• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 564
  • Last Modified:

Spanning Tree Question

Hi all,

I've recently read that, unlike Cisco, BPDUs are not sent on the native/untagged - or any other - vlan.


1. Is this really true?
2. If so, what effect does this have on spanning tree's ability to correctly detect loops?
3. What considerations are there on a medium sized HP Procurve network (20 switches, with separate access + distribution layers) to ensure that spanning tree correctly detects loops?

Basically, I'm looking for a decent explanation on how this difference between Cisco's and HP's implementation of spanning tree, and how I can prevent loops in an HP environment.

(this isn't academic, a recent loop in the network took out all switches and all vlans on the entire network)

1 Solution
On Procurve switches the BPDU is turned off by default and you must enable it to protect your network from loops.

The syntax from the CLI is:

spanning-tree all bpdu-protection

This basically enables the bpdu protection on every port, afterwards you should disable it on the uplink ports:

no spanning-tree {port} bpdu-protection

This blog has more detailed information: http://evilrouters.net/2009/03/11/bpdu-protection-on-hp-procurve-switches/

You can also download this HP whitepaper which discusses the differences in much finer detail: http://www.techdata.ca/techsolutions/networking/whitepapers/Feb10/HP%20Procurve%20Migrating%20from%20Cisco%20to%20ProCurve%20Networks.pdf
It is true that bpdu's are not tied to any vlan. They are merely sent as l2 PDF that under normal circumstances will never go beyond the next device it hits. It uses a special destination MAC address the other switches recognize so they know to look at the data gram.

Bpdu's can contain vlan information (or instance information in the case of MST) when running pvst, but the data gram itself is not tied to a vlan.

In terms of loop protection, it all boils down to what mistake was made. Disabling spanning tree on any given switch allows the opportunity for a loop. Mixing vendors and not taking the time to research and configure compatible spanning tree modes can cause loops. Sometimes people even end up finding out the hard way that some vendors disable spanning tree by default and they cause a loop immediately because they had it plugged in before configuring it (happened to my customer 2 weeks ago with new force10 switches).

The difference between hp and Cisco... They can both use standard modes which are compatible. Cisco also allows for pvst and rapid pvst which I don't believe hp fully supports. When mixing vendors, it is usually best to stick with MST or CST or RSTP (non-pvst unless specifically compatible).

If I had to make a blind guess, I would bet that either you had a switch(es) with spanning tree disabled or bpdufilter set, or the default cisco pvst versus hp MST (not a very compatible mix) caused a big disconnect in who was root for what.
TimotiStDatacenter TechnicianCommented:
See attached HP interop guide for detailed explanation and practical examples, STP starts on page 21.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now