This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EOS)
- RE: Spanguard blocked port is not shown on G3G124-...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Spanguard blocked port is not shown on G3G124-24P with FW 06.61.18.0001
Spanguard blocked port is not shown on G3G124-24P with FW 06.61.18.0001
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-25-2017 09:36 AM
Hi,
we use more than 25 G3G124-24P switches as edge devices and every system is configured with a complex configuration (MAC- and 802.1X authentication, maclock, lldp and much more) and I'm not sure if I do something wrong or if it's a bug:
Therefore I take an empty (default config) G3G124-24P with the last FW 06.61.18.0001 and configure the switch with following commands:
set spantree version rstp
set spantree adminedge ge.1.1-24 true
set spantree spanguard enable
set spantree spanguardtimeout 0
After this I connect a Laptop at some ports (ge.1.1 and ge.1.2) and I can see that the port become up and the LED is on - everythig is fine up to this.
Then I take a short cable and connect one end at ge.1.1 and the other at ge.1.2 to check if spanguard is blocked one of the port.
When I plug-in the cable the port link LED goes on and after 1 second or two it goes off.
When I remove the loop between both ports and add the laptop there only one port works and showes the "status up" and the LED is on.
But when I check the "show spantree spanguardlock" output the switch told me that no port is blocked.
show spantree spanguardlock
Port ge.1.1 is Unlocked
Port ge.1.2 is Unlocked
So it is not possible for us to find out these ports that are blocked by spanguardlock ("set spantree spanguardtimeout 0" mean, that the port will stay blocked).
I've seen this on three different edge switches (all G3G with FW 06.61.18.0001) and all our switches are configured to send a trap if spanguard become active.
Can someone confirm this and is only FW 06.61.18.0001 affected?
I'm sure that it works in the past with an older FW release but cannot remember.
we use more than 25 G3G124-24P switches as edge devices and every system is configured with a complex configuration (MAC- and 802.1X authentication, maclock, lldp and much more) and I'm not sure if I do something wrong or if it's a bug:
Therefore I take an empty (default config) G3G124-24P with the last FW 06.61.18.0001 and configure the switch with following commands:
set spantree version rstp
set spantree adminedge ge.1.1-24 true
set spantree spanguard enable
set spantree spanguardtimeout 0
After this I connect a Laptop at some ports (ge.1.1 and ge.1.2) and I can see that the port become up and the LED is on - everythig is fine up to this.
Then I take a short cable and connect one end at ge.1.1 and the other at ge.1.2 to check if spanguard is blocked one of the port.
When I plug-in the cable the port link LED goes on and after 1 second or two it goes off.
When I remove the loop between both ports and add the laptop there only one port works and showes the "status up" and the LED is on.
But when I check the "show spantree spanguardlock" output the switch told me that no port is blocked.
show spantree spanguardlock
Port ge.1.1 is Unlocked
Port ge.1.2 is Unlocked
So it is not possible for us to find out these ports that are blocked by spanguardlock ("set spantree spanguardtimeout 0" mean, that the port will stay blocked).
I've seen this on three different edge switches (all G3G with FW 06.61.18.0001) and all our switches are configured to send a trap if spanguard become active.
Can someone confirm this and is only FW 06.61.18.0001 affected?
I'm sure that it works in the past with an older FW release but cannot remember.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-13-2018 07:45 AM
Hi,
sorry for the delay.
