This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Any implication of having slpp-guard on NNI port (from auto-sense)

Any implication of having slpp-guard on NNI port (from auto-sense)

MaxHibbin
New Contributor

2 weeks ago - last edited 2 weeks ago

Currently our ZTP+ just applies auto-sense to all ports, however we want to deploy slpp-guard to all ports during ZTP+ onboarding as well. Thinking about NNI links, we have up to now enjoyed the flexibility that an auto-sense port can be used as an NNI link without any further configuration, but I did see in best practice guide not to put slpp-guard on NNI links, so in our case would we have to manually config NNI links? What are the implications of having slpp-guard on an NNI links, I presume the link disable itself if slpp packet is received, how likely is that if every access port also has slpp-guard on it? Seeing in another post the slpp packets "sent in the C-VLAN and encapsulated in the B-VLAN", so does this insulate the NNI from actually "receiving" slpp packet?

0 Kudos
3 REPLIES 3

flan
New Contributor II

Wednesday - last edited Wednesday

You are correct. 

According to the Best practices. (The course of which I teach) "shameless plug." SLPP is never used on NNI ports. SLPP should be used on a vIST cluster on all vlans except the vist vlan(4050) and the BVIDs (4051,4052). 

with SLPP Guard -- it should be run on all layer 2 distribution switches as well as Layer 2 switches at the edge / access layer on every port except NNI. It is also recommended to enable slpp guard on auto-sense ports. 

"no auto-sense enable convert-to-config" After auto-sensing an NNI port, you can apply this command to your uplinks. This might help you in your journey.  

--See you in class!!! 

Flan

0 Kudos

RobertD1
Contributor III

2 weeks ago

The best practices do say not to use slpp-guard on NNI links. It is not possible to enable it on a port with slpp packet-rx on it also. I believe the slpp packets get generated from the cores and slpp-guard is used at the edge to detect the loop and disable as close to the loop as possible and not to take down any important inter-switch links that would impact a lot more. That can still happen of course and sometimes both sides can go down at once as well. Not seen it used on NNI links myself.

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000083496

 

0 Kudos

gfriedl
Extreme Employee

2 weeks ago

As you already mentioned: SLPP frames across NNI links are encapsulated and could not reach the CPU to react on them; at least unless you are not going to add other than the BVLANs to NNI ports (which is impossible per default boot flag setting). 

0 Kudos
GTM-P2G8KFN