Solved: STP & portfast

cvf-reg2cis · ‎08-27-2007

Hello,

I have a question about STP.

STP (rstp) is enabled on several switchs for a vlan which doesn't need it (there are no loops possible). On this vlan there are edge ports which doesn't have the portfast option activated.

Each time I plug or unplug a port in this vlan, I have a quite (30 sec) long outage due to the recomputation of the STP protocol.

My question : I would like to solve this problem, either by disabling STP for this vlan, either by setting the portfast option on the edge ports.

What is the best way to solve the problem, without generating a new outage ?

In other words, can I desactivate the STP (one switch after the other) without generating an outage. And can I set the portfast option on a port without generating an outage.

Thanks a lot

Regards

Guillaume

rajatsetia · ‎08-27-2007

Hi

You can configure edge "access" ports for portfast option without any outage.

use this command "spanning-tree portfast" under interface config.

along with that I will recommend to use

"spanning-tree portfast bpduguard default" in global config.

So that BPDU-guard is enabled on the portfast enabled interfaces, in case another switch is connected to any of the portfast interface by mistake , the concerned interface will be disabled.

HTH

rgds

View solution in original post

kerek · ‎08-27-2007

Hello,

1. I think it is better to use portfast (with bpdu guard)instead of turning off the stp in that particular vlan. In that case portfast will not cause any outage as it puts the port into forwarding state as connected but still prevent from bridging loop to occur if inadvertently connect a switch as stp takes care of that.

2. In order to disable stp per vlan and let run in others obviously needs pvstp (per vlan stp) and will not cause outage if disabled per vlan.

Krisztian

View solution in original post

lamav · ‎08-27-2007

Guillaume:

It is a BAD practice to disable STP. STP has very little bandwidth overhead and can save you from a disaster. I would not disable it.

Simply add portfast to the access ports, as the gentlemen have described, and then enable bpduguard.

HTH

View solution in original post

rajatsetia · ‎08-27-2007

Hi

You can configure edge "access" ports for portfast option without any outage.

use this command "spanning-tree portfast" under interface config.

along with that I will recommend to use

"spanning-tree portfast bpduguard default" in global config.

So that BPDU-guard is enabled on the portfast enabled interfaces, in case another switch is connected to any of the portfast interface by mistake , the concerned interface will be disabled.

HTH

rgds

kerek · ‎08-27-2007

Hello,

1. I think it is better to use portfast (with bpdu guard)instead of turning off the stp in that particular vlan. In that case portfast will not cause any outage as it puts the port into forwarding state as connected but still prevent from bridging loop to occur if inadvertently connect a switch as stp takes care of that.

2. In order to disable stp per vlan and let run in others obviously needs pvstp (per vlan stp) and will not cause outage if disabled per vlan.

Krisztian

lamav · ‎08-27-2007

Guillaume:

It is a BAD practice to disable STP. STP has very little bandwidth overhead and can save you from a disaster. I would not disable it.

Simply add portfast to the access ports, as the gentlemen have described, and then enable bpduguard.

HTH

jorgenolla · ‎08-27-2007

If there are no loops on your topology, you should have no instances of STP (RSTP) running.

#show spanning-tree

Should show that there are no instances of STP running. To remove the forward delay time on the interfaces, you need to use portfast on the edge ports.

Regards

lamav · ‎08-27-2007

Jorgenolla:

I had to sound brash, but you are wrong, my friend. it is a Cisco "best practice" to always enable STP becuase you dont know how th etoplogy might change in the future and it prevents accidents, like someone plugging a switch into what is supposed to be an access port.

Of course, in the end, it is up to the net admin to decide what he/she wants to do, but disabling SZTP buys you almost zero and can leave you vulnerable.

lamav · ‎08-27-2007

oops, I meant to say that I "hate" to sound brash..

jorgenolla · ‎08-27-2007

To: lamav

Thanks my friend, but I think you re missing the point.

You are very correct in your statement: "best practice" to always enable STP".

STP is enabled by default; and I did not say to disable STP!

But when there are no present loops in the Topology, there will be no instances of STP running!!!!!!!!!!!!!!!!!

If a loop is formed at some point, then STP will have an instance for each VLAN in the network.

Best Regards

lamav · ‎08-27-2007

"But when there are no present loops in the Topology, there will be no instances of STP running!!!!!!!!!!!!!!!!!"

That is an incorrect statement, Jorge. Please see my post to you on the other thread you commented on this morning.

And by the way, 1 exclamation point would have been enough!...!!!!!!! (smile).

jorgenolla · ‎08-27-2007

Just replied to you on the other post lamav.

Once again I think you've misunderstood. I said "Instance of STP", which is different than "STP".

Best regards

Jon Marshall · ‎08-29-2007

Hi Jorge

I'm not sure i understand your point. You seem to be suggesting that if you have no loops in your network then you will have no instances of STP and to prove the point you say that the output of a "sh spanning-tree" will not show any instances.

This is the output of a "sh spanning-tree" on a 3560 which is connected via a trunk link to a 3550 ie. only one link no loops.

=============================================

lab_sw1#sh spanning-tree

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 000a.b8b3.a980

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000a.b8b3.a980

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/48 Desg FWD 19 128.52 P2p

VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 32778

Address 000a.b8b3.a980

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Address 000a.b8b3.a980

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/21 Desg FWD 19 128.23 Edge P2p

Fa0/48 Desg FWD 19 128.52 P2p

VLAN0011

Spanning tree enabled protocol ieee

Root ID Priority 32779

Address 000a.b8b3.a980

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32779 (priority 32768 sys-id-ext 11)

Address 000a.b8b3.a980

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/48 Desg FWD 19 128.52 P2p

=============================================

Could you clarify what you mean by "no instances" ?

Jon

jorgenolla · ‎08-29-2007

Jon & and Lamav:

I don't know what was I thinking! I was incorrect, and thanks for clarifying that Jon.

I was thinking about MST and the command

spanning-tree mst configuration

Best Regards

cvf-reg2cis · ‎08-29-2007

Thanks all for your helpful answers !

kesva.naidoo · ‎08-29-2007

The Cisco implementation maintains that the Portfast keyword be used for edge port configuration.

http://www.cisco.com/en/US/partner/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml#converge2

See page 8.