how to filter bpdu frames

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Jul 6 2012 4:24AM

Hi,

I'm desperately trying to make xos switches drop bpdu. I'm not using STP , but I have have some old no-extreme switches that keep broadcast bpdu. Since my network is huge, I need that XOS switches drop those bpdus.

I've managed to do that on cisco and almost any other switch with cisco-like CLI

Is there someway to do that on XOS?

(from Stefano_Ferrari)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jul 6 2012 9:02AM

Hi,

following concept guide:

-----
Dynamic ACL for STP

create access-list bpdu1 "ethernet-destination-address 01:80:C2:00:00:00;" "deny; count bpdu1"
conf access-list add "bpdu1" first ports 6 ingress

To configure a dynamic ACL for blocking PVST frames on port 6, use the following:

create access-list bpdu2 "ethernet-destination-address 01:00:0c:cc:cc:cd;" "deny; count bpdu2"
conf access-list add "bpdu2" first ports 6 ingress

----------

--
Jarek
(from Jaroslaw_Kasjaniuk)
Photo of Suleima

Suleima

  • 70 Points
Is this a valid answer? Please confirm.Thanks.
Photo of Ron Huygens

Ron Huygens, Employee

  • 3,210 Points 3k badge 2x thumb
Hi Suleima,

Yes, this is a valid answer. In fact it is copied out of our concepts guide.

Thanks,

Ron
Photo of Suleima

Suleima

  • 70 Points
Hi Ron,

Actually am very new to Extreme..

For Vlan7 -  ZU1 and port 4, Need to config bdpu filter enable ( Like Cisco). The STP functionality is not required (listening, learning, disabled). Would you please comment how to proceed on that and what would be the command?

Thanks!
Suleima


Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
By default, switch will drop the BPDU packet if STP is not configured on the switch and switch will generate the EMS log messages  with "STP.InBPDU.Drop". However, you can configure the above dynamic ACL to block the BPDU traffic coming on port. Refer the ACL chapter from EXOS concept guide for sample configuration.

This conversation is no longer open for comments or replies.