Header Only - DO NOT REMOVE - Extreme Networks

MSTP and bpdu-restrict - CIST vs MSTI


Enabling edge-safeguard on CIST is propagated to MSTIs as per documentation, what about bpdu-restrict?
Bpdu-restrict first must be enabled on the CIST, without that MSTIs don't want to enable it that for sure.
But what is the behavior when a BPDU arrives on an edge port that is in a VLAN (MSTI instance) and bpdu-restrict is enabled only on the CIST?

Basically this:

configure vlan V99 add ports 1
configure stpd s0 mode mstp cist
create stpd s1
configure stpd s1 mode mstp msti 1
enable stpd s1 auto-bind vlan V99
configure stpd s0 ports mode dot1d 1
configure stpd s0 ports cost auto 1
configure stpd s0 ports port-priority 128 1
configure stpd s0 ports link-type edge 1
configure stpd s0 ports edge-safeguard enable 1 recovery-timeout 300
configure stpd s0 ports bpdu-restrict enable 1 recovery-timeout 300
enable stpd s0 ports 1
configure stpd s1 ports mode dot1d 1
configure stpd s1 ports cost auto 1
configure stpd s1 ports port-priority 128 1
configure stpd s1 ports link-type edge 1
configure stpd s1 ports edge-safeguard enable 1
enable stpd s1 ports 1

# show s1 port 1
Port Mode State Cost Flags Priority Port ID Designated Bridge
1 802.1D DISABLED 200000 e?ee-w-SB- 128 8001 00:00:00:00:00:00:00:00

Total Ports: 1
...
zgsw169.9 # show s0 port 1
Port Mode State Cost Flags Priority Port ID Designated Bridge
1 802.1D DISABLED 200000 e?ee-w-GB- 128 8001 00:00:00:00:00:00:00:00

Total Ports: 1
...


Does the port get disabled or not?
I mean, the port IS afterall in CIST with bpdu-restrict active...

Thanks.

6 replies

Userlevel 7
Replying to bump this back to the top of the list 🙂
Userlevel 6
Hi Vobelic,

I did a test in the LAB.

Here is the config which i have in LAB

configure mstp region 0004968fb060
configure stpd s0 mode mstp cist
create stpd s1
configure stpd s1 mode mstp msti 1
configure stpd s1 add vlan v99 ports 5 dot1d
configure stpd s0 ports mode dot1d 5
configure stpd s0 ports cost auto 5
configure stpd s0 ports port-priority 128 5
configure stpd s0 ports link-type edge 5
configure stpd s0 ports edge-safeguard enable 5
configure stpd s0 ports bpdu-restrict enable 5
enable stpd s0 ports 5
configure stpd s1 ports mode dot1d 5
configure stpd s1 ports cost auto 5
configure stpd s1 ports port-priority 128 5
configure stpd s1 ports link-type edge 5
configure stpd s1 ports edge-safeguard enable 5
enable stpd s1 ports 5

I have enabled the BPDU restrict only the STP S0 which is the CIST and here are the logs once i enabled the same.

11/11/2015 01:18:30.08 [i] Port 5 link down
11/11/2015 01:18:30.04 [i] Toggling AdminState on Port 5
11/11/2015 01:18:30.04 BPDU Restrict Port (5) has received a bpdu and will be shutdown.

* B3:U16.58 # show stpd "s0" ports
Port Mode State Cost Flags Priority Port ID Designated Bridge
1 802.1D FORWARDING 20000 eRppam--B- 128 8001 80:00:00:04:96:82:5a:28
3 802.1D FORWARDING 20000 eDpp-m--B- 128 8003 80:00:00:04:96:8f:b0:60
5 802.1D DISABLED 20000 e?ee-m-GB- 128 8005 00:00:00:00:00:00:00:00

* B3:U16.59 # show stpd "s1" ports
Port Mode State Cost Flags Priority Port ID Designated Bridge
1 802.1D FORWARDING 20000 eMppam--B- 128 8001 80:00:00:04:96:8f:b0:60
3 802.1D FORWARDING 20000 eDpppm--B- 128 8003 80:00:00:04:96:8f:b0:60
5 802.1D DISABLED 20000 e?ee-m-SB- 128 8005 00:00:00:00:00:00:00:00

I hope this is what the answer you are looking for...
Thanks!

That indeed answers my question.

Now the only thing that could be even more helpful would be an update in the documentation or even in the code - there's really no need for S flag in MSTI instances when there's already a G flag in CIST is there?
One could simply state that both the bpdu-restrict as well as edge-safeguard are propagated from CIST to MSTI instances.
Userlevel 6
Hi Vobelic,

BPDU Restrict on Edge Safeguard
BPDU restrict causes a port on which this feature is configured to be disabled as soon as an STP BPDU is received on that port.

If we take the actual working scenario the CIST is configured with BPDU Restrict disable's the port physically up on receiving the STP BPDU.

So it does not propagate the BPDU-restrict function to the MIST rather it disables the port physically.
I simply meant that it's misleading to be able to specifically enable bpdu-restrict per MSTI even when it's already enabled in CIST.
I think that the "G" flag should be shown in MSTI port info rather than "S" as soon as bpdu-restrict is enabled in CIST. It may be just a matter of being consistent 🙂
Userlevel 6
Hi Vobelic,

In which version of the user/concepts guide ?
Could you please point me to the documentation the exact line and the page number?

once shared i can get in touch with the internal team and get back to you.

Reply