Advice on basic STP and network design

Which switch model are you working with? This will help know what features are available to the switch.

You are correct, portfast should be enabled on ports connecting to client devices. Should not be enabled on ports connecting switch to switch.

Portfast Allows immediate transition to a forwarding state

Port still participates in STP

Used for non-switch devices

Clients

Servers

Printers

Prevents unnecessary timeouts from DHCP servers

Most switches come with the default of RSTP.

Enabling root guard on a port ensures that the port does not become a root

port or a blocked port. When a switch is elected as the root bridge, all ports

are designated ports unless two or more ports of the root bridge are connected

together. If the switch receives superior STP BPDUs on a root-guard enabled

port, the root guard feature moves this port to a root-inconsistent STP state,

which is effectively equal to a listening state. No traffic is forwarded across

this port. In this way, the root guard feature enforces the position of the root

bridge.

When the STP mode is MSTP, the port may be a designated port in one

MSTI and an alternate port in the CIST, etc. Root guard is a per port (not a

per port per instance command) configuration, so all the MSTP instances this

port participates in should not be in a root role.

An easier method would be to assign a switch as a static root.

To assign a static ROOT switch, you must change the default bridge priority (32768).  This value must be LOWERED to allow it to be assigned the ROOT port role.  This value is changed in increments of 4096.  Set the switch Priority to 4096, as all the other switches are set to 32768 this will cause it to be elected ROOT switch.  A bridge priority of “0” will prevent a switch from participating in the Root election however not all vendors observe this rule.

console(config)# spanning-tree priority 4096

Here are a couple articles you can look through for some additional information.

www.dell.com/.../pwcnt_MSTP_interoperability.pdf

www.dell.com/.../app_note_13.pdf

Cheers

Thank you for your reply, so regarding portfast, does this disable STP on the port?,  if a device is plugged into a port configured with portfast could it cause a topology change on the network?

Thanks

Dave

OK thanks, so the ONLY advantage to enabling portfast is to get around the initial delay of waiting for STP to sort out the port?

What would you recommend for ports where public devices can be plugged in? we don't want these devices to cause an issue for the rest of the network.

Thanks

Dave

PortFast immediately transitions the port into STP forwarding mode upon linkup with less than a 5 sec delay. The port still participates in STP.  So if the port receives a BPDU from another Network bridge (switch), the port ignores PortFast and processes the BPDU as normal.  The port transitions through Listening, learning, forwarding or blocking state with the original delay.  There is no danger of causing a data Loop as STP is always listening for BPDU’s with or without PortFast enabled on all ports.

On the 3548 i would look at root guard

Root Guard — Prevents devices outside the network core from being assigned the spanning tree root.

# spanning-tree guard root

Having a quick look I can see the command is available on a 7048 and a 6248 but not on the cheaper switches generally used for edge switches like the 3548 ? Is there a comparative command i could use on these?

thanks

Dave

OK great, you've been most helpful.

Thanks

Dave