Layer 2 Protocols - Extreme Networksextrcdn.extremenetworks.com/.../uploads/2014/04/Layer_2_Protocols.… · Layer 2 Protocols 9. Navigating the ExtremeXOS User Guide This guide consists

Layer 2 ProtocolsExtremeXOS 15.5 User Guide

120936-00 Rev. 2

Published June 2014

Copyright © 2011–2014 All rights reserved.

Legal NoticeExtreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys Networks,Inc., reserves the right to make changes in specifications and other information contained in thisdocument and its website without prior notice. The reader should in all cases consultrepresentatives of Extreme Networks to determine whether any such changes have been made.The hardware, firmware, software or any specifications described or referred to in this documentare subject to change without notice.

TrademarksExtreme Networks and the Extreme Networks logo are trademarks or registered trademarks ofExtreme Networks, Inc. in the United States and/or other countries.All other names (including any product names) mentioned in this document are the property oftheir respective owners and may be trademarks or registered trademarks of their respectivecompanies/owners.For additional information on Extreme Networks trademarks, please see: www.extremenetworks.com/company/legal/trademarks/

SupportFor product support, including documentation, visit: www.extremenetworks.com/support/

For information, contact:Extreme Networks, Inc.145 Rio RoblesSan Jose, California 95134USA

http://extremenetworks.com/company/legal/trademarks

http://www.extremenetworks.com/support/

Table of ContentsPreface......................................................................................................................................... 7

Conventions.............................................................................................................................................................................7Related Publications............................................................................................................................................................8Providing Feedback to Us................................................................................................................................................ 9

Navigating the ExtremeXOS User Guide......................................................................................................................... 10

Chapter 1: EAPS......................................................................................................................... 11EAPS Protocol Overview.................................................................................................................................................. 11Configuring EAPS...............................................................................................................................................................23Displaying EAPS Information....................................................................................................................................... 33Configuration Examples..................................................................................................................................................34

Chapter 2: ERPS....................................................................................................................... 67ERPS Overview....................................................................................................................................................................67Supported ERPS Features.............................................................................................................................................68G.8032 Version 2 ...............................................................................................................................................................69Configuring ERPS...............................................................................................................................................................75Sample Configuration.......................................................................................................................................................77Debugging ERPS................................................................................................................................................................ 79ERPS Feature Limitations.............................................................................................................................................. 79

Chapter 3: Protocol Filters.....................................................................................................80

Chapter 4: Layer 2 Protocol Tunneling................................................................................ 82

Chapter 5: Layer 2 Tunneling and Filtering.........................................................................84Protocol Tunneling............................................................................................................................................................ 84Protocol Filtering................................................................................................................................................................86

Chapter 6: L2PT Limitations...................................................................................................88

Chapter 7: STP..........................................................................................................................89Spanning Tree Protocol Overview.............................................................................................................................89Span Tree Domains...........................................................................................................................................................96STP Configurations..........................................................................................................................................................104Per VLAN Spanning Tree................................................................................................................................................ 111Rapid Spanning Tree Protocol.....................................................................................................................................112Multiple Spanning Tree Protocol............................................................................................................................... 123STP and Network Login.................................................................................................................................................135STP Rules and Restrictions.......................................................................................................................................... 136Configure STP on the Switch...................................................................................................................................... 137Display STP Settings....................................................................................................................................................... 138STP Configuration Examples......................................................................................................................................140

Chapter 8: Layer 2 Protocol Commands............................................................................ 146clear counters erps.......................................................................................................................................................... 149clear counters stp.............................................................................................................................................................150clear eaps counters........................................................................................................................................................... 151configure eaps add control vlan................................................................................................................................152configure eaps add protected vlan..........................................................................................................................153configure eaps cfm.......................................................................................................................................................... 154

Layer 2 Protocols 3

configure eaps config-warnings off.........................................................................................................................155configure eaps config-warnings on......................................................................................................................... 156configure eaps delete control vlan...........................................................................................................................157configure eaps delete protected vlan.....................................................................................................................158configure eaps failtime expiry-action.....................................................................................................................160configure eaps failtime.................................................................................................................................................... 161configure eaps fast-convergence............................................................................................................................. 162configure eaps hello-pdu-egress.............................................................................................................................. 163configure eaps hellotime...............................................................................................................................................164configure eaps mode...................................................................................................................................................... 165configure eaps multicast add-ring-ports.............................................................................................................. 167configure eaps multicast send-query..................................................................................................................... 168configure eaps multicast send-igmp-query........................................................................................................ 169configure eaps multicast temporary-flooding duration................................................................................ 170configure eaps multicast temporary-flooding..................................................................................................... 171configure eaps name....................................................................................................................................................... 172configure eaps port..........................................................................................................................................................173configure eaps priority................................................................................................................................................... 175configure eaps shared-port common-path-timers.......................................................................................... 176configure eaps shared-port link-id........................................................................................................................... 177configure eaps shared-port mode............................................................................................................................178configure eaps shared-port segment-timers expiry-action........................................................................ 179configure eaps shared-port segment-timers health-interval..................................................................... 180configure eaps shared-port segment-timers timeout..................................................................................... 181configure erps add control vlan................................................................................................................................ 182configure erps add protected vlan.......................................................................................................................... 183configure erps cfm md-level....................................................................................................................................... 184configure erps cfm port ccm-interval.....................................................................................................................185configure erps cfm port group.................................................................................................................................. 186configure erps cfm port mepid.................................................................................................................................. 187configure erps cfm protection group..................................................................................................................... 188configure erps delete control vlan........................................................................................................................... 189configure erps delete protected vlan.....................................................................................................................190configure erps dynamic-state clear.......................................................................................................................... 191configure erps name.........................................................................................................................................................191configure erps neighbor port......................................................................................................................................192configure erps notify-topology-change................................................................................................................ 193configure erps protection-port..................................................................................................................................194configure erps revert...................................................................................................................................................... 195configure erps ring-ports east | west......................................................................................................................195configure erps subring-mode..................................................................................................................................... 196configure erps sub-ring................................................................................................................................................. 197configure erps timer guard.......................................................................................................................................... 198configure erps timer hold-off..................................................................................................................................... 199configure erps timer periodic................................................................................................................................... 200configure erps timer wait-to-block..........................................................................................................................201configure erps timer wait-to-restore...................................................................................................................... 201configure erps topology-change.............................................................................................................................202configure forwarding L2-protocol fast-convergence................................................................................... 203

Table of Contents

Layer 2 Protocols 4

configure ip-arp fast-convergence........................................................................................................................ 204configure mstp format..................................................................................................................................................206configure mstp region...................................................................................................................................................207configure mstp revision................................................................................................................................................208configure stpd add vlan...............................................................................................................................................209configure stpd default-encapsulation.....................................................................................................................212configure stpd delete vlan........................................................................................................................................... 214configure stpd description........................................................................................................................................... 215configure stpd flush-method...................................................................................................................................... 216configure stpd forwarddelay.......................................................................................................................................217configure stpd hellotime............................................................................................................................................... 218configure stpd maxage..................................................................................................................................................219configure stpd max-hop-count................................................................................................................................ 220configure stpd mode.......................................................................................................................................................221configure stpd ports active-role disable.............................................................................................................. 223configure stpd ports active-role enable...............................................................................................................224configure stpd ports bpdu-restrict......................................................................................................................... 225configure stpd ports cost............................................................................................................................................ 226configure stpd ports edge-safeguard disable...................................................................................................228configure stpd ports edge-safeguard enable....................................................................................................229configure stpd ports link-type....................................................................................................................................231configure stpd ports mode.........................................................................................................................................234configure stpd ports port-priority...........................................................................................................................235configure stpd ports priority......................................................................................................................................236configure stpd ports restricted-role disable...................................................................................................... 238configure stpd ports restricted-role enable....................................................................................................... 239configure stpd priority..................................................................................................................................................240configure stpd tag............................................................................................................................................................241configure vlan add ports stpd...................................................................................................................................243create eaps shared-port...............................................................................................................................................245create eaps......................................................................................................................................................................... 246create erps ring.................................................................................................................................................................247create stpd..........................................................................................................................................................................248debug erps show.............................................................................................................................................................250debug erps..........................................................................................................................................................................250delete eaps shared-port................................................................................................................................................ 251delete eaps..........................................................................................................................................................................252delete erps...........................................................................................................................................................................253delete stpd.......................................................................................................................................................................... 253disable eaps........................................................................................................................................................................254disable erps block-vc-recovery................................................................................................................................ 256disable erps ring-name................................................................................................................................................. 256disable erps topology-change...................................................................................................................................257disable erps.........................................................................................................................................................................258disable stpd auto-bind.................................................................................................................................................. 259disable stpd ports........................................................................................................................................................... 260disable stpd rapid-root-failover.................................................................................................................................261disable stpd........................................................................................................................................................................ 262enable eaps.........................................................................................................................................................................263

Table of Contents

Layer 2 Protocols 5

enable erps block-vc-recovery.................................................................................................................................264enable erps ring-name.................................................................................................................................................. 265enable erps topology-change................................................................................................................................... 266enable erps......................................................................................................................................................................... 266enable stpd auto-bind................................................................................................................................................... 267enable stpd ports............................................................................................................................................................ 270enable stpd rapid-root-failover..................................................................................................................................271enable stpd..........................................................................................................................................................................272MSTP...................................................................................................................................................................................... 273RSTP.......................................................................................................................................................................................273run erps force-switch | manual-switch..................................................................................................................273show eaps cfm groups..................................................................................................................................................274show eaps counters shared-port............................................................................................................................. 275show eaps counters....................................................................................................................................................... 280show eaps shared-port neighbor-info.................................................................................................................. 284show eaps shared-port................................................................................................................................................. 285show eaps............................................................................................................................................................................289show erps ring-name..................................................................................................................................................... 295show erps statistics........................................................................................................................................................ 297show erps............................................................................................................................................................................ 298show stpd ports............................................................................................................................................................... 299show stpd............................................................................................................................................................................302show vlan eaps................................................................................................................................................................. 306show vlan stpd..................................................................................................................................................................307Spanning Tree Domains...............................................................................................................................................309STP Rules and Restrictions.......................................................................................................................................... 312STP........................................................................................................................................................................................... 313unconfigure eaps port.................................................................................................................................................... 313unconfigure eaps shared-port link-id..................................................................................................................... 314unconfigure eaps shared-port mode...................................................................................................................... 315unconfigure erps cfm......................................................................................................................................................316unconfigure erps neighbor-port................................................................................................................................317unconfigure erps notify-topology-change...........................................................................................................317unconfigure erps protection-port.............................................................................................................................318unconfigure erps ring-ports west.............................................................................................................................319unconfigure mstp region............................................................................................................................................. 320unconfigure stpd ports link-type.............................................................................................................................. 321unconfigure stpd..............................................................................................................................................................322

Table of Contents

Layer 2 Protocols 6

Preface

Conventions

This section discusses the conventions used in this guide.

Text Conventions

The following tables list text conventions that are used throughout this guide.

Table 1: Notice IconsIcon Notice Type Alerts you to...

Note Important features or instructions.

Caution Risk of personal injury, system damage, or loss of data.

Warning Risk of severe personal injury.

New This command or section is new for this release.

Table 2: Text ConventionsConvention Description

Screen displaysThis typeface indicates command syntax, or represents information as it appears onthe screen.

The words enter andtype

When you see the word “enter” in this guide, you must type something, and then pressthe Return or Enter key. Do not press the Return or Enter key when an instructionsimply says “type.”

[Key] names Key names are written with brackets, such as [Return] or [Esc]. If you must press twoor more keys simultaneously, the key names are linked with a plus sign (+). Example:Press [Ctrl]+[Alt]+[Del]

Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined inthe text. Italics are also used when referring to publication titles.

Layer 2 Protocols 7

Platform-Dependent Conventions

Unless otherwise noted, all information applies to all platforms supported by ExtremeXOS software,which are the following:

• BlackDiamond® X8 series switch

• BlackDiamond 8800 series switches

• Cell Site Routers (E4G-200 and E4G-400)

• Summit® family switches

• SummitStack™

When a feature or feature implementation applies to specific platforms, the specific platform is noted inthe heading for the section describing that implementation in the ExtremeXOS commanddocumentation. In many cases, although the command is available on all platforms, each platform usesspecific keywords. These keywords specific to each platform are shown in the Syntax Description anddiscussed in the Usage Guidelines.

Terminology

When features, functionality, or operation is specific to a switch family, the family name is used.Explanations about features and operations that are the same across all product families simply refer tothe product as the “switch.”

Related PublicationsDocumentation for Extreme Networks products is available at: www.extremenetworks.com. Thefollowing is a list of related publications currently available:

• ExtremeXOS User Guide

• ExtremeXOS Hardware and Software Compatibility Matrix

• ExtremeXOS Legacy CLI Quick Reference Guide

• ExtremeXOS ScreenPlay User Guide

• Using AVB with Extreme Switches

• BlackDiamond 8800 Series Switches Hardware Installation Guide

• BlackDiamond X8 Switch Hardware Installation Guide

• Extreme Networks Pluggable Interface Installation Guide

• Summit Family Switches Hardware Installation Guide

• Ridgeline Installation and Upgrade Guide

• Ridgeline Reference Guide

• SDN OpenFlow Implementation Guide

• SDN OpenStack Install Guide

Some ExtremeXOS software files have been licensed under certain open source licenses. Information isavailable at: www.extremenetworks.com/services/osl-exos.aspx

Preface

Layer 2 Protocols 8

http://www.extremenetworks.com/go/documentation

http://www.extremenetworks.com/services/osl-exos.aspx

Providing Feedback to Us

We are always striving to improve our documentation and help you work better, so we want to hearfrom you! We welcome all feedback but especially want to know about:

• Content errors or confusing or conflicting information.

• Ideas for improvements to our documentation so you can find the information you need faster.

• Broken links or usability issues.

If you would like to provide feedback to the Extreme Networks Information Development team aboutthis document, please contact us using our short online feedback form. You can also email us directly at [email protected].

Preface

Layer 2 Protocols 9

http://marketing.extremenetworks.com/acton/form/1730/001b:d-0001/0/index.htm

mailto:[email protected]?subject=Feedback

Navigating the ExtremeXOS User Guide

This guide consists of the following eight volumes that contain feature descriptions, conceptualmaterial, configuration details, command references and examples:

• Basic Switch Operation

• Policies and Security

• Layer 2 Basics

• Layer 2 Protocols

• Layer 3 Basics

• Layer 3 Unicast Protocols

• Multicast

• Advanced Features

Layer 2 Protocols 10

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Basic_Switch_Operation.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Policies_and_Security.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Layer_2_Basics.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Layer_2_Protocols.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Layer_3_Basics.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Layer_3_Unicast_Protocols.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Multicast.pdf

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/Advanced_Features.pdf

1 EAPS

EAPS Protocol OverviewConfiguring EAPSDisplaying EAPS InformationConfiguration Examples

This chapter provides an overview and discusses various topologies of Extreme's Automatic ProtectionSwitching (EAPS) feature. The chapter offers configuration and monitoring details, and also providesconfiguration examples.

EAPS Protocol Overview

The EAPS protocol provides fast protection switching to Layer 2 switches interconnected in anEthernet ring topology, such as a Metropolitan Area Network (MAN) or large campus (see the followingfigure).

Figure 1: Gigabit Ethernet Fiber EAPS MAN Ring

EAPS Benefits

EAPS offers the following benefits:


• Fast Recovery time for link or node failures—When a link failure or switch failure occurs, EAPSprovides fast recovery times. EAPS provides resiliency for voice, video and data services.

• Scalable network segmentation and fault isolation—EAPS domains can protect groups of multipleVLANs, allowing scalable growth and broadcast loop protection. EAPS domains provide logical andphysical segmentation, which means the failures in one EAPS ring do not impact network service forother rings and VLANs.

• Resilient foundation for non-stop IP routing services—EAPS provides a resilient foundation forupper level routing protocols such as Open Shortest Path First (OSPF) and Border GatewayProtocol (BGP), minimizing route-flapping and dropped neighbors within the routed IP network.

• Predictable convergence regardless of failure location—EAPS provides consistent and predictablerecovery behavior regardless of where link failures occur. The simple blocking architecture andpredictable performance of EAPS allows for enforceable Service Level Agreements (SLAs). Thisallows easier network troubleshooting and failure scenario analysis without lengthy testing ordebugging on live production networks.

EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol (STP),but EAPS offers the advantage of converging in less than one second when a link in the ring breaks.

An Ethernet ring built using EAPS can have resilience comparable to that provided by SONET rings, at alower cost and with fewer restraints (such as ring size). The EAPS technology developed by ExtremeNetworks to increase the availability and robustness of Ethernet rings is described in RFC 3619:Extreme Networks’ Ethernet Automatic Protection Switching (EAPS) Version 1.

EAPS Single Ring Topology

The simplest EAPS configuration operates on a single ring.

This section describes how this type of EAPS configuration operates. Later sections describe morecomplex configurations.

An EAPS domain consists of one master node and one or more transit nodes (see the following figure),and includes one control VLAN and one or more protected VLANs.

A domain is a single instance of the EAPS protocol that defines the scope of protocol operation. Asingle logical EAPS domain typically exists on a given physical ring topology (fiber or copper).

EAPS


Figure 2: EAPS Operation

A protected VLAN is a user data VLAN that uses the ring for a protected connection between all edgeports. The protected VLAN uses 802.1q trunking on the ring ports and supports tagged and untaggededge ports.

One ring port of the master node is designated the master node’s primary port (P), and another port isdesignated as the master node’s secondary port (S) to the ring. In normal operation, the master nodeblocks the secondary port for all protected VLAN traffic, thereby preventing a loop in the ring. (Thespanning tree protocol, STP, provides the same type of protection.) Traditional Ethernet bridge learningand forwarding database mechanisms direct user data around the ring within the protected VLANs.

NoteAlthough primary and secondary ports are configured on transit nodes, both port typesoperate identically as long as the transit node remains a transit node. If the transit node isreconfigured as a master node, the configured states of the primary and secondary portsapply.

The control VLAN is a dedicated 802.1q tagged VLAN that is used to transmit and receive EAPS controlframes on the ring. The control VLAN can contain only two EAPS ring ports on each node. Each EAPSdomain has a unique control VLAN, and control traffic is not blocked by the master node at any time.The control VLAN carries the following EAPS control messages around the ring:

• Health-check messages, which are sent from the master node primary port. Transit nodes forwardhealth-check messages toward the master node secondary port on the control VLAN. When themaster node receives a health check message on the secondary port, the EAPS ring is consideredintact.

• Link-down alert messages, which are sent from a transit node to the master node when the transitnode detects a local link failure.

• Flush-FDB messages, which are sent by the master node to all transit nodes when ring topologychanges occur. Upon receiving this control frame, the transit node clears its MAC addressforwarding table (FDB) and relearns the ring topology.

EAPS


When the master node detects a failure, due to an absence of health-check messages or a receivedlink-down alert, it transitions the EAPS domain to the Failed state and unblocks its secondary port toallow data connectivity in the protected VLANs.

EAPS Multiple Ring Topology

EAPS works with multiple ring networks to support more complex topologies for interconnectingmultiple EAPS domains. This allows larger EAPS end-to-end networks to be built from edge to core.

NoteMinimal EAPS support is provided at all license levels. EAPS multiple ring topologies andcommon link topologies are supported at higher license levels as described in the FeatureLicense Requirements document.

The simplest multiple ring topology uses a single switch to join two EAPS rings.

The common link feature uses two switches, which share a common link, to provide redundancy andlink multiple EAPS rings.

Two Rings Connected by One Switch

The following figure shows how a data VLAN can span two rings interconnected by a common switch—a figure eight topology.

Figure 3: Two Rings Interconnected by One Switch

A data VLAN that spans multiple physical rings or EAPS domains and is protected by EAPS is called anoverlapping VLAN. An overlapping VLAN requires loop protection for each EAPS domain to which itbelongs.

In the following figure, there is an EAPS domain with its own control VLAN running on ring 1 andanother EAPS domain with its own control VLAN running on ring 2. A data VLAN that spans both ringsis added as a protected VLAN to both EAPS domains to create an overlapping VLAN. Switch S5 hastwo instances of EAPS domains running on it, one for each ring.

EAPS


http://extrcdn.extremenetworks.com/wp-content/uploads/2014/04/ExtremeXOS_Feature_License_Requirements.pdf


Multiple Rings Sharing an EAPS Common Link

EAPS Common Link Operation

The following figure shows an example of a multiple ring topology that uses the EAPS common linkfeature to provide redundancy for the switches that connect the rings.

Figure 4: Multiple Rings Sharing a Common Link

An EAPS common link is a physical link that carries overlapping VLANs that are protected by morethan one EAPS domain.

In the example shown earlier in the preceding figure, switch S5 could be a single point of failure. Ifswitch S5 were to go down, users on Ring 1 would not be able to communicate with users on Ring 2. Tomake the network more resilient, you can add another switch. A second switch, S10, connects to bothrings and to S5 through a common link, which is common to both rings.

The EAPS common link in the following figure requires special configuration to prevent a loop thatspans both rings. The software entity that requires configuration is the eaps shared-port, so thecommon link feature is sometimes called the shared port feature.

NoteIf the shared port is not configured and the common link goes down, a superloop betweenthe multiple EAPS domains occurs.

The correct EAPS common link configuration requires an EAPS shared port at each end of the commonlink. The role of the shared port (and switch) at each end of the common link must be configured aseither controller or partner. Each common link requires one controller and one partner for each EAPSdomain. Typically the controller and partner nodes are distribution or core switches. A controller orpartner can also perform the role of master or transit node within its EAPS domain.

During normal operation, the master node on each ring protects the ring as described in EAPS SingleRing Topology on page 12. The controller and partner nodes work together to protect the overlappingVLANs from problems caused by a common link failure or a failed controller (see the following figure).

EAPS


Figure 5: Master Node Operation in a Multiple Ring Topology

If a link failure occurs in one of the outer rings, only a single EAPS domain is affected. The EAPS masterdetects the failure in its domain, and converges around the failure. In this case, the controller does nottake any blocking action, and EAPS domains on other rings are not affected. Likewise, when the link isrestored, only the local EAPS domain is affected. The controller and any EAPS domains on other ringsare not affected, and continue forwarding traffic normally.

To detect common-link faults, the controller and partner nodes send segment health check messagesat one-second intervals to each other through each segment. A segment is the ring communicationpath between the controller and partner. The common link completes the ring, but it is a separate entityfrom the segment. To discover segments and their up or down status, segment health-check messagesare sent from controller to partner, and also from partner to controller (see the following figure).

Figure 6: Segment Health-Check Messages

Common Link Fault Detection and Response

With one exception, when a common link fails, each master node detects the failure and unblocks itssecondary port, as shown in the following figure.

EAPS


Figure 7: Common Link Failure

Because the secondary port of each master node is now unblocked, the new topology introduces abroadcast loop spanning the outer rings.

The controller and partner nodes immediately detect the loop, and the controller does the following:

• Selects an active-open port for protected VLAN communications.

• Blocks protected VLAN communications on all segment ports except the active-open port.

NoteWhen a controller goes into or out of the blocking state, the controller sends a flush-fdbmessage to flush the FDB in each of the switches in its segments. In a network with multipleEAPS ports in the blocking state, the flush-fdb message gets propagated across theboundaries of the EAPS domains.

The exception mentioned above occurs when the partner node is also a master node, and the sharedport that fails is configured as a primary port. In this situation, the master node waits for a link-downPDU from the controller node before opening the secondary port. This delay prevents a loop that mightotherwise develop if the master/partner node detects the link failure before the controller node.

NoteIf the common link and a ring link fail, and if the common link restores before the ring link,traffic down time can be as long as three seconds. This extended delay is required to preventloops during the recovery of multiple failed links.

Common Link Recovery

When a common link recovers, each master node detects that the ring is complete and immediatelyblocks their secondary ports. The controller also detects the recovery and puts its shared port to thecommon link into a temporary blocking state called pre-forwarding as shown in the following figure.

EAPS


Figure 8: Common Link in Pre-Forwarding State

Because the topology has changed, the EAPS nodes must learn the new traffic paths. Each masternode notifies all switches in their domain to clear their FDB tables, and traditional Ethernet bridgelearning and forwarding mechanisms establish the new traffic paths. Once the controller receives flush-fdb messages for all of its connected EAPS domains, the controller shared-port state for the commonlink changes to forwarding, the controller state changes to Ready, and traffic flows normally as shownin the following figure.

Figure 9: Common-Link Restored

Controller and Partner Node States

EAPS controller and partner nodes can be in the following states:

EAPS


• Ready—Indicates that the EAPS domains are running, the common-link neighbor can be reachedthrough segment health-checks, and the common link is up.

• Blocking—Indicates that the EAPS domains are running, the common-link neighbor can be reachedthrough segment health-checks, but the common-link is down. Only the controller node (and notthe partner) performs blocking.

• Preforwarding—Indicates the EAPS domain was in a blocking state, and the common link wasrestored. The controller port is temporarily blocked to prevent a loop during state transition fromBlocking to Ready.

• Idle—Indicates the EAPS common-link neighbor cannot be reached through segment health-checkmessages.

Spatial Reuse with an EAPS Common Link

The common-link topology supports multiple EAPS domains (spatial reuse) on each ring as shown inthe following figure.

Figure 10: EAPS Common Link Topology with Spatial Reuse

NoteIf you are using the older method of enabling STP instead of EAPSv2 to block the super loopin a shared-port environment, you can continue to do so. In all other scenarios, werecommendsthat you do not use both STP and EAPS on the same port.

Additional Common Link Topology Examples

Basic Core Topology

The following figure shows a core topology with two access rings. In this topology, there are two EAPScommon links.

EAPS


Figure 11: Basic Core Topology

Right-Angle Topology

In the right-angle topology, there are still two EAPS common links, but the common links are adjacentto each other.

To configure a right-angle topology, there must be two common links configured on one of theswitches. The following figure shows a right-angle topology.

Figure 12: Right-Angle Topology

Combined Basic Core and Right-Angle Topology

The following figure shows a combination basic core and right-angle topology.

EAPS


Figure 13: Basic Core and Right Angle Topology

The following figure shows an extension of the basic core and right angle configuration.

Figure 14: Advanced Basic Core and Right Angle Topology

Large Core and Access Ring Topology

The following figure shows a single large core ring with multiple access rings hanging off of it.

This is an extension of a basic core configuration.

EAPS


Figure 15: Large Core and Access Ring Topology

Fast Convergence

The fast convergence mode allows EAPS to converge more rapidly. In EAPS fast convergence mode,the link filters on EAPS ring ports are turned off. In this case, an instant notification is sent to the EAPSprocess if a port’s state transitions from up to down or vice-versa.

You must configure fast convergence for the entire switch, not by EAPS domain.

EAPS and Hitless Failover--Modular Switches and SummitStack OnlyWhen you install two Management Switch Fabric Modules (MSMs) or Management Modules (MMs) in aBlackDiamond chassis or use redundancy in a SummitStack, one MSM/MM (node) assumes the role ofprimary and another node assumes the role of backup.

The primary node executes the switch’s management functions, and the backup node acts in a standbyrole. Hitless failover transfers switch management control from the primary to the backup andmaintains the state of EAPS. EAPS supports hitless failover. You do not explicitly configure hitlessfailover support; rather, if you have two MSMs/MMs installed in a chassis or you are operating withredundancy in a SummitStack, hitless failover is available.

NoteNot all platforms support hitless failover in the same software release. To verify if thesoftware version you are running supports hitless failover, see the following table in Managing the Switch. For more information about protocol, platform, and MSM/MM supportfor hitless failover, see Understanding Hitless Failover Support.

EAPS


To support hitless failover, the primary node replicates all EAPS PDUs to the backup, which allows thebackup to be aware of the EAPS domain state. Since both nodes receive EAPS PDUs, each nodemaintains equivalent EAPS states.

By knowing the state of the EAPS domain, the EAPS process running on the backup node can quicklyrecover after a primary node failover. Although both nodes receive EAPS PDUs, only the primarytransmits EAPS PDUs to neighboring switches and actively participates in EAPS.

NoteFor instructions on how to manually initiate hitless failover, see Relinquishing Primary Status.

EAPS Licensing

Different EAPS features are offered at different license levels.

For complete information about software licensing, including how to obtain and upgrade your licenseand what licenses are appropriate for these features, see the Feature License Requirements document.

Configuring EAPS

Single Ring Configuration Tasks

To configure and enable an EAPS protected ring, do the following on each ring node:

1 Create an EAPS domain and assign a name to the domain as described in Creating and Deleting anEAPS Domain on page 24.

2 Create and add the control VLAN to the domain as described in Adding the EAPS Control VLAN onpage 24.

3 Create and add the protected VLAN(s) to the domain as described in Adding Protected VLANs onpage 25.

4 Configure the EAPS mode (master or transit) for the switch in the domain as described in Definingthe Switch Mode (Master or Transit) on page 25.

5 Configure the EAPS ring ports, including the master primary and secondary ring ports, as describedin Configuring the Ring Ports on page 26.

6 If desired, configure the polling timers and timeout action as described in Configuring the PollingTimers and Timeout Action on page 26.*

7 Enable EAPS for the entire switch as described in Enabling and Disabling EAPS on the Switch onpage 27.

EAPS



8 If desired, enable Fast Convergence as described in Enabling and Disabling Fast Convergence onpage 28.*

9 Enable EAPS for the specified domain as described in Enabling and Disabling an EAPS Domain onpage 28.

NoteIf you configure a VMAN on a switch running EAPS, make sure you configure the VMANattributes on all of the switches that participate in the EAPS domain. For more informationabout VMANs, see VMAN (PBN) and PBBN.

Creating and Deleting an EAPS Domain

Each EAPS domain is identified by a unique domain name.

• To create an EAPS domain, use the following command:

create eaps name

• To delete an EAPS domain, use the following command:

delete eaps name

Adding the EAPS Control VLAN

You must create and configure one control VLAN for each EAPS domain. For instructions on creating aVLAN, see VLANs.

