[f-nsp] mstp disable vs no spanning-tree

Nick Hilliard nick at foobar.org
Wed Feb 6 17:58:34 EST 2013

On 06/02/2013 22:05, Steven Raymond wrote:
> #1 leaves the interface in permanent blocking state.  According to
> Brocade tac guy, he says that no traffic except BPDUs are forwarded on
> this interface with this command.

#1 will disable MSTP only on the interface, even if you're running other
STP instances on the switch.

> #2 I believe ceases sending or receiving BPDUs on the interface, and
> leaves it in a permanent forwarding state.


> What would be the best practice for my ports connecting to customer's L2
> switches, with the goal of isolating & preventing spanning-tree traffic
> exchange?

I use "no spanning-tree" at the interface level.

> In what situations would you choose between "stp-protect", vs "no
> spanning-tree", vs "stp-bpdu-guard" ?

no spanning-tree at the interface level completely stops all varieties of
STP on the interface.

no spanning-tree at the vlan level completely stops all varieties of
multi-vlan STP for that VLAN.

stp-protect causes inbound bpdus to be dropped and counted, and stops stp
negotiation from happening on the port, but as fas I remember, the port
will still be part of the spanning tree topology.

stp-bpdu-guard shuts down the port and puts it into errdisable mode if it
sees a bpdu.


More information about the foundry-nsp mailing list