This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Are there any easy ways to configure edge-safeguar...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are there any easy ways to configure edge-safeguard mode with bpdu-restrict?
Are there any easy ways to configure edge-safeguard mode with bpdu-restrict?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-21-2017 03:34 PM
Hello, everybody!
I have a task from a customer to config ports on Extreme stack to prevent users from attaching switches and turn ports in forwarding mode immediately (dot1w).
So, does anybody know more easliy way to get CISCO's "spanning-tree bpduguard enable" analog on Extremes, than described here - https://extremeportal.force.com/ExtrArticleDetail?an=000082693
I did these thing like in the article many times, but it is too difficult in this case because there are 8-slot stack where many vlans exist and vlans ports don't go in a row like VLAN10 port 1:1-48, but VLAN10 ports 1:1-4,1:6-10,1:18-21 etc.
Many thanks in advance,
Ilya
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-22-2017 01:22 PM
Hi Ilya.
the autobind works for untagged vlans/ports also
the autobind works for tagged vlans/ports also
there is also very nice XOS application called ezSpanningtre = https://github.com/extremenetworks/EXOS_Apps/tree/master/EZ_SpanningTree
it will autobind newly created vlan automatically = you do not have to remember it everytime you create new vlan...
here is my config regardless of the port-to-vlan assignment. I do not care if you have 10 ports or 3000 ports 🙂
configure vlan untagged-ports auto-move inform
create vlan ONE tag 100
configure vlan "ONE" add ports 7-8 un
configure vlan "ONE" add ports 11-12 tagged
disable s0 auto-bind "Default"
configure stpd s0 delete vlan "Default" ports all
configure mstp region region1
configure stpd s0 mode mstp cist
enable s0 auto-bind vlan "Default"
enable s0 auto-bind vlan "ONE"
configure s0 ports link-type edge 1-10 edge-safeguard enable recovery-timeout 60 bpdu-restrict
enable s0
If I connect any port to any port it does work 🙂
Good luck 🙂
Z.
log example:
01/28/2017 09:02:28.54 Toggling AdminState on Port 7 with pif 0x5c3a4001/28/2017 09:02:28.53 Toggling AdminState on Port 8 with pif 0x5c4b08
01/28/2017 09:02:28.53 Port (7) is re-enabled as the disable time out has expired.
01/28/2017 09:02:28.53 Port (8) is re-enabled as the disable time out has expired.
01/28/2017 09:01:28.56 Port 7 link down
01/28/2017 09:01:28.54 Port 8 link down
01/28/2017 09:01:28.52 Toggling AdminState on Port 7 with pif 0x5c3a40
01/28/2017 09:01:28.52 Toggling AdminState on Port 8 with pif 0x5c4b08
01/28/2017 09:01:28.52 BPDU Restrict Port (7) has received a bpdu and will be shutdown.
01/28/2017 09:01:28.52 BPDU Restrict Port (8) has received a bpdu and will be shutdown.
01/28/2017 09:01:26.89 Port 8 link UP at speed 1 Gbps and full-duplex
01/28/2017 09:01:26.87 Port 7 link UP at speed 1 Gbps and full-duplex
the autobind works for untagged vlans/ports also
the autobind works for tagged vlans/ports also
there is also very nice XOS application called ezSpanningtre = https://github.com/extremenetworks/EXOS_Apps/tree/master/EZ_SpanningTree
it will autobind newly created vlan automatically = you do not have to remember it everytime you create new vlan...
here is my config regardless of the port-to-vlan assignment. I do not care if you have 10 ports or 3000 ports 🙂
configure vlan untagged-ports auto-move inform
create vlan ONE tag 100
configure vlan "ONE" add ports 7-8 un
configure vlan "ONE" add ports 11-12 tagged
disable s0 auto-bind "Default"
configure stpd s0 delete vlan "Default" ports all
configure mstp region region1
configure stpd s0 mode mstp cist
enable s0 auto-bind vlan "Default"
enable s0 auto-bind vlan "ONE"
configure s0 ports link-type edge 1-10 edge-safeguard enable recovery-timeout 60 bpdu-restrict
enable s0
If I connect any port to any port it does work 🙂
Good luck 🙂
Z.
log example:
01/28/2017 09:02:28.54 Toggling AdminState on Port 7 with pif 0x5c3a4001/28/2017 09:02:28.53 Toggling AdminState on Port 8 with pif 0x5c4b08
01/28/2017 09:02:28.53
01/28/2017 09:02:28.53
01/28/2017 09:01:28.56 Port 7 link down
01/28/2017 09:01:28.54 Port 8 link down
01/28/2017 09:01:28.52 Toggling AdminState on Port 7 with pif 0x5c3a40
01/28/2017 09:01:28.52 Toggling AdminState on Port 8 with pif 0x5c4b08
01/28/2017 09:01:28.52
01/28/2017 09:01:28.52
01/28/2017 09:01:26.89 Port 8 link UP at speed 1 Gbps and full-duplex
01/28/2017 09:01:26.87 Port 7 link UP at speed 1 Gbps and full-duplex
Regards
Zdeněk Pala
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-22-2017 01:22 PM
Hello, Zdenek!
