Spanning Tree Protocol and PXE Boot

Most of us is using STP (Spanning Tree Protocol) within switched networks. In the last days I had problems on one location of a customer. We distribute new Cisco Catalyst 3750-X switches to the location and didn’t understand why desktop clients can’t boot via DHCP/PXE (Preboot Execution Environment). With globally activated STP/RTSP on the switches, every new connect on an ethernet-port will go through these statements: Blocking – Listening – Learning – Forwarding. Here an explanation from Wikipedia:

  • Blocking – A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state. Prevents the use of looped paths.
  • Listening – The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames.
  • Learning – While the port does not yet forward frames it does learn source addresses from frames received and adds them to the filtering database (switching database). It populates the MAC Address table, but does not forward frames.
  • Forwarding – A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.

So when the desktop pc is starting, the port is coming up and is listening to BPDU packets and learning source addresses from received frames (in STP this longs to 45 seconds). You can see this also that the port LED is shining in an orange color. If the port will be switched to forwarding state (green LED) packets are forwarded (for example broadcast packet for receiving an IP address from a DHCP server). This procedure cost some seconds and the desktop PCs are mostly faster than this, so the client isn’t getting an IP address and can’t boot from a PXE server.

You can solve this problem by activate PortFast globally or on specific ports (which I prefer):

MySwitch(config)# interface range GigabitEthernet1/0/1 -20
MySwitch(config-if-range)# spanning-tree portfast

You will get a warning like this:

%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast will be configured in 20 interfaces due to the range command
but will only have effect when the interfaces are in a non-trunking mode.

With this action you disable STP on this ports, so you will be able to setup loops in your network which is not a good idea. You can prevent this by configuring the command “spanning-tree bpduguard enable” so the port is also listening for BDPU packets from other STP-switches to prevent loops. If the interface is receiving BDPU packets you will have no loop because the interface state is changing to “err-disable” with warning “%SPANTREE-2-BLOCK_BPDUGUARD”. You can disconnect this port from the other switch and can bring him back to life with “shutdown” and “no shutdown” the specific interface. After activating PortFast on the client ports of my customer, the clients are getting IP addresses fine and can boot via PXE.

To globally activate PortFast on all access mode ports with BPDU guard enable you can configure this:

MySwitch(config)# spanning-tree portfast bpduguard

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.