EXOS - MSTP Configuration Oddities

  • 1
  • 2
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
 An example of an MSTP configuration:

Have just configured MSTP, and have four VLAN's Data, Voice, Spare-Data and Spare-Voice, configured as follows:

Data and Spare-Data are in MSTI s1
Voice and Spare-Voice are in MSTI s2

The core is made up of two switches and all the VLAN's are tagged between the two and only Data and Voice are tagged back to the edge.

Back at the edge, although I have all 4 Vlans configured and configured
auto-bind to their corresponding MSTI's I have only configured the up
link port 47 and 48 to be tagged for Data and Voice, as these are the only Vlans that I would be using at this edge, the others are spare or just not used on this stack.

Now the problem with this is that the MSTP digest will not match between the core and the edge, the reason for this is that Spare-Data and Spare-Voice are not showing up in the participating Vlans on the edge because they have not been associated to any port, where as on the core all Vlans have been tagged in-between each other and therefore show as participating - so the only way around this is to tag the spare Vlans to ports 47 and 48 on the edge, but not to tag back down on the same links on the core.

Now that the spare Vans are associated to ports 47 and 48 on the edge, as well as the ordinary Data and Voice Vlans, the participating Vlans now match on both the core and the edge and therefore the digest matches, therefore MSTP works!

This seems odd right, why can't you just specify in the MSTP configs, like in EOS, what Vlans you want to go with what MSTI, instead of having to do it by including a port - as you end up with this ridiculous scenario of having to tag every single Vlan to your uplinks to get the digest to match - unless I'm doing it wrong of course?

The other odd behaviour is that I can not specify a port as an edge port, without first assigning a port to a Vlan first. The reason you might want to do this is because you already know exactly what ports are edge ports and what ports are point-to-point, but you have yet to configure a Vlan on that port (new build). So if a user then assigns a Vlan to a port, that port isn't protected by already being defined as and edge port with edge-safegaurd and BPDU-restrict.

No matter what you do, say using link type auto, or manually set link-type your stuck. Your even stuck if you pre-configure the port with a Vlan of Data, because if you later change it to voice you have to re-enter the link-type and edge-safeguard and BPDU-Restrict because its in a different MSTI.

Any advise would be grateful.

Thanks in advance.
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb

Posted 2 years ago

  • 1
  • 2
Photo of Derek Bird

Derek Bird, Employee

  • 576 Points 500 badge 2x thumb
Martin:

Great question.

First off, I think you're saying that you have no active ports in either VLAN Spare-Data or Spare-Voice.  Is my understanding correct?
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb

Hi Derek,

Thanks for replying.

That is correct in respect the edge. The core's have all the Vlans added between them - hence why there would be a digest mismatch.

So this example is the least scaled down version of a real world scenario where all the Vlan's are created everywhere, but you don't necessarily want to span your vlans everywhere. Typically you can just add the Vlan ID to the MSTI instance to get the digest to match, but in EXOS you can only do this by adding a Vlan to a port in order to have it participating.

So in the case of the core's all Vlans are participating because they are tagged between them but on the edge only data and voice are spanned, not spare-data and spare-voice, therefore the MSTP digest will not match - so you end up having to include spare-data and spare-voice to the uplink ports on the edge to make the Vlans participating and match the cores.

With regards to the other question in configuring edge ports, I got around this by creating a Vlan called blackhole and putting all the puts into that. So on a new build where you might not know what Vlan's are to be configured on each port yet, adding a Vlan to a port is required in order configure link type. So now I have been able to define ports as link type edge, edge-safeguard and BPDU-restrict without having to assign all the relevant Vlan's to the ports beforehand. The Blackhole Vlans is configured everywhere but it does not go anywhere.

So originally I was configuring the edge ports like so:

configure stpd s0 ports link-type edge 1:1-47 edge-safeguard enable bpdu-restrict
configure stpd s1 ports link-type edge 1:1-47 edge-safeguard
configure stpd s2 ports link-type edge 1:1-47 edge-safeguard
configure stpd s0 ports link-type edge 2:1-47 edge-safeguard enable bpdu-restrict
configure stpd s1 ports link-type edge 2:1-47 edge-safeguard
configure stpd s2 ports link-type edge 2:1-47 edge-safeguard
configure stpd s0 ports link-type edge 3:1-48 edge-safeguard enable bpdu-restrict
configure stpd s1 ports link-type edge 3:1-48 edge-safeguard
configure stpd s2 ports link-type edge 3:1-48 edge-safeguard

But you actually only need to configure the ports in s0 and the edge safeguard is then inherited to all the MSTI's:

configure stpd s0 ports link-type edge 1:1-47 edge-safeguard enable bpdu-restrict
configure stpd s0 ports link-type edge 2:1-47 edge-safeguard enable bpdu-restrict
configure stpd s0 ports link-type edge 3:1-48 edge-safeguard enable bpdu-restrict

Which makes things a little simpler.