Are there any easy ways to configure edge-safeguard mode with bpdu-restrict?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-21-2017 03:34 PM
Hello, everybody!
I have a task from a customer to config ports on Extreme stack to prevent users from attaching switches and turn ports in forwarding mode immediately (dot1w).
So, does anybody know more easliy way to get CISCO's "spanning-tree bpduguard enable" analog on Extremes, than described here - https://extremeportal.force.com/ExtrArticleDetail?an=000082693
I did these thing like in the article many times, but it is too difficult in this case because there are 8-slot stack where many vlans exist and vlans ports don't go in a row like VLAN10 port 1:1-48, but VLAN10 ports 1:1-4,1:6-10,1:18-21 etc.
Many thanks in advance,
Ilya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-25-2017 04:33 PM
the exact functionality of Cisco IOS' "spanning-tree bpduguard enable" requires some spanning tree protocol on the port. Thus on EXOS you need to configure and stpd that includes the access port to exaclty recreate the BPDUguard functionality.
You may be able to create similar functionality using ELRP to guard against loops, and perhaps something based on ACLs, log entries, and scripts triggered by logs to react to a BPDU.
Erik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-24-2017 08:55 AM
Am I understand right, that without STPD configuration on access-ports I can't get CISCO's "spanning-tree bpduguard enable" analogous functionality on Extremes?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-22-2017 01:22 PM
configure mstp region region1
configure stpd s0 mode mstp cist
configure stpd s0 priority 4096# the above usualy complain that vlan default is already autobinded => "disable stpd s0 auto-bind vlan default" try it again and then auto-bind it again
enable stpd s0 auto-bind vlan VLAN-X
enable stpd s0 auto-bind vlan VLAN-Y ...# you need to add every vlan to the s0
configure stpd s0 ports link-type edge 1:1-48
configure stpd s0 ports edge-safeguard enable 1:1-48 recovery-timeout 60
configure stpd s0 ports bpdu-restrict enable 1:1-48 recovery-timeout 60 ...# the above will do the job for ports 1-48 on the unit 1. Be sure you do not configure it on your uplink 🙂
enable stpd s0probably there is also some more nice way...
Good luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-22-2017 01:22 PM
Many thanks for your reply.
In what version of EXOS auto-bind does work for untagged ports? Enlight me, please.
I believe that ezSpanningtree is a great application, but it requires EXOS 21.x. All my switches are G1, so I can't use it anyway.
MSTP is not recommended STP protol for Summit. You can use search in this community to easily find out how tricky, dangerous and unstable Extreme's MSTP is. There are a lot of topics and related articles.
So, may be auto-bind works for untag in MSTP, but in PVS+ it doesn't. (Like bpdu-restrict, unfortunately)