• To configure EAPS to use a VLAN as the EAPS control VLAN for a domain, use the followingcommand:

configure eaps name add control {vlan} vlan_name

Note

A control VLAN cannot belong to more than one EAPS domain. If the domain is active,you cannot delete the domain or modify the configuration of the control VLAN.

The control VLAN must NOT be configured with an IP address. In addition, only ring portsmay be added to this control VLAN. No other ports can be members of this VLAN. Failureto observe these restrictions can result in a loop in the network.

The ring ports of the control VLAN must be tagged.

By default, EAPS PDUs are automatically assigned to QoS profile QP8. This ensures that the controlVLAN messages reach their intended destinations. You do not need to configure a QoS profile forthe control VLAN.

EAPS


Adding Protected VLANs

You must add one or more protected VLANs to each EAPS domain. The protected VLANs are the data-carrying VLANs.

NoteWhen you configure a protected VLAN, the ring ports of the protected VLAN must be tagged(except in the case of the default VLAN).

For instructions on creating a VLAN, see VLANs.

• To configure a VLAN as an EAPS protected VLAN, use the following command:

configure eaps name add protected {vlan} vlan_name

Configuring the EAPS Domain Priority

The EAPS domain priority feature allows you to select the EAPS domains that are serviced first when abreak occurs in an EAPS ring. For example, you might set up a network topology with two or moredomains on the same physical ring, such as in spatial reuse. In this topology, you could configure onedomain as high priority and the others as normal priority. You would then add a small subset of thetotal protected VLANs to the high priority domain, and add the rest of the protected vlans to thenormal priority domain. The secondary port of the normal and high priority domains can be the same,or as is typically the case of spatial reuse, opposite. If a ring fault occurs in this topology, the protectedVLANs in the high priority domain are the first to recover.

• To configure the EAPS domain priority, use the following command:

configure eaps name priority {high | normal}

Defining the Switch Mode (Master or Transit)

We recommend keeping the loop protection warning messages enabled. If you have considerableknowledge and experience with EAPS, you might find the EAPS loop protection warning messagesunnecessary.

1 Configure the EAPS switch mode for a domain using the following command:

configure eaps name mode [master | transit]

One switch on the ring must be configured as the master node for the specified domain; all otherswitches on the same ring and domain are configured as transit nodes.

If you configure a switch to be a transit node for an EAPS domain, the default switch configurationdisplays the following message and prompts you to confirm the command:

WARNING: Make sure this specific EAPS domain has a Master node in the ring. If

you change this node from EAPS master to EAPS transit, you could cause a loop

in the network. Are you sure you want to change mode to transit? (y/n)

2 When prompted, do one of the following:

• Enter y to identify the switch as a transit node.

• Enter n or press [Return] to cancel the command.

For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.

EAPS


Configuring the Ring Ports

Each node on the ring connects to the ring through two ring ports. The ports that you choose on eachswitch should be tagged and added to the control VLAN and all protected VLANs. For information onadding tagged ports to a VLAN, see VLANs.

On the master node, one ring port must be configured as the primary port, and the other must beconfigured as the secondary port.

We recommend that you keep the loop protection warning messages enabled. If you have considerableknowledge and experience with EAPS, you might find the EAPS loop protection warning messagesunnecessary.

1 To configure a node port as primary or secondary, use the following command:

configure eaps name [primary | secondary] port ports

If you attempt to add an EAPS ring port to a VLAN that is not protected by EAPS, the default switchconfiguration prompts you to confirm the command with the following message:

Make sure <vlan_name> is protected by EAPS. Adding EAPS ring ports to a VLAN

could cause a loop in the network. Do you really want to add these ports (y/n)



• Enter n or press [Return] to cancel the command.

For information on configuring a VLAN for EAPS, see the following sections:

• Adding the EAPS Control VLAN on page 24

• Adding Protected VLANs on page 25


Configuring the Polling Timers and Timeout Action

The polling timers provide an alternate way to detect ring breaks. In a ring that uses only ExtremeNetworks switches, the master switch learns about a ring break by receiving a link-down PDU. Whenthe ring uses only Extreme networks switches, the polling timers are not needed and can remainconfigured for the default values.

In a ring that contains switches made by other companies, the polling timers provide an alternate wayto detect ring breaks. The master periodically sends hello PDUs at intervals determined by the helloPDU timer and waits for a reply. If a hello PDU reply is not received before the failtime timer expires, theswitch detects a failure and responds by either sending an alert or opening the secondary port. Theresponse action is defined by a configuration command.

• Set the polling timer values the master node uses for detecting ring failures.

configure eaps name hellotime seconds milliseconds

EAPS


configure eaps name failtime seconds milliseconds

NoteThese commands apply only to the master node. If you configure the polling timers for atransit node, they are ignored. If you later reconfigure that transit node as the masternode, the polling timer values are used as the current values.

Use the hellotime keyword and its associated parameters to specify the amount of time themaster node waits between transmissions of health check messages on the control VLAN. Thecombined value for seconds and milliseconds must be greater than 0. The default value is 1 second.

Use the failtime keyword and its associated parameters to specify the amount of time the masternode waits before the failtimer expires. The combined value for seconds and milliseconds must begreater than the configured value for hellotime. The default value is 3 seconds.

NoteIncreasing the failtime value increases the time it takes to detect a ring break using thepolling timers, but it can also reduce the possibility of incorrectly declaring a failure whenthe network is congested.

• Configure the action taken when a ring break is detected.

configure eaps name failtime expiry-action [open-secondary-port | send-alert]

Use the send-alert parameter to send an alert when the failtimer expires. Instead of going into a failed state, the master node remains in a Complete or Init state, maintains the secondary portblocking, and writes a critical error message to syslog warning the user that there is a fault in thering. An SNMP trap is also sent.

Use the open-secondary-port parameter to open the secondary port when the failtimerexpires.

Enabling and Disabling EAPS on the Switch


• To enable the EAPS function for the entire switch, use the following command:

enable eaps

• To disable the EAPS function for the entire switch, use the following command:

disable eaps

If you enter the command to disable EAPS, the default switch configuration displays the followingwarning message and prompts you to confirm the command:

WARNING: Disabling EAPS on the switch could cause a loop in the network! Are

you sure you want to disable EAPS? (y/n)

• When prompted, do one of the following:

a Enter y to disable EAPS for the entire switch.

b Enter n or press [Return] to cancel the command.

EAPS



Enabling and Disabling Fast Convergence

You can enable or disable fast convergence for the entire switch to improve EAPS convergence times.

NotePossible factors affecting EAPS fast convergence time:

• The medium type of the link being flapped (Fiber link-down events are detected fasterthan copper, causing better convergence).

• Number of VLANs protected by the EAPS domain (convergence time increases with thenumber of protected VLANs).

• Number of FDB entries present during the switch over (convergence time increases withthe number of FDBs learned).

• Topology change event (link down or link up) causes the master node to send an FDBflush to all transits. In the event ofa shared port failure, FDB is flushed twice, causing anincrease in convergence time.

• Number of hops between the switch where the link flap happens and the master node(convergence increases with the number of hops).

• To enable or disable fast convergence on the switch, use the following command:

configure eaps fast-convergence[off | on]

Enabling and Disabling an EAPS Domain


• To enable a specific EAPS domain, use the following command:

enable eaps {name}

• To disable a specific EAPS domain, use the following command:

disable eaps {name}

If you enter the disable eaps command, the default switch configuration displays the followingwarning message and prompts you to confirm the command:WARNING: Disabling specific EAPS domain could cause a loop in the network! Are

you sure you want to disable this specific EAPS domain? (y/n)

• When prompted, do one of the following:

a Enter y to disable EAPS for the specified domain.

b Enter n or press [Return] to cancel the command.


EAPS


Configuring EAPS Support for Multicast Traffic

The ExtremeXOS software provides several commands for configuring how EAPS supports multicasttraffic after an EAPS topology change.

Note

EAPS multicast flooding must be enabled before the add-ring-ports feature will operate. Forinformation on enabling EAPS multicast flooding, see the command:

configure eaps multicast temporary-flooding [on | off]

Unconfiguring an EAPS Ring Port

Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port toappear in the Idle state with a port status of Unknown. This occurs when you use the show eaps{eapsDomain} {detail} command to display the status information about the port.


1 To unconfigure an EAPS primary or secondary ring port for an EAPS domain, use the followingcommand:

unconfigure eaps eapsDomain [primary | secondary] port

To prevent loops in the network, the switch displays by default a warning message and promptsyou to unconfigure the specified EAPS primary or secondary ring port.


a Enter y to unconfigure the specified port.

b Enter n or press [Return] to cancel this action.

The following command example unconfigures this node’s EAPS primary ring port on thedomain “eaps_1”:

unconfigure eaps eaps_1 primary port

WARNING: Unconfiguring the Primary port from the EAPS domain could cause a

loop in The network! Are you sure you want to unconfigure the Primary EAPS

Port? (y/n)

3 Enter y to continue and unconfigure the EAPS primary ring port. Enter n to cancel this action.

The switch displays a similar warning message if you unconfigure the secondary EAPS port.


Disabling EAPS Loop Protection Warning Messages

The switch displays by default loop protection messages when configuring the following EAPSparameters:

• Adding EAPS primary or secondary ring ports to a VLAN

• Deleting a protected VLAN

EAPS


• Disabling the global EAPS setting on the switch

• Disabling an EAPS domain

• Configuring an EAPS domain as a transit node

• Unconfiguring EAPS primary or secondary ring ports from an EAPS domain

We recommend keeping the loop protection warning messages enabled. If you have considerableknowledge and experience with EAPS, you might find the EAPS loop protection warning messagesunnecessary. For example, if you use a script to configure your EAPS settings, disabling the warningmessages allows you to configure EAPS without replying to each interactive yes/no question.

• To disable loop protection messages, use the following command:

configure eaps config-warnings off

• To re-enable loop protection messages, use the following command:

configure eaps config-warnings on

Common Link Topology Configuration Tasks

To create a common link topology, you must configure the shared ports at each end of the commonlink.

EAPS Shared Port Configuration Rules

The following rules apply to EAPS shared port configurations:

• Each common link in the EAPS network must have a unique link ID, which is configured at theshared port at each end of the link.

• The shared port mode configured on each side of a common link must be different from the other;one must be a controller and one must be a partner.

• The controller and partner shared ports on either side of a common link must have the same

• link ID. The common link is established only when the shared ports at each end of the common linkhave the same link ID.

• There can be up to two shared ports per switch.

• There cannot be more than one controller on a switch.

Valid combinations on any one switch are:

• 1 controller

• 1 partner

EAPS


• 1 controller and 1 partner

• 2 partners

• A shared port cannot be configured on an EAPS master’s secondary port.

NoteWhen a common link fails, one of the segment ports becomes the active-open port, andall other segment ports are blocked to prevent a loop for the protected VLANs. For sometopologies, you can improve network performance during a common link failure byselecting the port numbers to which segments connect. For information on how theactive-open port is selected, see Common Link Fault Detection and Response.

Common Link Configuration Overview

To configure and enable a common link to serve multiple rings, do the following on the controller andpartner nodes:

1 Create a shared port for the common link as described in Creating and Deleting a Shared Port onpage 31.

2 Configure the shared port as either a controller or a partner as described in Defining the Mode of theShared Port on page 31.

3 Configure the link ID on the shared port as described in Configuring the Link ID of the Shared Porton page 32.

4 If desired, configure the polling timers and timeout action as described in Configuring the SharedPort Timers and Timeout Action on page 32.

This step can be configured at any time, even after the EAPS domains are running.

5 Configure EAPS on each ring as described in Single Ring Configuration Tasks on page 23.

Creating and Deleting a Shared Port

To configure a common link, you must create a shared port on each switch belonging to the commonlink.

• To create a shared port, use the following command:

create eaps shared-port ports

Where ports is the common link port.

NoteA switch can have a maximum of two shared ports.

• To delete a shared port on the switch, use the following command:

delete eaps shared-port ports

Defining the Mode of the Shared Port

The shared port on one end of the common link must be configured to be the controller. This is the endresponsible for blocking ports when the common link fails, thereby preventing the superloop.

EAPS


The shared port on the other end of the common link must be configured to be the partner. This enddoes not participate in any form of blocking. It is responsible for only sending and receiving health-check messages.

• To configure the mode of the shared port, use the following command:

configure eaps shared-port ports mode controller | partner

Configuring the Link ID of the Shared Port

Each common link in the EAPS network must have a unique link ID. The controller and partner sharedports that belong to the same common link must have matching link IDs. No other instance in thenetwork should have that link ID.

If you have multiple adjacent common links, we recommend that you configure the link IDs inascending order of adjacency. For example, if you have an EAPS configuration with three adjacentcommon links, moving from left to right of the topology, configure the link IDs from the lowest to thehighest value.

• To configure the link ID of the shared port, use the following command:

configure eaps shared-port ports link-id id

The link ID range is 1–65534.

Configuring the Shared Port Timers and Timeout Action

• To configure the shared port timers, use the following commands:

configure eaps shared-port port common-path-timers {[health-interval |

timeout] seconds}

configure eaps shared-port port segment-timers health-interval seconds

configure eaps shared-port port segment-timers timeout seconds

• To configure the time out action for segment timers, use the following command:

configure eaps shared-port port segment-timers expiry-action [segment-down |

send-alert]

Unconfiguring an EAPS Shared Port

• To unconfigure a link ID on a shared port, use the following command:

unconfigure eaps shared-port ports link-id

• To unconfigure the mode on a shared port, use the following command:

unconfigure eaps shared-port ports mode

• To delete a shared port, use the following command:


EAPS


Clearing the EAPS Counters

The EAPS counters continue to increment until you explicitly clear the information. By clearing thecounters, you can see fresh statistics for the time period you are monitoring.

• To clear the counters used by EAPS, use the following commands:

clear counters

clear eaps counters

Displaying EAPS Information

Displaying Single Ring Status and Configuration Information

• To display EAPS status and configuration information, use the following command:

show eaps {eapsDomain} {detail}

NoteYou might see a slightly different display, depending on whether you enter the commandon the master node or the transit node.

If you specify a domain with the optional eapsDomain parameter, the command displays statusinformation for a specific EAPS domain.

The display from the show eaps detail command shows all the information shown in the showeaps eapsDomain command for all configured EAPS domains.

Displaying Domain Counter Information

• To display EAPS counter information for one or all domains, use the following command:

show eaps counters [eapsDomain | global]

If you specify the name of an EAPS domain, the switch displays counter information related to onlythat domain.

If you specify the global keyword, the switch displays a list of the counter totals for all domains. Tosee the counters for a specific domain, you must specify the domain name.

NoteIf a PDU is received, processed, and consumed, only the Rx counter increments. If a PDU isforwarded in slow path, both the Rx counter and Fw counter increment.

EAPS


Displaying Common Link Status and Configuration Information

Each controller and partner node can display status and configuration information for the shared portor ports on the corresponding side of the common link.

• To display EAPS common link information, use the following command:

show eaps shared-port {port} {detail}

If you enter the show eaps shared-port command without an argument or keyword, thecommand displays a summary of status information for all configured EAPS shared ports on theswitch.

If you specify a shared port, the command displays information about that specific port.

You can use the detail keyword to display more detailed status information about the segmentsand VLANs associated with each shared port.

Displaying Common Link Counter Information

Each controller and partner node can display counter information for the shared port or ports throughwhich the switch connects to a common link.

• To display EAPS shared port counter information, use the following command:

show eaps counters shared-port [global | port {segment-port segport

{eapsDomain}}]

If you specify the global keyword, the switch displays a list of counters that show the totals for allshared ports together. To view the counters for a single shared port, enter the command with theport number.

If you specify a particular EAPS segment port, the switch displays counter information related toonly that segment port for the specified EAPS domain.

Configuration Examples

Migrating from STP to EAPS

This section explains how to migrate or reconfigure an existing STP network to an EAPS network.

NoteActual implementation steps on a production network may differ based on the physicaltopology, switch models, and software versions deployed.

The sample STP network is a simple two-switch topology connected with two Gigabit Ethernet trunklinks, which form a broadcast loop. Both Extreme Networks switches are configured for 802.1D modeSTP running on a single data VLAN named Data. The sample STP network for migration to EAPS isshown in the following figure.

EAPS


Figure 16: Sample STP Network for Migration to EAPS

Creating and Configuring the EAPS Domain

• The first step in the migration process is to create an EAPS Domain and configure the EAPS mode,then define the primary and secondary ports for the domain. Follow this step for both switches.Switch2 is configured as EAPS Master to ensure the same port blocking state is maintained as in theoriginal STP topology.

Switch 1 EAPS domain configuration:

* SWITCH#1.1 # create eaps new-eaps* SWITCH#1.2 # configure new-eaps mode transit* SWITCH#1.3 # configure new-eaps primary port 4:1* SWITCH#1.4 # configure new-eaps secondary port 4:2

Switch 2 EAPS domain configuration:

* SWITCH#2.1 # create eaps new-eaps* SWITCH#2.2 # configure new-eaps mode master* SWITCH#2.3 # configure new-eaps primary port 4:1* SWITCH#2.4 # configure new-eaps secondary port 4:2

Creating and Configuring the EAPS Control VLAN

1 You must create the EAPS control VLAN and configure the 802.1q tag and ring ports.

2 Configure the control VLANs as part of the EAPS domain. Do this for both switches.

Switch 1 control VLAN configuration:

* SWITCH#1.5 # create vlan control-1* SWITCH#1.6 # configure vlan control-1 tag 4001* SWITCH#1.8 # configure vlan control-1 add port 4:1,4:2 tagged* SWITCH#1.9 # configure eaps new-eaps add control vlan control-1

Switch 2 control VLAN configuration:

* SWITCH#2.5 # create vlan control-1* SWITCH#2.6 # configure vlan control-1 tag 4001* SWITCH#2.8 # configure vlan control-1 add port 4:1,4:2 tagged* SWITCH#2.9 # configure eaps new-eaps add control vlan control-1

Enabling EAPS and Verify EAPS Status

1 Enable the EAPS protocol and the EAPS domain.

EAPS


2 Confirm that the master node is in Complete state and its secondary port is blocking.

Switch 1 commands to enable EAPS and the domain:

* SWITCH#1.10 # enable eaps* SWITCH#1.11 # enable eaps new-eaps

Switch 2 commands to enable EAPS and verify status:

* SWITCH#2.10 # enable eaps* SWITCH#2.11 # enable eaps new-eaps* SWITCH#2.12 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OffEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------new-eaps Complete M Y 4:1 4:2 control-1 (4001) 0----------------------------------------------------------------------------

Configuring the STP Protected VLAN as an EAPS Protected VLAN

Configure the data VLAN (currently protected by STP as an untagged VLAN) as an EAPS protectedVLAN.

1 Assign an 802.1q tag to the data VLAN, as this might not be required with the previous STPconfiguration.

2 Next, the data VLAN is added to the EAPS domain as a protected VLAN.

3 Configure the VLAN port changes at the end to prevent any broadcast loop from forming duringthe transition from STP to EAPS protection.

A warning message is displayed on the CLI, but this can be ignored, as it is just a reminder that thering ports have not been added to the protected VLAN yet.

4 Change the port membership for the data VLAN from untagged to 802.1q tagged trunk ports.

Switch#2 commands to add EAPS protected VLAN and tagged ports:

* SWITCH#2.13 # configure vlan data tag 1000* SWITCH#2.14 # configure new-eaps add protect vlan dataWARNING: Primary port [4:1] is not tagged on vlan "data", EAPS="new-eaps"WARNING: Secondary port [4:2] is not tagged on vlan "data", EAPS="new-eaps"* SWITCH#2.15 # configure data add port 4:1,4:2 tagged

Switch#1 commands to add EAPS protected VLAN and tagged ports:

* SWITCH#1.13 # configure vlan data tag 1000* SWITCH#1.14 # configure new-eaps add protect vlan dataWARNING: Primary port [4:1] is not tagged on vlan "data", EAPS="new-eaps"

EAPS


WARNING: Secondary port [4:2] is not tagged on vlan "data", EAPS="new-eaps"* SWITCH#1.15 # configure data add port 4:1,4:2 tagged

Verifying the EAPS Blocking State for the Protected VLAN

• To ensure there is no potential for a broadcast storm, confirm that EAPS is successfully blocking theprotected VLAN, as shown in the following example:

* SWITCH#2.16 # show new-eapsName: new-eapsState: Complete Running: YesEnabled: Yes Mode: MasterPrimary port: 4:1 Port status: Up Tag status: TaggedSecondary port: 4:2 Port status: Blocked Tag status: TaggedHello timer interval: 1 sec 0 millisecFail timer interval: 3 secFail Timer expiry action: Send alertLast valid EAPS update: From Master Id 00:04:96:10:51:50, at Fri Sep 10 13:38:39 2004EAPS Domain’s Controller Vlan: control-1 4001EAPS Domain’s Protected Vlan(s): data 1000Number of Protected Vlans: 1

After you verify that EAPS is protecting the data VLAN, you can safely remove the STP configuration.

Verifying the STP Status and Disabling STP

Once you have successfully verified that EAPS has taken over loop prevention for the data VLAN, youno longer need the STP configuration.

Now, verify whether the data VLAN is removed from the STP domain, and then disable the STPprotocol.

Switch 2 commands to verify STP status and disable STP:

* SWITCH#2.17 # show stp s0Stpd: s0 Stp: ENABLED Number of Ports: 0Rapid Root Failover: DisabledOperational Mode: 802.1D Default Binding Mode: 802.1D802.1Q Tag: (none)Ports: (none)Participating Vlans: (none)Auto-bind Vlans: DefaultBridge Priority: 32768BridgeID: 80:00:00:04:96:10:51:50Designated root: 80:00:00:04:96:10:51:50RootPathCost: 0 Root Port: ----MaxAge: 20s HelloTime: 2s ForwardDelay: 15sCfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15sTopology Change Time: 35s Hold time: 1sTopology Change Detected: FALSE Topology Change: FALSENumber of Topology Changes: 4Time Since Last Topology Change: 1435s* SWITCH#2.18 # show s0 port

EAPS


Port Mode State Cost Flags Priority Port ID Designated Bridge* SWITCH#2.19 # disable stp

Switch 1 commands to verify STP status and disable STP:

* SWITCH#1.16 # show stp s0Stpd: s0 Stp: ENABLED Number of Ports: 0Rapid Root Failover: DisabledOperational Mode: 802.1D Default Binding Mode: 802.1D802.1Q Tag: (none)Ports: (none)Participating Vlans: (none)Auto-bind Vlans: DefaultBridge Priority: 1BridgeID: 00:01:00:04:96:10:30:10Designated root: 00:01:00:04:96:10:30:10RootPathCost: 0 Root Port: ----MaxAge: 20s HelloTime: 2s ForwardDelay: 15sCfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15sTopology Change Time: 35s Hold time: 1sTopology Change Detected: FALSE Topology Change: FALSENumber of Topology Changes: 2Time Since Last Topology Change: 11267s* SWITCH#1.17 # show stp s0 poPort Mode State Cost Flags Priority Port ID Designated Bridge* SWITCH#1.18 # disable stp s0* SWITCH#1.19 # disable stp

The network should now be successfully migrated from STP to EAPS.

Designing and Implementing a Highly Resilient Enterprise Network UsingEAPS

Network managers can design and employ a highly resilient end-to-end enterprise network using theExtreme Networks switching platform and the EAPS protocol as shown in the following figure.

EAPS


Figure 17: Extreme Networks EAPS Everywhere

EAPS can be used in the network edge to provide link resiliency for Ethernet and IP services in a partial-meshed design. In the aggregation layer, EAPS interconnects multiple edge and core domains. Whencombined with VRRP and OSPF in the aggregation layer, EAPS provides the foundation for highlyresilient IP routing by protecting against link and switch failures.

In the network core, EAPS is used with OSPF to provide a high-performance IP routing backbone withzero downtime or route flaps. Using EAPS and dual-homed server farms in the data center provideshigh availability for mission-critical server resources.

The collapsed core/aggregation layer and data center also make use of EAPS resilient ring topology toensure network availability to all critical sources.

EAPS


Designing and Configuring the Unified Access Layer

The unified access network layer makes use of EAPS in a partial-meshed ring topology for maximumresiliency. The edge of the network is the first point of entry for client devices such as PCs, servers, VoIPphones, wireless devices, and printers.

Utilizing EAPS and redundant uplink ports on edge switches increases network resiliency andavailability. Edge switches connect their primary and secondary uplink trunk ports to one or moreswitches in the aggregation network layer (as shown in the following figure). If the primary uplink portfails, traffic can use the alternate secondary uplink.

Figure 18: Converged Network Edge (Unified Access Layer)

In this sample network, each edge switch is configured with a unique EAPS domain and control VLAN.Protected VLANs can overlap across multiple EAPS domains, or remain local to their own domain.

By putting each edge switch and VLAN into a separate EAPS domain, you gain resiliency andmanagement benefits. First, any link or switch failures in one ring do not affect the other edge switches.Also, this type of modular design allows you to add edge switches easily without impacting other partsof the network. Troubleshooting becomes easier as the scope of failures can be quickly isolated to aspecific EAPS ring or switch.

This section describes how to design the access edge network switches as EAPS transit nodes toprovide Ethernet L2 connectivity services. In this example, upstream aggregation switches performLayer 3 (L3) inter-VLAN routing functions. Although not discussed in the scope of this section, the edgeswitches could also be configured with additional routing, QoS, WLAN, or security features.

EAPS


Creating and Configuring the EAPS Domain

• Create the EAPS domain, configure the switch as a transit node, and define the EAPS primary andsecondary ports as shown in the following example:

* Edge-Switch#1:1 # create eaps e1-domain* Edge-Switch#1:2 # configure eaps e1-domain mode transit* Edge-Switch#1:3 # configure eaps e1-domain primary port 49* Edge-Switch#1:4 # configure eaps e1-domain secondary port 50

Creating and Configuring the EAPS Control VLAN

1 Create the EAPS control VLAN and configure its 802.1q tag and ring ports.

2 Configure the control VLAN as part of the EAPS domain. The control VLAN only contains the EAPSprimary and secondary ports configured earlier. The following commands accomplish these tasks:

* Edge-Switch#1:5 # create vlan control-1* Edge-Switch#1:6 # configure vlan control-1 tag 4000* Edge-Switch#1:8 # configure vlan control-1 add port 49,50 tagged* Edge-Switch#1:9 # configure eaps e1-domain add control vlan control-1

Creating and Configuring EAPS Protected VLANs

1 Create at least one EAPS protected VLAN, and configure its 802.1q tag and ports.

2 Configure the protected VLAN as part of the EAPS domain.

The Protect VLAN contains the EAPS primary and secondary ports as tagged VLAN ports.Additional VLAN ports connected to client devices such as a PC could be untagged or tagged. Thefollowing commands accomplish these tasks and should be repeated for all additional protectedVLANs:

* Edge-Switch#1:10 # create vlan purple-1* Edge-Switch#1:11 # configure purple-1 tag 1* Edge-Switch#1:12 # configure purple-1 add port 49,50 tagged* Edge-Switch#1:13 # configure purple-1 add port 1 untagged* Edge-Switch#1:14 # configure eaps e1-domain add protect vlan purple-1

Enabling the EAPS Protocol and EAPS Domain

• Enable EAPS to run on the domain as shown in the following example:

* Edge-Switch#1:15 # enable eaps* Edge-Switch#1:16 # enable eaps e1-domain

Verifying the EAPS Configuration and Status

• The command in the following example allows you to verify that the EAPS configuration is correctand that the EAPS state is Links-Up.

Both ring ports must be plugged in to see the Links-Up state.

* Edge-Switch#1:17 # show eaps e1-domain detailName: "e1-domain" (instance=0) Priority: High

EAPS


State: Links-Up Running: YesEnabled: Yes Mode: TransitPrimary port: 49 Port status: Up Tag status: TaggedSecondary port: 50 Port status: Up Tag status: TaggedHello Timer interval: 1 sec 0 millisecFail Timer interval: 3 secPreforwarding Timer interval: 0 secLast valid EAPS update: From Master Id 00:04:96:10:51:50, at Sun Sep 5 23:20:10 2004EAPS Domain has following Controller Vlan:Vlan Name VID"control-1" 4000EAPS Domain has following Protected Vlan(s):Vlan Name VID"purple-1" 0001Number of Protected Vlans: 1

Designing and Configuring the Aggregation Layer

The network switches in the aggregation layer provide additional resiliency benefits.

In the following example, aggregation switches are typically deployed in pairs that protect againstsingle switch failures. Each aggregation switch is physically connected to all edge switches andparticipates in multiple EAPS domains. The aggregation switches can serve a different role within eachEAPS domain, with one switch acting as a transit node and the other as a master node.

EAPS


In this example, we have a common link with overlapping domains (and protected VLANs), whichincludes an EAPS controller and partner configuration. The result is a partial-mesh network design ofEAPS from the access edge to the aggregation layer (see the following figure).

Figure 19: L2 Aggregation

8800 8800

Network Layer

The aggregation switches are configured to act as multi-function EAPS nodes to provide L2connectivity services. After EAPS and L2 connectivity is configured, additional L3 routing configurationcan be added.

Using redundant aggregation switches helps protect against a single point of failure at the switch level,while EAPS domains provide fault isolation and minimize the impact that failures have on the network.With shared port configurations, the partial-mesh physical design is maintained without broadcastloops, regardless of where a failure might occur.

To configure the L2 aggregate switches, complete the tasks described in the following sections on allaggregate switches:

1 Create and configure the EAPS domains.

2 Create and configure the EAPS control VLANs.

EAPS


3 Create and configure the EAPS shared ports.

4 Enable the EAPS protocol and EAPS domain.

5 Create and configure the EAPS protected VLANs.

6 Verify the EAPS configuration and operating state.

Creating and Configuring the EAPS Domains

• Create the EAPS domains for each ring (one domain for one edge switch) and configure the EAPSmode.

Define the primary and secondary ports for each domain. In this example, however, the primary portis the same as the common link. One aggregation switch has EAPS mode configured as master andpartner, while the other aggregation switch is configured as transit and controller.

