Products Firewalla Gold Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Blue Plus Firewalla Wi-Fi SD Product Comparison Product Reviews

Articles in this section

Device is slow to get an IP address - Spanning Tree Protocol (STP)

Avatar
Client Support
  • Updated
Follow

 

Issue

When you have devices connected directly to a firewalla with multiple ports bridged into a single LAN and a device comes online it may take 20-30 seconds for it to get an IP address. In some situations, this is unacceptable. This applies to any combination of bridged ports:

  • Multiple ethernet ports 
  • An Ethernet port and a Wi-Fi port (e.g. Purple) 
  • Or bridged VLANs, even if there is no LAN on that bridge

 

STP.gif

 

This may not be the sign of either bad hardware or bad cables. Instead, it may be a function of the Spanning Tree Protocol (STP).  


What is STP?

STP is a link management protocol (802.1D) designed to support redundant links that stops switching loops in the STP network. It is a Layer 2 protocol that runs on bridges and switches. It is meant to ensure that if you improperly connect say ethernet from one port to another it doesn't take down your network. STP also is used when redundant connections are made intentionally. It manages those so problems do not occur and the network runs properly. 

STP introduces a delay when devices are connected to understand how they fit into the existing network and look for signs that a connection may be a loop, and then manage that correctly. 

Since we introduced Gold, and if you have two or more ports bridged (same network), STP will default-on. This is to protect your network from a switching loop.

 

Solutions

  1. Use a switch between firewalla and devices. If Firewalla is connected to a switch, as shown above, this is not an issue because the connection from Firewalla to the switch is constant. Similarly, the desktop in the example is always connected and is not an issue. However, a device that connects and disconnects physically or because of power saving mode may cause an issue.
  2. If you want to connect a device directly to Firewalla, put it on a separate LAN or VLAN, not part of a bridge.
  3. Only connect devices that stay on directly to your firewalla.

 

 

Long Term

In an upcoming release, we will add the option to bridged ports to disable STP. STP will continue to default to ON, but if you must connect a device directly to your firewalla, you will be able to disable STP on a per port basis which will allow that port to function properly even if a device goes on and offline. The solutions above will of course, still work as well. 

 

Resources 

Related articles

Comments

0 comments

Please sign in to leave a comment.