Header Only - DO NOT REMOVE - Extreme Networks
Question

Problem to configure STP BPDUGuard and LLDP on X460-g2


Userlevel 1
Hi all,
we are using a lot of C5-, G3 and K10 Serie switches as edge devices and have configured them with following restrictions:
- all edge ports must use MAC- and 802.1X- authentication
- all edge ports has to disable the port if BPDU's will received (spanguard enabled, timeout 0 and port configured as adminedge)
- without authentication it's not allow that the port send out traffic (no vlan egress)

Now he want to replace some C5 to X460-G2 and I have some problems to configure LLDP or STP settings.
I'm new to EXOS and I would be happy if someone could help.

Here an example what I try to do:

X460G2-48p-10G4.5 # sh port 3 vlan
Untagged
Port /Tagged VLAN Name(s)
-------- -------- ------------------------------------------------------------
3 None None
* X460G2-48p-10G4.6 # configure stpd s0 ports link-type edge 3 edge-safeguard enable bpdu-restrict recovery-timeout 600
Error: Port 3 is not a member of STP domain s0
Error: Command aborted due to input errors, no changes made
* X460G2-48p-10G4.137.7 #
* X460G2-48p-10G4.137.7 #
* X460G2-48p-10G4.137.7 # conf lldp port 3 advertise vendor-specific med policy application voice vlan VoIP-VLAN dscp 46
ERROR: The following ports "3" are not part of VLAN "VoIP-VLAN".
* X460G2-48p-10G4.137.8 #

Does anybody have an idea how to handle this?

I have enabled stp auto-bind for every vlan.

If I add all ports to the Default-VLAN I can configure STP but for LLDP I have to add all ports to tagged VoIP-VLAN.
But with this connfiguration I will break out company rules.

Does anybody out there who can help?

Best regards,
Axel

3 replies

Userlevel 5
Have you tried ezSpanningTree. https://github.com/extremenetworks/EXOS_Apps/tree/master/EZ_SpanningTree

Depending on the EXOS release, it may already be included on your X460-G2
Userlevel 1
Hi Dave,
thanks for your great help.
The ezspantree is working fine and it's not necessary that I have to configure a port to a VLAN.

Will this work if I would change the stp mode from mstp to rstp, too (all our systems are running rstp and we don't want to use mstp)?

And is there a script like this one available for LLDP, too?
I've got some informations to use a UPM script for LLDP if I use MAC- and 802.1X. But this is not so well, because if I add a non-phone to the port (or make a loop) the UPM script will run and add the VoIP-VLAN tagged to the port although it is not necessary.
Best regards,
Axel
Userlevel 5
ezspantree only works with mstp on the EXOS s0.
One of our SEs developed something for LLDP that you might find interesting. I'll make sure he is aware of this post.

Reply