Problem to configure STP BPDUGuard and LLDP on X460-g2

  • 1
  • 2
  • Problem
  • Updated 10 months ago
  • Not a Problem
Hi all,
we are using a lot of C5-, G3 and K10 Serie switches as edge devices and have configured them with following restrictions:
- all edge ports must use MAC- and 802.1X- authentication
- all edge ports has to disable the port if BPDU's will received (spanguard enabled, timeout 0 and port configured as adminedge)
- without authentication it's not allow that the port send out traffic (no vlan egress)

Now he want to replace some C5 to X460-G2 and I have some problems to configure LLDP or STP settings.
I'm new to EXOS and I would be happy if someone could help.

Here an example what I try to do:

X460G2-48p-10G4.5 # sh port 3 vlan
         Untagged
Port     /Tagged   VLAN Name(s)
-------- --------  ------------------------------------------------------------
3        None      None
* X460G2-48p-10G4.6 # configure stpd s0 ports link-type edge 3 edge-safeguard enable bpdu-restrict recovery-timeout 600
Error: Port 3 is not a member of STP domain s0
Error: Command aborted due to input errors, no changes made
* X460G2-48p-10G4.137.7 #
* X460G2-48p-10G4.137.7 #
* X460G2-48p-10G4.137.7 # conf lldp port 3 advertise vendor-specific med policy application voice vlan VoIP-VLAN dscp 46
ERROR: The following ports "3" are not part of VLAN "VoIP-VLAN".
* X460G2-48p-10G4.137.8 #

Does anybody have an idea how to handle this?

I have enabled stp auto-bind for every vlan.

If I add all ports to the Default-VLAN I can configure STP but for LLDP I have to add all ports to tagged VoIP-VLAN.
But with this connfiguration I will break out company rules.

Does anybody out there who can help?

Best regards,
Axel
Photo of ar

ar

  • 558 Points 500 badge 2x thumb

Posted 10 months ago

  • 1
  • 2
Photo of Dave Hammers

Dave Hammers, Dir SW Engineering

  • 3,502 Points 3k badge 2x thumb
Have you tried ezSpanningTree. https://github.com/extremenetworks/EXOS_Apps/tree/master/EZ_SpanningTree

Depending on the EXOS release, it may already be included on your X460-G2
Photo of ar

ar

  • 558 Points 500 badge 2x thumb
Hi Dave,
thanks for your great help.
The ezspantree is working fine and it's not necessary that I have to configure a port to a VLAN.

Will this work if I would change the stp mode from mstp to rstp, too (all our systems are running rstp and we don't want to use mstp)?

And is there a script like this one available for LLDP, too?
I've got some informations to use a UPM script for LLDP if I use MAC- and 802.1X. But this is not so well, because if I add a non-phone to the port (or make a loop) the UPM script will run and add the VoIP-VLAN tagged to the port although it is not necessary.
Best regards,
Axel
Photo of Dave Hammers

Dave Hammers, Dir SW Engineering

  • 3,502 Points 3k badge 2x thumb
ezspantree only works with mstp on the EXOS s0. 
One of our SEs developed something for LLDP that you might find interesting. I'll make sure he is aware of this post.