EAPS master node configuration:

* AGG-SWITCH#2.1 # create eaps e1-domain* AGG-SWITCH#2.2 # create eaps e2-domain* AGG-SWITCH#2.3 # create eaps e3-domain* AGG-SWITCH#2.4 # create eaps e4-domain* AGG-SWITCH#2.5 # configure eaps e1-domain mode master* AGG-SWITCH#2.6 # configure eaps e2-domain mode master* AGG-SWITCH#2.7 # configure eaps e3-domain mode master* AGG-SWITCH#2.8 # configure eaps e4-domain mode master* AGG-SWITCH#2.9 # configure eaps e1-domain primary port 2:1* AGG-SWITCH#2.10 # configure eaps e1-domain secondary port 1:1* AGG-SWITCH#2.11 # configure eaps e2-domain primary port 2:1* AGG-SWITCH#2.12 # configure eaps e2-domain secondary port 1:4* AGG-SWITCH#2.13 # configure eaps e3-domain primary port 2:1* AGG-SWITCH#2.14 # configure eaps e3-domain secondary port 3:1* AGG-SWITCH#2.15 # configure eaps e4-domain primary port 2:1* AGG-SWITCH#2.16 # configure eaps e4-domain secondary port 3:2

EAPS transit node configuration:

* AGG-SWITCH#1.1 # create eaps e1-domain* AGG-SWITCH#1.2 # create eaps e2-domain* AGG-SWITCH#1.3 # create eaps e3-domain* AGG-SWITCH#1.4 # create eaps e4-domain* AGG-SWITCH#1.5 # configure eaps e1-domain mode transit* AGG-SWITCH#1.6 # configure eaps e2-domain mode transit* AGG-SWITCH#1.7 # configure eaps e3-domain mode transit* AGG-SWITCH#1.8 # configure eaps e4-domain mode transit* AGG-SWITCH#1.9 # configure eaps e1-domain primary port 2:1* AGG-SWITCH#1.10 # configure eaps e1-domain secondary port 1:1* AGG-SWITCH#1.11 # configure eaps e2-domain primary port 2:1* AGG-SWITCH#1.12 # configure eaps e2-domain secondary port 1:4* AGG-SWITCH#1.13 # configure eaps e3-domain primary port 2:1* AGG-SWITCH#1.14 # configure eaps e3-domain secondary port 3:1* AGG-SWITCH#1.15 # configure eaps e4-domain primary port 2:1* AGG-SWITCH#1.16 # configure eaps e4-domain secondary port 3:2

EAPS


Creating and Configuring the EAPS Control VLANs

1 Create the EAPS control VLANs (one for each domain) and configure the 802.1q tag and ring portsfor each.

2 Configure the control VLANs as part of their respective EAPS domain.

The control VLAN only contains the EAPS primary and secondary ports configured earlier. Thefollowing commands are entered on both aggregate switches:

* AGG-SWITCH.17 # create vlan control-1* AGG-SWITCH.18 # create vlan control-2* AGG-SWITCH.19 # create vlan control-3* AGG-SWITCH.20 # create vlan control-4* AGG-SWITCH.21 # configure vlan control-1 tag 4001* AGG-SWITCH.22 # configure vlan control-2 tag 4002* AGG-SWITCH.23 # configure vlan control-3 tag 4003* AGG-SWITCH.24 # configure vlan control-4 tag 4004* AGG-SWITCH.29 # configure vlan control-1 add port 2:1,1:1 tagged* AGG-SWITCH.30 # configure vlan control-2 add port 2:1,1:4 tagged* AGG-SWITCH.31 # configure vlan control-3 add port 2:1,3:1 tagged* AGG-SWITCH.32 # configure vlan control-4 add port 2:1,3:2 tagged* AGG-SWITCH.33 # configure eaps e1-domain add control vlan control-1* AGG-SWITCH.34 # configure eaps e2-domain add control vlan control-2* AGG-SWITCH.35 # configure eaps e3-domain add control vlan control-3* AGG-SWITCH.36 # configure eaps e4-domain add control vlan control-4

Creating and Configuring the EAPS Shared Ports

• Create the EAPS shared ports, which are used to connect a common-link between the aggregateswitches.

On the first switch, define the shared port mode as partner, and define the link ID. Repeat this stepon the other aggregate switch, but configure the shared port mode as controller. The link IDmatches the value configured for the partner.

The following shows an example configuration for the partner:

* AGG-SWITCH#2.37 # create eaps shared-port 2:1* AGG-SWITCH#2.38 # configure eaps shared-port 2:1 mode partner* AGG-SWITCH#2.39 # configure eaps shared-port 2:1 link-id 21

Enabling the EAPS Protocol and EAPS Domain

• Enable the EAPS protocol on the switch, and enable EAPS to run on each domain created.

The following commands are entered on both aggregate switches.

* AGG-SWITCH.40 # enable eaps* AGG-SWITCH.41 # enable eaps e1-domain* AGG-SWITCH.42 # enable eaps e2-domain* AGG-SWITCH.43 # enable eaps e3-domain* AGG-SWITCH.44 # enable eaps e4-domain

Creating and Configuring the EAPS Protected VLANs

1 Create the EAPS protected VLANs for each domain.

EAPS


2 Configure an 802.1q tag and the ports for each protected VLAN.

3 Configure each protected VLAN as part of the EAPS domain.

Depending on the scope of the VLAN, it could be added to multiple EAPS domains. This type ofVLAN is referred to as an overlapping protected VLAN, and requires shared port configurations.

In this example, there is one overlapping protected VLAN, purple-1, while all other VLANs areisolated to a single EAPS domain (VLANs green-1, orange-1, and red-1). Protected VLANconfiguration, such as 802.1q tagging, must match on the edge switch. The commands in thefollowing example are entered on both aggregate switches.

This procedure can also be repeated for additional protected VLANs as needed:

* AGG-SWITCH.44 # create vlan purple-1* AGG-SWITCH.45 # create vlan green-1* AGG-SWITCH.46 # create vlan orange-1* AGG-SWITCH.47 # create vlan red-1* AGG-SWITCH.48 # configure purple-1 tag 1* AGG-SWITCH.49 # configure green-1 tag 2* AGG-SWITCH.50 # configure orange-1 tag 3* AGG-SWITCH.51 # configure red-1 tag 4* AGG-SWITCH.52 # configure eaps e1-domain add protect vlan purple-1* AGG-SWITCH.53 # configure eaps e2-domain add protect vlan purple-1* AGG-SWITCH.54 # configure eaps e3-domain add protect vlan purple-1* AGG-SWITCH.55 # configure eaps e4-domain add protect vlan purple-1* AGG-SWITCH.56 # configure eaps e2-domain add protect vlan green-1* AGG-SWITCH.57 # configure eaps e3-domain add protect vlan orange-1* AGG-SWITCH.58 # configure eaps e4-domain add protect vlan red-1* AGG-SWITCH.59 # configure vlan purple-1 add port 2:1,1:1,1:4,3:1,3:2 tagged* AGG-SWITCH.60 # configure vlan green-1 add port 2:1,1:4 tagged* AGG-SWITCH.61 # configure vlan orange-1 add port 2:1,3:1 tagged* AGG-SWITCH.62 # configure vlan red-1 add port 2:1,3:2 tagged

Verifying the EAPS Configuration and Operating State

1 When the configuration is complete, confirm that the EAPS domain and shared port configuration iscorrect.

2 Verify whether the EAPS state is Complete and the shared port status is Ready.

Both ring ports must be plugged in to see the Links-Up state. This verification is performed on bothaggregate switches.

EAPS master and partner node status verification example:

* AGG-SWITCH#2.63 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OffEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 4# EAPS domain configuration :----------------------------------------------------------------------------

EAPS


----Domain State Mo En Pri Sec Control-Vlan VID Count--------------------------------------------------------------------------------e1-domain Complete M Y 2:1 1:1 control-1 (4001) 1e2-domain Complete M Y 2:1 1:4 control-2 (4002) 2e3-domain Complete M Y 2:1 3:1 control-3 (4003) 2e4-domain Complete M Y 2:1 3:2 control-4 (4004) 2--------------------------------------------------------------------------------* AGG-SWITCH#2.64 # show eaps shared-portEAPS shared-port count: 1--------------------------------------------------------------------------------Link Domain Vlan RB RBShared-port Mode Id Up State count count Nbr State Id--------------------------------------------------------------------------------2:1 Partner 21 Y Ready 4 4 Yes None None--------------------------------------------------------------------------------

EAPS transit and controller node status verification example:

* AGG-SWITCH#1.63 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OffEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 4# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e1-domain Links-Up M Y 2:1 1:1 control-1 (4001) 1e2-domain Links-Up M Y 2:1 1:4 control-2 (4002) 2e3-domain Links-Up M Y 2:1 3:1 control-3 (4003) 2e4-domain Links-Up M Y 2:1 3:2 control-4 (4004) 2----------------------------------------------------------------------------* AGG-SWITCH#1.64 # show eaps shared-portEAPS shared-port count: 1----------------------------------------------------------------------------Link Domain Vlan RB RBShared-port Mode Id Up State count count Nbr State Id----------------------------------------------------------------------------2:1 Controller 21 Y Ready 4 4 Yes None None----------------------------------------------------------------------------

Designing and Configuring L3 Services on top of EAPS

This section explains how to run L3 routing services on top of EAPS as a foundation.

EAPS


In this example, OSPF is used as the dynamic IP routing protocol to communicate between differentVLANs. To provide redundancy at the router level, VRRP is used to protect against an aggregationswitch failure. VRRP allows one aggregation switch to route IP traffic, and if it fails the otheraggregation switch takes over the IP routing role. Each EAPS protected VLAN provides L3 connectivityto the clients by configuring IP addressing, OSPF routing, and VRRP on the aggregation switches.

Figure 20: L2 and L3 Aggregation Network Layer

IP routing is added to the design on the access network switches by configuring each EAPS protectedVLAN as an OSPF interface. Because these are broadcast OSPF interfaces, we need to specify aDesignated Router (DR) and Backup Designated Router (BDR). While the EAPS transit and controllernode is not blocking any ports, it is configured as the OSPF DR.

The EAPS master and partner node is then configured as the BDR. Similarly, the EAPS transit andcontroller node is also configured as the VRRP master, which provides L3 routing to the hosts. TheEAPS master and partner node is configured as the VRRP backup router for redundancy.

EAPS


Using redundant aggregation switches with VRRP protects against a single point of failure at the switchlevel. Client devices receive non-stop IP routing services in the event of link or aggregation switchfailure without any reconfiguration. OSPF provides fast convergence from any routing failures. EAPSprovides the resilient L2 foundation and minimizes the occurrence of routing interface flaps or droppedOSPF neighbor adjacencies.

To configure L3 on the aggregation switches, completed the tasks described in the following sections:

1 Configure OSPF on the EAPS protected VLANs.

2 Configure OSPF on the EAPS protected VLANs.

3 Configure VRRP on the EAPS protected VLANs.

4 Verify OSPF and VRRP configuration status.

Configuring IP Addresses on the EAPS Protected VLANs

Client host stations need the IP address configuration to match their protected VLANs. The edgeswitches do not require IP addresses, but this could optionally be done for management ortroubleshooting purposes.

The following example shows IP address configuration:

* AGG-SWITCH#1.1 # configure vlan green-1 ipaddress 172.16.1.1/24* AGG-SWITCH#1.2 # configure vlan purple-1 ipaddress 172.16.2.1/24* AGG-SWITCH#1.3 # configure vlan orange-1 ipaddress 172.16.3.1/24* AGG-SWITCH#1.4 # configure vlan red-1 ipaddress 172.16.4.1/24* AGG-SWITCH#2.1 # configure vlan green-1 ipaddress 172.16.1.2/24* AGG-SWITCH#2.2 # configure vlan purple-1 ipaddress 172.16.2.2/24* AGG-SWITCH#2.3 # configure vlan orange-1 ipaddress 172.16.3.2/24* AGG-SWITCH#2.4 # configure vlan red-1 ipaddress 172.16.4.2/24

Configuring OSPF on the EAPS Protected VLANs

Because OSPF broadcast networks are being used, configure the DR and BDR for each VLAN.Configure the EAPS transit and controller as the DR by using a higher OSPF priority value since it is notperforming L2 blocking. The EAPS master and partner switch is configured as the BDR. In this example,all edge EAPS protected VLANs are placed in the OSPF backbone area, but another OSPF area couldbe created if desired.

Example OSPF DR configuration:

* AGG-SWITCH#1.5 # enable ipforwarding vlan green-1* AGG-SWITCH#1.6 # enable ipforwarding vlan purple-1* AGG-SWITCH#1.7 # enable ipforwarding vlan orange-1* AGG-SWITCH#1.8 # enable ipforwarding vlan red-1* AGG-SWITCH#1.9 # configure ospf routerid 172.16.1.1* AGG-SWITCH#1.10 # configure ospf add vlan green-1 area 0.0.0.0* AGG-SWITCH#1.11 # configure ospf add vlan purple-1 area 0.0.0.0* AGG-SWITCH#1.12 # configure ospf add vlan orange-1 area 0.0.0.0* AGG-SWITCH#1.13 # configure ospf add vlan red-1 area 0.0.0.0* AGG-SWITCH#1.14 # configure ospf vlan green-1 priority 110* AGG-SWITCH#1.15 # configure ospf vlan purple-1 priority 110* AGG-SWITCH#1.16 # configure ospf vlan orange-1 priority 110

EAPS


* AGG-SWITCH#1.17 # configure ospf vlan red-1 priority 110* AGG-SWITCH#1.18 # enable ospf

Example OSPF BDR configuration:

* AGG-SWITCH#2.5 # enable ipforwarding vlan green-1* AGG-SWITCH#2.6 # enable ipforwarding vlan purple-1* AGG-SWITCH#2.7 # enable ipforwarding vlan orange-1* AGG-SWITCH#2.8 # enable ipforwarding vlan red-1* AGG-SWITCH#2.9 # configure ospf routerid 172.16.1.2* AGG-SWITCH#2.10 # configure ospf add vlan green-1 area 0.0.0.0* AGG-SWITCH#2.11 # configure ospf add vlan purple-1 area 0.0.0.0* AGG-SWITCH#2.12 # configure ospf add vlan orange-1 area 0.0.0.0* AGG-SWITCH#2.13 # configure ospf add vlan red-1 area 0.0.0.0* AGG-SWITCH#2.14 # configure ospf vlan green-1 priority 100* AGG-SWITCH#2.15 # configure ospf vlan purple-1 priority 100* AGG-SWITCH#2.16 # configure ospf vlan orange-1 priority 100* AGG-SWITCH#2.17 # configure ospf vlan red-1 priority 100* AGG-SWITCH#2.18 # enable ospf

Configuring VRRP on the EAPS Protected VLANs

The VRRP virtual router is configured with the virtual IP address of 172.16.x.254 for each VLAN(example VLAN green-1 = 172.16.1.254). The VRRP virtual router IP address is configured as the defaultgateway of each client machine. Since it is not performing L2 blocking, configure the EAPS transit andcontroller as VRRP master router by using a higher priority value. The EAPS master and partner switchis configured as the VRRP backup router.

Example VRRP master router configuration:

* AGG-SWITCH#1.19 # create vrrp vlan green-1 vrid 1* AGG-SWITCH#1.20 # configure vrrp vlan green-1 vrid 1 priority 110* AGG-SWITCH#1.21 # configure vrrp vlan green-1 vrid 1 add 172.16.1.254* AGG-SWITCH#1.22 # enable vrrp vlan green-1 vrid 1* AGG-SWITCH#1.23 # create vrrp vlan purple-1 vrid 1* AGG-SWITCH#1.24 # configure vrrp vlan purple-1 vrid 1 priority 110* AGG-SWITCH#1.25 # configure vrrp vlan purple-1 vrid 1 add 172.16.2.254* AGG-SWITCH#1.26 # enable vrrp vlan purple-1 vrid 1* AGG-SWITCH#1.27 # create vrrp vlan orange-1 vrid 1* AGG-SWITCH#1.28 # configure vrrp vlan orange-1 vrid 1 priority 110* AGG-SWITCH#1.29 # configure vrrp vlan orange-1 vrid 1 add 172.16.3.254* AGG-SWITCH#1.30 # enable vrrp vlan orange-1 vrid 1* AGG-SWITCH#1.31 # create vrrp vlan red-1 vrid 1* AGG-SWITCH#1.32 # configure vrrp vlan red-1 vrid 1 priority 110* AGG-SWITCH#1.33 # configure vrrp vlan red-1 vrid 1 add 172.16.4.254* AGG-SWITCH#1.34 # enable vrrp vlan red-1 vrid 1

Example VRRP backup router configuration:

* AGG-SWITCH#2.19 # create vrrp vlan green-1 vrid 1* AGG-SWITCH#2.20 # configure vrrp vlan green-1 vrid 1 priority 100* AGG-SWITCH#2.21 # configure vrrp vlan green-1 vrid 1 add 172.16.1.254* AGG-SWITCH#2.22 # enable vrrp vlan green-1 vrid 1* AGG-SWITCH#2.23 # create vrrp vlan purple-1 vrid 1

EAPS


* AGG-SWITCH#2.24 # configure vrrp vlan purple-1 vrid 1 priority 100* AGG-SWITCH#2.25 # configure vrrp vlan purple-1 vrid 1 add 172.16.2.254* AGG-SWITCH#2.26 # enable vrrp vlan purple-1 vrid 1* AGG-SWITCH#2.27 # create vrrp vlan orange-1 vrid 1* AGG-SWITCH#2.28 # configure vrrp vlan orange-1 vrid 1 priority 100* AGG-SWITCH#2.29 # configure vrrp vlan orange-1 vrid 1 add 172.16.3.254* AGG-SWITCH#2.30 # enable vrrp vlan orange-1 vrid 1* AGG-SWITCH#2.31 # create vrrp vlan red-1 vrid 1* AGG-SWITCH#2.32 # configure vrrp vlan red-1 vrid 1 priority 100* AGG-SWITCH#2.33 # configure vrrp vlan red-1 vrid 1 add 172.16.4.254* AGG-SWITCH#2.34 # enable vrrp vlan red-1 vrid 1

Verifying OSPF and VRRP Configuration Status

1 Verify the OSPF neighbor adjacencies are established and that the DR and BDR status is correct.

2 Verify that the VRRP virtual router is running and the VRRP master/backup status is correct.OSPF and VRRP verification example:

* AGG-SWITCH#1.35 # show ospf neighborNeighbor ID Pri State Up/Dead Time Address Interface172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.3.2 orange-1172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.4.2 red-1172.16.1.2 100 FULL /BDR 00:17:54:17/00:00:00:03 172.16.1.2 green-1172.16.1.2 100 FULL /BDR 00:17:54:07/00:00:00:03 172.16.2.2 purple-1* AGG-SWITCH#1.36 # show vrrpVLAN Name VRID Pri Virtual IP Addr State Master Mac Address TP/TR/TV/P/Tgreen-1(En) 0001 110 172.16.1.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1purple-(En) 0001 110 172.16.2.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1orange-(En) 0001 110 172.16.3.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1red-1(En) 0001 110 172.16.4.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-PreemptTP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs* AGG-SWITCH#2.35 # show ospf neighborNeighbor ID Pri State Up/Dead Time Address Interface172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.3.1 orange-1172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.4.1 red-1172.16.1.1 110 FULL /DR 00:17:54:17/00:00:00:03 172.16.1.1 green-1172.16.1.1 110 FULL /DR 00:17:54:07/00:00:00:03 172.16.2.1 purple-1* AGG-SWITCH#2.36 # show vrrpVLAN Name VRID Pri Virtual IP Addr State Master Mac Address TP/TR/TV/P/Tgreen-1(En) 0001 100 172.16.1.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1purple-(En) 0001 100 172.16.2.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1orange-(En) 0001 100 172.16.3.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1red-1(En) 0001 100 172.16.4.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-PreemptTP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs

Designing and Configuring the Core Layer with EAPS

The core switches provide high performance backbone routing between the edge, aggregation, datacenter, and external Internet networks.

An additional high availability backbone ring is built that combines EAPS and OSPF. Using EAPS andOSPF together increases the stability of IP routing tables. Since EAPS provides 50-millisecondconvergence for link failures, OSPF adjacencies do not flap. In this example, the backbone ring is

EAPS


formed by adding two core L2/L3 switches and connecting them to the two existing aggregationswitches. The core switches also provide routing to the Internet using BGP (see the following figure).

Figure 21: Core EAPS and OSPF Network Layer

Using redundant core switches protects against a single point of failure at the switch level. OSPFprovides fast convergence from any routing failures. EAPS provides the resilient L2 foundation andminimizes the occurrence of routing interface flaps or dropped OSPF neighbor adjacencies. CombiningEAPS and OSPF provides the highest level of network resiliency and routing stability.

Configuring the core switches requires a new EAPS domain with a single EAPS protected VLAN withOSPF forming the backbone IP network. Additional configuration is needed on the aggregationswitches to connect them to the backbone EAPS and OSPF ring. Since the steps are similar to previousconfiguration examples, the L2 (EAPS) and L3 (OSPF) configurations are combined. Since the BGPconfiguration is independent of EAPS configuration, BGP configuration is not discussed here.

To configure backbone connectivity on the core and aggregation switches, complete the tasksdescribed in the following sections:

1 Create and configure the backbone EAPS domain.

2 Create and configure the backbone EAPS protected VLANs.

EAPS


3 Configure an IP address and OSPF on the backbone VLAN.

4 Verify EAPS and OSPF configuration status.

Creating and Configuring the Backbone EAPS Domain

1 Create the backbone EAPS domains and configure the EAPS mode.

2 Define the primary and secondary ports for each domain.Configure on both core and aggregation switches.

Core-Switch 1 EAPS configuration:

* CORE-SWITCH#1.1 # create eaps e5-domain* CORE-SWITCH#1.2 # configure eaps e5-domain mode transit* CORE-SWITCH#1.3 # configure eaps e5-domain primary port 2:1* CORE-SWITCH#1.4 # configure eaps e5-domain secondary port 2:4

Core-Switch 2 EAPS configuration:

* CORE-SWITCH#2.1 # create eaps e5-domain* CORE-SWITCH#2.2 # configure eaps e5-domain mode master* CORE-SWITCH#2.3 # configure eaps e5-domain primary port 2:1* CORE-SWITCH#2.4 # configure eaps e5-domain secondary port 2:4

Agg-Switch 1 EAPS configuration:

* AGG-SWITCH#1.1 # create eaps e5-domain* AGG-SWITCH#1.2 # configure eaps e5-domain mode transit* AGG-SWITCH#1.3 # configure eaps e5-domain primary port 2:1* AGG-SWITCH#1.4 # configure eaps e5-domain secondary port 2:4

Agg-Switch 2 EAPS configuration:

* AGG-SWITCH#2.1 # create eaps e5-domain* AGG-SWITCH#2.2 # configure eaps e5-domain mode transit* AGG-SWITCH#2.3 # configure eaps e5-domain primary port 2:1* AGG-SWITCH#2.4 # configure eaps e5-domain secondary port 2:4

Creating and Configuring the Backbone EAPS Control VLAN

1 Create the EAPS control VLAN and configure its 802.1q tag, and ring ports.

2 Configure the control VLANs as part of the backbone EAPS domain. Enable EAPS and the backboneEAPS domain. Configure on both core and aggregation switches (EAPS is already enabled onaggregation switches).Core-Switch#1 control VLAN configuration:

* CORE-SWITCH#1.1 # create vlan control-5* CORE-SWITCH#1.2 # configure vlan control-5 tag 4005* CORE-SWITCH#1.4 # configure vlan control-5 add port 2:1,2:4 tagged* CORE-SWITCH#1.5 # configure eaps e5-domain add control vlan control-5* CORE-SWITCH#1.6 # enable eaps* CORE-SWITCH#1.7 # enable eaps e5-domain

Core-Switch#2 control VLAN configuration:

* CORE-SWITCH#2.1 # create vlan control-5* CORE-SWITCH#2.2 # configure vlan control-5 tag 4005

EAPS


* CORE-SWITCH#2.4 # configure vlan control-5 add port 2:1,2:4 tagged* CORE-SWITCH#2.5 # configure eaps e5-domain add control vlan control-5* CORE-SWITCH#2.6 # enable eaps* CORE-SWITCH#2.7 # enable eaps e5-domain

Agg-Switch#1 control VLAN configuration:

* AGG-SWITCH#1.1 # create vlan control-5* AGG-SWITCH#1.2 # configure vlan control-5 tag 4005* AGG-SWITCH#1.4 # configure vlan control-5 add port 2:4,2:6 tagged* AGG-SWITCH#1.5 # configure eaps e5-domain add control vlan control-5* AGG-SWITCH#1.6 # enable eaps e5-domain

Agg-Switch#2 control VLAN configuration:

* AGG-SWITCH#2.1 # create vlan control-5* AGG-SWITCH#2.2 # configure vlan control-5 tag 4005* AGG-SWITCH#2.4 # configure vlan control-5 add port 2:4,2:6 tagged* AGG-SWITCH#2.5 # configure eaps e5-domain add control vlan control-5* AGG-SWITCH#1.6 # enable eaps e5-domain

Creating and Configuring the Backbone EAPS Protected VLANs

1 Create the EAPS protected VLAN for the backbone domain.

2 Configure the 802.1q tag and ports for the protected VLANs.

Because this VLAN is only used for transit routing, there are no other ports besides the ring ports.

3 Configure the protected VLAN as part of the EAPS domain. Do this configuration on both the coreand aggregate switches.

Core-Switch#1 protected VLAN configuration:

* CORE-SWITCH#1.8 # create vlan backbone* CORE-SWITCH#1.9 # configure vlan backbone tag 3000* CORE-SWITCH#1.10 # configure vlan backbone add port 2:1,2:4 tagged* CORE-SWITCH#1.11 # configure eaps e5-domain add protect vlan backbone


* CORE-SWITCH#2.8 # create vlan backbone* CORE-SWITCH#2.9 # configure vlan backbone tag 3000* CORE-SWITCH#2.10 # configure vlan backbone add port 2:1,2:4 tagged* CORE-SWITCH#2.11 # configure eaps e5-domain add protect vlan backbone

Agg-Switch#1 protected VLAN configuration:

* AGG-SWITCH#1.7 # create vlan backbone* AGG-SWITCH#1.8 # configure vlan backbone tag 3000* AGG-SWITCH#1.9 # configure vlan backbone add port 2:4,2:6 tagged* AGG-SWITCH#1.10 # configure eaps e5-domain add protect vlan backbone

EAPS


Agg-Switch#2 protected VLAN configuration:

* AGG-SWITCH#2.7 # create vlan backbone* AGG-SWITCH#2.8 # configure vlan backbone tag 3000* AGG-SWITCH#2.9 # configure vlan backbone add port 2:4,2:6 tagged* AGG-SWITCH#2.10 # configure eaps e5-domain add protect vlan backbone

Configuring an IP Address and OSPF on the Backbone VLAN

1 Configure an IP address and enable IP forwarding (routing) on the backbone protected VLAN.

2 OSPF is configured and because an OSPF broadcast network is used, configure the designatedrouter and backup designated router for each VLAN.

Since it is not performing L2 blocking, configure the EAPS transit core switch as the DR by using ahigher OSPF priority value. The EAPS master core switch is configured as the BDR. The aggregationtransit switches need not perform DR/BDR duties for the backbone VLAN, so their OSPF priority isconfigured at 0 to force ODR behavior.

Core-Switch#1 OSPF configuration:

* CORE-SWITCH#1.12 # configure vlan backbone ipaddress 192.168.1.1/24* CORE-SWITCH#1.13 # enable ipforwarding vlan backbone* CORE-SWITCH#1.14 # configure ospf routerid 192.168.1.1* CORE-SWITCH#1.15 # configure ospf add vlan backbone area 0.0.0.0* CORE-SWITCH#1.16 # configure ospf vlan backbone priority 110* CORE-SWITCH#1.17 # enable ospf


* CORE-SWITCH#2.12 # configure vlan backbone ipaddress 192.168.1.2/24* CORE-SWITCH#2.13 # enable ipforwarding vlan backbone* CORE-SWITCH#2.14 # configure ospf routerid 192.168.1.2* CORE-SWITCH#2.15 # configure ospf add vlan backbone area 0.0.0.0* CORE-SWITCH#2.16 # configure ospf vlan backbone priority 100* CORE-SWITCH#2.17 # enable ospf

Agg-Switch#1 OSPF configuration:

* AGG-SWITCH#1.11 # configure vlan backbone ipaddress 192.168.1.3/24* AGG-SWITCH#1.12 # enable ipforwarding vlan backbone* AGG-SWITCH#1.13 # configure ospf add vlan backbone area 0.0.0.0* AGG-SWITCH#1.14 # configure ospf vlan backbone priority 0

Agg-Switch#2 OSPF configuration:

* AGG-SWITCH#2.11 # configure vlan backbone ipaddress 192.168.1.4/24* AGG-SWITCH#2.12 # enable ipforwarding vlan backbone* AGG-SWITCH#2.13 # configure ospf add vlan backbone area 0.0.0.0* AGG-SWITCH#2.14 # configure ospf vlan backbone priority 0

Verifying EAPS and OSPF Configuration Status

1 Verify that the backbone EAPS domain and OSPF configuration is correct.

EAPS


2 Confirm that the OSPF neighbor adjacencies and DR/BDR/ODR status are correct. Verify this statuson both aggregate switches.

