EXOS using MSTP, port Vlan change breaking spanning tree!

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Doesn't Need an Answer
  • (Edited)

Edited with more detail.................

In EXOS using MSTP there is no means of directly mapping a
Vlan directly to an MSTI or configuring a port as edge or point-to-point, until
you associate a Vlan to port – which causes a few problems:

1st Problem

This materialises when you have two core switches and you have all the Vlans added to the ports that link them together – the core then shows each Vlan participating. On the edge you only add Vlans to the Uplink ports that you want to use, so the participating Vlans only include them. The fact will be the MSTP digest will NOT match, and therefore MSTP will not work properly. This is because although you have correctly configured MSTP and Vlan’s to match on both the core and edge, with auto-bind configured as to what Vlan belongs to what MSTI, the Vlan’s not added to the uplink ports (because you are not using those Vlans on that edge switch) doesn’t get added as participating, which the digest is calculated from.  

So in essence a Vlan does not get mapped to a MSTI UNTIL you add it to a port! As far as I know there is no way around this, so to get around it I have added all the Vlans to the uplinks on the edge, but on the core I only add those that I need.

2nd Problem

You cannot configure a port as an edge port UNTIL you have added a Vlan to the port. This will become apparent in problem 3. This is a problem, as an example at pre-stage is that you might not know what Vlan you are going to add to the port but want to protect anyway be configuring it as an edge port. The other example is that you might later change the Vlan of a port and therefore have to reconfigure the edge protection again as per problem 3.

3nd Problem (What this thread is questioning)

So with the 1st and 2nd problem in mind, when changing the Vlan of a port that is subsequently associated to another MSTI (STP domain), you have to reconfigured the port to tell it to use that domain. If you don't the port is not set as an edge port and any port state change (like PC turned on or off) triggers a TCN and subsequent topology change!

So the process is you already have a Vlan (‘Sales) associated to a port (2:47) and the ‘Sales’ Vlan has been auto-bind to STP domain of S1. You have already configured MSTP appropriately and also auto bind every other Vlan to either S1 or S2.

Now that port 2:47 is configured for Vlan ‘Sales’ untagged. You now want to configure that port as an edge port and issue the following command:

configure stpd s0 ports link-type edge 2:47 edge-safeguard enable bpdu-restrict

Which in effect does the following (in part) due to the configuration being inherited to the other MSTI’s:

configure stpd s0 ports mode dot1d 2:47
configure stpd s0 ports cost auto 2:47
configure stpd s0 ports port-priority 128 2:47
configure stpd s0 ports link-type edge 2:47
configure stpd s0 ports edge-safeguard enable 2:47
configure stpd s0 ports bpdu-restrict enable 2:47
configure stpd s0 ports restricted-role disable 2:47
configure stpd s0 ports active-role disable 2:47
configure stpd s0 ports loop-protect off 2:47
configure stpd s0 ports loop-protect partner incapable 2:47
configure stpd s0 ports auto-edge on 2:47
configure stpd s0 ports restricted-tcn off 2:47
enable stpd s0 ports 2:47
configure stpd s1 ports mode dot1d 2:47
configure stpd s1 ports cost auto 2:47
configure stpd s1 ports port-priority 128 2:47
configure stpd s1 ports link-type edge 2:47
configure stpd s1 ports edge-safeguard enable 2:47
configure stpd s1 ports restricted-role disable 2:47
configure stpd s1 ports active-role disable 2:47
configure stpd s1 ports loop-protect off 2:47
configure stpd s1 ports loop-protect partner incapable 2:47
configure stpd s1 ports auto-edge on2:47
configure stpd s1 ports restricted-tcnoff 2:47
enable stpd s1 ports 2:47

Now the problem occurs when you change the Vlan on port 2:47 to say ‘Technical’ and that is auto-bind to s2. When you change the Vlan to that port there is now no configuration for s2, so you have to reissue the command below again:

configure stpd s0 ports mode dot1d 2:47
configure stpd s0 ports cost auto 2:47
configure stpd s0 ports port-priority 128 2:47
configure stpd s0 ports link-type edge 2:47
configure stpd s0 ports edge-safeguard enable 2:47
configure stpd s0 ports bpdu-restrict enable 2:47
configure stpd s0 ports restricted-role disable 2:47
configure stpd s0 ports active-role disable 2:47
configure stpd s0 ports loop-protect off 2:47
configure stpd s0 ports loop-protect partner incapable 2:47
configure stpd s0 ports auto-edge on 2:47
configure stpd s0 ports restricted-tcn off 2:47
enable stpd s0 ports 2:47
configure stpd s2 ports mode dot1d 2:47
configure stpd s2 ports cost auto 2:47
configure stpd s2 ports port-priority 128 2:47
configure stpd s2 ports link-type edge 2:47
configure stpd s2 ports edge-safeguard enable 2:47
configure stpd s2 ports restricted-role disable 2:47
configure stpd s2 ports active-role disable 2:47
configure stpd s2 ports loop-protect off2:47
configure stpd s2 ports loop-protect partner incapable 2:47
configure stpd s2 ports auto-edge on 2:47
configure stpd s2 ports restricted-tcn off 2:47
enable stpd s1 ports 2:47

So, is there anyway around this – like there is the auto-bind command to automatically bind a Vlan to an STP domain.

