Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Spanning Tree traffic

Reply
Thread Tools

Spanning Tree traffic

 
 
Andrey Tarasov
Guest
Posts: n/a
 
      10-03-2004
Hello, Arnold!
You wrote on Sun, 03 Oct 2004 01:46:45 +0200:

m>>> if you have a single switch, then you can disable spanning tree.

m>>> If you have two or more switches connected togther then
m>>> disabling spanning tree is generally not a good idea...
??>>
??>> It's not a good idea even with a single switch.
??>>
AN> It is ... you most likely don't need it. Hence turn it off but
AN> don't forget to have still BPDU guard turned on.

Well, you can do a little experiment - plug a loopback and see what will happen
with STP and without. Even if you have new IOS based switch with keepalives
turned on by default it might be up to 10 seconds of downtime before port gets
disabled.

With best regards,
Andrey.

 
Reply With Quote
 
 
 
 
Arnold Nipper
Guest
Posts: n/a
 
      10-03-2004
On 03.10.2004 02:19 Andrey Tarasov wrote:

> Hello, Arnold!
> You wrote on Sun, 03 Oct 2004 01:46:45 +0200:
>
> m>>> if you have a single switch, then you can disable spanning tree.
>
> m>>> If you have two or more switches connected togther then
> m>>> disabling spanning tree is generally not a good idea...
> ??>>
> ??>> It's not a good idea even with a single switch.
> ??>>
> AN> It is ... you most likely don't need it. Hence turn it off but
> AN> don't forget to have still BPDU guard turned on.
>
> Well, you can do a little experiment - plug a loopback and see what will happen
> with STP and without. Even if you have new IOS based switch with keepalives
> turned on by default it might be up to 10 seconds of downtime before port gets
> disabled.
>


Well, why do you need STP when port security is turned on?



Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
 
 
 
Andrey Tarasov
Guest
Posts: n/a
 
      10-03-2004
Hello, Arnold!
You wrote on Sun, 03 Oct 2004 02:44:05 +0200:

AN> Well, why do you need STP when port security is turned on?

Don't you think it's a strange approach to do two things - 1) disable STP; 2)
enable port security - to achieve behavior provided by default configuration?

Even though port security is very useful thing it's not a direct replacement of
functionality provided by STP in this case.

With best regards,
Andrey.

 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      10-03-2004
Hi Andreay,

On 03.10.2004 04:59 Andrey Tarasov wrote:

> Hello, Arnold!
> You wrote on Sun, 03 Oct 2004 02:44:05 +0200:
>
> AN> Well, why do you need STP when port security is turned on?
>
> Don't you think it's a strange approach to do two things - 1) disable STP; 2)
> enable port security - to achieve behavior provided by default configuration?
>


No ... in nowadays switch configuration BPDU guard/filter and port
security is a must.

> Even though port security is very useful thing it's not a direct replacement of
> functionality provided by STP in this case.
>


And turning off unneeded features as well. Hence if I don't need STP I
will turn it off.

As always ... YMMV


Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      10-05-2004

> On 02.10.2004 23:39 Andrey Tarasov wrote:

[snip: killing STP]
> > It's not a good idea even with a single switch.



In article <cjnel6$bv0$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> It is ... you most likely don't need it. Hence turn it off but don't
> forget to have still BPDU guard turned on.


It is not. Because you can't guarantee someone will not create a loop
by accident. It's min sized frames every two seconds...what is the big
deal???


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      10-05-2004
In article <cjolfv$bv0$(E-Mail Removed)>, (E-Mail Removed) says...
[snip]
> And turning off unneeded features as well. Hence if I don't need STP I
> will turn it off. As always ... YMMV


Arnold...dollar to donuts I've got more experience than you. I've
personally seen four sites melt down because some IDIOT, yes IDIOT,
turned off STP. That's like saying I don't drive over 10M from my
house, so I'll forgo the insurance.

It's simply not worth it. Unless you can lock the switches, and never
have to recable at 3AM after 15 hours of troubleshooting, leave STP on.


--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      10-05-2004
On 05.10.2004 07:45 Hansang Bae wrote:

>>On 02.10.2004 23:39 Andrey Tarasov wrote:

>
> [snip: killing STP]
>
>>>It's not a good idea even with a single switch.

>
>
>
> In article <cjnel6$bv0$(E-Mail Removed)>, (E-Mail Removed) says...
>
>>It is ... you most likely don't need it. Hence turn it off but don't
>>forget to have still BPDU guard turned on.

>
>
> It is not. Because you can't guarantee someone will not create a loop
> by accident. It's min sized frames every two seconds...what is the big
> deal???
>
>


BPDU guard and port security is your friend ....



Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
Andrey Tarasov
Guest
Posts: n/a
 
      10-05-2004
Hello, Arnold!
You wrote on Tue, 05 Oct 2004 08:18:42 +0200:

??>> [snip: killing STP]
??>>
??>>>> It's not a good idea even with a single switch.
??>>
??>>> It is ... you most likely don't need it. Hence turn it off but
??>>> don't forget to have still BPDU guard turned on.
??>>
??>> It is not. Because you can't guarantee someone will not create
??>> a loop by accident. It's min sized frames every two
??>> seconds...what is the big deal???
??>>
AN> BPDU guard and port security is your friend ....

Tell us, how are you going to configure port security on ports where you can't
predict number of MAC addresses? Like the ones where wireless access point
connected to?

With best regards,
Andrey.

 
Reply With Quote
 
Arnold Nipper
Guest
Posts: n/a
 
      10-05-2004
On 05.10.2004 18:34 Andrey Tarasov wrote:

> AN> BPDU guard and port security is your friend ....
>
> Tell us, how are you going to configure port security on ports where you can't
> predict number of MAC addresses? Like the ones where wireless access point
> connected to?
>


quite easy ... just pick a reasonable number for number of clients for
that acccess-point.



Arnold
--
Arnold Nipper, AN45
 
Reply With Quote
 
Andrey Tarasov
Guest
Posts: n/a
 
      10-06-2004
Hello, Arnold!
You wrote on Tue, 05 Oct 2004 23:53:15 +0200:

AN> quite easy ... just pick a reasonable number for number of
AN> clients for that acccess-point.

Hmm... We have about 15 access points and more than 300 NICs given out to users.
At any day there is no more than 100 users active total. So how many MAC
addresses should be configured in order to avoid support call saying "We can't
get on a wireless network!" but at the same time to prevent network outage if
loop is going to happen on this port?

Guess what, if you wouldn't mess with STP you wouldn't be doing this exercise.

With best regards,
Andrey.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spanning Tree issue teton67 Cisco 10 12-27-2003 01:27 PM
Gigastack, Spanning Tree, And Trunk Links Amy L. Cisco 1 12-06-2003 12:31 AM
Spanning Tree Sizwe Dumisani Cisco 3 11-16-2003 02:33 AM
B tree, B+ tree and B* tree Stub C Programming 3 11-12-2003 01:51 PM
Spanning Tree And Per Vlan Spanning Tree Amy L. Cisco 0 07-24-2003 10:01 PM



Advertisments