Core-Switch#1 EAPS and OSPF status example:

* CORE-SWITCH#1.18 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e5-domain Links-Up T Y 2:1 2:4 control-5 (4005) 1----------------------------------------------------------------------------* CORE-SWITCH#1.19 # show ospf neighborNeighbor ID Pri State Up/Dead Time Address Interface192.168.1.3 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.3 backbone192.168.1.4 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.4 backbone 192.168.1.2 100 FULL /BDR 00:05:23:17/00:00:00:09 192.168.1.2 backbone

Core-Switch#2 EAPS and OSPF status example:

* CORE-SWITCH#2.18 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :--------------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count--------------------------------------------------------------------------------e5-domain Complete T Y 2:1 2:4 control-5 (4005) 1--------------------------------------------------------------------------------* CORE-SWITCH#2.19 # show ospf neighborNeighbor ID Pri State Up/Dead Time Address Interface192.168.1.3 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.3 backbone192.168.1.4 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.4 backbone 192.168.1.1 110 FULL /DR 00:05:23:17/00:00:00:09 192.168.1.1 backbone

Agg-Switch#1 EAPS and OSPF status example:

* AGG-SWITCH#1.15 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: On

EAPS


EAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 5# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e1-domain Links-Up T Y 1:1 2:1 control-1 (4001) 2e2-domain Links-Up T Y 1:4 2:1 control-2 (4002) 2e3-domain Links-Up T Y 3:1 2:1 control-3 (4003) 2e4-domain Links-Up T Y 3:2 2:1 control-4 (4004) 2e5-domain Links-Up T Y 2:4 2:6 control-5 (4005) 1----------------------------------------------------------------------------* AGG-SWITCH#1.16 # show ospf neighborNeighbor ID Pri State Up/Dead Time Address Interface192.168.1.1 110 FULL /DR 00:00:28:51/00:00:00:01 192.168.1.1 backbone 192.168.1.2 100 FULL /BDR 00:00:28:51/00:00:00:01 192.168.1.2 backbone192.168.1.4 0 2WAY /DROTHER00:05:45:40/00:00:00:03 192.168.1.4 backbone172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.3.2 orange-1172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.4.2 red-1172.16.1.2 100 FULL /BDR 00:17:54:17/00:00:00:03 172.16.1.2 green-1172.16.1.2 100 FULL /BDR 00:17:54:07/00:00:00:03 172.16.2.2 purple-1

Agg-Switch#2 EAPS and OSPF status example:

* AGG-SWITCH#2.15 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 5# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e1-domain Complete M Y 2:1 1:1 control-1 (4001) 2e2-domain Complete M Y 2:1 1:4 control-2 (4002) 2e3-domain Complete M Y 2:1 3:1 control-3 (4003) 2e4-domain Complete M Y 2:1 3:2 control-4 (4004) 2e5-domain Links-Up T Y 2:4 2:6 control-5 (4005) 1----------------------------------------------------------------------------* AGG-SWITCH#2.16 # show ospf neighborInterface192.168.1.1 110 FULL /DR 00:00:28:51/00:00:00:01 192.168.1.1 backbone192.168.1.2 100 FULL /BDR 00:00:28:51/00:00:00:01 192.168.1.2 backbone192.168.1.3 0 2WAY /DROTHER00:05:45:40/00:00:00:03 192.168.1.3 backbone172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.3.1 orange-1172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.4.1 red-1172.16.1.1 110 FULL /DR 00:17:54:17/00:00:00:03 172.16.1.1 green-1172.16.1.1 110 FULL /DR 00:17:54:07/00:00:00:03 172.16.2.1 purple-1

EAPS


Designing and Configuring the Data Center Switches with EAPS

Building from the network core, you can expand the network with additional EAPS rings to provideresiliency to mission-critical server farms.

The core switches provide high performance backbone routing between the data center and the rest ofthe network, which includes both internal and external (Internet) destinations. The core switch acts asthe EAPS master node for each ring, while the data center switches act as EAPS transit nodes tocomplete the ring. The core switch also acts as the OSPF routing node to provide gateway routingfunctionality to the server-farms. For an additional level of resiliency, each server is dual-homed (dualattached) to both EAPS transit L2 switches. Even if a switch or link fails, the servers are available.

The network design and configuration is similar to the edge and aggregation EAPS and OSPF layers.The modular approach is simple and scalable, and allows additional data center rings to be added toprovide room for growth. In our example, server-farms are isolated into separate categories such asexternal and internal service groups, which yield additional security and resiliency benefits.

To configure the data center switches, you need a new EAPS domain with a single EAPS protectedVLAN to form the server-farm network. In this example, two data center switches are configured asEAPS transit nodes (L2 switch only) and attach to the existing core switch acting as the EAPS master.Each server in the server-farm is dual-homed to both EAPS transit switches in the data center foradditional physical resiliency. IP routing functionality is performed by the core switch via OSPF, whichprovides L3 connectivity to the rest of the network.

Figure 22: Data Center EAPS and OSPF Network Layer

To configure data center connectivity, complete the tasks described in the following sections:

EAPS


1 Create and configure the data center EAPS domain.

2 Create and configure the data center EAPS Control VLAN.

3 Create and configure the data center EAPS protected VLANs.

4 Configure an IP address and OSPF on the backbone VLAN.

5 Verify EAPS and OSPF configuration status.

Creating and Configuring the Data Center EAPS Domain

Create the backbone EAPS domains, configure the EAPS mode, and define the primary andsecondary ports for each domain. Do this configuration on both core and aggregation switches.

Core-Switch#1 EAPS configuration:

* CORE-SWITCH#1.1 # create eaps e6-domain* CORE-SWITCH#1.2 # configure eaps e6-domain mode master* CORE-SWITCH#1.3 # configure eaps e6-domain primary port 4:1* CORE-SWITCH#1.4 # configure eaps e6-domain secondary port 4:2

Data center-Switch#1 EAPS configuration:

* DC-SWITCH#1.1 # create eaps e6-domain* DC-SWITCH#1.2 # configure eaps e6-domain mode transit* DC-SWITCH#1.3 # configure eaps e6-domain primary port 49* DC-SWITCH#1.4 # configure eaps e6-domain secondary port 50

Datacenter -Switch#2 EAPS configuration:

* DC-SWITCH#2.1 # create eaps e6-domain* DC-SWITCH#2.2 # configure eaps e6-domain mode transit* DC-SWITCH#2.3 # configure eaps e6-domain primary port 49* DC-SWITCH#2.4 # configure eaps e6-domain secondary port 50

Creating and Configuring the Data Center EAPS Control VLAN

1 Create the EAPS control VLAN and configure its 802.1q tag, and ring ports.

2 Configure the control VLANs as part of the data center EAPS domain. Enable EAPS and the datacenter EAPS domain. You need to do this configuration on the core and data center L2 switches.

Core-Switch#1 control VLAN configuration:

* CORE-SWITCH#1.1 # create vlan control-6* CORE-SWITCH#1.2 # configure vlan control-6 tag 4006* CORE-SWITCH#1.4 # configure vlan control-6 add port 4:1,4:2 tagged* CORE-SWITCH#1.5 # configure eaps e5-domain add control vlan control-6* CORE-SWITCH#1.6 # enable eaps e6-domain

Data center-Switch#1 control VLAN configuration:

* DC-SWITCH#1.1 # create vlan control-6* DC-SWITCH#1.2 # configure vlan control-6 tag 4006* DC-SWITCH#1.4 # configure vlan control-6 add port 49,50 tagged* DC-SWITCH#1.5 # configure eaps e6-domain add control vlan control-6

EAPS


* DC-SWITCH#1.6 # enable eaps* DC-SWITCH#1.7 # enable eaps e6-domain

Dat acenter-Switch#2 control VLAN configuration:

* DC-SWITCH#2.1 # create vlan control-6* DC-SWITCH#2.2 # configure vlan control-6 tag 4006* DC-SWITCH#2.4 # configure vlan control-6 add port 49,50 tagged* DC-SWITCH#2.5 # configure eaps e6-domain add control vlan control-6* DC-SWITCH#2.6 # enable eaps* DC-SWITCH#2.7 # enable eaps e6-domain

Create and Configure the Data Center EAPS Protected VLANs

1 Create the EAPS protected VLAN for the data center domain.

2 Configure the 802.1q tag and ports for the protected VLANs.

Because each server is dual-homed to each data center switch, add a VLAN port on each switch foreach server.

3 Configure the protected VLAN as part of the EAPS domain. Do this configuration on the core anddata center switches.


* CORE-SWITCH#1.7 # create vlan srvfarm-1* CORE-SWITCH#1.8 # configure vlan srvfarm-1 tag 1000* CORE-SWITCH#1.9 # configure vlan srvfarm-1 add port 4:1,4:2 tagged* CORE-SWITCH#1.10 # configure eaps e6-domain add protect vlan srvfarm-1

Data center-Switch#1 protected VLAN configuration:

* DC-SWITCH#1.8 # create vlan srvfarm-1* DC-SWITCH#1.9 # configure vlan srvfarm-1 tag 1000* DC-SWITCH#1.10 # configure vlan srvfarm-1 add port 49,50 tagged* DC-SWITCH#1.11 # configure vlan srvfarm-1 add port 1 untagged* DC-SWITCH#1.12 # configure eaps e5-domain add protect vlan srvfarm-1

Data center-Switch#2 protected VLAN configuration:

* DC-SWITCH#2.8 # create vlan srvfarm-1* DC-SWITCH#2.9 # configure vlan srvfarm-1 tag 1000* DC-SWITCH#2.10 # configure vlan srvfarm-1 add port 49,50 tagged* DC-SWITCH#2.11 # configure vlan srvfarm-1 add port 1 untagged* DC-SWITCH#2.12 # configure eaps e5-domain add protect vlan srvfarm-1

Configuring an IP Address and OSPF on the Backbone VLAN

Configure an IP address and enable IP forwarding (routing) on the data center protected VLAN.

This step is only performed on the core switch. Servers are configured accordingly with the coreswitch IP address as their default gateway. Since there are no additional routers on this VLAN,configure it as an OSPF passive interface. In this example, the data center VLAN is placed on thebackbone OSPF area, but additional OSPF areas can be configured if needed.

EAPS



* CORE-SWITCH#1.11 # configure vlan srvfarm-1 ipaddress 10.10.10.10/24* CORE-SWITCH#1.12 # enable ipforwarding vlan srvfarm-1* CORE-SWITCH#1.13 # configure ospf add vlan srvfarm-1 area 0.0.0.0 passive

Verifying EAPS and OSPF Configuration Status

1 Verify that the data center EAPS domain and OSPF configuration is correct.

2 Verify whether the data center subnet is advertised to other routers through OSPF.

Core-Switch#2 route verification example:

* CORE-SWITCH#2.1 # show iproute 10.10.10.0/24Ori Destination Gateway Mtr Flags VLAN Duration#oa 10.10.10.0/24 192.168.1.1 6 UG-D---um--f backbone 0d:0h:25m:5sOrigin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown(*) Preferred unicast route (@) Preferred multicast route(#) Preferred unicast and multicast routeFlags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route(L) Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast(P) LPM-routing, (R) Modified, (S) Static, (s) Static LSP(T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up(f) Provided to FIB (c) Compressed RouteMask distribution:1 routes at length 16 1 routes at length 24Route Origin distribution:1 routes from OSPFIntra 1 routes from OSPFExt1Total number of routes = 2Total number of compressed routes = 0

Core-Switch#1 EAPS status:

* CORE-SWITCH#1.14 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 2# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e5-domain Links-Up T Y 2:1 2:4 control-5 (4005) 1

EAPS


e6-domain Complete T Y 4:1 4:2 control-6 (4006) 1----------------------------------------------------------------------------

Data center-Switch#1 EAPS status:

* DC-SWITCH#1.15 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e6-domain Links-Up T Y 49 50 control-6 (4006) 1----------------------------------------------------------------------------

Data center-Switch#2 EAPS status:

* DC-SWITCH#2.15 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OnEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count----------------------------------------------------------------------------e6-domain Links-Up M Y 49 50 control-6 (4006) 1----------------------------------------------------------------------------

CFM Support in EAPS

ExtremeXOS provides Connectivity Fault Management (CFM) support within EAPS protocol.

CFM reports fault connectivity failures to EAPS, and EAPS communicates with the CFM process to setup point-to-point DOWN MEPs (Management Endpoints) to monitor link connectivity. The CFM modulenotifies EAPS of any link-connectivity issues, and triggers EAPS to take necessary action.

802.1ag CFM supports link monitoring. It does this by sending out PDUs at designated transmitintervals. If the CFM fails to receive PDUs, it assumes the link is out of service, and notifies its clients. Inthis instance, EAPS acts as a CFM client.

First, you will create a down MEP within the CFM CLI. Configure the CLI to create a MEP group thatassociates this down MEP with a remote MEP (RMEP). There is a 1:1 relationship between a port and the

EAPS


down MEP, and as such, each MEP group is tied to a single port. Using the EAPS CLI, you can add theMEP groups you wish to monitor. For each MEP group added to EAPS, EAPS will receive UP/DOWNnotifications from CFM when CFM detects a MEP state change for that group. Each MEP groupcorresponds to an EAPS ring port. Notifications from those MEP groups that are inadvertently added,that do not correspond to an EAPS ring port, are ignored in EAPS.

The CFM configuration is independent of EAPS, and MEPs and MEP groups may use different VLANsother than the EAPS control VLAN to monitor links.

When EAPS receives a CFM notification that the link failed, EAPS blocks that port on all of the EAPScontrol VLANs. This prevents EAPS control PDUs from being hardware forwarded on the link, in casethe link is still up. Any EAPS PDUs that are received on a CFM failed port are dropped in EAPS.

Configuring EAPS for CFM Support

• Use the following command to configure EAPS for CFM support:

For additional configuration details for CFM support, refer to Configuring CFM.

Binding to a MEP Group

• To bind to a MEP Group, use the following command:

configure eaps cfm [add | delete] group group_name

This command notifies CFM that EAPs is interested in notifications for this MEP and RMEP pair. ThisMEP should already be bound to a physical port, so when notification is received, EAPS associatesthat notification with a ring-port failure.

Create MPs and the CCM Transmission Interval

Within an MA, you configure the following MPs:

• Maintenance end points (MEPs), which are one of the following types:

• • UP MEPs—transmit CCMs and maintain CCM database

• DOWN MEPs—transmit CCMs and maintain CCM database

• Maintenance intermediate points (MIPs)—pass CCMs through

Each MEP must have an ID that is unique for that MEP throughout the MA.

• To configure UP and DOWN MEPs and its unique MEP ID, use the following command:

configure cfm domain domain_name association association_name [ports

<port_list add [[end-point [up|down] mepid {group group_name}] |

[intermediate-point]]

• To change the MEP ID on an existing MEP, use the following command:

configure cfm domain domain-name association association_name ports port_list

end-point [up | down] mepid mepid

• To delete UP and DOWN MEPs, use the following command:

configure cfm domain domain-name association association_name ports port_list

end-point [up | down] intermediate-point

EAPS


• To configure a MIP, use the following command:


<port_list add [[end-point [up|down] mepid {group group_name}] |


• To delete a MIP, use the following command:


<port_list delete [[end-point [up|down] mepid {group group_name}] |


• To configure the transmission interval for the MEP to send CCMs, use the following command:

configure cfm domain domain_name association association_name {ports port_list

end-point [up | down]} transmit-interval [3|10|100|1000|10000|60000|600000]

• To unconfigure the transmission interval for the MEP to send CCMs and return it to the default, usethe following command:

unconfigure cfm domain domain_name association association_name {ports

port_list end-point [up | down]} transmit-interval

• To enable of disable a MEP, use the following command:

configure cfm domain domain_name association association_name ports port_list

end-point [up | down] [enable | disable]

Displaying EAPS MEP Group Bindings

• Display EAPS MEP group bindings with the command: show eaps cfm groups

X480-48t.2 # sh eaps cfm groups----------------------------------------------------------------------MEP Group Name Status Port MEP ID----------------------------------------------------------------------eapsCfmGrp1 Up 41 11eapsCfmGrp2 Up 31 12

Displaying EAPS Output Change

• Display EAPS output changes using the command show eaps

The existing output places a ! next to a CFM monitored ring port if the CFM indicates the MEP groupfor that port is down.

X480-48t.1 # sh eapsEAPS Enabled: YesEAPS Fast-Convergence: OffEAPS Display Config Warnings: OffEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :----------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count Prio----------------------------------------------------------------------------d2 Failed M Y !41 31 v2 (101 ) 1 N

EAPS


----------------------------------------------------------------------------Flags : (!) CFM Down

Configuration Example

Below is a sample configuration of CFM support in EAPS:

switch 1 # sh configuration cfm## Module dot1ag configuration.#create cfm domain string "MD1" md-level 6configure cfm domain "MD1" add association string "MD1v1" vlan "v1"configure cfm domain "MD1" add association string "MD1v2" vlan "v2"configure cfm domain "MD1" association "MD1v1" ports 17 add end-point down 6configure cfm domain "MD1" association "MD1v1" ports 23 add end-point down 5configure cfm domain "MD1" association "MD1v2" ports 31 add end-point down 13configure cfm domain "MD1" association "MD1v1" ports 17 end-point down add group "eapsCfmGrp1"configure cfm domain "MD1" association "MD1v1" ports 23 end-point down add group "eapsCfmGrp2"configure cfm domain "MD1" association "MD1v2" ports 31 end-point down add group "eapsCfmGrp3"configure cfm group "eapsCfmGrp1" add rmep 2configure cfm group "eapsCfmGrp2" add rmep 4configure cfm group "eapsCfmGrp3" add rmep 12switch 2 # sh configuration "eaps"s## Module eaps configuration.#enable eapscreate eaps d1configure eaps d1 mode transitconfigure eaps d1 primary port 17configure eaps d1 secondary port 23enable eaps d1create eaps d2configure eaps d2 mode transitconfigure eaps d2 primary port 31configure eaps d2 secondary port 23enable eaps d2configure eaps d1 add control vlan v1configure eaps d1 add protected vlan pv1configure eaps d2 add control vlan v2configure eaps d2 add protected vlan pv2create eaps shared-port 23configure eaps shared-port 23 mode partnerconfigure eaps shared-port 23 link-id 100configure eaps cfm add group eapsCfmGrp1configure eaps cfm add group eapsCfmGrp2configure eaps cfm add group eapsCfmGrp3

Limitations

EAPS


CFM PDU transmit intervals are limited by the supported limits of CFM module. Platforms that do notsupport CFM in hardware are limited to a minimum interval of 100 ms.

The maximum number of down MEPs is limited by the CFM module. This is as low as 32 MEPs in someplatforms. See CFM scaling limitations in EXOS_1AG_(CFM)_Functional_Spec.doc

Platforms Supported

All ExtremeXOS platforms support this feature; however, not all platforms support hardware-basedCFM.

Platforms with no hardware-based CFM support are limited to software-based CFM transmit intervalsof 100 ms or higher. Hardware-based intervals can go as low as 3.3 ms.

Currently, only the x460 and E4G platforms support hardware-based CFM.

EAPS


2 ERPS

ERPS OverviewSupported ERPS FeaturesG.8032 Version 2Configuring ERPSSample ConfigurationDebugging ERPSERPS Feature Limitations

This chapter provides an overview to ERPS, and discusses various ERPS features. The chapter alsooffers configuration details, provides configuration examples, and shows you how to debug ERPS.

ERPS OverviewThe basic concept of G.8032/ERPS is that traffic may flow on all links of a ring network except on onelink called the Ring Protection Link (RPL).

The RPL owner is the node that blocks the RPL, and the other node of the RPL is called the RPLneighbor node. All other nodes are called non-RPL nodes. When a link fails, the RPL owner unblocks theRPL to allow connectivity to the nodes in the ring. The G.8032/ERPS rings utilize a channel (dedicatedpath) for carrying their control traffic which is the R-APS messages (Ring Automatic ProtectionSwitching).

The ring protection architecture relies on the existence of an APS protocol to coordinate ringprotection actions around an Ethernet ring, as shown in the following figure.

Figure 23: Simple Ring with RPL, RPL Owner, RPL Neighbor, and Non-RPL Nodes

More complex topologies include ladder ring networks which are called sub-rings in G.8032terminology. In these networks, there could exist one or more rings and sub-rings which complete theirconnectivity through the interconnected nodes of the ring(s). Multiple ladder networks are supportedonly if the following conditions are met:

• R-APS channels are not shared across Ethernet ring interconnections.

• On each ring port, each traffic channel and each R-APS channel are controlled by the Ethernet RingProtection (ERP) Control process of only one Ethernet ring.


• Each major ring or sub-ring must have its own RPL.

NoteOne important aspect of sub-rings is that they complete their channel through the virtualchannel (when using the virtual channel mode), which can span the network and cross thesub-ring boundaries. This entails that the virtual channel is provisioned on all the nodes itspans across.

In the following figure, the ring comprises nodes A, B, C, and D with links A–B, B–C, C–D, and D–A whilethe control channel for this ring has its own dedicated VLAN. The sub-ring consists of nodes D, F, E, andC with links D–F, F–E, and E–C. D and C are interconnected nodes. The channel for the sub-ring spansthe links C–E, E–F, and F–D and their nodes while the virtual channel comprises the links D-A, A-B, B-Cand D–C and their nodes. This means that the virtual channel for the sub-ring needs to not only exist onthe interconnected nodes, but also on the nodes A and B.

Figure 24: Ring and Sub-ring Network

When using G.8032 in networks, take care to design the virtual channel paths, since the VLANprovisioning has to exist on all the nodes through which the virtual channel can pass and which is solelydedicated to the sub-ring in question.

Sub-ring topology changes may impact flow forwarding over the domain of the other (interconnected)network, as such topology change events are signaled to the domain of the other network using theTopology Change signal.

Supported ERPS Features

The following are the ERPS features supported in the current release:

• G.8032 version 1 support.

• G.8032 version 2 support with a restricted VC option.

• Revertive mode support for version 1 and 2.

• Basic interoperability with EAPS with G.8032 acting as an access ring. Flush notifications will be sentLink monitoring using CFM or native local link monitoring methods.

ERPS


• Support for hardware accelerated CFM in specific platforms that have this capability.

• G.8032 version 2 with no Virtual Channel support.

• Support for attaching to a CFM DOWN-MEP configured external to ERPS.

• Multiple failure protection for sub-rings using UP-MEP as per Appendix X.3 of the G.8032 standard.

G.8032 Version 2

The concept of sub-rings is introduced to add multiple rings to the main ring. A sub-ring is anincomplete ring that completes its path through the main ring or other sub-rings. The control path forthe sub-ring completes either through the implementation of a virtual channel, or by changing the flowof control packets in the sub-rings. Virtual channels are supported through the use of the sub-ringscontrol channel being configured as a data VLAN in the main ring.

You can configure the sub-ring in “no virtual channel” mode, where the control path for the sub-ring isthrough all the nodes of the sub-ring (including the RPL owner and neighbor). You must be careful,however, to avoid using the sub-ring’s control channel across the main ring because that will cause aloop. ExtremeXOS supports the use of CFM, in conjunction with Manual Switch (MS), to protect thesub-rings against multiple failures in the main ring.

CFM Link Monitoring

To enable CFM to report link events, the link must first be registered with CFM. ERPS acts as a client ofCFM and creates the required Management Entity Points (MEPs). For G.8032 v1/v2 implementation,ERPS has two methods to create a DOWN-MEP for link monitoring:

• One method of creating a DOWN-MEP is using the CLI that specifies all the DOWN-MEP detailswithin ERPS itself. This creates the MEP on the specified ring ports and registers it with CFM.Notifications for this DOWN-MEP are received from the CFM and passed on to ERPS. A MaintenanceDomain (MD) string is automatically generated based on the user-defined MD level. For example, foran MD level of 6, we use erps_6 as the MD string. A Maintenance Association (MA) string isautomatically generated based on the ring Control VLAN name. For example, if the VLAN has tag ofv1, the Control VLAN is 100, we create erps_MA_100 as the MA string.

The MD, MA, and DOWN-MEP are automatically configured on the CFM server when the ring isenabled. When the ring is disabled, the MEP is automatically unconfigured from the CFM server. Youcan use the standard ExtremeXOS CFM commands to view the CFM configuration or status.

• Another method of creating a DOWN-MEP is by creating the DOWN-MEP with the CFM commands,and then assigning a group name to it. This group can then be associated to the ERPS ring.

You must choose one of the two methods above for CFM link monitoring. You cannot use bothsimultaneously.

Here is an example:

switch # sh cfm Domain: "erps_6", MD Level: 6 Association: "erps_MA_100", Destination MAC Type: Multicast, VLAN "v2" with 2 cfm ports

ERPS


Transmit Interval: 1000 ms port 27; Down End Point, mepid: 11, transmit-interval: 10000 ms (configured), MEP State: Enabled, CCM Message: Enabled, Send SenderId TLV: Disabled port 37; Down End Point, mepid: 21, transmit-interval: 10000 ms (configured), MEP State: Enabled, CCM Message: Enabled, Send SenderId TLV: Disabled Association: "erps_MA_100", Destination MAC Type: Multicast, VLAN "v2" with 2 cfm ports Transmit Interval: 1000 ms Total Number of Domain : 1 Total Number of Association : 2 Total Number of Up MEP : 0 Total Number of Down MEP : 2 Total Number of MIP : 0 Total Number of Number of CFM port : 4 Total Number of VPLS MIP(Static/Up): 0 / 0

switch # show cfm detail Domain/ Port MP Remote End-Point Remote End-Point MEP Life Flags Association MAC Address IP Address ID time Age ====================================================================================== erps_6 erps_MA_100 27 DE 00:04:96:34:e3:43 0.0.0.0 10 35000 4430 DM 37 DE 00:04:96:27:fb:7b 0.0.0.0 20 35000 2790 DM ====================================================================================== Maintenance Point: (UE) Up End-Point, (DE) Down End-Point Flags: S - Static Entry D - Dynamic Entry CCM Destination MAC: (U) Unicast (M) Multicast NOTE: The Domain and Association names are truncated to 13 characters, Lifetime and Age are in milliseconds. ====================================================================================== Total Number of Dynamic Up RMEP : 0 Total Number of Dynamic Down RMEP : 2 Total Number of Active Static RMEP : 0 Total Number of Inactive Static RMEP : 0

NoteYou must configure a remote MEP-ID for the local MEPs so that a specific association can bemaintained between the two ends.

Multiple Failure Protection using CFM

You can use CFM UP-MEP support in the sub-ring to provide protection against multiple failures in themain ring. Configure an UP-MEP on the interconnected nodes, where a segmentation of the main ringresults in the UP-MEP notifying the sub-ring of a failure. This causes the sub-ring to open its RPL and

ERPS


place the interconnected node in manual switch. This is done to avoid a super-loop during recovery ofthe main ring. This implementation is as directed in Appendix X.3 of the G.8032 standard.

Revertive and Non-revertive Mode

In the revertive mode, you can revert back to the RPL being blocked once the Signal Fault has cleared.In non-revertive mode, the SF remains blocked even after the fault clears. Reversion is handled in thefollowing way:

• The reception of an R-APS No Request (NR) message causes the RPL owner node to start the wait-to-restore (WTR) timer.

• The WTR timer is cancelled if, during the WTR period, a request with a higher priority than NR isaccepted by the RPL owner node, or is declared locally at the RPL owner node.

• When the WTR timer expires, without the presence of any other higher priority request, the RPLowner node initiates reversion by blocking its traffic channel over the RPL, transmitting an R-APS(NR, RB) message over both ring ports, informing the Ethernet ring that the RPL is blocked, andperforming a flush FDB action. The ERPS Ring will be in the idle state.

• The acceptance of the R-APS (NR, RB) message causes all Ethernet ring nodes to unblock anyblocked non-RPL link that does not have an SF condition. If it is an R-APS (NR, RB) message withouta DNF indication, all Ethernet ring nodes perform a necessary flush FDB action.

In non-revertive operation, the Ethernet ring does not automatically revert when all ring links andEthernet ring nodes have recovered and no external requests are active. Non-revertive operation ishandled in the following way:

• The RPL owner node does not generate a response on reception of an R-APS (NR) messages.

• When other healthy Ethernet ring nodes receive the NR (node ID) message, no action is taken inresponse to the message.

• When the operator issues a clear command for non-revertive mode at the RPL owner node, thenon-revertive operation is cleared, the RPL owner node transmits an R-APS (NR, RB) message inboth directions, repeatedly. The ERPS Ring will be in pending state.

• Upon receiving an R-APS (NR, RB) message, any blocking Ethernet ring node should unblock itsnon-failed ring port. If it is an R-APS (NR, RB) message without a DNF indication, all Ethernet ringnodes perform a necessary flush FDB action.

Force Switch/Clearing

In the absence of any failure in the ring network, an operator-initiated Force Switch (FS) results in theRPL getting unblocked, and the node on which the FS has been issued is blocked. This condition isindicated by the transmission of R-APS FS messages, which are continuous until this condition isunconfigured. Two or more Forced Switches are allowed in the Ethernet ring, but this may cause thesegmentation of an Ethernet ring. It is the responsibility of the operator to prevent this effect if it isundesirable.

You can remove a Forced Switch condition by issuing a clear command to the same Ethernet ring nodewhere the Forced Switch is presented. The clear command removes existing local operator commandsand triggers reversion in case the Ethernet ring is in revertive behavior. The Ethernet ring node where

ERPS


the Forced Switch was cleared continuously transmits the R-APS (NR) message on both ring ports,informing that no request is present at the Ethernet ring node.

Manual Switch

Manual Switch is similar to the Force Switch except that only one Manual Switch is allowed for anEthernet ring. The processing of which node retains the Manual Switch is based on the priority tableand the node state. However only one Manual Switch is retained at the end for the ring.

Clearing the Manual Switch is done similar to the Force Switch.

Virtual Channel for Sub-rings

While the standard describes how the sub-rings can function with a virtual channel, in thisimplementation sub-rings will function only with the presence of virtual channels.

Channel Blocking

The R-APS control channel is blocked, as is traffic on the blocked ports for the control traffic enteringon one ring port and getting forwarded to the other ring port. However, locally generated or deliveredcontrol traffic on the blocked port is supported.

Traffic Blocking

Traffic is always blocked for the protected VLANs on the blocked ports of the ring/sub-ring in a G.8032network.

Signal Failure and Recovery

In the absence of a higher priority request in the node, the following Signal Failure (SF) actions aretaken.

• An Ethernet ring node detecting an SF condition on one of its ring ports blocks the traffic channeland R-APS channel on the failed ring port.

• The Ethernet ring node detecting an SF condition transmits an R-APS message indicating SF onboth ring ports. The R-APS (SF) message informs other Ethernet ring nodes of the SF condition. R-APS (SF) messages are continuously transmitted by the Ethernet ring node detecting the SFcondition while this condition persists. (The Periodic timer determines the interval of sending the SFafter the first three.) For sub-ring interconnection nodes, the R-APS (SF) message is transmitted onthe R-APS channel of the Sub-Ring port.

