Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to use spanning tree

Posted on 2011-09-16
10
Medium Priority
?
548 Views
Last Modified: 2012-05-12
we have a network that looks like a hub a spoke. The main spoke is the ISP's drop into the firewall. that connects to a stacked pair of L3 switches. attached to that pair are various other switches. I'm certain none of those switches are plugged into each other in any loop.

Off many of the switches are servers and iSCSI SAN appliances. with iSCSI, it is recommended that STP be turned off on those ports. I have a few questions:

1. Should STP be turned off on all ports but the trunk ports between the hub and spoke switches?
2. Our firewall drops into each switch in the stack and there's an HA firewall that does the same. Do I leave STP turned on for those 4 ports?
3. Most of our servers do not yet have dedicated iSCSI NIC ports. There are 2 and they are the iSCSI ports and the regular traffic ports. do I still turn STP off for those ports on the switch?
4. Some documents say if I have to leave STP on, turn on RSTP. Is that just as good as it being off or is there still some risk?

Thanks!
0
Comment
Question by:MrVault
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 668 total points
ID: 36551760
You didn't state what type os switches you were running, so my answers will assume Cisco.

1. Should STP be turned off on all ports but the trunk ports between the hub and spoke switches?

Essentially STP is applied globally on the switch. You can disable it per vlan, but I still wouldn't recommend it. The ports connected to endpoints can have portfast enabled but never on the trunk ports connected to other switches. Also, on the endpoint ports you want to enable BPDU Guard, this way if a switch accidently gets plugged into the port it go into err disable.

2. Our firewall drops into each switch in the stack and there's an HA firewall that does the same. Do I leave STP turned on for those 4 ports?

STP is enabled globally on a switch. As stated above you can disable it per vlan, but I wouldn't recommend it.

3. Most of our servers do not yet have dedicated iSCSI NIC ports. There are 2 and they are the iSCSI ports and the regular traffic ports. do I still turn STP off for those ports on the switch?

Same answer as question one.

4. Some documents say if I have to leave STP on, turn on RSTP. Is that just as good as it being off or is there still some risk?

Rapids Spanning Tree is an improved version of STP, so use it. It is much quicker in regards to convergence.
0
 
LVL 1

Assisted Solution

by:Epic7
Epic7 earned 1332 total points
ID: 36551762
1. Should STP be turned off on all ports but the trunk ports between the hub and spoke switches?
 - STP is used to prevent loops. I would advise leaving STP on all access ports. We currently don't have STP on trunk ports

2. Our firewall drops into each switch in the stack and there's an HA firewall that does the same. Do I leave STP turned on for those 4 ports?
-Yes

3. Most of our servers do not yet have dedicated iSCSI NIC ports. There are 2 and they are the iSCSI ports and the regular traffic ports. do I still turn STP off for those ports on the switch?
- Leave stp on
4. Some documents say if I have to leave STP on, turn on RSTP. Is that just as good as it being off or is there still some risk?

- RSTP is Rapid spanning-tree protocal. I would advise not having a network with out some type of STP
0
 

Author Comment

by:MrVault
ID: 36551832
Sorry, we're running Brocade/Foundry switches. Servers are mainly Windows Server 2008 R2 and Dell Equallogic SAN arrays.

The reason I asked about disabling per port is that you can do this on each port's settings in Brocade.

The documentation such as this link say to turn it off, but if it has to be on, enable portfast. But it sounds more ideal to have it off on the endpoints (servers and storage attached). Does it matter? http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/white_paper_c11-563477.html

I don't know if Brocade has an equivalent BPDU Guard.

Eventually we'll be moving the iSCSI traffic to separate NICs on the servers and then onto different VLANs and whole switches.

@Epic7: can you explain "access ports"? If you don't have it on for trunk ports and you don't have it on for endpoints (hosts, devices), then what is left?

It seems as if the recommendation is to use STP, but yet vendors of iSCSI devices are asking that we NOT use it due to issues they see with it.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Expert Comment

by:Epic7
ID: 36551933
@Epic7: can you explain "access ports"? If you don't have it on for trunk ports and you don't have it on for endpoints (hosts, devices), then what is left?

access ports and endpoint ports are the same thing, just different way of saying it.

I have't worked with Brocade, i would assume they would have something similar to BPDU. It's nothing more than a security feature that. What it does is remembers the mac address of the device, if it's unplugged and a new device is plugged in it shuts down the port.
0
 
LVL 1

Expert Comment

by:Epic7
ID: 36551968
I believe my BPDU desription wasn't correct. i was thinking of port sticky.. please disregard that statement.
0
 

Author Comment

by:MrVault
ID: 36551985
thanks.

is the concern with STP/RSTP that someone would connect switch A to B and B to C and then later accidentally connect C to A (directly or though another switch)? We have a relatively small setup, so I feel like if the iSCSI vendors say it is causing problems, and I'm the only only connecting switches right next to each other, then I feel pretty confident we're not going to introduce a loop.

I'm reading Brocade docs and they say it's global too. it's weird that in the GUI I can turn it on or off in each port's settings.
0
 
LVL 1

Assisted Solution

by:Epic7
Epic7 earned 1332 total points
ID: 36552029
i hope this example helps..


Car A is attempting to leave the city. He drives down the road and is able to turn right but not left. The reason he can turn right is because it leads twords a bridge that will bring him to another set of roads. The left turn would have brought him back to his house.

What STP/RSTP does is creates a loop free network. This makes doesn't allow for collisions on the network. Having a loop can cause nasty affects to your network which is why those two protocals were created to stop the issue. It doesn't stop someone from accessing a server or network device per say, that's where Access control lists come into play.

I don't think this is going to be an issue if you keep STP/RSTP on.
0
 

Author Comment

by:MrVault
ID: 36552058
I see what you're saying. Should I just disregard the vendor who is saying our SAN issues could be caused by us having STP turned on for those ports?
0
 
LVL 1

Expert Comment

by:Epic7
ID: 36555036
I don't think it's the issue but turn it off. If you find that the problem is still there, than turn it back on.

Test that out and let me know what you find out.
0
 

Author Comment

by:MrVault
ID: 36816813
Thanks everyone.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When we purchase storage, we typically are advertised storage of 500GB, 1TB, 2TB and so on. However, when you actually install it into your computer, your 500GB HDD will actually show up as 465GB. Why? It has to do with the way people and computers…
Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question