I can give you some more details, what I have done:
Test 1 (with two G3-Switches)
a.) remove all cables and delete the whole config of both switches (clear config)
b.) configure the following commands on both:
set spantree version rstp
set spantree adminedge ge.1.1 true
set spantree adminedge ge.1.2 true
set spantree adminedge ge.1.3 true
set spantree adminedge ge.1.4 true
set spantree adminedge ge.1.5 true
set spantree adminedge ge.1.6 true
set spantree adminedge ge.1.7 true
set spantree adminedge ge.1.8 true
set spantree adminedge ge.1.9 true
set spantree adminedge ge.1.10 true
set spantree spanguard enable
set spantree spanguardtimeout 0
c.) connect port ge.1.2 of both switches together
Result:
- Spanguard disable one of both ports (that is what should happen)
Test 2 (only one G3-Switch)
a.) remove all cables and delete the whole config of the switch (clear config)
b.) configure the following commands on it:
set spantree version rstp
set spantree adminedge ge.1.1 true
set spantree adminedge ge.1.2 true
set spantree adminedge ge.1.3 true
set spantree adminedge ge.1.4 true
set spantree adminedge ge.1.5 true
set spantree adminedge ge.1.6 true
set spantree adminedge ge.1.7 true
set spantree adminedge ge.1.8 true
set spantree adminedge ge.1.9 true
set spantree adminedge ge.1.10 true
set spantree spanguard enable
set spantree spanguardtimeout 0
c.) connect port ge.1.3 with ge.1.4 with a short copper patch cable together
Result:
- the LED looks like spanguard had disabled one of both ports
- but "show spantree spangardlook ge.1.1-10" showes:
G3(su)->show spantree spanguardlock ge.1.1-10
Port ge.1.1 is Unlocked
Port ge.1.2 is Unlocked
Port ge.1.3 is Unlocked
Port ge.1.4 is Unlocked
Port ge.1.5 is Unlocked
Port ge.1.6 is Unlocked
Port ge.1.7 is Unlocked
Port ge.1.8 is Unlocked
Port ge.1.9 is Unlocked
Port ge.1.10 is Unlocked
And the interessing thing is now:
If I connect a normal Laptop to port ge.1.3 it will work:
G3(su)->show port status ge.1.3-4
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3 Up Up 1.0G full BaseT RJ45/PoE
ge.1.4 Down Up N/A N/A BaseT RJ45/PoE
G3(su)->
If I plug the cable from the laptop to port ge.1.4 it will not work.
G3(su)->show port status ge.1.3-4
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3 Down Up N/A N/A BaseT RJ45/PoE
ge.1.4 Down Up N/A N/A BaseT RJ45/PoE
G3(su)->
G3(su)->show port negotiation ge.1.4
auto-negotiation is enabled on port ge.1.4
G3(su)->show port advertise ge.1.4
ge.1.4 capability advertised remote
-------------------------------------------------
10BASE-T yes yes yes
10BASE-TFD yes yes yes
100BASE-TX yes yes yes
100BASE-TXFD yes yes yes
1000BASE-T no no no
1000BASE-TFD yes yes yes
pause yes yes no
If I disable port ge.1.4 and enable it, it will work again.
G3(su)->set port disable ge.1.4
G3(su)->set port enable ge.1.4
G3(su)->show port status ge.1.3-4
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3 Down Up N/A N/A BaseT RJ45/PoE
ge.1.4 Up Up 1.0G full BaseT RJ45/PoE
G3(su)->
BUT: How do I know what ports were connect localy at the same switch so that the port has to be disabeld/enabled again?
Is there any outher command I can use to find out, at port ge.1.4 has to disabled/enabled to get it functional again?
The logging will not show me something:
G3(su)->show logging buffer
G3(su)->
So I have to correct my question from the beginning of this discussion:
Why ist the port ge.1.4 not accessible for the Laptop after someone has connect a loop cable between two ports of the same switch?
Or why is spanguard not disable port ge.1.4?
I thought, that all ports (ge.1.3 and ge.1.4) of the same switch will send out BPDU's and that receiving BPDU's should trigger spanguard, isn't it so?
Best regards,
Axel
sorry for the delay.