• Assuming the Ethernet ring node was in an idle state before the SF condition occurred, upondetection of this SF condition the Ethernet ring node triggers a local FDB flush.

• An Ethernet ring node accepting an R-APS (SF) message unblocks any blocked ring port that doesnot have an SF condition. This action unblocks the traffic channel on the RPL.

• An Ethernet ring node accepting an R-APS (SF) message stops transmission of other R-APSmessages.

• An Ethernet ring node accepting an R-APS (SF) message without a DNF indication performs a flushFDB.

An Ethernet ring node that has one or more ring ports in an SF condition (upon detection of clearanceof the SF condition) keeps at least one of these ring ports blocked for the traffic channel and for the R-APS channel, until the RPL is blocked as a result of Ethernet ring protection reversion, or until there is

ERPS


another higher priority request (for example, an SF condition) in the Ethernet ring. An Ethernet ringnode that has one ring port in an SF condition, and detects clearing of this SF condition, continuouslytransmits the R-APS (NR) message with its own Node ID as the priority information over both ringports, informing that no request is present at the Ethernet ring node and initiates a guard timer asdescribed in sub-clause 10.1.5. Another recovered Ethernet ring node (or Nodes) holding the link blockreceives the message and compares the Node ID information with its own Node ID. If the received R-APS (NR) message has the higher priority, the Ethernet ring node unblocks its ring ports. Otherwise,the block remains unchanged. There is only one link with one-end block. The Ethernet ring nodes stoptransmitting R-APS (NR) messages when they accept an R-APS (NR, RB), or when another higherpriority request is received

Timers

This section discusses the various timers associated with ERPS.

Guard Timer

The guard timer is used to prevent Ethernet ring nodes from acting upon outdated R-APS messages,and to prevent the possibility of forming a closed loop. The guard timer is activated whenever anEthernet ring node receives an indication that a local switching request has cleared (i.e., local clear SF,clear). The guard timer can be configured in 10 ms steps, between 10 ms and two seconds, with adefault value of 500 ms. This timer period should be greater than the maximum expected forwardingdelay in which an R-APS message traverses the entire ring. The longer the period on the guard timer,the longer an Ethernet ring node is unaware of new or existing relevant requests transmitted fromother Ethernet ring nodes, and is unable to react to them.

A guard timer is used in every Ethernet ring node. Once a guard timer is started, it expires by itself.While the guard timer is running, any received R-APS Request/State and Status information is blockedand not forwarded to the Priority Logic. When the guard timer is not running, the R-APS Request/Stateand Status information is forwarded unchanged.

Hold-off Timer

W hen a new defect, or more severe defect occurs (new SF), this event is not be reported immediatelyto protection switching if the provisioned hold-off timer is a non-zero value. Instead, the hold-off timeris started. When the hold-off timer expires, the trail that started the timer is checked to see if a defectstill exists. If one does exist, that defect is reported to protection switching. The suggested range of thehold-off timer is 0 to 10 seconds in steps of 100 ms with an accuracy of ±5 ms. The default value for ahold-off timer is 0 seconds.

Delay Timers

In revertive mode, the wait-to-restore (WTR) timer is used to prevent frequent operation of theprotection switching caused by intermittent signal failure defects. The wait-to-block (WTB) timer isused when clearing Forced Switch and Manual Switch commands. As multiple Forced Switchcommands are allowed to coexist in an Ethernet ring, the WTB timer ensures that clearing of a singleForced Switch command does not trigger the re-blocking of the RPL. When clearing a Manual Switchcommand, the WTB timer prevents the formation of a closed loop due to a possible timing anomalywhere the RPL owner node receives an outdated remote MS request during the recovery process.

ERPS


Sample ConfigurationHere is a sample configuration of the ERPS feature:

create vlan cv1 config vlan cv1 tag 10 config vlan cv1 add port 5 6 tagged

create vlan pv1 config vlan pv1 tag 1000 config vlan pv1 add port 1 config vlan pv1 add port 5 6 tagged

create erps ring1 configure erps ring1 add ring-ports east 5 configure erps ring1 add ring-ports west 6 configure erps ring1 add control “cv1” configure erps ring1 add protected vlan “pv1” configure erps ring1 add protection-port 5 configure erps ring1 revert enabled wait-to-restore 500 enable erps r1 enable erps

CFM DOWN-MEP Configuration to Provide Link Monitoring/Notifications

create cfm domain string "MD3" md-level 3 configure cfm domain "MD3" add association string "MD3vsub1" vlan "vsub1"configure cfm domain "MD3" association "MD3vsub1" ports 20 add end-point down 14configure cfm domain "MD3" association "MD3vsub1" ports 24 add end-point down 13configure cfm domain "MD3" association "MD3vsub1" ports 20 end-point down add group "erpsDn1"configure cfm domain "MD3" association "MD3vsub1" ports 24 end-point down add group "erpsDn2"configure cfm group "erpsDn1" add rmep 15configure cfm group "erpsDn2" add rmep 12configure erps subring1 cfm port east add group erpsDn2configure erps subring1 cfm port west add group erpsDn1

Sub-ring Configuration

First, configure a main ring on the Interconnected node:

create erps main-ring1 configure erps main-ring1 add ring-ports east 5 configure erps main-ring1 add ring-ports west 6 configure erps ring1 add control “cv1”

Next, configure a sub-ring on the interconnected node:

create erps sub-ring1 configure erps sub-ring1 add ring-ports east 10 configure erps sub-ring1 add control “subv1” configure erps main-ring1 add sub-ring sub-ring1

ERPS


enable erps main-ring1 enable erps sub-ring1

Virtual Channel for Sub-ring

configure vlan subv1 add port 5 6 tagged configure main-ring1 add protected vlan subv1

No Virtual Channel for Sub-ring

configure erps subring1 subring-mode no-virtualChannel

Sub-ring Protection using UP MEP

create cfm domain string "ERPS-UP" md-level 4 configure cfm domain "ERPS-UP" add association string "ERPS-UP-cfmVlan" vlan "cfmVlan" configure cfm domain "ERPS-UP" association "ERPS-UP-cfmVlan" ports 24 add end-point up 21 configure cfm domain "ERPS-UP" association "ERPS-UP-cfmVlan" ports 24 end-point up add group "erpsUp1" configure cfm group "erpsUp1" add rmep 22

Configuring ERPS

ERPS Version 1 Commands

• To create or delete an ERPS ring, use the following commands:

create erps ring-name

delete erps ring-name

• To add or delete a control VLAN on the ERPS ring, use the following commands:

configure erps ring-name add control {vlan} vlan_name

configure erps ring-name delete control {vlan} vlan_name

• To add or delete a protected VLAN on the ERPS ring, use the following commands:

configure erps ring-name add protected {vlan} vlan_name

configure erps ring-name delete protected {vlan} vlan_name

• To add ring ports on the ERPS ring, use the following command:

configure erps ring-name ring-ports [east | west] port

• To delete ring ports on the ERPS ring, use the following command:

unconfigure erps ring-name ring-ports west

• To add or delete RPL (ring protection link) owner configuration for the ERPS ring, use the followingcommands:

configure erps ring-name protection-port port

ERPS


unconfigure erps ring-name protection-port

• To add or delete RPL (ring protection link) neighbor configuration for the ERPS ring, use thefollowing commands:

configure erps ring-name neighbor-port port

unconfigure erps ring-name neighbor-port

• To add or delete ERPS revert operation along with the wait-to-restore time interval, use thefollowing commands:

configure {erps} ring-name revert [ enable | disable ]

• To configure the periodic timer, use the following command:

configure {erps} ring-name timer periodic [ default | milliseconds ]

• To configure the guard timer, use the following command:

configure {erps} ring-name timer guard [ default | milliseconds ]

• To configure the hold-off timer, use the following command:

configure {erps} ring-name timer hold-off [ default | milliseconds ]

• To configure the wait-to-restore timer, use the following command:

configure {erps} ring-name timer wait-to-restore [ default | milliseconds ]

• To associate and disassociate fault monitoring entities on the ERPS ring ports, use the followingcommands:

configure erps ring-name cfm md-level level

configure erps ring-name cfm port [east | west] ccm-interval [100 | 1000 |

10000 | 60000 | 600000]

configure erps ring-name cfm port [east | west] mepid mepid remote-mepid

rmepid

unconfigure {erps} ring-name cfm

• To rename the ERPS ring/sub-ring, use the following command:

configure erps old-ring-name name new-ring-name

• To enable or disable ERPS, use the following commands:

enable erps

disable erps

• To enable or disable an existing ERPS ring/sub-ring, , use the following command:

enable erps ring-name

disable erps ring-name

• Run or clear force and manual switch triggers to the ERPS ring/sub-ring.

configure erps ring-name dynamic-state [force-switch | manual-switch | clear]

port slot:port

• To display global information for ERPS, use the following command:

show erps

• To display specific details about an ERPS ring, use the following command:

show erps ring-name

ERPS


• To display ERPS statistics, use the following command:

show erps ring-name statistics

• To clear statistics on an ERPS ring, use the following command:

clear counters erps ring-name

• To debug ERPS, use the following commands:

debug erps [options]

debug erps show ring-name

ERPS Version 2 Commands

• To set the rings to which to propagate topology change events, use the following command:

configure erps ring-name [add | delete] topology-change ring-list

• To add or delete a sub-ring to the main ring, use the following command:

configure {erps} ring-name [add | delete] sub-ring-name sub_ring

• To configure the wait-to-block timer, use the following command:

configure {erps} ring-name timer wait-to-block [ default | milliseconds]

• To add or delete an ERPS sub-ring to the EAPS domain, use the following commands:

configure {erps} ring-name notify-topology-change {eaps} domain_name

unconfigure {erps} ring-name notify-topology-change {eaps} domain_name

• To configure a wait-to-block timer, use the following command:


• To configure sub-ring mode, use the following command:

configure erps ring_name subring-mode [no-virtualChannel | virtualChannel]

• To enable or disable the ability of ERPS to allow the topology-change bit to be set (to send outFlush events), , use the following commands:

enable erps ring-name topology-change

disable erps ring-name topology-change

• To enable or disable the ability of ERPS rings to block on virtual channel recovery to avoidtemporary loops. This is done on interconnected nodes for sub-ring configurations, use thefollowing commands:

enable erps ring-name block-vc-recovery

disable erps ring-name block-vc-recovery

Sample Configuration

The following is a sample ERPS configuration:

create vlan cv1config vlan cv1 tag 10config vlan cv1 add port 5 6 taggedcreate vlan pv1

ERPS


config vlan pv1 tag 1000config vlan pv1 add port 5 6 taggedcreate erps ring1configure erps ring1 ring-ports east 5configure erps ring1 ring-ports west 6configure erps ring1 add control “cv1”configure erps ring1 add protected vlan “pv1”configure erps ring1 add protection-port 5configure erps ring1 revert enable wait-to-restore 500configure erps ring1 timer wait-to-restore 500enable erps ring1enable erps

Sub-ring Configuration

First, configure a main ring on the interconnected node:

create vlan Major_Cvlconfigure vlan Major_Cvl tag 300configure vlan Major_Cvl add ports 1 3 tagcreate vlan Major_Pvlconfigure vlan Major_Pvl tag 301configure vlan Major_Pvl add ports 1 3 27 tagcreate erps Majorconfigure erps Major add control Major_Cvlconfigure erps Major add protected vlan Major_Pvlconfigure erps Major ring-port east 1configure erps Major ring-port west 3configure erps Major protection-port 1configure erps Major cfm md-level 2configure erps Major cfm port east mepid 1 remote-mepid 3configure erps Major cfm port west mepid 2 remote-mepid 4enable erps Majorenable erps

Next, configure a sub-ring on the interconnected node:

create vlan Sub_Cvlconfigure vlan Sub_Cvl tag 299configure vlan Sub_Cvl add ports 1 3 27 tagcreate erps Sub1configure erps Sub1 add control Sub_Cvlconfigure erps Sub1 add protected vlan Major_Pvlconfigure erps Sub1 ring-port east 27configure erps Sub1 protection-port 27configure erps Major add sub-ring Sub1configure erps Sub1 cfm md-level 3configure erps Sub1 cfm port east mepid 1 remote-mepid 2enable erps Sub1enable erps

Virtual Channel for Sub-ring

ERPS



Debugging ERPS

1 Check the output of show erps ring statistics to see if any error/dropped counters areincrementing.

a If they are, check the state of the ring ports and trace these links to the neighbor node to see thestate of the links.

The output of show log after turning on the filters for ERPS should provide more informationon what is happening on the switch.

2 Check the output of show erps and show erps ring to see if the node state is as expected.

In steady state, the node should be in “Idle” and the failed state ring should be in “Protected” state.

ERPS Feature Limitations

The following are ERPS feature limitations:

• Backup MSM Failover and checkpointing for both v1 and v2 are not available in the current release.

• In platforms that do not have hardware OAM (operations and management), the optimum CFMinterval recommended is one second for link monitoring, which will give rise to approximately three-second overhead in convergence times.

• Other than the basic EAPS interoperability stated above, all other EAPS related interoperability isnot supported.

• There is no interoperability with STP in the current release.

• SNMP is not supported in the current release.

ERPS


3 Protocol FiltersBoth L2PT and protocol filtering allow you to tunnel or filter many protocols on an interface. For thispurpose, EXOS supports creating protocol filters. A protocol filter contains a number of protocols towhich you can apply some action (like tunneling and filtering). Each protocol in a protocol filter isdefined using the following fields:

• The destination MAC address of PDUs of the protocol. This field is mandatory for all protocols thatare to be tunneled or filtered.

• The protocol id (EtherType, LLC, SNAP). This field is mandatory for all protocols that are to betunneled.

• User defined field. This is an arbitrary field in the PDU of the protocol that is specified using theoffset of the field from the start of the PDU, the value of the field and a mask.

For example, use the following command to create a protocol filter that includes LACP and EFM OAM:

# Create a protocol filter create protocol filter my_slow_protocols_filter

# Add LACP to the protocol filterconfigure protocol filter my_slow_protocols_filteradd dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF

# Add EFM OAM to the protocol filterconfigure protocol filter my_slow_protocols_filteradd dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF

The following validity checks are performed when a protocol is added to a protocol filter:

• Ensure that the protocol does not already exist in the protocol filter.

• If the protocol filter is used by any L2PT profile:

• Ensure that the protocol defines a destination MAC address.

• Ensure that the protocol defines a protocol identifier.

• For every L2PT profile that is using the protocol filter:

• Ensure that the protocol is unique within the L2PT profile. If the action for the protocol filter is‘tunnel’ in the L2PT profile:

For every service interface using the L2PT profile: ensure that the protocol is not filtered onthe underlying port of the service interface.

Ensure that the protocol is not tunneled on the underlying port of the service interface.

• If the protocol filter is used by any port for the purpose of protocol filtering:

• Ensure that the protocol defines a destination MAC address.

• For every port that has the protocol filter attached for the purpose of protocol filtering:


• Ensure that the protocol is not tunneled by a service on that port.

NoteProtocol filters may be used with features other than L2PT and protocol filtering (forexample, Protocol Based VLANs). The validity tests listed above are only the ones relevant toL2PT and protocol filtering.

Protocol filters for the following protocols are created automatically by the switch when the switch isset to default configuration:

• Cisco Discovery Protocol (CDP)

• Unidirectional Link Detection (UDLD)

• VLAN Trunking Protocol (VTP)

• Port Aggregation Protocol (PAgP)

• Dynamic Trunking Protocol (DTP)

• Link Aggregation Control Protocol (LACP)

• Link Layer Discovery Protocol (LLDP)

• Spanning Tree Protocol (STP)

• Extreme Discovery Protocol (EDP)

Protocol Filters


4 Layer 2 Protocol TunnelingLayer 2 protocol tunneling (L2PT) is achieved by encapsulating the PDUs at the ingress PE devicebefore transmitting them over the service provider network. The encapsulation prevents the PDUs frombeing processed by the switches in the SP network. At the egress PE device, the encapsulated packetsare de-encapsulated, and transmitted to the CE device.

The encapsulation used for different types of networks is as follows:

• VLAN/VMAN – The Destination Address (DA) MAC of the Layer 2 PDU is changed to the L2PT DAMAC. The switch shall also add any VLAN tags that may be required to the Layer 2 PDU beforetransmitting over the SP network.

• VPLS/VPWS – The DA MAC of the Layer 2 PDU is changed to L2PT DA MAC. The Layer 2 PDU isthen treated like any other data packet by the MPLS stack. The MPLS stack shall add the labels andL2 headers as per its configuration to the Layer 2 PDU before transmitting over the SP network.

Tunneling is configured on a service by specifying a tunneling action for each interface of the service.The possible actions are:

• Tunnel – Configuring an interface of a service to tunnel for a protocol enables the interface totunnel PDUs of the configured protocol that are received by the underlying port of the interface.Any PDUs that are received in its native format are tunneled instead of processing locally by theswitch. Any PDUs of the protocol that are received in its encapsulated format are dropped by theswitch (receiving an encapsulated packet on an interface configured to tunnel is considered proof ofnetwork misconfiguration, or loops).

• Encapsulate/Decapsulate – Configuring an interface of a service to encapsulate or de-encapsulatefor a protocol enables the interface to transmit and receive PDUs of that protocol in itsencapsulated format. Native PDUs of the protocol may still be received by the underlying port ofthe interface, but they will not be tunneled and instead are processed locally by the switch.

• None – Configuring an interface of a service to none for protocol marks the interface as notparticipating in tunneling for that protocol. Native PDUs of the protocol that are received on theunderlying port of the interface shall either be processed locally by the switch or be tunneled byanother service which is configured to tunnel that protocol. Encapsulated PDUs that are received onthe interface are treated like any other L2 packet.

An operator can specify a CoS value for the tunneled PDUs. This can be useful since some L2 protocolsmay have a higher priority than others (for example, STP may be considered higher priority than LLDP).If a CoS value is specified for a protocol for which tunneling is enabled, the switch will transmit theencapsulated PDUs for that protocol with the operator specified CoS towards the network. The CoSvalue specified by the operator is transmitted on the SP network as follows:

• VLAN/VMAN – The CoS value is written to the PRI bits of the outermost VLAN tag if available.

• VPLS/VPWS – The CoS value is written to the EXP bits of the outermost MPLS label. The actiontaken by the switch for PDUs of a protocol is as described in the following table.

Table 3: L2 PDU ActionsIngress Action Egress Action Switch Action

None or Encap/Decap NA Process locally


Table 3: L2 PDU Actions (continued)Tunnel None Discard PDU at egress

Tunnel Tunnel Tx PDU natively

Tunnel Encap/Decap Tx PDU encapsulated

The action taken by the switch for encapsulated PDUs for a protocol is as described in the followingtable.

Table 4: L2 Encapsulated PDU ActionsService has at least one I/F with tunnelaction

Ingress Action Egress Action Switch Action

No None or Encap/Decap None or Encap/Decap Forward

Yes None or Tunnel NA Discard packet at ingress

Yes Encap/Decap None Discard packet at egress

Yes Encap/Decap Tunnel Tx PDU natively

Yes Encap/Decap Encap/Decap Tx PDU encapsulated

Layer 2 Protocol Tunneling


5 Layer 2 Tunneling and Filtering

Protocol TunnelingProtocol Filtering

This EXOS feature introduces ability to tunnel and filter Layer 2 PDUs. Tunneling allows you to sendLayer 2 PDUs across a service provider network, and be delivered to remote switches. It is useful whena network includes remote sites that are connected through a service provider network. Usingtunneling, you can make the service provider network transparent to the customer network.

Filtering prevents Layer 2 PDUs from being received on a port.

Protocol Tunneling

To make L2PT configuration easier, in EXOS you can create L2PT profiles. An L2PT profile specifies thetunneling action and other parameters for protocols (specified using protocol filters) that should betunneled. You can then apply the profile to the interfaces of the service that are participating in L2PT.And you can also change the profile when it is already bound to an interface.

The L2PT parameters that can be configured through a profile include the following:

• Tunneling Action

• Tunneling CoS

The following validity checks are performed when an entry for a protocol filter is created in an L2PTprofile:

• Ensure that all protocols in the protocol filter define a destination MAC address.

• Ensure that all protocols in the protocol filter define a protocol identifier.

• Ensure that all protocols in the protocol filter are unique within the L2PT profile.

• If the action for the protocol filter is ‘encapsulate:

• Ensure that there are no entries with action as ‘tunnel in the L2PT profile.

• Ensure that the service interface is either a tagged VLAN port or a PW.

• If the action for the protocol filter is ‘tunnel’:

• Ensure that there are no entries with action as ‘encapsulate’ in the L2PT profile.

• For every service interface using the L2PT profile:

Ensure that none of the protocols in the protocol filter are filtered on the underlying port ofthe interface.

Ensure that none of the protocols in the protocol filter are tunneled on the underlying port ofthe interface.

The following validity checks are performed when a L2PT profile is bound to an interface of a service:

• If the profile specifies the action as ‘tunnel’ for protocol filter:

• Ensure that the interface is not a PW.


• Ensure that none of the protocols in the L2PT profile are filtered on the underlying port of theinterface.

• Ensure that none of the protocols in the L2PT profile are tunneled on the underlying port of theinterface.

Typically, you will want to configure the tunneling action for all customer facing interfaces of theservice that participate in L2PT as tunnel, and the tunneling action for all network facing interfaces asencapsulate/decapsulate. Once any interface of the service is configured to tunnel a protocol, theswitch will configure all tagged ports and PWs of the service to encapsulate/decapsulate mode. Youcan override this implicit configuration by binding a profile to the service interface that specifies adifferent tunneling action.

For example, consider a VMAN service named c1 with customer facing ports 1, 2 and 3 and networkfacing ports 4, 5, 6. Ports 4, 5 and 6 are added as tagged to the VMAN and 1, 2 and 3 are added asuntagged to the VMAN. The operator wants to tunnel LACP and EFM OAM on all customer facing portsat CoS 5. The configurations that he or she must make are as follows:

# Create a protocol filtercreate protocol filter “my_slow_protocols_filter”

# Add LACP to the protocol filterconfigure protocol filter “my_slow_protocols_filter” add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF

# Add EFM OAM to the protocol filterconfigure protocol filter “my_slow_protocols_filter” add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF

# Create an L2PT profile for the customer facing ports named c1_l2pt_profilecreate l2pt profile “c1_l2pt_profile”

# Enable CDP tunneling with CoS 5configure l2pt profile “c1_l2pt_profile” add protocol filter “my_slow_protocols_filter” action tunnel cos 5

# Bind c1_l2pt_profile to all customer facing portsconfigure vman c1 ports 1,2,3 l2pt profile “c1_l2pt_profile”

# Please note that the network facing port 4, 5 and 6 don’t have to be explicitly# configured to encapsulate/decapsulate mode since the switch implicitly sets all# tagged ports to encapsulate/decapsulate mode when an L2PT profile is bound to# any port of the service.

The operator also has the option to configure the L2PT destination MAC address (i.e. the DA used byL2PT encapsulated PDUs). This is may be done using the following CLI command:

configure l2pt encapsulation dest-mac mac_address

The L2PT destination MAC address may only be changed when no L2PT profiles have been bound toany service interface. The default L2PT DA MAC is 01:00:0C:CD:CD:D0 (selected to be interoperablewith Cisco and Juniper).

Layer 2 Tunneling and Filtering


Use the following commands to view the status and statistics of L2PT:

show [vlan | vman] vlan_name {ports port_list} l2pt {detail}

show {l2vpn} [vpls vpls_name | vpws vpws_name] {peer ipaddress} l2pt {detail}

Use the following commands to clear L2PT stats:

clear l2pt counters {[vlan | vman] vlan_name {ports port_list}}

clear l2pt counters {[vpls vpls_name {peer ipaddress} | vpws vpws_name]}

Implementing L2PT in EXOS

In EXOS, the L2PT data-plane is implemented almost entirely in software. When you attach a L2PTprofile to a service interface, the following ACL rules are configured:

• An ACL rule is added to copy and drop all packets with a destination address equal to the L2PTdestination MAC address, and an outer VLAN ID equal to the VLAN tag of the service.

• For each protocol that is tunneled on the service interface, an ACL rule is added to copy and drop allpackets with the same the destination address as the protocol. If the protocol defines an EtherType,then the rule is also qualified with the EtherType.

• If any protocol is tunneled on the service interface, an ACL rule is added to drop all packets receivedon the service interface with a destination address equal to the L2PT destination MAC address.

Protocol Filtering

You can enable filtering of PDUs of a protocol on any port. If you enable filtering for a protocol on aport, the switch discards PDUs of that protocol on that port.

Use the following command to view protocol filter status and statistics:

show ports [port_list | all] protocol filter {detail}

Use the following command to clear protocol filtering stats:

clear counters ports {port_list} protocol filter

Implementing Protocol Filtering in EXOS

In EXOS, the protocol filtering data-plane is implemented partially in hardware and partially in software.Filtering is performed only on the ingress. When a protocol filter is attached to a port, the followingACL rules are configured:

• For each protocol in the protocol filter: If the protocol does not define a user-defined field, and theprotocol identifier is EtherType, or does not have a protocol identifier:

• An ACL rule is added to drop all packets on the port that match the destination address of thepacket. The rule is also qualified with the EtherType of the protocol if it defines one.



Else:

• An ACL rule is added to copy and drop all packets on the port that match the destinationaddress of the packet. The rule is also qualified with the EtherType of the protocol if it definesone.

The protocol filtering data-plane inspects all packets received from ports that have protocol filtersattached, and drops any packet that matches any of the protocols configured in the protocol filter.



6 L2PT Limitations• L2PT and protocol filtering is implemented in software, so the number of frames that can be filtered

or tunneled is limited.

• Both L2PT and protocol filtering can be configured only through CLI. Configuration throughSNMP/XML is not supported for this release.

• If L2PT configurations are made on PWs, these configurations are lost on a restart of the MPLSprocess unless the L2PT process is also restarted.

• If L2PT configurations are made on a VPLS or VPWS service, dot1p tag inclusion must be enabled onthe VPLS/VPWS.

• When tunneling protocols are point-to-point in nature, it is your responsibility to ensure that thereare only two tunnel endpoints for the protocol.

• If a protocol that is configured to be tunneled on a service interface cannot be uniquely identified byits destination address and EtherType, then all packets with the same DA and EtherType of theprotocol being tunneled (but that are not really PDUs of the protocol) will be slow path forwarded.

• Tagged protocol PDUs cannot be tunneled over VLANs. Tagged protocol PDUs can only betunneled over VMANs (the VMAN can be the service VMAN for a VPLS/VPWS service, or astandalone VMAN). Untagged protocol PDUs can be tunneled over both VLANs and VMANs (theVLAN/VMAN can be standalone, or be the service VMAN for a VPLS/VPWS service).

• Untagged protocol PDUs cannot be bypassed if the ingress port is an untagged VMAN port with adefault CVID. Untagged protocol PDUs can be bypassed if the ingress port is an untagged VMANport without a default CVID.

• In VPLS, only full-mesh configuration is supported for L2PT.

• L2PT is not supported on VLAN ports that have a port specific tag.

• L2PT is not supported over VPLS/VPWS in ExtremeXOS 15.5.1.


7 STP

Spanning Tree Protocol OverviewSpan Tree DomainsSTP ConfigurationsPer VLAN Spanning TreeRapid Spanning Tree ProtocolMultiple Spanning Tree ProtocolSTP and Network LoginSTP Rules and RestrictionsConfigure STP on the SwitchDisplay STP SettingsSTP Configuration Examples

Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more faulttolerant. This chapter explains more about STP and the STP features supported by ExtremeXOS.

NoteSTP is a part of the 802.1D bridge specification defined by the IEEE Computer Society. Toexplain STP in terms used by the IEEE 802.1D specification, the switch will be referred to as abridge.

ExtremeXOS version 12.0 and later supports the new edition of the IEEE 802.1D standard (known asIEEE 802.1D-2004 ) for STP, which incorporates enhancements from the IEEE 802.1t-2001, IEEE 802.1W,and IEEE 802.1y standards. The IEEE 802.1D-2004 standard is backward compatible with the IEEE802.1D-1998 standard. For more information, see Compatibility Between IEEE 802.1D-1998 and IEEE802.1D-2004 STP Bridges on page 90.

Spanning Tree Protocol Overview

STP is a bridge-based mechanism for providing fault tolerance on networks.

STP allows you to implement parallel paths for network traffic and to ensure that redundant paths are:

• Disabled when the main paths are operational.

• Enabled if the main path fails.

NoteSTP and Extreme Standby Router Protocol (ESRP) cannot be configured on the same VLANsimultaneously.


Compatibility Between IEEE 802.1D-1998 and IEEE 802.1D-2004 STP Bridges

The IEEE 802.1D-2004 compliant bridges interoperate with the IEEE 802.1D-1998 compliant bridges.

To ensure seamless operation of your STP network, read this section before you configure STP on anyExtreme Networks device running ExtremeXOS 11.6 or later.

Differences in behavior between the two standards include the:

• Default port path cost

• Bridge priority

• Port priority

• Edge port behavior

This section describes the bridge behavior differences in more detail.

Default Port Path Cost

The 802.1D-2004 standard modified the default port path cost value to allow for higher link speeds.

A higher link speed can create a situation whereby an 802.1D-1998 compliant bridge could become themore favorable transit path.

For example, in the following figure, bridge A is the root bridge running the new 802.1D-2004 standard,bridges B and C are running the old 802.1D-1998 standard, and bridges D, E, and F are running the new802.1D-2004 standard. In addition, all ports are 100 Mbps links. The ports on bridges B and C have adefault path cost of 19, and the ports on bridge A, D, E, and F have a default path cost of 200,000.

Figure 25: 802.1D-1998 and 802.1D-2004 Mixed Bridge Topology

STP


If you use the default port path costs, bridge D blocks its port to bridge E, and all traffic betweenbridges D and E must traverse all of bridges in the network. Bridge D blocks its port to bridge Ebecause the path cost to the root bridge is less by going across bridges B and C (with a combined rootcost of 38) compared with going across bridge E (with a root cost of 200,000). In fact, if there were100 bridges between bridges B, C, and D running the old 802.1D-1998 standard with the default portpath costs, bridge D would still use that path because the path cost is still higher going across bridge E.

