Block spanning tree protocol

**josmcc** · 05-12-2011

Is there any way to disable or firewall Spanning Tree Procol in the linux kernel, ebtables, or iptables?

**Lazydog** · 05-12-2011

Sure, if you know what port it is using then just block that port. But why would you want to block STP.

**josmcc** · 05-12-2011

I don't know if iptables works on layer 2 protocols, the port is only listed in hex 0x8002, i think i've already converted that to decimal, but i can't block the port.
I don't like STP across my wireless, because it's annoying and consumes uncessary bandwidth, just for a home wireless network. I'm not worried about the need for having spanning tree protocol run across my home wireless network. I don't have any need for redundant switches. I know it might be useful if i had backup switches or something like that, but I don't use those.

**Lazydog** · 05-12-2011

In that case why not shut off STP totally if not needed? What type of switch are you running?

**josmcc** · 05-12-2011

im unable to at the switch. Unforunatley I can't get a terminal and there's no option to shut off STP. I'm trying to block it at the client at the least.

Thanks

**Lazydog** · 05-14-2011

What you are going to need to do is create a VLAN for the port that you want to block STP on and then issue the following command:

Code:

no spanning-tree vlan vlan_ID

That should disable STP for that port on a Cisco Switch.

Thread Tools

Display

Block spanning tree protocol

Posting Permissions