Portfast on switches

[pinkpanther56]

I've been told that spanning tree algorithm could be causing some of our Active Directory issues on our LAN and that i should configure our switches for portfast instead. Can someone explain what this might entail should it just be a setting on each swich or does it mean a big re config, i'm not really sure what this is other than a couple of threads i've read on what spanning tree does.

We use mainly Planet FGSW-2402 and 2403 switches with WGS3-404 backbone switches and have about 30 switches in all.

Thanks.

 

[KiscoKid]

I don't know anything about Planet LAN switches however on a Cisco device you can either enable portfast on a port by port basis OR you can enable is globally on the switch such that every port is enabled for portfast (you then have to disable portfast on ports where it shouldn't be enabled).

Portfast is a general STP (Spanning Tree Protocol) enhancement so any LAN switch manufacturer worth their salt should support it with either (or indeed both) of the configuration scenarios I've outlined above.

 

[pinkpanther56]

Hahaha in my exp Planet are not worth their salt but i'll take a look.

Thanks for the reply.

 

[mpennac]

Portfast most affects a device's abilitiy to get a DHCP address. Spanning tree by default will wait 30 seconds from the time that the link is enabled on a port to when it will begin forwarding packets. This gives the port time to ensure that there are no loops present.

Unfortunately, most DHCP stations begin transmitting the DHCP Discovery frames seconds after the link is enabled. The DHCP process would timeout before the 30 seconds expired and switch began forwarding packets.

Cisco's solution to this problem is PortFast. With PortFast all of the Spanning Tree functions are left intact, but the port begins forwarding packets as soon as the link is enabled. This solves the DHCP problem and only allows a loop to be present for 2 seconds before the first BPDU frame would tell the port a loop exists.

As for Active Directory, if the device is trying to resolve names, or connect to resources during that first 30 seconds there could be problems.

Mike

 

[pinkpanther56]

Hmmm they shouldn't be any probs that early in the boot sequence, MS support suggested that the more secure versions of windows i.e XP SP2 and 2003 SP1 have more RPC probs when spanning tree is used.

Can you think of a reasone why it would affect network connunications in general use?

Thanks.

 

[mpennac]

Sadly Spanning Tree is blamed for many problems that it does not cause. Unless you have a switch or link that is constantly going up and down, spanning tree will have no affect on your network. I have worked on many problems where everyone was pointing their fingers at spanning tree, only to find it was something else.

Spanning Tree has two purposes in life. 1) Prevent loops. If a spanning tree port sees Bridge Protocol Data Units (BPDU) from two different sources, it will shutdown the port. 2) Find the shortest path between any point within the spanning tree and the root bridge.

Every 2 seconds the root bridge sends out a BPDU frame. Each bridge (switch) that is part of the spanning tree will forward that BPDU. Unless you have links that are going up and down, spanning tree does nothing other than send out one frame every 2 seconds. I hate to use words like "no way", but it is highly unlikely that spanning tree had anything to do with your problem.

Spanning Tree can be problematic during the first 30 seconds of bootup, without PortFast. After that it will not impact the operation of your Active Directory.

Mike

 

[pinkpanther56]

Ok cheers.

What about having backbone switches set to autonegotiate should i try fixing them at 1Gbps full duplex instead?

 

[jimbopalmer]

"What about having backbone switches set to autonegotiate should i try fixing them at 1Gbps full duplex instead?"

Under what circumstances would it be better for the connection to fail than to shift down to a lower speed? If it is locked at gig, it can't adapt to changes. (Most fiber cannot autonegotiate so if it a fiber backbone you do need to lock it)



I tried to remain child-like, all I acheived was childish.

 

[pinkpanther56]

I just read that not fixing can cause all sorts of issues with some switches.

 

[KiscoKid]

In my opinion it's only important to set both sides the same, i.e. set them both to auto OR set them both to 1000mb full duplex etc

But dont set one side to auto whilst fixing the other at 1000mb full duplex as this will certainly cause issues.

 

[jimbopalmer]

If you were using 1997 era equipment from Cisco or Apple, I would lock the speed and duplex, as they were not good autonegotiate, but equipment new enough to have fast STP learning should be modern enough to have worked out the duplex bugs.

I tried to remain child-like, all I acheived was childish.

 

[pinkpanther56]

This is the problem the network we i'm currently working on uses Planet switches, i'm not convinced of the quality so i'm tempted to fix the backbone switches for now and see if it make a difference.

Cheers.

 

[vipergg]

Yeah I can see why you might question ,can't say I have even heard of Planet switches .

 

[pinkpanther56]

Exactly i'm trying to budget to replace them as i'm convinced they cause no end of problems.

Get this if i reboot a remote Planet 2402 switch and this is connected to a 2403 (between me and the 2402) the 2403 crashes so i can't see it, i have to manually reboot the 2403 which might of taken another segment with it. Planet have sent people out and they scratched their heads and said it's 'odd' if all our switches we're 2403 this wouldn't happen. I pointed out that if they we're all made by a competent manufacturer it also might not happen.

This only happens with switches that use the G/bit copper module but still it's not good.