Setting up Spanning Tree on HP switches is really easy, after you’ve done it a couple of times, but getting it configured can seem like a daunting task for beginners, espcially in a production network. Here are some simple steps on how to get it up and running in no time. Note that enabling STP might cause small network outages, so don’t do this in a production network if you haven’t tried it before! All commands are written within “citation”-marks, so that’s what you need to enter into the CLI on your switch. For completeness I’ve added all the commands in order at the bottom of the post, which might be handy if you’re just looking for a CLI-reference.
The first thing to do is to select your root bridge (the central most switch in your network). Enter CLI and type “configure” to enter config mode. Then enter “spanning-tree” to enable it. That’s all you need to do on a switch to get STP up and running.
Next we need to set up root bridge priority on your core switch(s). When the switches in your network selects their root bridge, they look at two things, the switch’s MAC-address, and a thing called STP priority. From the factory all switches have the same priority (step 8 of the 16 configurable steps) so the switch with the lowest MAC automatically get’s selected as root. THIS IS NOT A GOOD THING, as this will basically make your whole network look for the shortest path to a random switch in the network, which is usually a rouge switch installed by a non-IT employee under someone’s desk, at least with my luck. What we want is for them to find the shortest path to the core switch, so we will alter the priority.
This is easy to do as well. In the same config mode that you just enabled STP in, type “spanning-tree priority 0”. This sets the root bridge permanently so that it won’t ever change without you wanting it to. If you have 2 core switches, set the other one to priority 1 so that if the main core fails the whole network will switch to the other one.
Run “write memory” to save your changes and log out.
Run “spanning-tree” in the config mode on all your other switches. That’s all! Remember to run “write memory” to save your changes!
This is only a short intro into STP, but it’s sufficient for beginners to get started, and after you have this down you can then easily start to add the more exotic features.
Here’s the full CLI for those who want it;
Configuring the root Bridge:
Procurve 4204vl-1# configure Procurve 4204vl-1(config)# spanning-tree Procurve 4204vl-1(config)# spanning-tree priority 0 Procurve 4204vl-1(config)# write memory
Configuring the fail-over root Bridge:
Procurve 4204vl-2# configure Procurve 4204vl-2(config)# spanning-tree Procurve 4204vl-2(config)# spanning-tree priority 1 Procurve 4204vl-2(config)# write memory
Configuring the other switches:
Procurve 4204vl-3# configure Procurve 4204vl-3(config)# spanning-tree Procurve 4204vl-3(config)# write memory
This post is part of a new series called Network Friday, where I explain a new networking concept every Friday and tell you have to configure it on (mostly) HP hardware. The series will mostly focus on the configuration side, as I feel there are lots of resources out there that do a fine job of explaining complex concepts, but very few that show you how to do it on your specific hardware. This series aims to address this somewhat, at least on the HP side of the fence.
This how-to was originally posted over at the Spiceworks community:
hi, does it work if there are VLANs in the switch ?!
Yeah, it works just fine even though there are VLANs defined on the switch, RPVST for example even computes the Spanning tree for each VLAN, so that multiple links can be used.
the part for the RSTP and the MSTP would also be nice
It’s been on my list of things to do for a while, but it requires me to set up quite a few switches in my lab to get it working for the tutorial. But it’s coming! 🙂
Hi. Thanks for your great info. When RSTP is activated on a Procurve switch, does it automatically block the port when it sees a bpdu packet? And then does it automatically enable the port once the bpdu packet cease?
Trying to determine what happens when someone plugs in a device incorrectly that causes RSTP to activate, but need to know if the port will stay locked, of if it will automatically come back online once the device is removed. Many thanks.
In your scenario, when the loop is disconnected the BPDUs stop arriving, and if the loop isn’t recreated STP won’t block it the next time the port comes online (STP and it’s successors all start by checking if a port will cause a loop when it first see it come online, so essentially every port starts of as blocked when it comes online). RSTP isn’t that much quicker in that regard, but it reacts to changes in the network topology faster, say if you need to remove a switch without downtime, it’ll be a lot quicker finding the new path when you connect the new switch to the network, and will have less downtime when you remove the old switch.
I have a location where people can plug an personal devices into the ports (computers, wireless routers, etc) and want the port to lock if they have a bad or misconfigured device, but would like for it to auto re-enable once the device is removed. Do you suggest setting all ports to admin-edge-ports without bpdu-protection. I believe I read that bpdu-protection locks the port and it has to manually be re-enabled using some command. Thanks for your thoughts. I sure appreciate it.
By default BPDU Protection locks the port indefinitely, but that behaviour can be changed with the command “spanning-tree bpdu-protection-timeout “, with a timeout of 0 being the default and meaning it never reenables the port again. Keep in mind though that it’s only when it sees a BPDU on a port that this is triggered, so usually something has gone quite wrong when this triggers, the classic is when a user connects two outlets together in a conference room for “cable management”. Most network equipment doesn’t send BPDUs, and most that can doesn’t do so until they are told, so it’s quite a safe setting.
I’d prefer using the auto-edge-ports command instead, as it’s less likely to not catch a loop in the network.