Issue
When you have devices connected directly to a firewalla with multiple ports bridged into a single LAN and a device comes online it may take 20-30 seconds for it to get an IP address. In some situations, this is unacceptable. This applies to any combination of bridged ports:
- Multiple ethernet ports
- An Ethernet port and a Wi-Fi port (e.g. Purple)
- Or bridged VLANs, even if there is no LAN on that bridge
This may not be the sign of either bad hardware or bad cables. Instead, it may be a function of the Spanning Tree Protocol (STP).
What is STP?
STP is a link management protocol (802.1D) designed to support redundant links that stops switching loops in the STP network. It is a Layer 2 protocol that runs on bridges and switches. It is meant to ensure that if you improperly connect say ethernet from one port to another it doesn't take down your network. STP also is used when redundant connections are made intentionally. It manages those so problems do not occur and the network runs properly.
STP introduces a delay when devices are connected to understand how they fit into the existing network and look for signs that a connection may be a loop, and then manage that correctly.
Since we introduced Gold, and if you have two or more ports bridged (same network), STP will default-on. This is to protect your network from a switching loop.
Solutions
- Use a switch between firewalla and devices. If Firewalla is connected to a switch, as shown above, this is not an issue because the connection from Firewalla to the switch is constant. Similarly, the desktop in the example is always connected and is not an issue. However, a device that connects and disconnects physically or because of power saving mode may cause an issue.
- If you want to connect a device directly to Firewalla, put it on a separate LAN or VLAN, not part of a bridge.
- Only connect devices that stay on directly to your firewalla.
Long Term
In the 1.976 + App Release 1.54 release, we added the option to bridged ports to disable STP. STP continues to default to ON, but if you must connect a device directly to your firewalla, you can disable STP which will allow that port to function properly even if a device goes on and offline. The solutions above will of course, still work as well.
To disable STP, go to Network Manager page, click 'Edit', tap your LAN network, scroll down and disable 'Spanning Tree Protocol'.
Comments
0 comments
Please sign in to leave a comment.