Wireless Access

I have a client that has a LAN full of Aruba S3500 switches and he wants to turn off all STP on the network.

I've looked in the manual (MAS_v7.1_UG) and there is an entire section on how to configure MSTP but I can't seem to find a way to just turn it off. 

To enable it's

(host)(config) #spanning-tree mode mstp

I've tried to put a "no" in front of it but it's not taking the command.

(host) (config) #no spanning-tree mode mstp
                                ^
% Invalid input detected at '^' marker.

Any ideas?

Never mind......  I figured it out.

(host)(config) #spanning-tree

(host)(spanning-tree)#no mode

Thanks anyways guys.... you were with me in spirit I know  :smileyhappy:

Everyone have a Happy New Year !!!! :smileyvery-happy::smileyvery-happy::smileyvery-happy:

thank your for this command :smileyvery-happy:

What is the customer trying to accomplish? I would be looking at breaking up the STP domains in the smaller segments rather than turning off STP.

I don't like STP (if I had an environment that  users couldn't plug in to the network I would feel better about turning it off) but it's saved many networks from  broadcast storms bringing the network down. 

Cutomer was having problems imaging computers connected to Aruba-S3500 switches.

We found that if the pc was on an access port they would image just fine but if the port was set to trunk with a native vlan that they could not image the pc.

We currently have all the edge ports set to trunk with native and access vlan set to their normal data network. We then also allow their VOIP vlan. So the network cable goes from the wall to their phone and then out of their phone into their pc. (Pretty standard)

With the port in that config mode they could not image the pc upon startup because it was if the network wasn't ready fast enough when booting up the pc. It didn't matter if the pc was straight on the network or if it was connected through their phone.

We found that if we turned stp off on the switch stack that would effectively eliminate this delay and they then could image the pc's connected on the back side of phones and any pc's directly connected to the edge ports in this trunk mode.

Again this was only a problem if the port was in trunk mode. Access ports worked just fine.

This site has redundant fiber feeds into the switch stack. So whenever they need to image they log into the switch. Admin down the redundant fiber port and then turn off stp on the stack. Once they are done reimaging they turn stp back on and reenable the redundant feed.

If anyone knows of another way or a work around for this that would be great !!!  When speaking to Aruba about this they hoped to address this in future firmware release on the switch.

I might have missed something but why do you have the ports configured as trunks?

We support voice-vlan for both LLDP and CDP phones and you do not need to configure the physical port as a trunk to use it.

Best regards,

Madani

Voice vlan would work as a good solution here. (And I failed to mention this) but we are also tagging a video vlan on all the edge ports as well because some of the teachers have audio visual carts that they plug into the port as well.

So we have the port set as trunk with native vlan as the data network and allow VOIP and Video vlans as tagged traffic. (I know not the best design but that is what the customer wanted and we couldn't talk them out of it)

I would look in to CPPM and authentication on the edge ports.

Even if you were only using MAC auth to identify the machine and what vlan needed to be handed out to each machine you wouldn't have the head ache of having a trunk port a truly access port. Plus you could turn on STP again and prevent loops and provide redundant (link failure) paths. 

Cisco has a portfast trunk option so trunks can start forwarding immediately. Do Mobility Switches have the same capability?

Jaasperff - In addition to using CPPM as David mentioned, you might also be able to use a few UDRs assuming the audio/video carts have similar or identical OUIs or DHCP signatures. You could then direct the audio/video devices to one vlan, the phones to another based upon LLDP/CDP or even their OUIs too and then just have the PCs either stay in the initial role/vlan or put them into a role via MAC auth. No trunking needed! The bigger benefit here is that you would get device visibility both locally to the switch but also into Airwave if your customer has deployed it.

Thecompnerd - We do not currently support portfast on trunk ports like Cisco, but it is a good idea. I recommend you submit that feature in the idea portal on the support page.

Best regards,

Madani

Looks like I finally found a solution to the problem we were having. 

The pc imaging wasn’t working because I was unable to get the portfast command to work on the port. It wasn’t working because in order for portfast to work the port must be an access port and all of my ports were set for trunk.

The solution was to set spanning tree mode to pvst instead of using mstp.

I built a vlan-profile pvst-profile for each vlan on the switch (example below) and lowered the timers on it as far as I could.

vlan-profile pvst-profile "data53"

hello-time 1

max-age 6

forward-delay 4

I then applied that profile to the vlan 53

vlan "53"

   pvst-profile "data53"

After it was applied to each vlan I then changed the spanning tree mode from mstp to pvst.

Spanning-tree

Mode pvst

Imaging is working great now. Hope this helps someone else in the future.

If you have question just send me a msg. Kudo me if this helps you out.

THANKS !!!:smileyhappy: