edge port using safeguard


on my XOS switch i want to make ports 1 & 3 as edge ports would the below command syntax do the trick?

create stpd s0 configure stpd s0 mode dot1w

configure stpd s0 default-encapsulation dot1d

configure stpd s0 add vlan Data ports 1,3

configure stpd s0 ports link-type edge 1,3 edge-safeguard enable

enable stpd s0

9 replies

Userlevel 4
This is ok.
will the above command make them edge port? and if a device switch/hub is attached to port 3 will it go into blocking state?
Userlevel 4
you have to enable BPDU-restrict on those ports.
configure stpd s0 port link-type edge 1,3 edge-safeguard enable bpdu-restrict

what happens if i put this recovery-timeout 300 command after the bpdu-restrict would it block the port and come to forwarding state after 300 secs (3mins)
Userlevel 4
it should disable the port and enable it again after 5 minutes.
What is the default if i dont add the recover-timeout value is it 50 secs ? sorry i am asking the nitty gritty as i am only using a simulator and not real kit
It will stay disabled until you manually enable the port if you do not type a recovery number.
Userlevel 6
good Morning Shakil if you are using this for the sole purpose of loop detection at the edge there is another method called ELRP. It will detect loops on the edge port and either disable the port permanently or for a specified period of time. You can also have it ignore ports, such as uplink ports, if you have two switches next to one anther and the loop is created between them. The ignore ports will make sure that only the edge ports are disabled and not the uplink ports.

If however you have a large STP network that these ports are part of then use STP. ELRP is a great option as you do not have to setup domain like in STP.

Hope that helps to provide some options. Please let us know if there are any other questions

P
Good morning Shakil,

What you configured will only protect those ports for the Data VLAN. What if you have a VoIP scenario with a phone and a data connection off the same edge port? obviously add the VoIP vlan. I install Extreme gear at many customer sites for Extreme, and I build spanning tree into my base configuration before I even know the vlan scheme. I create a vlan specifically for spanning tree. Hint, add the STP configuration last or at least after having assigned the port to an untagged vlan's egress list.

I do this for the edge port protection of course, but also to future ready the infrastructure for all the intelligence features that come from administrating an Extreme infrastructure such as Netlogin with NAC for 802.1x and MAC authentication. You need STP to use Netlogin.

Do not apply the below on uplink ports.

So as discussed already there are multiple ways to get this done, but here is the command script that I use.

create vlan "Pearlman" configure vlan Pearlman tag 4090

configure vlan Pearlman add ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 tagged



configure mstp region Pearlman

configure stpd s0 delete vlan default ports all

disable stpd s0 auto-bind vlan default

configure stpd s0 mode mstp cist

create stpd Pearlman_stm

configure stpd Pearlman_stm mode mstp msti 1

configure stpd Pearlman_stm add vlan Pearlman ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 dot1d

configure stpd s0 ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd s0 ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60

configure stpd s0 ports bpdu-restrict enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60

enable stpd s0 ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48

configure stpd Pearlman_stm ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60

Reply