Link to home
Start Free TrialLog in
Avatar of MrVault
MrVault

asked on

How to use spanning tree

we have a network that looks like a hub a spoke. The main spoke is the ISP's drop into the firewall. that connects to a stacked pair of L3 switches. attached to that pair are various other switches. I'm certain none of those switches are plugged into each other in any loop.

Off many of the switches are servers and iSCSI SAN appliances. with iSCSI, it is recommended that STP be turned off on those ports. I have a few questions:

1. Should STP be turned off on all ports but the trunk ports between the hub and spoke switches?
2. Our firewall drops into each switch in the stack and there's an HA firewall that does the same. Do I leave STP turned on for those 4 ports?
3. Most of our servers do not yet have dedicated iSCSI NIC ports. There are 2 and they are the iSCSI ports and the regular traffic ports. do I still turn STP off for those ports on the switch?
4. Some documents say if I have to leave STP on, turn on RSTP. Is that just as good as it being off or is there still some risk?

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Soulja
Soulja
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MrVault
MrVault

ASKER

Sorry, we're running Brocade/Foundry switches. Servers are mainly Windows Server 2008 R2 and Dell Equallogic SAN arrays.

The reason I asked about disabling per port is that you can do this on each port's settings in Brocade.

The documentation such as this link say to turn it off, but if it has to be on, enable portfast. But it sounds more ideal to have it off on the endpoints (servers and storage attached). Does it matter? http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/white_paper_c11-563477.html

I don't know if Brocade has an equivalent BPDU Guard.

Eventually we'll be moving the iSCSI traffic to separate NICs on the servers and then onto different VLANs and whole switches.

@Epic7: can you explain "access ports"? If you don't have it on for trunk ports and you don't have it on for endpoints (hosts, devices), then what is left?

It seems as if the recommendation is to use STP, but yet vendors of iSCSI devices are asking that we NOT use it due to issues they see with it.
@Epic7: can you explain "access ports"? If you don't have it on for trunk ports and you don't have it on for endpoints (hosts, devices), then what is left?

access ports and endpoint ports are the same thing, just different way of saying it.

I have't worked with Brocade, i would assume they would have something similar to BPDU. It's nothing more than a security feature that. What it does is remembers the mac address of the device, if it's unplugged and a new device is plugged in it shuts down the port.
I believe my BPDU desription wasn't correct. i was thinking of port sticky.. please disregard that statement.
Avatar of MrVault

ASKER

thanks.

is the concern with STP/RSTP that someone would connect switch A to B and B to C and then later accidentally connect C to A (directly or though another switch)? We have a relatively small setup, so I feel like if the iSCSI vendors say it is causing problems, and I'm the only only connecting switches right next to each other, then I feel pretty confident we're not going to introduce a loop.

I'm reading Brocade docs and they say it's global too. it's weird that in the GUI I can turn it on or off in each port's settings.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MrVault

ASKER

I see what you're saying. Should I just disregard the vendor who is saying our SAN issues could be caused by us having STP turned on for those ports?
I don't think it's the issue but turn it off. If you find that the problem is still there, than turn it back on.

Test that out and let me know what you find out.
Avatar of MrVault

ASKER

Thanks everyone.