edge port using safeguard
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:52 AM
on my XOS switch i want to make ports 1 & 3 as edge ports would the below command syntax do the trick?
create stpd s0 configure stpd s0 mode dot1w
configure stpd s0 default-encapsulation dot1d
configure stpd s0 add vlan Data ports 1,3
configure stpd s0 ports link-type edge 1,3 edge-safeguard enable
enable stpd s0
create stpd s0 configure stpd s0 mode dot1w
configure stpd s0 default-encapsulation dot1d
configure stpd s0 add vlan Data ports 1,3
configure stpd s0 ports link-type edge 1,3 edge-safeguard enable
enable stpd s0
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-01-2015 12:35 PM
Good morning Shakil,
What you configured will only protect those ports for the Data VLAN. What if you have a VoIP scenario with a phone and a data connection off the same edge port? obviously add the VoIP vlan. I install Extreme gear at many customer sites for Extreme, and I build spanning tree into my base configuration before I even know the vlan scheme. I create a vlan specifically for spanning tree. Hint, add the STP configuration last or at least after having assigned the port to an untagged vlan's egress list.
I do this for the edge port protection of course, but also to future ready the infrastructure for all the intelligence features that come from administrating an Extreme infrastructure such as Netlogin with NAC for 802.1x and MAC authentication. You need STP to use Netlogin.
Do not apply the below on uplink ports.
So as discussed already there are multiple ways to get this done, but here is the command script that I use.
create vlan "Pearlman" configure vlan Pearlman tag 4090
configure vlan Pearlman add ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 tagged
configure mstp region Pearlman
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
configure stpd s0 mode mstp cist
create stpd Pearlman_stm
configure stpd Pearlman_stm mode mstp msti 1
configure stpd Pearlman_stm add vlan Pearlman ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 dot1d
configure stpd s0 ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60
configure stpd s0 ports bpdu-restrict enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60
enable stpd s0 ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60
What you configured will only protect those ports for the Data VLAN. What if you have a VoIP scenario with a phone and a data connection off the same edge port? obviously add the VoIP vlan. I install Extreme gear at many customer sites for Extreme, and I build spanning tree into my base configuration before I even know the vlan scheme. I create a vlan specifically for spanning tree. Hint, add the STP configuration last or at least after having assigned the port to an untagged vlan's egress list.
I do this for the edge port protection of course, but also to future ready the infrastructure for all the intelligence features that come from administrating an Extreme infrastructure such as Netlogin with NAC for 802.1x and MAC authentication. You need STP to use Netlogin.
Do not apply the below on uplink ports.
So as discussed already there are multiple ways to get this done, but here is the command script that I use.
create vlan "Pearlman" configure vlan Pearlman tag 4090
configure vlan Pearlman add ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 tagged
configure mstp region Pearlman
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
configure stpd s0 mode mstp cist
create stpd Pearlman_stm
configure stpd Pearlman_stm mode mstp msti 1
configure stpd Pearlman_stm add vlan Pearlman ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 dot1d
configure stpd s0 ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd s0 ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60
configure stpd s0 ports bpdu-restrict enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60
enable stpd s0 ports 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports mode dot1d 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports cost auto 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports port-priority 128 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports link-type edge 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48
configure stpd Pearlman_stm ports edge-safeguard enable 1:1-48, 2:1-48, 3:1-48, 4:1-48, 5:1-48, 6:1-48 recovery-timeout 60
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-01-2015 12:20 PM
good Morning Shakil if you are using this for the sole purpose of loop detection at the edge there is another method called ELRP. It will detect loops on the edge port and either disable the port permanently or for a specified period of time. You can also have it ignore ports, such as uplink ports, if you have two switches next to one anther and the loop is created between them. The ignore ports will make sure that only the edge ports are disabled and not the uplink ports.
If however you have a large STP network that these ports are part of then use STP. ELRP is a great option as you do not have to setup domain like in STP.
Hope that helps to provide some options. Please let us know if there are any other questions
P
If however you have a large STP network that these ports are part of then use STP. ELRP is a great option as you do not have to setup domain like in STP.
Hope that helps to provide some options. Please let us know if there are any other questions
P
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-31-2015 06:44 PM
It will stay disabled until you manually enable the port if you do not type a recovery number.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 12:43 PM
What is the default if i dont add the recover-timeout value is it 50 secs ? sorry i am asking the nitty gritty as i am only using a simulator and not real kit
