edge port using safeguard

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
on my XOS switch i want to make ports 1 & 3 as edge ports would the below command syntax do the trick?

create stpd s0 

configure stpd s0 mode dot1w

configure stpd s0 default-encapsulation dot1d

configure stpd s0 add vlan Data ports 1,3

configure stpd s0 ports link-type edge 1,3 edge-safeguard enable

enable stpd s0

Photo of shakil khan

shakil khan

  • 280 Points 250 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of PARTHIBAN CHINNAYA

PARTHIBAN CHINNAYA, Alum

  • 4,382 Points 4k badge 2x thumb
This is ok.
Photo of shakil khan

shakil khan

  • 280 Points 250 badge 2x thumb
will the above command make them edge port? and if a device switch/hub is attached to port 3 will it go into blocking state?
Photo of PARTHIBAN CHINNAYA

PARTHIBAN CHINNAYA, Alum

  • 4,382 Points 4k badge 2x thumb
you have to enable BPDU-restrict on those ports.
Photo of shakil khan

shakil khan

  • 280 Points 250 badge 2x thumb
configure stpd s0 port link-type edge 1,3 edge-safeguard enable bpdu-restrict

what happens if i put this recovery-timeout 300 command after the bpdu-restrict would it block the port and come to forwarding state after 300 secs (3mins)
Photo of PARTHIBAN CHINNAYA

PARTHIBAN CHINNAYA, Alum

  • 4,382 Points 4k badge 2x thumb
it should  disable the port and enable it again after 5 minutes.
Photo of shakil khan

shakil khan

  • 280 Points 250 badge 2x thumb
What is the default if i dont add the recover-timeout value is it 50 secs ? sorry i am asking the nitty gritty as i am only using a simulator and not real kit
Photo of Kyle Buffington

Kyle Buffington

  • 176 Points 100 badge 2x thumb
It will stay disabled until you manually enable the port if you do not type a recovery number.
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
good Morning Shakil if you are using this for the sole purpose of loop detection at the edge there is another method called ELRP. It will detect loops on the edge port and either disable the port permanently or for a specified period of time.  You can also have it ignore ports, such as uplink ports, if you have two switches next to one anther and the loop is created between them.  The ignore ports will make sure that only the edge ports are disabled and not the uplink ports.

If however you have a large STP network that these ports are part of then use STP.  ELRP is a great option as you do not have to setup domain like in STP.

Hope that helps to provide some options.  Please let us know if there are any other questions

P
Photo of McKitrick, Mark

McKitrick, Mark, Employee

  • 170 Points 100 badge 2x thumb
Good morning Shakil,

What you configured will only protect those ports for the Data VLAN.  What if you have a VoIP scenario with a phone and a data connection off the same edge port?  obviously add the VoIP vlan.  I install Extreme gear at many customer sites for Extreme, and I build spanning tree into my base configuration before I even know the vlan scheme.  I create a vlan specifically for spanning tree.  Hint,  add the STP configuration last or at least after having assigned the port to an untagged vlan's egress list.

I do this for the edge port protection of course, but also to future ready the infrastructure for all the intelligence features that come from administrating an Extreme infrastructure such as Netlogin with NAC for 802.1x and MAC authentication.   You need STP to use Netlogin.

Do not apply the below on uplink ports.

So as discussed already there are multiple ways to get this done, but here is the command script that I use. 

create vlan "Pearlman"

configure vlan Pearlman tag 4090

configure vlan Pearlman add ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 tagged 

 

configure mstp region Pearlman

configure stpd s0 delete vlan default ports all

disable stpd s0 auto-bind vlan default

configure stpd s0 mode mstp cist

create stpd Pearlman_stm

configure stpd Pearlman_stm mode mstp msti 1

configure stpd Pearlman_stm add vlan Pearlman ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 dot1d

configure stpd s0 ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48  recovery-timeout 60

configure stpd s0 ports bpdu-restrict enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60

enable stpd s0 ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 

configure stpd Pearlman_stm ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60