We all need "auto-bind" for untagged ports too...
Why if I say: "enable stpd VLAN-X auto-bind vlan VLAN-X" it works for tagged ports only?
I have about 2000+ ports in 30 vlans on 8 stacks which set in a random order.
It would be suicide for me to say to the customer: "Well, guys, now find out all untag ports for all VLANs on that stack and set them separated with comma in "configure stpd VLAN-X ports edge-safeguard enable ......." and "recovery-timeout 60
configure stpd s0 ports bpdu-restrict enable ..........". For every VLAN!
But even if they will do that, a human factor make an inevitable mistake, correcting this configuration later...
Anyway, many thanks for your reply! For years I have been looking a simple and straightforward way to turn on STP globally on Extremes and now I have it!
Unfortunately, on Saturday I've changed STP config everywhere from MST to PVST+ with ELRP (dedicated VLAN) on access-switches.
The problems were:
1) CISCOs didn't see Extremes as root in case of MST. Is it expected behaviour?
2) There was not possible in 15.3 to set access ports in edge-safeguard mode in case of MST
3) After upgrade to EXOS 16.2 stack switches where MST instance had been enabled started to turn off ports arbitrary with no messages to syslog. So now I've reverted to 15.3 back. If PVST+ works fine, I will try to upgrade the stacks again in several days.
So, now I have PVST+ STP on per VLAN basis.
My confs:
Core (X8):
create stpd VLAN-X
configure stpd VLAN-X default-encapsulation pvst-plus
configure stpd VLAN-X mode dot1w
configure stpd VLAN-X priority 4096
enable stpd VLAN-X auto-bind vlan VLAN-X
configure stpd VLAN-X tag X
enable stpd VLAN-X
The same config for about 30 vlans. Stacks have also the same config, but without "configure stpd VLAN-X priority 4096" command.
As I told earlier, access ports don't go in order on stacks (about 2000+ ports between 30 vlans).
Am I understand right, that without STPD configuration on access-ports I can't get "spanning-tree bpduguard enable" analogous functionality?
Many thanks to you, Zdenek!
We all need "auto-bind" for untagged ports too...
Why if I say: "enable stpd VLAN-X auto-bind vlan VLAN-X" it works for tagged ports only?
I have about 2000+ ports in 30 vlans on 8 stacks which set in a random order.
It would be suicide for me to say to the customer: "Well, guys, now find out all untag ports for all VLANs on that stack and set them separated with comma in "configure stpd VLAN-X ports edge-safeguard enable ......." and "recovery-timeout 60
configure stpd s0 ports bpdu-restrict enable ..........". For every VLAN!
But even if they will do that, a human factor make an inevitable mistake, correcting this configuration later...
Anyway, many thanks for your reply! For years I have been looking a simple and straightforward way to turn on STP globally on Extremes and now I have it!
Unfortunately, on Saturday I've changed STP config everywhere from MST to PVST+ with ELRP (dedicated VLAN) on access-switches.
The problems were:
1) CISCOs didn't see Extremes as root in case of MST. Is it expected behaviour?
2) There was not possible in 15.3 to set access ports in edge-safeguard mode in case of MST
3) After upgrade to EXOS 16.2 stack switches where MST instance had been enabled started to turn off ports arbitrary with no messages to syslog. So now I've reverted to 15.3 back. If PVST+ works fine, I will try to upgrade the stacks again in several days.
So, now I have PVST+ STP on per VLAN basis.
My confs:
Core (X8):
create stpd VLAN-X
configure stpd VLAN-X default-encapsulation pvst-plus
configure stpd VLAN-X mode dot1w
configure stpd VLAN-X priority 4096
enable stpd VLAN-X auto-bind vlan VLAN-X
configure stpd VLAN-X tag X
enable stpd VLAN-X
The same config for about 30 vlans. Stacks have also the same config, but without "configure stpd VLAN-X priority 4096" command.
As I told earlier, access ports don't go in order on stacks (about 2000+ ports between 30 vlans).
Am I understand right, that without STPD configuration on access-ports I can't get "spanning-tree bpduguard enable" analogous functionality?
Many thanks to you, Zdenek!