As a workaround and to prevent this situation, configure the port path cost to make links with the samespeed use the same path host value. In the example described above, configure the port path cost forthe 802.1D-2004 compliant bridges (bridges A, D, E, and F) to 19.

NoteYou cannot configure the port path cost on bridges B and C to 200,000 because the pathcost range setting for 802.1D-1998 compliant bridges is 1 to 65,535.

To configure the port path cost, use the following command:

configure stpd stpd_name ports cost [auto | cost] port_list

Bridge Priority

By configuring the STPD bridge priority, you make the bridge more or less likely to become the rootbridge.

Unlike the 802.1D-1998 standard, the 802.1D-2004 standard restricts the bridge priority to a 16-bitnumber that must be a multiple of 4,096. The new priority range is 0 to 61,440 and is subject to themultiple of 4,096 restriction. The old priority range was 0 to 65,535 and was not subject to the multipleof 4,096 restriction (except for MSTP configurations). The default bridge priority remains the same at32,768.

If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP bridge prioritythat is not a multiple of 4,096, the switch rejects the entry and the bridge priority returns to the defaultvalue while loading the structure. The MSTP implementation in ExtremeXOS already uses multiples of4,096 to determine the bridge priority.

To configure the bridge priority, use the following command:

configure stpd stpd_name priority priority

For example, to lower the numerical value of the priority (which gives the priority a higher precedence),you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672. If you modify the priority by avalue other than 4,096, the switch automatically changes the priority to the lower priority value. Forexample, if you configure a priority of 31,000, the switch automatically changes the priority to 28,672.

Port Priority

The port priority value is always paired with the port number to make up the 16-bit port identifier,which is used in various STP operations and the STP state machines.

Unlike the 802.1D-1998 standard, the 802.1D-2004 standard uses only the four most significant bits forthe port priority and it must be a multiple of 16. The new priority range available is 0 to 240 and is

STP


subject to the multiple of 16 restriction. The 802.1D-1998 standard uses the eight most significant bitsfor the port priority. The old priority range was 0 to 31 and was not subject to the multiple of 16restriction.

To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existingconfigure stpd ports priority command is available. If you have an ExtremeXOS 11.5 orearlier configuration, the switch interprets the port priority based on the 802.1D-1998 standard. If theswitch reads a value that is not supported in ExtremeXOS 11.6 or later, the switch rejects the entry.

When you save the port priority value, the switch saves it as the command configure stpd portsport-priority with the corresponding change in value.

For example, if the switch reads the configure stpd ports priority 16 command from anExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command configure stpdports priority 8 entered through CLI), the switch saves the value as configure stpd portsport-priority 128.

Edge Port Behavior

In ExtremeXOS 11.5 or earlier, Extreme Networks had two edge port implementations: edge port andedge port with safeguard.

The 802.1D-2004 standard has a bridge detection state machine, which introduced a thirdimplementation of edge port behavior. The following list describes the behaviors of the different edgeport implementations:

• Edge port (ExtremeXOS 11.5 and earlier):

• The port does not send bridge protocol data units (BPDUs).

• The port does not run a state machine.

• If BPDUs are received, the port discards the BPDU and enters the blocking state.

• If subsequent BPDUs are not received, the port remains in the forwarding state.

• Edge port with safeguard configured (ExtremeXOS 11.5 and 11.4 only):

• The port sends BPDUs.

• When configured for MSTP, the port runs a partial state machine.

• If BPDUs are received, the port enters the blocking state.

• If subsequent BPDUs are not received, the port attempts to enter the forwarding state.

• Edge port running 802.1D-2004 with safeguard enabled:

• The port sends BPDUs.

• The port runs a state machine.

• If BPDUs are received, the port behaves as a normal RSTP port by entering the forwarding stateand participating in RSTP.

• If subsequent BPDUs are not received, the port attempts to become the edge port again.

Edge port with safeguard prevents accidental or deliberate misconfigurations (loops) by having edgeports enter the blocking state upon receiving a BPDU. The 802.1D-2004 standard implements a bridgedetection mechanism that causes an edge port to transition to a non-edge port upon receiving a BPDU;however, if the former edge port does not receive any subsequent BPDUs during a pre-determinedinterval, the port attempts to become an edge port.

STP


If an 802.1D-2004 compliant safeguard port (edge port) connects to an 802.1D-1998 compliant edgeport with safeguard configured, the old safeguard port enters the blocking state. Although the newsafeguard port becomes a designated port, the link is not complete (and thus no loop is formed)because one side of the link is blocked.

Restricted Role

In a large metro environment, to prevent external bridges from influencing the spanning tree activetopology, the following commands have been introduced for Rapid Spanning Tree Protocol (RSTP) andMultiple Spanning Tree Protocol (MSTP).

• configure stpd stpd_name ports restricted-role enable port_list

• This command enables restricted role on a specified port in the core network to prevent externalbridges from influencing the spanning tree active topology.

• Restricted role should not be enabled with edge mode.

• stpd_name—Specifies an STPD name on the switch.

• port_list—Specifies one or more ports or slots and ports.

• Enabling restricted role causes a port to not be selected as a root port, even if it has the bestspanning tree priority vector. Such a port is selected as an alternate port after the root port isselected. The restricted role is disabled by default. If set, it can cause a lack of spanning treeconnectivity.

• A network administrator enables restricted role to prevent external bridges from influencing thespanning tree active topology.

• configure stpd stpd_name ports restricted-role disable port_list

• This command disables restricted role on a specified port in the core network.

• stpd_name—Specifies an STPD name on the switch.

• port_list—Specifies one or more ports or slots and ports.

• Restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. Anetwork administrator enables restricted role to prevent external bridges from influencing thespanning tree active topology.

BPDU Restrict on Edge Safeguard

BPDU restrict causes a port on which this feature is configured to be disabled as soon as an STP BPDUis received on that port, thus allowing you to enforce the STP domain borders and keep the activetopology predictable.

The following figure shows a BPDU restrict example.

STP


Figure 26: BPDU Restrict

In this figure, loops on the LAN access switches are not prevented since the ports towards thedistribution switches are not running STP but Software Redundant Ports (SRP). Currently, ExtremeXOSsoftware cannot run STP on ports that are configured for SRP. STP on the access switch is unaware ofthe alternate path and therefore cannot prevent the loop that exists across the switches. Configuring aport as an edge mode port alone cannot prevent the loop between the switches because edge portsnever send BPDUs. The edge safeguard feature is not able to prevent the loops because STP does nothave the information about the alternate path.

To prevent the loops across the switches, the edge safeguard feature can be configured with the BPDUrestrict function. When running in BPDU restrict mode, edge safeguard ports send STP BPDUs at a rateof one very two seconds. The port is disabled as soon as an STP BPDU is received on the BPDU restrictport, thereby preventing the loop. Flexibility is provided with an option to re-enable the port after auser specified time period. If a user enables a port while STP has disabled it, the port is operationallyenabled; STP is notified and then stops any recovery timeout that has started.

When an STPD is disabled for a BPDU restrict configured port, an STP port in 802.1D operation modebegins forwarding immediately, but in the RSTP or MSTP operation modes, the port remains in thedisabled state.

BPDU restrict is available on all of the three operational modes of STP: 802.1D, RSTP, and MSTP.

Although edge safeguard is not available in 802.1D operation mode, when you configure BPDU restrictyou do so in a similar way, that is, as an extension of edge safeguard; then only BPDU restrict isavailable on the port and not edge safeguard.

To configure BPDU restrict, use the command:

• configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdu-

restrict} {recovery-timeout {seconds}}

• BPDU restrict can also be configured by using the following commands:

• configure {stpd} stpd_name ports bpdu-restrict [enable | disable] port_list

{recovery-timeout {seconds}}

• configure stpd stpd_name ports link-type [[auto | broadcast | point-to-

point] port_list | edge port_list {edge-safeguard [enable | disable] {bpdu-

restrict} {recovery-timeout seconds}}]

STP


To include BPDU restrict functionality when configuring link types or edge safeguard, see ConfiguringLink Types on page 114 and Configuring Edge Safeguard on page 114.

The example below shows a BPDU restrict configuration:

* switch # configure s1 ports edge-safeguard enable 9 bpdu-restrict recovery-timeout 400.

The following is sample output from the show s1 ports command resulting from the configuration:

switch # show s1 portsPort Mode State Cost Flags Priority Port ID Designated Bridge9 EMISTP FORWARDING 20000 eDee-w-G-- 128 8009 80:00:00:04:96:26:5f:4eTotal Ports: 1------------------------- Flags: ----------------------------1: e=Enable, d=Disable2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto4: (Oper. type) b=broadcast, p=point-to-point, e=edge5: p=proposing, a=agree6: (partner mode) d = 802.1d, w = 802.1w, m = mstp7: i = edgeport inconsistency8: S = edgeport safe guard actives = edgeport safe guard configured but inactive8: G = edgeport safe guard bpdu restrict active in 802.1w and mstpg = edgeport safe guard bpdu restrict active in 802.1d9: B = Boundary, I = Internal10: r = Restricted Roleswitch # show configuration stp## Module stp configuration.#configure mstp region 000496265f4econfigure stpd s0 delete vlan default ports alldisable stpd s0 auto-bind vlan defaultcreate stpd s1configure stpd s1 mode dot1wenable stpd s0 auto-bind vlan Defaultconfigure stpd s1 add vlan v1 ports 9 emistpconfigure stpd s1 ports mode emistp 9configure stpd s1 ports cost auto 9configure stpd s1 ports port-priority 128 9configure stpd s1 ports link-type edge 9configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400enable stpd s1 ports 9configure stpd s1 tag 10enable stpd s1

STP


The following is sample output for STP operation mode dot1d from the show configuration stpcommand:

switch # show configuration stp## Module stp configuration.#configure mstp region region2configure stpd s0 delete vlan default ports alldisable stpd s0 auto-bind vlan defaultcreate stpd s1enable stpd s0 auto-bind vlan Defaultconfigure stpd s1 add vlan v1 ports 9 emistpconfigure stpd s1 ports mode emistp 9configure stpd s1 ports cost auto 9configure stpd s1 ports priority 16 9configure stpd s1 ports link-type edge 9configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400enable stpd s1 ports 9configure stpd s1 tag 10enable stpd s1

Span Tree Domains

The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independentSpanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). EachSTPD has its own root bridge and active path. After an STPD is created, one or more VLANs can beassigned to it.

A physical port can belong to multiple STPDs. In addition, a VLAN can span multiple STPDs.

The key points to remember when configuring VLANs and STP are:

• Each VLAN forms an independent broadcast domain.

• STP blocks paths to create a loop-free environment.

• Within any given STPD, all VLANs belonging to it use the same spanning tree.

• To create an STPD, use the command:

create stpd stpd_name {description stpd-description}

• To delete an STPD, use the command:

delete stpd stpd_name

User-created STPD names are not case-sensitive.

For detailed information about configuring STP and various STP parameters on the switch, see Configure STP on the Switch on page 137.

STP


Member VLANs

When you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types ofmember VLANs in an STPD are:

• Carrier

• Protected

Carrier VLAN

A carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belongto the STPD and if configured, the 802.1Q tag used to transport Extreme Multiple Instance SpanningTree Protocol (EMISTP) or Per VLAN Spanning Tree (PVST+) encapsulated bridge protocol data units(BPDUs).

See Encapsulation Modes on page 99 for more information about encapsulating STP BPDUs.

Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside the controlof any STPD at the same time.

If you configure EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrier VLAN inthat STPD. See Specifying the Carrier VLAN on page 98 for an example.

If you have an 802.1D configuration, we recommend that you configure the StpdID to be identical to theVLAN ID of the carrier VLAN in that STPD. See Basic 802.1D Configuration Example on page 140 for anexample.

If you configure Multiple Spanning Tree (MSTP—IEEE 802.1Q-2003, formerly IEEE 802.1s), you do notneed carrier VLANs for MSTP operation. With MSTP, you configure a Common and Internal SpanningTree (CIST) that controls the connectivity of interconnecting MSTP regions and sends BPDUs across theregions to communicate the status of MSTP regions. All VLANs participating in the MSTP region havethe same privileges. For more information about MSTP, see Multiple Spanning Tree Protocol on page123.

Protected VLAN

Protected VLANs are all other VLANs that are members of the STPD.

These VLANs “piggyback” on the carrier VLAN. Protected VLANs do not transmit or receive STPBPDUs, but they are affected by STP state changes and inherit the state of the carrier VLAN. ProtectedVLANs can participate in multiple STPDs, but any particular port in the VLAN can belong to only oneSTPD. Also known as non-carrier VLANs.

If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs donot transmit or receive STP BPDUs, but they are affected by STP state changes communicated by theCIST to the MSTP regions. Multiple spanning tree instances (MSTIs) cannot share the same protectedVLAN; however, any port in a protected VLAN can belong to multiple MSTIs. For more informationabout MSTP, see Multiple Spanning Tree Protocol on page 123.

STP


Specifying the Carrier VLAN

The following example:

• Creates and enables an STPD named s8.

• Creates a carrier VLAN named v5.

• Assigns VLAN v5 to STPD s8.

• Creates the same tag ID for the VLAN and the STPD (the carrier VLAN’s ID must be identical to theSTPD’s ID).

create vlan v5configure vlan v5 tag 100configure vlan v5 add ports 1:1-1:20 taggedcreate stpd s8configure stpd s8 add vlan v5 ports all emistpconfigure stpd s8 tag 100enable stpd s8

Notice how the tag number for the VLAN v5 (100) is identical to the tag for STPD s8. By using identicaltags, you have selected the carrier VLAN. The carrier VLAN's ID is now identical to the STPD's ID.

STPD Modes

An STPD has three modes of operation:

• 802.1D mode

Use this mode for backward compatibility with previous STP versions and for compatibility withthird-party switches using IEEE standard 802.1D. When configured in this mode, all rapidconfiguration mechanisms are disabled.

• 802.1w mode

Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode, allrapid configuration mechanisms are enabled. The benefit of this mode is available on point-to-pointlinks only and when the peer is likewise configured in 802.1w mode. If you do not select point-to-point links and the peer is not configured for 802.1w mode, the STPD fails back to 802.1D mode.

You can enable or disable RSTP on a per STPD basis only; you cannot enable RSTP on a per portbasis.

For more information about RSTP and RSTP features, see Rapid Spanning Tree Protocol on page112.

• MSTP mode

Use this mode for compatibility with MSTP. MSTP is an extension of RSTP and offers the benefit ofbetter scaling with fast convergence. When configured in this mode, all rapid configurationmechanisms are enabled. The benefit of MSTP is available only on point-to-point links and when youconfigure the peer in MSTP or 802.1w mode. If you do not select point-to-point links and the peer isnot configured in 802.1w mode, the STPD fails back to 802.1D mode.

STP


You must first configure a CIST before configuring any MSTIs in the region. You cannot delete ordisable a CIST if any of the MSTIs are active in the system.

You can create only one MSTP region on the switch, and all switches that participate in the regionmust have the same regional configurations. You can enable or disable an MSTP on a per STPD basisonly; you cannot enable MSTP on a per port basis.

If configured in MSTP mode, an STPD uses the 802.1D BPDU encapsulation mode by default. Toensure correct operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulationmode for MSTP STPDs.

For more information about MSTP and MSTP features, see Multiple Spanning Tree Protocol on page123.

By default:

• The STPD operates in 802.1D mode.

• The default device configuration contains a single STPD called s0.

• The default VLAN is a member of STPD s0 with autobind enabled.

To configure the mode of operation of an STPD, use the following command:

configure stpd stpd_name mode [dot1d | dot1w | mstp [cist | msti instance]]

All STP parameters default to the IEEE 802.1D values, as appropriate.

Encapsulation Modes

You can configure ports within an STPD to accept specific BPDU encapsulations.

This STP port encapsulation is separate from the STP mode of operation. For example, you canconfigure a port to accept the PVST+ BPDU encapsulation while running in 802.1D mode.

An STP port has three possible encapsulation modes:

• 802.1D mode

Use this mode for backward compatibility with previous STP versions and for compatibility withthird-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. Becauseof this, any given physical interface can have only one STPD running in 802.1D mode.

This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, andMSTP.

• Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode

EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physicalport to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significantflexibility to STP network design. BPDUs are sent with an 802.1Q tag having an STPD instanceIdentifier (STPD ID) in the VLAN ID field.

This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.

• Per VLAN Spanning Tree (PVST+) mode

STP


This mode implements PVST+ in compatibility with third-party switches running this version of STP.The STPDs running in this mode have a one-to-one relationship with VLANs and send and processpackets in PVST+ format.


These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs tomultiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run indifferent modes for different domains to which it belongs.

If configured in MSTP mode, an STPD uses the 802.1D BPDU encapsulation mode by default. To ensurecorrect operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode forMSTP STPDs.

• To configure the BPDU encapsulation mode for one or more STP ports, use the command:

• configure stpd stpd_name ports mode [dot1d | emistp | pvst-plus] port_list

• To configure the default BPDU encapsulation mode on a per STPD basis, use the command:

• configure stpd stpd_name default-encapsulation [dot1d | emistp | pvst-plus]

Instead of accepting the default encapsulation modes of dot1d for the default STPD s0 and emistp forall other STPDs, this command allows you to specify the type of BPDU encapsulation to use for all portsadded to the STPD (if not otherwise specified).

STPD Identifier

An StpdID is used to identify each STP domain.

When assigning the StpdID when configuring the domain, ensure that the carrier VLAN of that STPDdoes not belong to another STPD. Unless all ports are running in 802.1D mode, an STPD with portsrunning in either EMISTP mode or PVST+ mode must be configured with an StpdID.

An StpdID must be identical to the VLAN ID of the carrier VLAN in that STP domain. For an 802.1DSTPD, the VLAN ID can be either a user-defined ID or one automatically assigned by the switch.

NoteIf an STPD contains at least one port not in 802.1D mode, you must configure the STPD withan StpdID.

MSTP uses two different methods to identify the STPDs that are part of the MSTP network. An instanceID of 0 identifies the CIST. The switch assigns this ID automatically when you configure the CIST STPD.An MSTI identifier (MSTI ID) identifies each STP domain that is part of an MSTP region. You assign theMSTI ID when configuring the STPD that participates in the MSTP region. In an MSTP region, MSTI IDsonly have local significance. You can reuse MSTI IDs across MSTP regions. For more information aboutMSTP and MSTP features, see Multiple Spanning Tree Protocol on page 123.

STP States

Each port that belongs to a member VLAN participating in STP exists in one of the following states:

STP


Blocking A port in the blocking state does not accept ingress traffic, perform traffic forwarding, or learn MACsource addresses. The port receives STP BPDUs. During STP initialization, the switch always entersthe blocking state.

Listening A port in the listening state does not accept ingress traffic, perform traffic forwarding, or learn MACsource addresses. The port receives STP BPDUs. This is the first transitional state a port enters afterbeing in the blocking state. The bridge listens for BPDUs from neighboring bridge(s) to determinewhether the port should or should not be blocked.

Learning A port in the learning state does not accept ingress traffic or perform traffic forwarding, but it beginsto learn MAC source addresses. The port also receives and processes STP BPDUs. This is the secondtransitional state after listening. From learning, the port will change to either blocking or forwarding.

Forwarding A port in the forwarding state accepts ingress traffic, learns new MAC source addresses, forwardstraffic, and receives and processes STP BPDUs.

Disabled A port in the disabled state does not participate in STP; however, it will forward traffic and learn newMAC source addresses.

Binding Ports

There are two ways to bind (add) ports to an STPD: manually and automatically. By default, ports aremanually added to an STPD.

NoteThe default VLAN and STPD S0 are already on the switch.

Manually Binding Ports

• To manually bind ports, use the commands: configure stpd stpd_name add vlan vlan_name ports [all | port_list] {[dot1d |

emistp | pvst-plus]}

configure vlan vlan_name add ports [all | port_list] {tagged {tag} | untagged}

stpd stpd_name {[dot1d | emistp | pvst-plus]}

The first command adds all ports or a list of ports within the specified VLAN to an STPD. For EMISTPand PVST+, the carrier VLAN must already exist on the same set of ports. The second commandadds all ports or a list of ports to the specified VLAN and STPD at the same time. If the ports areadded to the VLAN but not to the STPD, the ports remain in the VLAN.

For EMISTP and PVST+, if the specified VLAN is not the carrier VLAN and the specified ports are notbound to the carrier VLAN, the system displays an error message. If you configure MSTP on yourswitch, MSTP does not need carrier VLANs.

NoteThe carrier VLAN's ID must be identical to the ID of the STP domain.

If you add a protected VLAN or port, that addition inherits the carrier VLAN’s encapsulation mode,unless you specify the encapsulation mode when you execute the configure stpd add vlanor configure vlan add ports stpd commands. If you specify an encapsulation mode(dot1d, emistp, or pvst-plus), the STP port mode is changed to match; otherwise, the STP portinherits either the carrier VLANs encapsulation mode on that port or the STPD’s defaultencapsulation mode.

STP


For MSTP, you do not need carrier a VLAN. A CIST controls the connectivity of interconnectingMSTP regions and sends BPDUs across the regions to communicate region status. You must use thedot1d encapsulation mode in an MSTP environment. For more information about MSTP, see thesection Multiple Spanning Tree Protocol on page 123.

• To remove ports, use the command:

configure stpd stpd_name delete vlan vlan_name ports [all | port_list]

If you manually delete a protected VLAN or port, only that VLAN or port is removed. If you manuallydelete a carrier VLAN or port, all VLANs on that port (both carrier and protected) are deleted fromthat STPD.

To learn more about member VLANs, see Member VLANs on page 97. For more detailed informationabout these command line interface (CLI) commands, see the ExtremeXOS Command Reference Guide.

Automatically Binding Ports

• To automatically bind ports to an STPD when the ports are added to a VLAN, use the command:

enable stpd stpd_name auto-bind vlan vlan_name

The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on thedefault VLAN that participates in the default STPD S0.

For EMISTP or PVST+, when you issue this command, any port or list of ports that you add to thecarrier VLAN are automatically added to the STPD with autobind enabled. In addition, any port orlist of ports that you remove from a carrier VLAN are automatically removed from the STPD. Thisfeature allows the STPD to increase or decrease its span as ports are added to or removed from acarrier VLAN.

NoteThe carrier VLAN's ID must be identical to the ID of the STP domain.

Enabling autobind on a protected VLAN does not expand the boundary of the STPD.

If the same set of ports are members of the protected VLAN and the carrier VLAN, protectedVLANs are aware of STP state changes. For example, assume you have the following scenario:

• Carrier VLAN named v1

• v1 contains ports 3:1-3:2

• Protected VLAN named v2

• v2 contains ports 3:1-3:4

Since v1 contains ports 3:1-3:2, v2 is aware only of the STP changes for ports 3:1 and 3:2, respectively.Ports 3:3 and 3:4 are not part of the STPD, which is why v2 is not aware of any STP changes forthose ports.

In addition, enabling autobind on a protected VLAN causes ports to be automatically added orremoved as the carrier VLAN changes.

For MSTP, when you issue this command, any port or list of ports that gets automatically added toan MSTI are automatically inherited by the CIST. In addition, any port or list of ports that you removefrom an MSTI protected VLAN are automatically removed from the CIST. For more information, see Automatically Inheriting Ports--MSTP Only on page 103.

STP


• To remove ports, enter the command:


If you manually delete a port from the STPD on a VLAN that has been added by autobind,ExtremeXOS records the deletion so that the port does not get automatically added to the STPDafter a system restart.

To learn more about the member VLANs, see Member VLANs on page 97. For more detailedinformation about these CLI commands, see the ExtremeXOS Command Reference Guide.

Automatically Inheriting Ports--MSTP Only

In an MSTP environment, whether you manually or automatically bind a port to an MSTI in an MSTPregion, the switch automatically binds that port to the CIST.

The CIST handles BPDU processing for itself and all of the MSTIs; therefore, the CIST must inherit portsfrom the MSTIs in order to transmit and receive BPDUs. You can only delete ports from the CIST if it isno longer a member of an MSTI.

For more information about MSTP, see Multiple Spanning Tree Protocol on page 123.

Rapid Root Failover

ExtremeXOS supports rapid root failover for faster STP failover recovery times in STP 802.1D mode. Ifthe active root port link goes down, ExtremeXOS recalculates STP and elects a new root port. The rapidroot failover feature allows the new root port to immediately begin forwarding, skipping the standardlistening and learning phases. Rapid root failover occurs only when the link goes down and not whenthere is any other root port failure, such as missing BPDUs.

The default setting for this feature is disabled.

• To enable rapid root failover, enter the command:

enable stpd stpd_name rapid-root-failover

• To display the configuration, enter the command:

show stpd {stpd_name | detail}

STP and Hitless Failover--Modular Switches Only

When you install two management modules (MSM/MM) in a BlackDiamond chassis or you are usingredundancy in a SummitStack, one node assumes the role of primary and the other node assumes therole of backup. The primary executes the switch’s management functions, and the backup acts in astandby role. Hitless failover transfers switch management control from the primary to the backup and

STP


maintains the state of STP. STP supports hitless failover. You do not explicitly configure hitless failoversupport; rather, if you have two nodes installed, hitless failover is available.

NoteNot all platforms support hitless failover in the same software release. To verify if thesoftware version you are running supports hitless failover, see the following table in Managing the Switch. For more information about protocol, platform, and MSM/MM supportfor hitless failover, see Understanding Hitless Failover Support.

To support hitless failover, the primary node replicates STP BPDUs to the backup, which allows thenodes to run STP in parallel. Although both primary and backup node receive STP BPDUs, only theprimary transmits STP BPDUs to neighboring switches and participates in STP.

NoteBefore initiating failover, review the section Synchronizing Nodes--Modular Switches andSummitStack Only to confirm that both primary and backup nodes are running software thatsupports the synchronize command.

To initiate hitless failover on a network that uses STP:

1 Confirm that the nodes are synchronized and have identical software and switch configurationsusing the command:

show switch {detail}

The output displays the status of the primary and backup nodes, with the primary node showingMASTER and the backup node showing BACKUP (InSync).

If the primary and backup nodes are not synchronized and both nodes are running a version ofExtremeXOS that supports synchronization, proceed to 2 on page 104.

If the primary and backup nodes are synchronized, proceed to 3 on page 104.

2 If the primary and backup nodes are not synchronized, use the synchronize command toreplicate all saved images and configurations from the primary to the backup.

After you confirm the nodes are synchronized, proceed to 3 on page 104.

3 If the nodes are synchronized, use the run failover (formerly run msm-failover) commandto initiate failover.

For more detailed information about verifying the status of the primary and backup nodes, and systemredundancy, see Understanding System Redundancy. For more information about hitless failover, see Understanding Hitless Failover Support.

STP Configurations

When you assign VLANs to an STPD, pay careful attention to the STP configuration and its effect onthe forwarding of VLAN traffic.

This section describes three types of STP configurations:

• Basic STP

• Multiple STPDs on a single port (which uses EMISTP)

STP


• A VLAN that spans multiple STPDs

Basic STP Configuration

This section describes a basic, 802.1D STP configuration. The following figure illustrates a network thatuses VLAN tagging for trunk connections.

The following four VLANs have been defined:

• Sales is defined on switch A, switch B, and switch M.

• Personnel is defined on switch A, switch B, and switch M.

• Manufacturing is defined on switch Y, switch Z, and switch M.

• Engineering is defined on switch Y, switch Z, and switch M.

• Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M).

Two STPDs are defined:

• STPD1 contains VLANs Sales and Personnel.

• STPD2 contains VLANs Manufacturing and Engineering.

The carrier and protected VLANs are also defined:

• Sales is the carrier VLAN on STPD1.

• Personnel is a protected VLAN on STPD1.

• Manufacturing is a protected VLAN on STPD2.

• Engineering is the carrier VLAN on STPD2.

• Marketing is a member of both STPD1 and STPD2 and is a protected VLAN.

STP


Figure 27: Multiple STPDs

When the switches in this configuration boot-up, STP configures each STPD such that the topologycontains no active loops. STP could configure the topology in a number of ways to make it loop-free.

In the following figure, the connection between switch A and switch B is put into blocking state, andthe connection between switch Y and switch Z is put into blocking state. After STP converges, all theVLANs can communicate, and all bridging loops are prevented.

The protected VLAN Marketing, which has been assigned to both STPD1 and STPD2, communicatesusing all five switches. The topology has no loops, because STP has already blocked the portconnection between switch A and switch B and between switch Y and switch Z.

Within a single STPD, you must be extra careful when configuring your VLANs. The following figureillustrates a network that has been incorrectly set up using a single STPD so that the STP configurationdisables the ability of the switches to forward VLAN traffic.

STP


Figure 28: Incorrect Tag-Based STPD Configuration

The tag-based network in the following figure has the following configuration:

• Switch 1 contains VLAN Marketing and VLAN Sales.

• Switch 2 contains VLAN Engineering and VLAN Sales.

• Switch 3 contains VLAN Marketing, VLAN Engineering, and VLAN Sales.

• The tagged trunk connections for three switches form a triangular loop that is not permitted in anSTP topology.

• All VLANs in each switch are members of the same STPD.

STP can block traffic between switch 1 and switch 3 by disabling the trunk ports for that connection oneach switch.

Switch 2 has no ports assigned to VLAN Marketing. Therefore, if the trunk for VLAN Marketing onswitches 1 and 3 is blocked, the traffic for VLAN Marketing will not be able to traverse the switches.

NoteIf an STPD contains multiple VLANs, all VLANs should be configured on all ports in thatdomain, except for ports that connect to hosts (edge ports).

Multiple STPDs on a Port

Traditional 802.1D STP has some inherent limitations when addressing networks that have multipleVLANs and multiple STPDs.

For example, consider the sample depicted in the following figure.

STP


Figure 29: Limitations of Traditional STPD

The two switches are connected by a pair of parallel links. Both switches run two VLANs, A and B. Toachieve load-balancing between the two links using the traditional approach, you would have toassociate A and B with two different STPDs, called S1 and S2, respectively, and make the left link carryVLAN A traffic while the right link carries VLAN B traffic (or vice versa). If the right link fails, S2 isbroken and VLAN B traffic is disrupted.