I can give you some more details, what I have done:
Test 1 (with two G3-Switches)
a.) remove all cables and delete the whole config of both switches (clear config)
b.) configure the following commands on both:
set spantree version rstp
set spantree adminedge ge.1.1 true
set spantree adminedge ge.1.2 true
set spantree adminedge ge.1.3 true
set spantree adminedge ge.1.4 true
set spantree adminedge ge.1.5 true
set spantree adminedge ge.1.6 true
set spantree adminedge ge.1.7 true
set spantree adminedge ge.1.8 true
set spantree adminedge ge.1.9 true
set spantree adminedge ge.1.10 true
set spantree spanguard enable
set spantree spanguardtimeout 0
c.) connect port ge.1.2 of both switches together
Result:
- Spanguard disable one of both ports (that is what should happen)
Test 2 (only one G3-Switch)
a.) remove all cables and delete the whole config of the switch (clear config)
b.) configure the following commands on it:
set spantree version rstp
set spantree adminedge ge.1.1 true
set spantree adminedge ge.1.2 true
set spantree adminedge ge.1.3 true
set spantree adminedge ge.1.4 true
set spantree adminedge ge.1.5 true
set spantree adminedge ge.1.6 true
set spantree adminedge ge.1.7 true
set spantree adminedge ge.1.8 true
set spantree adminedge ge.1.9 true
set spantree adminedge ge.1.10 true
set spantree spanguard enable
set spantree spanguardtimeout 0
c.) connect port ge.1.3 with ge.1.4 with a short copper patch cable together
Result:
- the LED looks like spanguard had disabled one of both ports
- but "show spantree spangardlook ge.1.1-10" showes:
G3(su)->show spantree spanguardlock ge.1.1-10
Port ge.1.1 is Unlocked
Port ge.1.2 is Unlocked
Port ge.1.3 is Unlocked
Port ge.1.4 is Unlocked
Port ge.1.5 is Unlocked
Port ge.1.6 is Unlocked
Port ge.1.7 is Unlocked
Port ge.1.8 is Unlocked
Port ge.1.9 is Unlocked
Port ge.1.10 is Unlocked
And the interessing thing is now:
If I connect a normal Laptop to port ge.1.3 it will work:
G3(su)->show port status ge.1.3-4
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3 Up Up 1.0G full BaseT RJ45/PoE
ge.1.4 Down Up N/A N/A BaseT RJ45/PoE
G3(su)->
If I plug the cable from the laptop to port ge.1.4 it will not work.
G3(su)->show port status ge.1.3-4
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3 Down Up N/A N/A BaseT RJ45/PoE
ge.1.4 Down Up N/A N/A BaseT RJ45/PoE
G3(su)->
G3(su)->show port negotiation ge.1.4
auto-negotiation is enabled on port ge.1.4
G3(su)->show port advertise ge.1.4
ge.1.4 capability advertised remote
-------------------------------------------------
10BASE-T yes yes yes
10BASE-TFD yes yes yes
100BASE-TX yes yes yes
100BASE-TXFD yes yes yes
1000BASE-T no no no
1000BASE-TFD yes yes yes
pause yes yes no
If I disable port ge.1.4 and enable it, it will work again.
G3(su)->set port disable ge.1.4
G3(su)->set port enable ge.1.4
G3(su)->show port status ge.1.3-4
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.3 Down Up N/A N/A BaseT RJ45/PoE
ge.1.4 Up Up 1.0G full BaseT RJ45/PoE
G3(su)->
BUT: How do I know what ports were connect localy at the same switch so that the port has to be disabeld/enabled again?
Is there any outher command I can use to find out, at port ge.1.4 has to disabled/enabled to get it functional again?
The logging will not show me something:
G3(su)->show logging buffer
G3(su)->
So I have to correct my question from the beginning of this discussion:
Why ist the port ge.1.4 not accessible for the Laptop after someone has connect a loop cable between two ports of the same switch?
Or why is spanguard not disable port ge.1.4?
I thought, that all ports (ge.1.3 and ge.1.4) of the same switch will send out BPDU's and that receiving BPDU's should trigger spanguard, isn't it so?
Best regards,
Axel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-26-2018 02:07 PM
The way I am reading this it seems to working as it is intended. This matter maybe easier to work on if you contact GTAC directly.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-26-2018 01:12 PM
Did you check show port status of the port? You can check the logs to see if you received any messages? Could you send a screen shot of show config spantree and show config port would help I can try this today and see if I experience any issues Jason
