A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Spanning Tree: Friend or Foe? Breadcrumb Home Insights Blog Spanning Tree: Friend or Foe? August 18, 2016 Spanning Tree: Friend or Foe? In some degree or another, some of us have run into Spanning Tree issues over the years. Either full on Spanning Tree re-convergence timeout issues, loops in networks, or even a Spanning Tree “Root Bridge” issue that’s pointing to a device that lives on the edge of the network. I’ve personally diagnosed three or four fully disabled networks over the years. Think about that -- an entire network that was completely disabled due to someone plugging in a simple device attempting to make their lives easier. A device such as a small five port switch to create more ports, perhaps for a computer and printer. There’s no doubt that in a proper environment, Spanning Tree needs care and feeding. By that, I mean – proper configuration. Absolutely setting your Spanning Tree “root bridge” on the core device(s) of your network, at a bare minimum. But also the consideration of enabling BPDU guard on interfaces to block other switches from participating in on your network without your consent. There’s a myriad of other options you may want to set at your interface level to help with Spanning Tree loops, and protecting your environment. I’d certainly suggest spending time reading a few online documents describing what’s best for your given switch manufacture. Spanning Tree is a very old Layer 2 protocol (802.1D-1990) and its election process is archaic, relying on “Spanning Tree Priority” first. Keeping in mind that every switch delivered today has a default priority of 32768. Since every switch has the same priority (unless configured otherwise) the next method for deciding the “Spanning Tree Root Bridge” is by the switch’s hardware encoded MAC address. The device with the lowest MAC address wins Root Bridge. Thinking about that, what devices have the lowest MAC address numbers? The oldest device on your network. This is typically a 10-15 year old switch that sits on the edge of your network, serving up a handful of clients and on its way out the door upon its failure. I’ve recently been introduced to ELRP, or Extreme Loop Recovery Protocol which is a technology brought forth by Extreme Networks to protect your network of loops without the need for configuring Spanning Tree. I have to say, it’s certainly nice not having to configure Spanning Tree, and simply turning on ELRP on all client ports. ELRP works great and is extremely fast at identifying and disabling looped ports without any complexity. I think it high time Spanning Tree is weeded out of a network for another L2 protocol that can safely and easily protect our investments, time and money without excessive configuration practices. Of course ELRP is manufacturer specific. TRILL, or Transparent Interconnection of Lots of Links is another option, as a proposed technology to replace Spanning Tree and is currently in the process of obtaining an IETF standard. Certainly worth a look, but as of yet, unless you want to switch to a manufacture specific technology, consider evaluating your Spanning Tree configurations. By: Brian W. Schott Share: SecOps
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services