To optimize the solution, you can use the Extreme Multiple Instance Spanning (EMISTP) mode, whichallows a port to belong to multiple STPDs. EMISTP adds significant flexibility to STP network design.Referring to the figure above, using EMISTP, you can configure all four ports to belong to both VLANs.

Assuming that S1 and S2 still correspond to VLANs A and B respectively, you can fine-tune STPparameters to make the left link active in S1 and blocking in S2, while the right link is active in S2 andblocking in S1. Again, if the right link fails, the left link is elected active by the STP algorithm for S2,without affecting normal switching of data traffic.

Using EMISTP, an STPD becomes more of an abstract concept. The STPD does not necessarilycorrespond to a physical domain; it is better regarded as a vehicle to carry VLANs that have STPinstances. Because VLANs can overlap, so do STPDs. However, even if the different STPDs share theentire topology or part of the redundant topology, the STPDs react to topology change events in anindependent fashion.

VLANs Spanning Multiple STPDs

Traditionally, the mapping from VLANs to STP instances have been one-to-one or many-to-one.

In both cases, a VLAN is wholly contained in a single instance. In practical deployment there are casesin which a one-to-many mapping is desirable. In a typical large enterprise network, for example, VLANsspan multiple sites and/or buildings. Each site represents a redundant looped area. However, betweenany two sites the topology is usually very simple.

Alternatively, the same VLAN may span multiple large geographical areas (because they belong to thesame enterprise) and may traverse a great many nodes.

STP


In this case, it is desirable to have multiple STP domains operating in a single VLAN, one for eachlooped area.

The justifications include the following:

• The complexity of the STP algorithm increases, and performance drops, with the size andcomplexity of the network. The 802.1D standard specifies a maximum network diameter of sevenhops. By segregating a big VLAN into multiple STPDs, you reduce complexity and enhanceperformance.

• Local to each site, there may be other smaller VLANs that share the same redundant looped areawith the large VLAN. Some STPDs must be created to protect those VLANs. The ability to partitionVLANs allows the large VLAN to be "piggybacked" in those STPDs in a site-specific fashion.

The following figure has five domains. VLANs green, blue, brown, and yellow are local to each domain.VLAN red spans all of the four domains. Using a VLAN that spans multiple STPDS, you do not have tocreate a separate domain for VLAN red. Instead, VLAN red is “piggybacked” onto those domains localto other VLANs.

Figure 30: VLANs Spanning Multiple STPDs

In addition, the configuration in the figure has these features:

• Each site can be administered by a different organization or department within the enterprise.Having a site-specific STP implementation makes the administration more flexible and convenient.

• Between the sites the connections usually traverse distribution switches in ways that are knownbeforehand to be “safe” with STP. In other words, the looped areas are already well defined.

EMISTP Deployment Constraints

Although EMISTP greatly enhances STP capability, these features must deployed with care.

This section describes configuration issues that, if not followed, could lead to an improper deploymentof EMISTP. This section also provides the following restrictive principles to abide by in network design:

• Although a physical port can belong to multiple STPDs, any VLAN on that port can be in only onedomain. Put another way, a VLAN cannot belong to two STPDs on the same physical port.

• Although a VLAN can span multiple domains, any LAN segment in that VLAN must be in the sameSTPD. VLANs traverse STPDs only inside switches, not across links. On a single switch, however,

STP


bridge ports for the same VLAN can be assigned to different STPDs. This scenario is illustrated inthe following figure.

Figure 31: VLANs Traverse Domains Inside Switches

• The VLAN partition feature is deployed under the premise that the overall inter-domain topologyfor that VLAN is loop-free. Consider the case in the following figure, VLAN red (the only VLAN in thefigure) spans STPDs 1, 2, and 3. Inside each domain, STP produces a loop-free topology. However,VLAN red is still looped, because the three domains form a ring among themselves.

STP


Figure 32: Looped VLAN Topology

• A necessary (but not sufficient) condition for a loop-free inter-domain topology is that every twodomains only meet at a single crossing point.

NoteYou can use MSTP to overcome the EMISTP constraints described in this section.

Per VLAN Spanning Tree

Switching products that implement Per VLAN Spanning Tree (PVST) have been in existence for manyyears and are widely deployed.

To support STP configurations that use PVST, ExtremeXOS has an operational mode called PVST+.

NoteIn this document, PVST and PVST+ are used interchangeably. PVST+ is an enhanced versionof PVST that is interoperable with 802.1Q STP. The following discussions are in regard toPVST+, if not specifically mentioned.

STPD VLAN Mapping

Each VLAN participating in PVST+ must be in a separate STPD, and the VLAN number (VLAN ID) mustbe the same as the STPD identifier (STPD ID).

As a result, PVST+ protected VLANs cannot be partitioned.

STP


This fact does not exclude other non-PVST+ protected VLANs from being grouped into the same STPD.A protected PVST+ VLAN can be joined by multiple non-PVST+ protected VLANs to be in the sameSTPD.

NoteWhen PVST+ is used to interoperate with other networking devices, each VLAN participatingin PVST+ must be in a separate STP domain.

Native VLAN

In PVST+, the native VLAN must be peered with the default VLAN on Extreme Networks devices, asboth are the only VLANs allowed to send and receive untagged packets on the physical port.

Third-party PVST+ devices send VLAN 1 packets in a special manner. ExtremeXOS does not supportPVST+ for VLAN 1. Therefore, when the switch receives a packet for VLAN 1, the packet is dropped.

When a PVST+ instance is disabled, the fact that PVST+ uses a different packet format raises an issue. Ifthe STPD also contains ports not in PVST+ mode, the flooded packet has an incompatible format withthose ports. The packet is not recognized by the devices connected to those ports.

Rapid Spanning Tree Protocol

The Rapid Spanning Tree Protocol (RSTP), originally in the IEEE 802.1w standard and now part of theIEEE 802.1D-2004 standard, provides an enhanced spanning tree algorithm that improves theconvergence speed of bridged networks.

RSTP takes advantage of point-to-point links in the network and actively confirms that a port can safelytransition to the forwarding state without relying on any timer configurations. If a network topologychange or failure occurs, RSTP rapidly recovers network connectivity by confirming the change locallybefore propagating that change to other devices across the network. For broadcast links, there is nodifference in convergence time between STP and RSTP.

RSTP supersedes legacy STP protocols, supports the existing STP parameters and configurations, andallows for seamless interoperability with legacy STP.

RSTP Concepts

Port Roles

RSTP uses information from BPDUs to assign port roles for each LAN segment. Port roles are not user-configurable. Port role assignments are determined based on the following criteria:

• A unique bridge identifier (MAC address) associated with each bridge

• The path cost associated with each bridge port

• A port identifier associated with each bridge port

STP


RSTP assigns one of the following port roles to bridge ports in the network, as described in thefollowing table.

Table 5: RSTP Port RolesPort Role Description

Root Provides the shortest (lowest) path cost to the root bridge. Each bridge has only one root port;the root bridge does not have a root port. If a bridge has two or more ports with the same pathcost, the port with the best port identifier (lowest MAC address) becomes the root port.

Designated Provides the shortest path connection to the root bridge for the attached LAN segment. Toprevent loops in the network, there is only one designated port on each LAN segment. To selectthe designated port, all bridges that are connected to a particular segment listen to each other’sBPDUs and agree on the bridge sending the best BPDU. The corresponding port on that bridgebecomes the designated port. If there are two or more ports connected to the LAN, the port withthe best port identifier becomes the designated port.

Alternate Provides an alternate path to the root bridge and the root port.

Backup Supports the designated port on the same attached LAN segment. Backup ports exist only whenthe bridge is connected as a self-loop or to a shared-media segment.

Disabled A port in the disabled state does not participate in RSTP; however, it will forward traffic and learnnew MAC source addresses.

When RSTP stabilizes:

• All root ports and designated ports are in the forwarding state.

• All alternate ports and backup ports are in the blocking state.

RSTP makes the distinction between the alternate and backup port roles to describe the rapidtransition of the alternate port to the forwarding state if the root port fails.

To prevent a port from becoming an alternate or backup port, use the command:

configure stpd stpd_name ports active-role enable port .

To revert to the default that allows a port to be elected to any STP port role, use the command:

configure stpd stpd_name ports active-role disable port

To view the active-role status, use teh command: show stpd ports

Link Types

With RSTP, you can configure the link type of a port in an STPD.

RSTP tries to rapidly move designated point-to-point links into the forwarding state when a networktopology change or failure occurs. For rapid convergence to occur, the port must be configured as apoint-to-point link.

The following table describes the link types.

STP


Table 6: RSTP Link TypesPort Link Type Description

Auto Specifies the switch to automatically determine the port link type. An auto link behaves like apoint-to-point link if the link is in full-duplex mode or if link aggregation is enabled on the port.Otherwise, the link behaves like a broadcast link used for 802.1w configurations.

Edge Specifies a port that does not have a bridge attached. An edge port is held in the STPforwarding state unless a BPDU is received by the port. In that case, the port behaves as anormal RSTP port. The port is no longer considered an edge port. If the port does not receivesubsequent BPDUs during a pre-determined time, the port attempts to become an edge port.ExtremeXOS 11.5 or earlier—An edge port is placed and held in the STP forwarding state unlessa BPDU is received by the port. In that case, an edge port enters and remains in the blockingstate until it stops receiving BPDUs and the message age timer expires.

Broadcast Specifies a port attached to a LAN segment with more than two bridges. A port with abroadcast link type cannot participate in rapid reconfiguration using RSTP or MSTP. By default,all ports are broadcast links.

Point-to-point Specifies a port attached to a LAN segment with only two bridges. A port with point-to-pointlink type can participate in rapid reconfiguration. Used for 802.1w and MSTP configurations.

Configuring Link Types

By default, all ports are broadcast links.

• To configure the ports in an STPD, enter the command:.

configure stpd stpd_name ports link-type [[auto | broadcast | point-to-point]

port_list | edge port_list {edge-safeguard [enable | disable] {bpdu-restrict}

{recovery-timeout seconds}}]

Where the following is true:

• auto—Configures the ports as auto links. If the link is in full-duplex mode or if link aggregation isenabled on the port, an auto link behaves like a point-to-point link.

• broadcast—Configures the ports as broadcast ports. By default, all ports are broadcast links.

• point-to-point—Configures the ports for rapid reconfiguration in an RSTP or MSTP environment.

• edge—Configures the ports as edge ports. For information about edge safeguard, see Configuring Edge Safeguard on page 114.

• To change the existing configuration of a port in an STPD, and return the port to factory defaults,enter the command:

unconfigure stpd stpd_name ports link-type port_list

• To display detailed information about the ports in an STPD, enter the command:

show {stpd} stpd_name ports {[detail | port_list {detail}]}

Configuring Edge Safeguard

Loop prevention and detection on an edge port configured for RSTP is called edge safeguard. You canconfigure edge safeguard on RSTP edge ports to prevent accidental or deliberate misconfigurations(loops) resulting from connecting two edge ports together or by connecting a hub or other non-STPswitch to an edge port. Edge safeguard also limits the impact of broadcast storms that might occur onedge ports. This advanced loop prevention mechanism improves network resiliency but does notinterfere with the rapid convergence of edge ports.

STP


An edge port configured with edge safeguard immediately enters the forwarding state and transmitsBPDUs. If a loop is detected, STP blocks the port. By default, an edge port without edge safeguardconfigured immediately enters the forwarding state but does not transmit BPDUs unless a BPDU isreceived by that edge port.

You can also configure edge safeguard for loop prevention and detection on an MSTP edge port.

• To configure an edge port and enable edge safeguard on that port, use the command:




• If you have already configured a port as an edge port and you want to enable edge safeguard onthe port, use the following command:

configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdu-


• To disable edge safeguard on an edge port, enter the command:

configure {stpd} stpd_name ports edge-safeguard disable port_list {bpdu-





In ExtremeXOS 11.5 and earlier, ports that connect to non-STP devices are edge ports. Edge ports donot participate in RSTP, and their role is not confirmed. Edge ports immediately enter the forwardingstate unless the port receives a BPDU. In that case, edge ports enter the blocking state. The edge portremains in the blocking state until it stops receiving BPDUs and the message age timer expires.

ExtremeXOS 11.6 and later support an enhanced bridge detection method, which is part of the802.1D-2004 standard. Ports that connect to non-STP devices are still considered edge ports. However,if you have an 802.1D-2004 compliant edge port, the bridge detection mechanism causes the edgeport to transition to a non-edge port upon receiving a BPDU. If the former edge port does not receive asubsequent BPDU during a pre-determined interval, the port attempts to become an edge port.

In ExtremeXOS 12.0.3 and 12.1.4 onwards, STP edge safeguard disables a port when a remote loop isdetected. ExtremeXOS versions prior to 12.0.3 and 12.1.4 place the port in blocking mode. The changewas made because BPDUs are still processed when a port is in a blocking state. A remote loop causesBPDUs to be exponentially duplicated which caused high CPU utilization on the switch even though theport was transitioned to a blocked state.

RSTP Timers

For RSTP to rapidly recover network connectivity, RSTP requires timer expiration. RSTP derives manyof the timer values from the existing configured STP timers to meet its rapid recovery requirementsrather than relying on additional timer configurations.

Table 7: User-Configurable Timers on page 116 describes the user-configurable timers, and the Table 8:Derived Timers on page 116 describes the timers that are derived from other timers and are not userconfigurable.

STP


Table 7: User-Configurable TimersTimer Description

Hello The root bridge uses the hello timer to send out configuration BPDUs through all ofits forwarding ports at a predetermined, regular time interval. The default value is 2seconds. The range is 1 to 10 seconds.

Forward delay A port moving from the blocking state to the forwarding state uses the forwarddelay timer to transition through the listening and learning states. In RSTP, this timercomplements the rapid configuration behavior. If none of the rapid rules are in effect,the port uses legacy STP rules to move to the forwarding state. The default is 15seconds. The range is 4 to 30 seconds.

Table 8: Derived TimersTimer Description

TCN The root port uses the topology change notification (TCN) timer when it detects achange in the network topology. The TCN timer stops when the topology changetimer expires or upon receipt of a topology change acknowledgement. The defaultvalue is the same as the value for the bridge hello timer.

Topology change The topology change timer determines the total time it takes the forwarding ports tosend configuration BPDUs. The default value for the topology change timer dependsupon the mode of the port:802.1D mode—The sum of the forward delay timer value (default value is 15 seconds;range of 4 to 30 seconds) and the maximum age timer value (default value is 20seconds; range of 6 to 40 seconds).802.1w mode—Double the hello timer value (default value is 4 seconds).

Message age A port uses the message age timer to time out receiving BPDUs. When a portreceives a superior or equal BPDU, the timer restarts. When the timer expires, theport becomes a designated port and a configuration update occurs. If the bridgeoperates in 1w mode and receives an inferior BPDU, the timer expires early. Thedefault value is the same as the STPD bridge max age parameter.

Hold A port uses the hold timer to restrict the rate that successive BPDUs can be sent. Thedefault value is the same as the value for the bridge hello timer.

Recent backup The timer starts when a port leaves the backup role. When this timer is running, theport cannot become a root port. The default value is double the hello time (4seconds).

Recent root The timer starts when a port leaves the root port role. When this timer is running,another port cannot become a root port unless the associated port is put into theblocking state. The default value is the same as the forward delay time.

The protocol migration timer is neither user-configurable nor derived; it has a set value of 3 seconds.The timer starts when a port transitions from STP (802.1D) mode to RSTP (802.1w) mode and vice-versa. This timer must expire before further mode transitions can occur.

RSTP Operation

In an RSTP environment, a point-to-point link LAN segment has two bridges.

STP


A switch that considers itself the unique, designated bridge for the attached LAN segment sends a“propose” message to the other bridge to request a confirmation of its role. The other bridge on thatLAN segment replies with an “agree” message if it agrees with the proposal. The receiving bridgeimmediately moves its designated port into the forwarding state.

Before a bridge replies with an “agree” message, it reverts all of its designated ports into the blockingstate. This introduces a temporary partition into the network. The bridge then sends another “propose”message on all of its designated ports for further confirmation. Because all of the connections areblocked, the bridge immediately sends an “agree” message to unblock the proposing port withouthaving to wait for further confirmations to come back or without the worry of temporary loops.

Beginning with the root bridge, each bridge in the network engages in the exchange of “propose” and“agree” messages until they reach the edge ports. Edge ports connect to non-STP devices and do notparticipate in RSTP. Their role does not need to be confirmed. If you have an 802.1D-2004 compliantedge port, the bridge detection mechanism causes the edge port to transition to a non-edge port uponreceiving a BPDU. If the former edge port does not receive a subsequent BPDU during a pre-determined interval, the port attempts to become an edge port.

RSTP attempts to transition root ports and designated ports to the forwarding state and alternate portsand backup ports to the blocking state as rapidly as possible.

A port transitions to the forwarding state if any of the port:

• Has been in either a root or designated port role long enough that the spanning tree informationsupporting this role assignment has reached all of the bridges in the network;

NoteRSTP is backward-compatible with STP, so if a port does not move to the forwardingstate with any of the RSTP rapid transition rules, a forward delay timer starts and STPbehavior takes over.

• Is now a root port and no other ports have a recent role assignment that contradicts with its rootport role;

• Is a designated port and attaches to another bridge by a point-to-point link and receives an “agree”message from the other bridge port; or

• Is an edge port. An edge port is a port connected to a non-STP device and is in the forwarding state.

The following sections provide more information about RSTP behavior.

Root Port Rapid Behavior

In the following figure, the diagram on the left displays the initial network topology with a single bridgehaving the following:

• Two ports are connected to a shared LAN segment.

• One port is the designated port.

• One port is the backup port.

The diagram on the right displays a new bridge that:

• Is connected to the LAN segment.

• Has a superior STP bridge priority.

STP


• Becomes the root bridge and sends a BPDU to the LAN that is received by both ports on the oldbridge.

Figure 33: Example of Root Port Rapid Behavior

If the backup port receives the BPDU first, STP processes this packet and temporarily elects this port asthe new root port while the designated port’s role remains unchanged. If the new root port isimmediately put into the forwarding state, there is a loop between these two ports.

To prevent this type of loop from occurring, the recent backup timer starts. The root port transition ruledoes not allow a new root port to be in the forwarding state until the recent backup timer expires.

Another situation may arise if you have more than one bridge and you lower the port cost for thealternate port, which makes it the new root port. The previous root port is now an alternate port.Depending on your STP implementation, STP may set the new root port to the forwarding state beforesetting the alternate port to the blocking state. This may cause a loop.

To prevent this type of loop from occurring, the recent root timer starts when the port leaves the rootport role. The timer stops if the port enters the blocking state. RSTP requires that the recent root timerstop on the previous root port before the new root port can enter the forwarding state.

Designated Port Rapid Behavior

When a port becomes a new designated port, or the STP priority changes on an existing designatedport, the port becomes an unsynced designated port.

For an unsynced designated port to rapidly move into the forwarding state, the port must propose aconfirmation of its role on the attached LAN segment (unless the port is an edge port). Upon receivingan “agree” message, the port immediately enters the forwarding state.

If the receiving bridge does not agree and it has a superior STP priority, the receiving bridge replieswith its own BPDU. Otherwise, the receiving bridge keeps silent, and the proposing port enters theforwarding state and starts the forward delay timer.

The link between the new designated port and the LAN segment must be a point-to-point link. If thereis a multi-access link, the “propose” message is sent to multiple recipients. If only one of the recipients

STP


agrees with the proposal, the port can erroneously enter the forwarding state after receiving a single“agree” message.

Receiving Bridge Behavior

The receiving bridge must decide whether or not to accept a proposal from a port.

Upon receiving a proposal for a root port, the receiving bridge:

• Processes the BPDU and computes the new STP topology.

• Synchronizes all of the designated ports if the receiving port is the root port of the new topology.

• Puts all unsynced, designated ports into the blocking state.

• Sends down further “propose” messages.

• Sends back an “agree” message through the root port.

If the receiving bridge receives a proposal for a designated port, the bridge replies with its own BPDU.If the proposal is for an alternate or backup port, the bridge keeps silent.

Propagating Topology Change Information

When a change occurs in the topology of the network, such events are communicated through thenetwork.

In an RSTP environment, only non-edge ports entering the forwarding state cause a topology change.A loss of network connectivity is not considered a topology change; however, a gain in networkconnectivity must be communicated. When an RSTP bridge detects a topology change, that bridgestarts the topology change timer, sets the topology change flag on its BPDUs, floods all of theforwarding ports in the network (including the root ports), and flushes the learned MAC addressentries.

Rapid Reconvergence

This section describes the RSTP rapid behavior following a topology change.

In this example, the bridge priorities are assigned based on the order of their alphabetical letters; bridgeA has a higher priority than bridge F.

Suppose you have a network, as shown in the following figure, with six bridges (bridge A throughbridge F) where the following is true:

• Bridge A is the root bridge.

• Bridge D contains an alternate port in the blocking state.

• All other ports in the network are in the forwarding state.

STP


Figure 34: Initial Network Configuration

The network reconverges in the following way:

If the link between bridge A and bridge F goes down, bridge F detects the root port is down. At thispoint, bridge F:

• Immediately disables that port from the STP.

• Performs a configuration update.

As shown in the following figure, after the configuration update, bridge F:

• Considers itself the new root bridge.

• Sends a BPDU message on its designated port to bridge E.

Figure 35: Down Link Detected

• Bridge E believes that bridge A is the root bridge. When bridge E receives the BPDU on its root portfrom bridge F, bridge E:

• Determines that it received an inferior BPDU.

• Immediately begins the max age timer on its root port.


As shown in the following figure, after the configuration update, bridge E:

• Regards itself as the new root bridge.

• Sends BPDU messages on both of its designated ports to bridges F and D, respectively.

STP


Figure 36: New Root Bridge Selected

As shown in the following figure, when bridge F receives the superior BPDU and configuration updatefrom bridge E, bridge F:

• Decides that the receiving port is the root port.

• Determines that bridge E is the root bridge.

Figure 37: Communicating New Root Bridge Status to Neighbors

Bridge D believes that bridge A is the root bridge. When bridge D receives the BPDU from bridge E onits alternate port, bridge D:

• Immediately begins the max age timer on its alternate port.


As shown in the following figure, after the configuration update, bridge D:

• Moves the alternate port to a designated port.

• Sends a “propose” message to bridge E to solicit confirmation of its designated role and to rapidlymove the port into the designated state.

STP


Figure 38: Sending a Propose Message to Confirm a Port Role

Upon receiving the proposal, bridge E (as shown in the following figure):


• Changes its receiving port to a root port.

The existing designated port enters the blocking state.

Bridge E then sends:

• A “propose” message to bridge F.

• An “agree” message from its root port to bridge D.

Figure 39: Communicating Port Status to Neighbors

To complete the topology change (as shown in the following figure):

• Bridge D moves the port that received the “agree” message into the forwarding state.

• Bridge F confirms that its receiving port (the port that received the “propose” message) is the rootport, and immediately replies with an “agree” message to bridge E to unblock the proposing port.

STP


Figure 40: Completing the Topology Change

The following figure displays the new topology.

Figure 41: Final Network Configuration

Compatibility With STP (802.1D)

RSTP interoperates with legacy STP protocols; however, the rapid convergence benefits are lost wheninteracting with legacy STP bridges.

Each RSTP bridge contains a port protocol migration state machine to ensure that the ports in theSTPD operate in the correct, configured mode. The state machine is a protocol entity within eachbridge configured to run in 802.1w mode. For example, a compatibility issue occurs if you configure802.1w mode and the bridge receives an 802.1D BPDU on a port. The receiving port starts the protocolmigration timer and remains in 802.1D mode until the bridge stops receiving 802.1D BPDUs. Each timethe bridge receives an 802.1D BPDU, the timer restarts. When the port migration timer expires, no more802.1D BPDUs have been received, and the bridge returns to its configured setting, which is 802.1wmode.

Multiple Spanning Tree Protocol

The Multiple Spanning Tree Protocol (MSTP), based on IEEE 802.1Q-2003 (formerly known as IEEE802.1s), allows the bundling of multiple VLANs into one spanning tree topology.

This concept is not new to Extreme Networks. Like MSTP, Extreme Networks proprietary EMISTPimplementation can achieve the same capabilities of sharing a virtual network topology among multipleVLANs; however, MSTP overcomes some of the challenges facing EMISTP, including enhanced loopprotection mechanisms and new capabilities to achieve better scaling.

STP


MSTP logically divides a Layer 2 network into regions. Each region has a unique identifier and containsmultiple spanning tree instances (MSTIs). An MSTI is a spanning tree domain that operates within and isbounded by a region. MSTIs control the topology inside the regions. The Common and InternalSpanning Tree (CIST) is a single spanning tree domain that interconnects MSTP regions. The CIST isresponsible for creating a loop-free topology by exchanging and propagating BPDUs across regions toform a Common Spanning Tree (CST).

MSTP uses RSTP as its converging algorithm and is interoperable with the legacy STP protocols: STP(802.1D) and RSTP (802.1w).

MSTP has three major advantages over 802.1D, 802.1w, and other proprietary implementations:

• To save control path bandwidth and provide improved scalability, MSTP uses regions to localizeBPDU traffic. BPDUs containing information about MSTIs contained within an MSTP region do notcross that region’s boundary.

• A single BPDU transmitted from a port can contain information for up to 64 STPDs. MSTP BPDUprocessing utilizes less resources compared to 802.1D or 802.1w where one BPDU corresponds toone STPD.

• In a typical network, a group of VLANs usually share the same physical topology. Dedicating aspanning tree per VLAN like PVST+ is CPU intensive and does not scale very well. MSTP makes itpossible for a single STPD to handle multiple VLANs.

MSTP Concepts

MSTP Regions

An MSTP network consists of either individual MSTP regions connected to the rest of the network with802.1D and 802.1w bridges or as individual MSTP regions connected to each other.

An MSTP region defines the logical boundary of the network. With MSTP, you can divide a largenetwork into smaller areas similar to an OSPF area or a BGP Autonomous System, which contain agroup of switches under a single administration. Each MSTP region has a unique identifier and is boundtogether by one CIST that spans the entire network. A bridge participates in only one MSTP region at atime.

An MSTP region can hide its internal STPDs and present itself as a virtual 802.1w bridge to otherinterconnected regions or 802.1w bridges because the port roles are encoded in 802.1w and MSTPBPDUs.

By default, the switch uses the MAC address of the switch to generate an MSTP region. Since each MACaddress is unique, every switch is in its own region by default. For multiple switches to be part of anMSTP region, you must configure each switch in the region with the same MSTP region identifiers. See Configuring MSTP Region Identifiers on page 125 for information.

In the following figure, all bridges inside MSTP regions 1 and 2 are MSTP bridges; bridges outside of theregions are either 802.1D or 802.1w bridges.

STP


Figure 42: Sample MSTP Topology with Two MSTP Regions

Configuring MSTP Region Identifiers

For multiple switches to be part of an MSTP region, you must configure each switch in the region withthe same MSTP configuration attributes, also known as MSTP region identifiers. The following listdescribes the MSTP region identifiers:

• Region Name—This indicates the name of the MSTP region. In the Extreme Networksimplementation, the maximum length of the name is 32 characters and can be a combination ofalphanumeric characters and underscores ( _ ).

• Format Selector—This indicates a number to identify the format of MSTP BPDUs. The default is 0.

• Revision Level—This identifier is reserved for future use; however, the switch uses and displays adefault of 3.

The switches inside a region exchange BPDUs that contain information for MSTIs.

The switches connected outside of the region exchange CIST information. By having devices look at theregion identifiers, MSTP discovers the logical boundary of a region:

• To configure the MSTP region name, use the command:

configure mstp region regionName

The maximum length of the region name is 32 characters and can be a combination of alphanumericcharacters and underscores ( _ ). You can configure only one MSTP region on the switch at anygiven time.

If you have an active MSTP region, we recommend that you disable all active STPDs in the regionbefore renaming the region on all of the participating switches.

• To configure the number used to identify MSTP BPDUs, use the command:

configure mstp format format_identifier

STP


By default, the value used to identify the MSTP BPDUs is 0. The range is 0 to 255.

If you have an active MSTP region, we recommend that you disable all active STPDs in the regionbefore modifying the value used to identify MSTP BPDUs on all participating switches.

• To configure the MSTP revision level, use the command:

configure mstp revision revision

Although this command is available on the CLI, this command is reserved for future use.

Unconfiguring an MSTP Region

Before you unconfigure an MSTP region, we recommend that you disable all active STPDs in the region.

To unconfigure the MSTP region on the switch, use the command:

unconfigure mstp region

After you issue this command, all of the MSTP settings return to their default values. See ConfiguringMSTP Region Identifiers on page 125 for information about the default settings.

Common and Internal Spanning Tree

MSTP logically divides a Layer 2 network into regions. The Common and Internal Spanning Tree (CIST)is a single spanning tree domain that interconnects MSTP regions. The CIST is responsible for creating aloop-free topology by exchanging and propagating BPDUs across regions to form a Common SpanningTree (CST).

In essence, the CIST is similar to having a large spanning tree across the entire network. The CIST has itsown root bridge that is common to all MSTP regions, and each MSTP region elects a CIST regional rootthat connects that region to the CIST, thereby forming a CST.

The switch assigns the CIST an instance ID of 0, which allows the CIST to send BPDUs for itself inaddition to all of the MSTIs within an MSTP region. Inside a region, the BPDUs contain CIST records andpiggybacked M-records. The CIST records contain information about the CIST, and the M-recordscontain information about the MSTIs. Boundary ports exchange only CIST record BPDUs.

All MSTP configurations require a CIST domain. You must first configure the CIST domain beforeconfiguring any MSTIs. By default, all MSTI ports in the region are inherited by the CIST. You cannotdelete or disable a CIST if any of the MSTIs are active in the system.

Configuring the CIST

• Configure an STPD as the CIST, specifying the mstp cist keywords in the following command:


You can enable MSTP on a per STPD basis only. By specifying the mstp cist keywords, you canconfigure the mode of operation for the STPD as MSTP and identify the STPD to be the CIST.

