When you have devices connected directly to a Firewalla with multiple ports bridged into a single LAN, it may take 20-30 seconds for a device coming online to get an IP address. This may not be a sign of bad hardware or bad cables. Instead, it may be a function of Spanning Tree Protocol (STP). Firewalla makes it easy to turn STP off on any network with bridged ports.
Firewalla applies STP by default to any network with bridged ports:
- Multiple Ethernet ports
- An Ethernet port and a Wi-Fi port (e.g. Purple)
- Or bridged VLANs, even if there is no LAN on that bridge
What is STP?
STP is a link management protocol (802.1D) designed to support redundant links that stop switching loops in the STP network. It is a Layer 2 protocol that runs on bridges and switches. STP is meant to keep your network from going down if you improperly connect Ethernet from one port to another. STP is also used to manage intentionally redundant connections.
STP introduces a delay when devices connect to the network for a few reasons:
- To understand how the new device fits into the existing network
- To look for signs that a connection may be a loop and then manage that accordingly.
If you have a Firewalla Gold and two or more ports are bridged, STP will be on by default. This is to protect your network from a switching loop.
Solutions
You can disable STP on networks with bridged ports. This will allow each of your ports to function properly even if a device connected directly to Firewalla goes on and offline.
To disable STP, go to the Network Manager page, click Edit, tap your LAN network, scroll down, and disable Spanning Tree Protocol.
Notes
- LAG'd ports will not have an STP option as they are not bridged.
- Be aware that disabling STP means that Firewalla can no longer protect against loops in your network.
If you don't want to disable STP on your network, here are some solutions:
- Use a switch between Firewalla and devices. In the graphic above, the desktop computer is connected to Firewalla through a switch. The connection from Firewalla to a switch is constant, so the STP delay won't be an issue. However, a device that connects and disconnects physically or because of power saving mode may cause an issue.
- If you want to connect a device directly to Firewalla, put it on a separate LAN or VLAN, not part of a bridge.
- Only connect devices that stay on directly to your Firewalla.
Comments
0 comments
Please sign in to leave a comment.