Spanning Tree Auto Link-type

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Doesn't Need an Answer

Have a question about auto provisioning a spanning tree link type.

All the Vlans have been configured for the switch and each added to ports accordingly. In this example there are multiple Vlans and each Vlan has its own STP domain. An example of part of the config is given below:

configure stpd STP-Data mode dot1w
enable stpd STP-Data rapid-root-failover
configure stpd STP-Data default-encapsulation dot1d
enable stpd STP-Data auto-bind vlan Data

Here auto-bind is configured on the STP-Data domain to the Vlan of Data.

I now want to set edge ports with edge-safeguard and bpdu-restrict, and uplinks as point-to-point.

Now if I enter the following command, with port 48 being the uplink and rest edge ports :

configure stpd STP-Data ports link-type edge 1-47 edge-safeguard enable bpdu-restrict

It wont take the command unless the port is already configured for the STP-Data domain / Vlan, you will get error something like the following:

Error: Port 1 is not a member of STP domain STP-Data
Error: Port 2 is not a member of STP domain STP-Data
Error: Command aborted due to input errors, no changes made

So in theory you would have to find what each port is in and then write the command to only include ports in that vlan.

Another option is that you could enter the following command:

configure stpd STP-Data ports link-type auto 1-48

But you end up with the same problem.

My concern is that doing port vlan configuration changes and each time having to marry this up with a separate stp link type can end up getting tedious and possibly out of sync.

So my question is if there a better way to do this, perhaps you have to do the configuration in a certain order to take advantage the link-type auto command or I'm simply doing it wrong?

Be grateful for any feedback.

Many thanks in advance

Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Martin,

In my understanding, when you have enabled the auto-bind for the VLAN data under an STP domain, STP is going to protect only this VLAN. So, if you are enabling edge-safeguard configuration globally for a port, we need to ensure that the port is a part of a VLAN which is protected by STP.

Looking at the outputs above, it seems like the ports 1 and 2 are not part of the data-vlan and hence the error.
If we have multiple VLANs protected under the STP domain, the port has to be a part of atleast one of these  VLANs before you can enable edge-safeguard configuration.

Lab configuration:

create stpd STP-DATA
configure stpd STP-DATA mode dot1w
enable stpd STP-DATA rapid-root-failover
configure stpd STP-DATA default-encapsulation dot1d
enable stpd STP-DATA auto-bind vlan Data
enable stpd STP-DATA auto-bind vlan data2
configure stpd STP-DATA ports mode dot1d 1:2
configure stpd STP-DATA ports port-priority 128 1:2
configure stpd STP-DATA ports edge-safeguard enable 1:2
enable stpd STP-DATA ports 1:2
configure stpd STP-DATA ports mode dot1d 1:3
configure stpd STP-DATA ports port-priority 128 1:3
configure stpd STP-DATA ports edge-safeguard enable 1:3
enable stpd STP-DATA ports 1:3

1:3 untagged in vlan data
1:2 untagged in vlan data2.

So, this looks like how it should behave and I think you are doing it right except that while executing the command, we need to ensure that the ports are part of the VLAN protected by this STP domain.
Is there a specific reason why you are looking to enable edge safeguard on a port which is not a part of VLAN protected by the corresponding STP domain?

Hope this helps!
Photo of Martin Flammia

Martin Flammia

  • 5,744 Points 5k badge 2x thumb
Hi Preshath,

Thanks for posting.

The problem in this particular case is that because there is an STP domain for each vlan and the ports are all each in there own vlans and therefore protected by other domains, this is where the problem arises.

It would be useful if the command would not simply terminate but excute for each of the ports that where in the corresponding domain and step over the others..

That way I wouldn't need to find out what's in what vlan first then write the command to suite. It would also be useful if it did it in an automated manner, as letting loose the configuration to someone who could not quite be familiar with STP but change port vlan regularly, the config could get out of sync.

Hence trying to find a better solution.

Many thanks.
Photo of Merab Katibashvili

Merab Katibashvili

  • 112 Points 100 badge 2x thumb
i make everything then i add vlan give me error

Error: Cannot add VLAN Default port 2 to STP domain s0

whats reason and give me advice ?