11-22-2022 04:11 PM
Let me apologize up front for the noob questions, but bear with me as I am trying to learn.
I am working through a GTS4950 PWR+ configuration trying to understand a few things. I was given a configuration from another stack deployment for me to go over and learn from, with the hopes I would be able to configure a separate stack I need to deploy. I am not without help to sort things out, I just wanted a crack at a configuration to see if I could work through it and learn a bit about Extreme.
With that in mind, here goes.
The configuration I was given has some headings to elude to the purpose. One such heading is Endpoint and Workstation Tagging with the following command:
vlan ports <ports> tagging untagpvidOnly filter-unregistered-frames disable
My assumption is that this is for access ports? If so, I am a little confused with the tagging directive. I would have thought that was for trunks?
The next heading is Additional Trunks As Necessary (Excluding Uplinks). I would assume these are trunk links (obviously), using the following command:
vlan ports <ports> tagging tagAll filter-untagged-frame enable
What confuses me here is that the ports for each switch in the stack are listed separately:
vlan ports <switch 1 ports> tagging tagAll filter-untagged-frame enable
vlan ports <switch 2 ports> tagging tagAll filter-untagged-frame enable
vlan ports <switch 3 ports> tagging tagAll filter-untagged-frame enable
Is this just a convenience thing so you don't have one gigantic command?
The next headings were/seem more self-explanatory, but I wanted to confirm so I am not working from assumptions.
MSTP Untagged Interfaces and MSTP Tagged Interfaces. These are the spanning-tree mstp port enable and bpdu-filtering enabling commands and spanning-tree mstp port learning disable commands respectively.
The last heading is SLPP-guard and based on the port assignments from the configuration I was given, it appears to be only for access ports and, as I understand it, to prevent spanning-tree loops?
Anyway, sorry for the long winded post, I am just trying to learn and wrap my head around things. Thanks in advance.
11-23-2022 05:55 AM
Hello RedDirt,
About vlan port tagging mode :
- untagall is for access port. switch send untagged packet. it means only one vlan by port.
- tagall is for interconnexion port, switch send tagged packet. it means one to many vlan by port
Then, you have two other hybrid mode UntagPvidOnly or TagPvidOnly.
Based on the PVID of the port, the switch will send tagged or untagged packet. In the case you use IP phone and computer connected behind, you can use one of this mode.
- UntagPvidOnly : untagged packet for the computer (vlan must be defined as PVID of the port) and tagged packet for the phone.
- TagPvidOnly : same as before but PVID must be the ToIP VLAN.
-> So, for access port, you can use "UntagAll" or "UntagpvidOnly" if needed. For Trunk port, use "TagAll"
About configuration listed by stack unit, yes it's just a convenience to help the reader.
About MSTP Untagged and Tagged, not sure about this one but i'm thinking tagged MSTP is in case of multiple instance (not only CIST).
The recommanded configuration (from my knowledge) should be MSTP learning enable, edge-port true and bpdu-filtering enable on all access ports. MSTP must be disabled on Trunk port.
About SLPP-guard, first it can't work alone, you need a SLPP source which send SLPPPDU on each access vlan. In case of loop at the edge, if the switch receive a SLPPPDU on a port, SLPP-guard will shutdown the port - it look like bpdu-filtering.
So, why add SLPP-guard if BDPU-filtering do the same -> BPDU are tagged frame, SLPPPDU are untagged frame. In case you have a device who act as BPDU filter (like IP Phone), the Spanning-tree and the bpdu-filtering will not detect the loop. whereas SLPP will.
So, if you have SLPP on core device, you could add SLPP-guard on all access port of your edge device.
I hope it will help you.
For more details about recommandations, you should read Extreme's ERS 4900 documentation or TCG guide.
regards,
TQU