This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- STP Safe Implementation Plans
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
STP Safe Implementation Plans
STP Safe Implementation Plans
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Monday
Long story short, I have recently began working at a university and I come from a Cisco background. The university is purely Extreme in switching and wireless. They have been having a problem for years where if someone does accidentally cause a loop a large portion of the campus shuts down. This has already happened a couple of times now since I started working here and is to me of the utmost importance to fix.
The issue lies with the 3rd party that installed the switches. They implemented ELRP only at the core. Therefore, when a loop occurs, it disables the corresponding port on the core which shuts off access to everything connecting off of it.
Anyways, I would like to implement STP for all of the switches. This summer, we plan to do a core upgrade. I have already setup the new core in a mlag setup. 2 7520s with the isc lag between them and mlagging two 5520s. Below is the configuration I am thinking for STP:
create vlan stpd_bpdu tag 4064
configure vlan 4064 add ports all tagged
configure stpd s0 mode dot1w
enable stpd s0 rapid-root-failover
configure stpd s0 default-encapsulation pvst-plus
enable stpd s0 auto-bind vlan 4064
configure stpd s0 ports link-type edge {edge_ports}
configure stpd s0 ports edge-safeguard enable {edge_ports}
configure stpd s0 ports bpdu-restrict enable {edge_ports} recovery-timeout 120
configure stpd s0 tag 4064
configure stpd s0 ports restricted-tcn on {edge_ports}
enable stpd s0
In addition, the core will get:
configure stpd s0 priority 4096
Since stp configuration is quite a bit different than Cisco, I was wondering if this looks about right? I'm planning on introducing this to the core and then slowly rolling out towards the edge.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Tuesday
+1 for using ELRP on all access port, and only use STP on switch uplinks if you want.
You can also configure ELRP to only disable for 300 second, so the loop "pings" every 5 minutes which is helpful as it resurfaces on the logs. That is handy if your logs are being filled up by other issues, and the device/user will periodically come up again to keep it from being forgotten. Don't forget to configure it on all VLANs, and keep the frequency from overwhelming your CPU.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Tuesday
Unless you actually have rings, I'd recommend ditching STP except for STP Edgeport in access. From what you write, the problem isn't the networking staff connecting stuff irresponsibly, but users that connect stuff that cause loops, right? Extreme has a protocol called ELRP which could be an alternative to STP Edgeport, but it has limitations that I don't like personally. STP Edgeport is a generic function that will give you all the protection you need without the massive drawbacks of STP. I guess I don't have to tell you about random topology changes and switches that can't keep up when this occurs, right?
STP was a great invention by Radia Perlman in the 80's, but come on, we've evolved! MLAG/SMLT or SPBm (and/or CWDM/DWDM) will give you the redundancy you need without 40 year old loop resolution protocols!
If you still actually need to build rings, you have EAPS as an alternative, but I can't say I prefer that due to lacking stability, especially in combination with stacks. For those cases, activate STP on the ring interfaces only, nothing else. Why would you? Nobody configures EAPS, ELRP or any other loop protection on all ports "just in case" as Cisco's argument for STP is.
If you still insist on STP, go for root bridge prio 0. Why is everyone so afraid of setting the best value, 0??? It has absolutely no drawbacks and you protect against more cases than with 4k. In switches from other vendors it is even possible to set the system ID, so there, I set the main root bridge to 00:00:00:00:00:01 and the secondary to 00:00:00:00:00:02, both with prio 0. At least nothing can beat that even if another unit could potentially have the same prio and ID. I have seen industrial switches with prio 0 and a low numbered MAC address taking out a factory plant.