To give an example, this is how the config for port 13 is now with the Vlan Data_102 belonging to S2:

Edge1.1 # show config | include 13
configure vlan Data_102 add ports 13-24 untagged
configure vlan Voice_502 add ports 1-2,13-24 tagged
configure stpd s0 ports port-priority 128 13
configure stpd s0 ports link-type edge 13
configure stpd s0 ports edge-safeguard enable 13
enable stpd s0 ports 13
configure stpd s2 ports mode dot1d 13
configure stpd s2 ports port-priority 128 13
configure stpd s2 ports link-type edge 13
configure stpd s2 ports edge-safeguard enable 13
enable stpd s2 ports 13

Now I configured port 13 to belong to Vlan Data_101 that belongs to S1:

Edge1.2 # configure vlan Data_102 delete ports 13
Edge1.2 # configure vlan Data_101 add ports 13

Now when you look at the STP config you will notice that although port 13 has moved to a Vlan that belongs to S1 it still show config for S2:

Edge1.4 # show config | include 13
disable port 13
configure vlan Voice_502 add ports 1-2,13-24 tagged
configure stpd s0 ports port-priority 128 13
configure stpd s0 ports link-type edge 13
configure stpd s0 ports edge-safeguard enable 13
enable stpd s0 ports 13
configure stpd s2 ports mode dot1d 13
configure stpd s2 ports port-priority 128 13
configure stpd s2 ports link-type edge 13
configure stpd s2 ports edge-safeguard enable 13
enable stpd s2 ports 13

So to get around it you have to re-run the following

Edge1.90 # configure stpd s0 ports link-type edge 13 edge-safeguard enable bpdu-restrict

Now the config is populated correctly. The Vlan Voice_502 is in S2 hence why S2 config persists for the port, but you will observe S1 config has appeared:

Edge1.91 # show config | include 13
configure vlan Data_101 add ports 3-13 untagged
configure vlan Voice_502 add ports 1-2,13-24 tagged
configure stpd s0 ports port-priority 128 13
configure stpd s0 ports link-type edge 13
configure stpd s0 ports edge-safeguard enable 13
enable stpd s0 ports 13
configure stpd s1 ports mode dot1d 13
configure stpd s1 ports port-priority 128 13
configure stpd s1 ports link-type edge 13
configure stpd s1 ports edge-safeguard enable 13
enable stpd s1 ports 13
configure stpd s2 ports mode dot1d 13
configure stpd s2 ports port-priority 128 13
configure stpd s2 ports link-type edge 13
configure stpd s2 ports edge-safeguard enable 13
enable stpd s2 ports 13

If you remove the port from the Vlan the STP config disappears:

Edge1.96 # configure vlan data_101 delete ports 13
Warning: STP port (13) is lost due to port is deleted from VLAN.
Edge1.97 # show config | include 13
configure vlan Voice_502 add ports 1-2,13-24 tagged
configure stpd s0 ports port-priority 128 13
configure stpd s0 ports link-type edge 13
configure stpd s0 ports edge-safeguard enable 13
enable stpd s0 ports 13
configure stpd s2 ports mode dot1d 13
configure stpd s2 ports port-priority 128 13
configure stpd s2 ports link-type edge 13
configure stpd s2 ports edge-safeguard enable 13
enable stpd s2 ports 13

So hopefully you get the point in moving ports Vlans does not update the STP config.

Have played around with the following commands to automate the process but neither have worked:

configure stpd "s0" ports auto-edge on 13
configure stpd s0 ports link-type auto 13
Many thanks in advance.
Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ian

Ian, Employee

  • 132 Points 100 badge 2x thumb

Martin,

Hope all is well with you.

I understand you have a case open for this with Alex R (he mentioned it was being looked at by  Engineering). The invite is still open to you to come to the lab and test this out.

Hope to see you soon.

Ian...

Photo of vobelic

vobelic

  • 362 Points 250 badge 2x thumb
Hi Martin,

Have you gotten any solution for your questions?
I've got related issues, particularly your problem 1: https://community.extremenetworks.com/extreme/topics/mstp-in-a-rapidly-changing-environment?rfm=1&am...