Enabling Spanning Tree Protocol on AOS-S Switches

This is a beta feature and not recommended for a production environment.

The Spanning Tree Protocol (STP Spanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks.) eliminates Layer 2 loops in networks, by selectively blocking some ports and allowing other ports to forward traffic, based on global (bridge) and local (port) parameters you can configure.

STP is always disabled by default on AOS-S switches. To configure STP for switches provisioned in the UI groups:

  1. In the Aruba Central app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group containing at least one switch.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-S or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.

        A list of switches is displayed in the List view.

      3. Click a switch under Device Name.

        The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The tabs to configure the switch is displayed.

  2. Click InterfaceSpanning Tree. The Spanning Tree page is displayed.
  3. Enable MSTP Multiple Spanning Tree Protocol. MSTP configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each spanning tree. if you want to avoid bridge loops between network nodes and to maintain a single active path between the network nodes. MSTP will be enabled for all VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. assigned to switch ports. If you have a trunk group configured for the switches in the group, MSTP is enabled at the trunk level.
  4. Set the priority of the UI group.
  5. To configure MSTP parameters for ports, select the port row(s) in Port Settings, click Edit.
  6. To configure MSTP parameters for trunks, select the trunk group row(s) in Trunk Group Settings, click Edit.
  7. Configure the following MSTP parameters for ports or trunks of individual switches:

    Table 1: Viewing or Configuring Port and Trunk Settings





    A number used to identify the root bridge in an STP instance. The switch with the lowest value has the highest priority and is the root bridge. A higher numerical value means a lower priority; thus, the highest priority is 0.


    When the switches in a network select their root bridge, two parameters are considered, the STP priority and the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the switch. All AOS-S switches have a default STP priority of 8. So the switch with the lowest MAC automatically gets selected as a root bridge. This is not a recommended process as it randomizes the selection of the root bridge.

    0 – 8

    Default: 8

    BPDU Protection

    A security feature used to protect the active STP topology by preventing spoofed BPDU Bridge Protocol Data Unit. A BPDU is a data message transmitted across a local area network to detect loops in network topologies. packets from entering the STP domain. In a typical implementation, BPDU protection is applied to the edge ports and access ports connected to end-user devices that do not run STP. If STP BPDU packets are received on a protected port, the port is disabled and the network manager is alerted via SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  traps.

    Enable or Disable

    Default: Disable

    BPDU Filter

    Enables control of STP participation for each port. The feature can be used to exclude specific ports from becoming part of STP operations. A port with the BPDU filter enabled ignores incoming BPDU packets and stays locked in the STP forwarding state. All other ports maintain their role.

    Recommended ports for BPDU filter: Ports or trunks connected to client devices.

    Enable or Disable

    Default: Disable


    When set, the port directly goes into forwarding state.

    This configuration is not recommended for ports which connect to infrastructure devices. A BPDU guard also assists when a port inadvertently goes into a forwarding state.

    Enable or Disable

    Default: Disable

    Root Guard

    Sets the port to ignore superior BPDUs to prevent the switch from becoming the Root Port.

    Enable or Disable

    Default: Disable

    Trunk Group

    Sets the trunk group to which the port is assigned.

    Enable or Disable

    Default: Disable