

Hi Giuseppe,

you wrote "In a device like this vlans created /learned after having reached the limit are automatically in STP off and you see lines as the ones you have placed in your post. " in your previous meassage.

Several years ago I noticed an even worse behaviour of Cisco 3500XL switches:

After reaching the STP instance limit, one VLAN has disabled its STP. But not the VLAN last created, just one random VLAN :-(

This was terrible that time, I hope it's fixed in current IOS.

BR,

Milan

0 Helpful
Related community topics
Top