CIST Root Bridge

In a Layer 2 network, the bridge with the lowest bridge ID becomes the CIST root bridge. Theparameters (vectors) that define the root bridge include the following:

STP


• User-defined bridge priority (by default, the bridge priority is 32,768)

• MAC address

The CIST root bridge can be either inside or outside an MSTP region. The CIST root bridge is unique forall regions and non-MSTP bridges, regardless of its location.

For more information about configuring the bridge ID, see the configure stpd prioritycommand.

CIST Regional Root Bridge

Within an MSTP region, the bridge with the lowest path cost to the CIST root bridge is the CIST regionalroot bridge.

The path cost, also known as the CIST external path cost, is a function of the link speed and number ofhops. If there is more than one bridge with the same path cost, the bridge with the lowest bridge IDbecomes the CIST regional root. If the CIST root is inside an MSTP region, the same bridge is the CISTregional root for that region because it has the lowest path cost to the CIST root. If the CIST root isoutside an MSTP region, all regions connect to the CIST root via their CIST regional roots.

The total path cost to the CIST root bridge from any bridge in an MSTP region consists of the CISTinternal path cost (the path cost of the bridge to the CIST regional root bridge) and the CIST externalpath cost. To build a loop-free topology within a region, the CIST uses the external and internal pathcosts, and the MSTI uses only the internal path cost.

Looking at MSTP region 1 in the following figure, the total path cost for the bridge with ID 60 consists ofan external path cost of A and an internal path cost of E.

Figure 43: Closeup of MSTP Region 1

CIST Root Port

The port on the CIST regional root bridge that connects to the CIST root bridge is the CIST root port(also known as the master port for MSTIs).

STP


The CIST root port is the master port for all MSTIs in that region, and it is the only port that connectsthe entire region to the CIST root.

If a bridge is both the CIST root bridge and the CIST regional root bridge, there is no CIST root port onthat bridge.

Enabling the CIST

To enable the CIST, use the following command and specify the CIST domain as the stpd_name:

enable stpd {stpd_name}

Multiple Spanning Tree Instances

Multiple spanning tree instances (MSTIs) control the topology inside an MSTP region. An MSTI is aspanning tree domain that operates within and is bounded by a region; an MSTI does not exchangeBPDUs with or send notifications to other regions. You must identify an MSTI on a per region basis. TheMSTI ID does not have any significance outside of its region so you can reuse IDs across regions. AnMSTI consists of a group of VLANs, which can share the same network topology. Each MSTI has its ownroot bridge and a tree spanning its bridges and LAN segments.


You can map multiple VLANs to an MSTI; however, multiple MSTIs cannot share the same VLAN.

Configuring the MSTI and the MSTI ID

MSTP uses the MSTI ID, not an Stpd ID, to identify the spanning tree contained within the region. Aspreviously described, the MSTI ID only has significance within its local region, so you can re-use IDsacross regions.

To configure the MSTI that is inside an MSTP region and its associated MSTI ID, use the followingcommand and specify the mstp [msti instance] parameters:


The range of the MSTI instance ID is 1–4094.

MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of yourMSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs. For moreinformation, see Encapsulation Modes on page 99.

MSTI Regional Root Bridge

Each MSTI independently chooses its own root bridge. For example, if two MSTIs are bounded to aregion, there is a maximum of two MSTI regional roots and one CIST regional root.

The bridge with the lowest bridge ID becomes the MSTI regional root bridge. The parameters thatdefine the root bridge include the following:

• User-defined bridge priority (by default, the bridge priority is 32,768)

STP


• MAC address

Within an MSTP region, the cost from a bridge to the MSTI regional root bridge is known as the MSTIinternal path cost. Looking at MSTP region 1 in Figure 43: Closeup of MSTP Region 1 on page 127, thebridge with ID 60 has a path cost of F to the MSTI regional root bridge.

The MSTI regional root bridge can be the same as or different from the CIST regional root bridge of thatregion. You achieve this by assigning different priorities to the STP instances configured as the MSTIsand the CIST. For more information about configuring the bridge ID, see the configure stpdpriority command in the ExtremeXOS Command Reference Guide.

MSTI Root Port

The port on the bridge that has the lowest path cost to the MSTI regional root bridge is the MSTI rootport.

If a bridge has two or more ports with the same path cost, the port with the best port identifierbecomes the root port.

Enabling the MSTI

To enable the MSTI, use the following command and specify the MSTI domain as the <stpd_name>:


NoteIf two switches are configured for the same CIST and MSTI region, in order for them tounderstand that they are in the same region, both must also belong to the same VLAN whichis added to the STP domain. If they belong to different VLANs, each switch believes that eachbelongs to a different region. When an MSTP BPDU is sent, it carries a VID digest created byVLAN memberships in the CIST domain and the MSTI domain.

Boundary Ports

Boundary ports are bridge ports that are only connected to other MSTP regions or 802.1D or 802.1wbridges.

The ports that are not at a region boundary are called internal ports. The boundary ports exchange onlyCIST BPDUs. A CIST BPDU originated from the CIST root enters a region through the CIST root port andegresses through boundary ports. This behavior simulates a region similar to an 802.1w bridge, whichreceives BPDUs on its root ports and forwards updated BPDUs on designated ports.

The following figure shows an MSTP network that consists of two MSTP regions. Each region has itsown CIST regional root and is connected to the CIST root through master ports. The CIST regional rootsin each region are the MSTP bridges having the lowest CIST external root path cost. The CIST root is thebridge with the lowest bridge ID and is an 802.1w bridge outside of either MSTP region.

STP


Figure 44: Sample MSTP Topology with Two MSTP Regions

MSTP Region 1 and MSTP Region 2 are connected to the CIST root through directly connected ports,identified as master ports. The bridge with ID 100 connects to the CIST root through Region 1, Region 2,or segment B. For this bridge, either Region 1 or Region 2 can be the designated region or segment Bcan be the designated segment. The CIST BPDUs egressing from the boundary ports carry the CISTregional root as the designated bridge. This positions the entire MSTP region as one virtual bridge.

The CIST controls the port roles and the state of the boundary ports. A master port is alwaysforwarding for all CIST and MSTI VLANs. If the CIST sets a boundary port to the discarding state, theCIST blocks traffic for all VLANs mapped to it and the MSTIs within that region. Each MSTI blocks trafficfor their member VLANs and puts their internal ports into the forwarding or blocking state dependingon the MSTI port roles. For more information about port states, see .

MSTP Port Roles

MSTP uses the same port roles as RSTP (Root, Designated, Alternate, and Backup).

In addition to these port roles, MSTP introduces a new port role: Master. A Master port is the port thatconnects an MSTI to the CIST root.

MSTP Port States

MSTP uses the same port states as RSTP (Listening, Learning, Forwarding, and Blocking).

In the Extreme Networks MSTP implementation, the listening state is not truly implemented as FDBlearning cannot be done when the port is not in the forwarding state. Ports in the blocking state listenbut do not accept ingress traffic, perform traffic forwarding, or learn MAC source address; however, theport receives and processes BPDUs.

STP


For more information about all of the STP port states, see STP States on page 100.

MSTP Link Types

MSTP uses the same link types as STP and RSTP, respectively.

In an MSTP environment, configure the same link types for the CIST and all MSTIs.

For more information about the link types, see Link Types on page 113.

MSTP Edge Safeguard

\

You can configure edge safeguard for loop prevention and detection on an MSTP edge port. For moreinformation, see Configuring Edge Safeguard on page 114.

Note

In MSTP, configuring edge safeguard at CIST will be inherited in all MSTIs.

In MSTP, an edge port needs to be added to a CIST before adding it to an MSTI.

MSTP Timers

MSTP uses the same timers as STP and RSTP. For more information, see RSTP Timers on page 115.

MSTP Hop Counts

In an MSTP environment, the hop count has the same purpose as the maxage timer for 802.1D and802.1w environments. The CIST hop count is used within and outside a region. The MSTI hop count isused only inside of the region. In addition, if the other end is an 802.1D or 802.1w bridge, the maxagetimer is used for interoperability between the protocols.

The BPDUs use hop counts to age out information and to notify neighbors of a topology change.

To configure the hop count.

configure stpd stpd_name max-hop-count hopcount

By default, the hop count of a BPDU is 20 hops. The range is 6 to 40 hops.

Configuring MSTP on the Switch

To configure and enable MSTP:

1 Create the MSTP region using the following command:


STP


2 Create and configure the CIST, which forms the CST, using the following commands:


configure stpd stpd_name mode mstp cist

Note

You can configure the default STPD, S0 as the CIST.

No VLAN can be bound to the CIST and no ports can be added to the CIST. Therefore, theVLAN should be bound to the MSTI and the “show MSTI port” command will show theVLAN ports. The ports added to the MSTI are bound automatically to the CIST eventhough they are not added to it.

3 Enable the CIST using hte command:


4 Create and configure MSTIs using the commands:


configure stpd stpd_name mode mstp cist instance

5 Add VLANs to the MSTIs using one of the following commands:

a Manually binding ports

configure stpd stpd_name add vlan vlan_name ports [all | port_list] {[dot1d

| emistp | pvst-plus]}

configure vlan vlan_name add ports [all | port_list] {tagged {tag} |

untagged} stpd stpd_name {[dot1d | emistp | pvst-plus]}

b Automatically binding ports to an STPD when ports are added to a member VLAN

enable stpd stpd_name auto-bind vlan vlan_name

6 Enable the MSTIs using the command:.


For a more detailed configuration example, see MSTP Configuration Example on page 143.

MSTP Operation

To further illustrate how MSTP operates and converges, the following figure displays a network withtwo MSTP regions. Each region contains three MSTP bridges and one MSTI. The overall networktopology also contains one CIST root bridge (Switch A, which has the lowest bridge ID), oneinterconnecting 802.1w bridge (Switch D), and 10 full duplex, point-to-point segments. VLAN Defaultspans all of the bridges and segments in the network, VLAN engineering is local to its respective region,and STPD S0 is configured as the CIST on all bridges.

STP


Figure 45: MSTP Topology with the CIST Root Bridge Contained within a Region

MSTP Region 1 consists of the following:

• Three bridges named Switch A, Switch B, and Switch C

• One MSTI STPD named S1 with an MSTI ID of 1

• VLAN Engineering mapped to the MSTI STPD, S1

• Switch A as the CIST root bridge (this is the CIST root bridge for all regions)

• Switch A as the CIST regional root bridge

• Switch A as the MSTI regional root bridge

• Three boundary ports that connect to MSTP Region 2 and other 802.1D or 802.1w bridges

MSTP Region 2 consists of the following:

• Three bridges named Switch E, Switch F, and Switch G

• One MSTI STPD named S1 with an MSTI ID of 1

NoteThe MSTI ID does not have any significance outside of its region so you can reuse IDs acrossregions.

• VLAN finance mapped to the MSTI STPD, S1

• Switch E as the CIST regional root bridge

• Switch F as the MSTI regional root bridge

• One master port that connects to the CIST

• Three boundary ports that connect to MSTP Region 1 and other 802.1D or 802.1w bridges

The following sequence describes how the MSTP topology convergences:

1 Determining the CIST root bridge, MSTP regions, and region boundaries.

STP


Each bridge believes that it is the root bridge, so each bridge initially sends root bridge BPDUsthroughout the network. As bridges receive BPDUs and compare vectors, the bridge with the lowestBridge ID is elected the CIST root bridge. In our example, Switch A has the lowest Bridge ID and isthe CIST root bridge.

The bridges in the MSTP regions (Switches A, B, C, E, F, and G) advertise their region informationalong with their bridge vectors.

Segments 1, 3, and 9 receive BPDUs from other regions and are identified as boundary ports forRegion 1. Similarly, segments 2, 3, and 9 are identified as boundary ports for Region 2.

2 Controlling boundary ports.

The CIST regional root is advertised as the Bridge ID in the BPDUs exiting the region. By sendingCIST BPDUs across regional boundaries, the CIST views the MSTP regions as virtual 802.1w bridges.The CIST takes control of the boundary ports and only CIST BPDUs enter or exit a region boundary.

Each MSTP region has a CIST regional root bridge that communicates to the CIST root bridge. Thebridge with the lowest path cost becomes the CIST regional root bridge. The port on the CISTregional root bridge that connects to the CIST root bridge is the CIST root port.

For Region 1, Switch A has the lowest cost (0 in this example) and becomes the CIST regional root.Since the bridge is both the CIST root bridge and the CIST regional root bridge, there is no CIST rootport on the bridge.

For Region 2, Switch E is the CIST regional root bridge and so a port on that bridge becomes theCIST root port.

3 Identifying MSTI regional roots.

Each MSTI in a region has an MSTI regional root bridge. MSTI regional roots are selectedindependently of the CIST root and CIST regional root. The MSTP BPDUs have M-records for eachMSTI. Bridges belonging to an MSTI compare vectors in their M-records to elect the MSTI regionalroot.

4 Converging the CIST.

The CIST views every region as a virtual bridge and calculates the topology using the 802.1walgorithm. The CIST calculates the topology both inside and outside of a region.

5 Converging MSTIs.

After the CIST identifies the boundary ports, each MSTI in a domain converge their own trees using802.1w.

At this point, all CIST and MSTIs have assigned port roles (Root, Designated, Alternate, and Backup)to their respective spanning trees. All root and designated ports transition to the forwarding statewhile the remaining ports remain in the discarding state.

Propagating topology change information is similar to that described for RSTP.

For more information see, Propagating Topology Change Information on page 119.

For a configuration example, see MSTP Configuration Example on page 143.

STP


STP and Network Login

STP and network login can be enabled on the same port. This feature can be used to prevent loopswhile providing redundancy and security on aggregated as well as end switches.

NoteYou should be aware that an STP topology change will affect the network login clients. See STP Rules and Restrictions on page 136 for further information.

The following figure shows STP and network login enabled on ports 2 and 3 of Switch 2 and Switch 3for a typical aggregation scenario.

Figure 46: STP and Network Login Enabled

This relieves the administrator from having to configure network login on all the edge ports. All thetraffic can be monitored and resiliency is provided at the aggregation side.

The following figure shows a typical scenario for protecting loops and monitoring traffic on the edgeside.

STP


Figure 47: Traffic Monitoring on the Edge Side

In huge networks, it is not easy to control or prevent end users from connecting devices other thanworkstations to the edge ports. This feature helps prevent the network loops that occur when endusers connect a switch or hub to the existing edge port in order to increase the number of end userports.

STP Rules and Restrictions

This section summarizes the rules and restrictions for configuring STP are:

• The carrier VLAN must span all ports of the STPD. (This is not applicable to MSTP.)

• The StpdID must be the VLAN ID of the carrier VLAN; the carrier VLAN cannot be partitioned. (Thisis not applicable to MSTP.)

• A default VLAN cannot be partitioned. If a VLAN traverses multiple STPDs, the VLAN must betagged.

• An STPD can carry, at most, one VLAN running in PVST+ mode, and its STPD ID must be identicalwith that VLAN ID. In addition, the PVST+ VLAN cannot be partitioned.

• The default VLAN of a PVST+ port must be identical to the native VLAN on the PVST+ deviceconnected to that port.

• If an STPD contains both PVST+ and non-PVST+ ports, that STPD must be enabled. If that STPD isdisabled, the BPDUs are flooded in the format of the incoming STP port, which may be incompatiblewith those of the connected devices.

• The 802.1D ports must be untagged and the EMISTP/PVST+ ports must be tagged in the carrierVLAN.

• An STPD with multiple VLANs must contain only VLANs that belong to the same virtual routerinstance.

• STP and network login operate on the same port as follows:

• STP (802.1D), RSTP (802.1w), and MSTP (802.1s) support both network login and STP on thesame port.

• At least one VLAN on the intended port should be configured both for STP and network login.

• STP and network login operate together only in network login ISP mode.

STP


• When STP blocks a port, network login does not process authentication requests. All networktraffic, except STP BPDUs, is blocked.

• When STP places a port in forwarding state, all network traffic is allowed and network loginstarts processing authentication requests.

• STP cannot be configured on the following ports:

• A mirroring target port.

• A software-controlled redundant port.

• When you are using the older method of enabling STP instead of using EAPSv2 to block the superloop in a shared-port environment, you can continue to do so. In all other scenarios, it is notrecommended to use both STP and EAPS on the same port.

• MSTP and 802.1D STPDs cannot share a physical port.

• Only one MSTP region can be configured on a switch.

• In an MSTP environment, a VLAN can belong to one of the MSTIs.

• A VLAN can belong to only one MSTP domain.

• MSTP is not interoperable with PVST+.

• No VLAN can be bound to the CIST.

Configure STP on the Switch

To configure basic STP:

1 Create one or more STPDs using the command:


2 Add one or more VLANs to the STPD using the command:

configure stpd stpd_name add vlan vlan_name ports [all | port_list] {[dot1d |


3 Define the carrier VLAN using the command:.

configure stpd stpd_name tag stpd_tag

NoteThe carrier VLAN's ID must be identical to the StpdID.

4 Enable STP for one or more STPDs using the command:


STP


5 After you have created the STPD, you can optionally configure STP parameters for the STPD.

NoteYou should not configure any STP parameters unless you have considerable knowledgeand experience with STP. The default STP parameters are adequate for most networks.

The following parameters can be configured on each STPD:

• Hello time (In an MSTP environment, configure this only on the CIST.)

• Forward delay

• Max age (In an MSTP environment, configure this only on the CIST.)

• Max hop count (MSTP only)

• Bridge priority

• Domain description

• StpdID (STP, RSTP, EMISTP, and PVST+ only)

• MSTI ID (MSTP only)

The following parameters can be configured on each port:

• Path cost

• Port priority

• Port mode

Note

The device supports the RFC 1493 Bridge MIB, RSTP-03, and Extreme Networks STP MIB.Parameters of the s0 default STPD support RFC 1493 and RSTP-03. Parameters of anyother STPD support the Extreme Networks STP MIB.

If an STPD contains at least one port not in 802.1D (dot1D) mode, the STPD must beconfigured with an StpdID.

The following section provides more detailed STP configuration examples, including 802.1D, EMISTP,RSTP, and MSTP.

STP FDB Flush Criteria

When there are more than 1000 VLANs and more than 70 ports participating in STP, the number ofmessages exchanged between STP/FDB/HAL modules can consume a lot of system memory whentrying to flush the FDB during a STP topology change. To help avoid this high consumption, you can setthe flush type from the default of vlan-and-port to port-based.

To set the flush type, enter the command:

configure stpd flush-method [vlan-and-port | port-only]

Display STP Settings

• To display STPD settings, use the command:


To display more detailed information for one or more STPDs, specify the detail option.

STP


This command displays the following information:

• STPD name

• STPD state

• STPD mode of operation

• Domain description

• Rapid Root Failover

• Tag

• Ports

• Active VLANs

• Bridge priority

• Bridge ID

• Designated root

• STPD configuration information

If you have MSTP configured on the switch, this command displays additional information:

• MSTP Region

• Format Identifier

• Revision Level

• Common and Internal Spanning Tree (CIST)

• Total number of MST Instances (MSTI)

• To display the state of a port that participates in STP, use the command:


To display more detailed information for one or more ports in the specified STPD, includingparticipating VLANs, specify the detail option.

This command displays the following information:

• STPD port configuration

• STPD port mode of operation

• STPD path cost

• STPD priority

• STPD state (root bridge, etc.)

• Port role (root designated, alternate, etc.)

• STPD port state (forwarding, blocking, etc.)

• Configured port link type

• Operational port link type

• Edge port settings (inconsistent behavior, edge safeguard setting)

• MSTP port role (internal or boundary)

If you have MSTP configured and specify the detail option, this command displays additionalinformation:

• MSTP internal path cost

• MSTP timers

• STPD VLAN Settings

• If you have a VLAN that spans multiple STPDs, use the show {vlan} vlan_name stpd commandto display the STP configuration of the ports assigned to that specific VLAN.

STP


The command displays the following:

• STPD port configuration

• STPD port mode of operation

• STPD path cost

• STPD priority

• STPD state (root bridge, etc.)

• Port role (root designated, alternate, etc.)

• STPD port state (forwarding, blocking, etc.)

• Configured port link type

• Operational port link type

STP Configuration Examples

Basic 802.1D Configuration Example

The following example:

• Removes ports from the VLAN Default that will be added to VLAN Engineering.

• Creates the VLAN Engineering.

• Assigns a VLAN ID to the VLAN Engineering.

NoteIf you do not explicitly configure the VLAN ID in your 802.1D deployment, use the showvlan command to see the internal VLAN ID automatically assigned by the switch.

• Adds ports to the VLAN Engineering.

• Creates an STPD named Backbone_st.

• Configures the default encapsulation mode of dot1d for all ports added to STPD Backbone_st.

• Enables autobind to automatically add or remove ports from the STPD.

• Assigns the Engineering VLAN to the STPD.

• Assigns the carrier VLAN.

• Enables STP.

NoteTo assign the carrier VLAN, the StpdID must be identical to the VLAN ID of the carrier VLAN.

configure vlan default delete ports 2:5-2:10create vlan engineeringconfigure vlan engineering tag 150configure vlan engineering add ports 2:5-2:10 untaggedcreate stpd backbone_stconfigure stpd backbone_st default-encapsulation dot1denable stpd backbone_st auto-bind vlan engineeringconfigure stpd backbone_st tag 150enable stpd backbone_st

STP


By default, the port encapsulation mode for user-defined STPDs is emistp. In this example, you set it todot1d.

EMISTP Configuration Example

The following figure is an example of EMISTP.

Figure 48: EMISTP Configuration Example

NoteBy default, all ports added to a user-defined STPD are in emistp mode, unless otherwisespecified.

The following commands configure the switch located between S1 and S2:

create vlan redconfigure red tag 100configure red add ports 1:1-1:4 taggedcreate vlan greenconfigure green tag 200configure green add ports 1:1-1:2 taggedcreate vlan yellowconfigure yellow tag 300configure yellow add ports 1:3-1:4 taggedcreate stpd s1configure stpd s1 add green ports allconfigure stpd s1 tag 200configure stpd s1 add red ports 1:1-1:2 emistpenable stpd s1create stpd s2configure stpd s2 add yellow ports allconfigure stpd s2 tag 300configure stpd s2 add red ports 1:3-1:4 emistpenable stpd s2

STP


RSTP 802.1w Configuration Example

The following figure is an example of a network with multiple STPDs that can benefit from RSTP.

For RSTP to work:

1 Create an STPD.

2 Configure the mode of operation for the STPD.

3 Create the VLANs and assign the VLAN ID and the VLAN ports.

4 Assign the carrier VLAN.

5 Add the protected VLANs to the STPD.

6 Configure the port link types.

7 Enable STP.

Figure 49: RSTP Example

In this example, the commands configure Switch A in STPD1 for rapid reconvergence.

Use the same commands to configure each switch and STPD in the network.

create stpd stpd1configure stpd stpd1 mode dot1wcreate vlan salescreate vlan personnelcreate vlan marketingconfigure vlan sales tag 100configure vlan personnel tag 200configure vlan marketing tag 300configure vlan sales add ports 1:1,2:1 taggedconfigure vlan personnel add ports 1:1,2:1 taggedconfigure vlan marketing add ports 1:1,2:1 tagged

STP


configure stpd stpd1 add vlan sales ports allconfigure stpd stpd1 add vlan personnel ports allconfigure stpd stpd1 add vlan marketing ports allconfigure stpd stpd1 ports link-type point-to-point 1:1,2:1configure stpd stpd1 tag 100enable stpd stpd1

MSTP Configuration Example


The following figure is an example with multiple STPDs that can benefit from MSTP. In this example, wehave two MSTP regions that connect to each other and one external 802.1w bridge.

Figure 50: MSTP Configuration Example

For MSTP to work, complete the following steps on all switches in Region 1 and Region 2:

• Remove ports from the VLAN Default that will be added to VLAN Engineering.

• Create the VLAN Engineering.

• Assign a VLAN ID to the VLAN Engineering.

NoteIf you do not explicitly configure the VLAN ID in your MSTP deployment, use the showvlan command to see the internal VLAN ID automatically assigned by the switch.

• Add ports to the VLAN Engineering.

STP


• Create the MSTP region.

NoteYou can configure only one MSTP region on the switch at any given time.

• Create the STPD to be used as the CIST, and configure the mode of operation for the STPD.

• Specify the priority for the CIST.

• Enable the CIST.

• Create the STPD to be used as an MSTI and configure the mode of operation for the STPD.

• Specify the priority for the MSTI.

• Assign the VLAN Engineering to the MSTI.

• Configure the port link type.

• Enable the MSTI.

On the external switch (the switch that is not in a region):

• Create an STPD that has the same name as the CIST, and configure the mode of operation for theSTPD.

• Specify the priority of the STPD.

• Enable the STPD.

NoteIn the following sample configurations, any lines marked (Default) represent default settingsand do not need to be explicitly configured. STPD s0 already exists on the switch.

In the following example, the commands configure Switch A in Region 1 for MSTP. Use the samecommands to configure each switch in Region 1:

create vlan engineeringconfigure vlan engineering tag 2configure vlan engineering add port 2-3 taggedconfigure mstp region region1create stpd s0 (Default)disable stpd s0 auto-bind vlan Defaultconfigure stpd s0 mode mstp cistconfigure stpd s0 priority 32768 (Default)enable stpd s0create stpd s1configure stpd s1 mode mstp msti 1configure stpd s1 priority 32768 (Default)enable stpd s1 auto-bind vlan engineeringconfigure stpd s1 ports link-type point-to-point 2-3enable stpd s1

In the following example, the commands configure Switch E in Region 2 for MSTP. Use the samecommands to configure each switch in Region 2:

create vlan financeconfigure vlan finance tag 2configure vlan finance add port 2-3 taggedconfigure mstp region region2

STP


create stpd s0 (Default)configure stpd s0 mode mstp cistconfigure stpd s0 priority 32768 (Default)disable stpd s0 auto-bind vlan enable stpd s0create stpd s1configure stpd s1 mode mstp msti 1configure stpd s1 priority 32768 (Default)enable stpd s1 auto-bind vlan financeconfigure stpd s1 ports link-type point-to-point 2-3enable stpd s1

In the following example, the commands configure switch D, the external switch. Switch D becomes theCIST root bridge:

create stpd s0 (Default)configure stpd s0 mode dot1wconfigure stpd s0 priority 28672enable stpd s0 auto-bind vlan Defaultconfigure stpd s0 ports link-type point-to-point 4-5enable stpd s0

STP


8 Layer 2 Protocol Commands

clear counters erpsclear counters stpclear eaps countersconfigure eaps add control vlanconfigure eaps add protected vlanconfigure eaps cfmconfigure eaps config-warnings offconfigure eaps config-warnings onconfigure eaps delete control vlanconfigure eaps delete protected vlanconfigure eaps failtime expiry-actionconfigure eaps failtimeconfigure eaps fast-convergenceconfigure eaps hello-pdu-egressconfigure eaps hellotimeconfigure eaps modeconfigure eaps multicast add-ring-portsconfigure eaps multicast send-queryconfigure eaps multicast send-igmp-queryconfigure eaps multicast temporary-flooding durationconfigure eaps multicast temporary-floodingconfigure eaps nameconfigure eaps portconfigure eaps priorityconfigure eaps shared-port common-path-timersconfigure eaps shared-port link-idconfigure eaps shared-port modeconfigure eaps shared-port segment-timers expiry-actionconfigure eaps shared-port segment-timers health-intervalconfigure eaps shared-port segment-timers timeoutconfigure erps add control vlanconfigure erps add protected vlanconfigure erps cfm md-levelconfigure erps cfm port ccm-intervalconfigure erps cfm port groupconfigure erps cfm port mepidconfigure erps cfm protection group


configure erps delete control vlanconfigure erps delete protected vlanconfigure erps dynamic-state clearconfigure erps nameconfigure erps neighbor portconfigure erps notify-topology-changeconfigure erps protection-portconfigure erps revertconfigure erps ring-ports east | westconfigure erps subring-modeconfigure erps sub-ringconfigure erps timer guardconfigure erps timer hold-offconfigure erps timer periodicconfigure erps timer wait-to-blockconfigure erps timer wait-to-restoreconfigure erps topology-changeconfigure forwarding L2-protocol fast-convergenceconfigure ip-arp fast-convergenceconfigure mstp formatconfigure mstp regionconfigure mstp revisionconfigure stpd add vlanconfigure stpd default-encapsulationconfigure stpd delete vlanconfigure stpd descriptionconfigure stpd flush-methodconfigure stpd forwarddelayconfigure stpd hellotimeconfigure stpd maxageconfigure stpd max-hop-countconfigure stpd modeconfigure stpd ports active-role disableconfigure stpd ports active-role enableconfigure stpd ports bpdu-restrictconfigure stpd ports costconfigure stpd ports edge-safeguard disableconfigure stpd ports edge-safeguard enableconfigure stpd ports link-typeconfigure stpd ports modeconfigure stpd ports port-priorityconfigure stpd ports priority

Layer 2 Protocol Commands


configure stpd ports restricted-role disableconfigure stpd ports restricted-role enableconfigure stpd priorityconfigure stpd tagconfigure vlan add ports stpdcreate eaps shared-portcreate eapscreate erps ringcreate stpddebug erps showdebug erpsdelete eaps shared-portdelete eapsdelete erpsdelete stpddisable eapsdisable erps block-vc-recoverydisable erps ring-namedisable erps topology-changedisable erpsdisable stpd auto-binddisable stpd portsdisable stpd rapid-root-failoverdisable stpdenable eapsenable erps block-vc-recoveryenable erps ring-nameenable erps topology-changeenable erpsenable stpd auto-bindenable stpd portsenable stpd rapid-root-failoverenable stpdMSTPRSTPrun erps force-switch | manual-switchshow eaps cfm groupsshow eaps counters shared-portshow eaps countersshow eaps shared-port neighbor-infoshow eaps shared-portshow eaps



show erps ring-nameshow erps statisticsshow erpsshow stpd portsshow stpdshow vlan eapsshow vlan stpdSpanning Tree DomainsSTP Rules and RestrictionsSTPunconfigure eaps portunconfigure eaps shared-port link-idunconfigure eaps shared-port modeunconfigure erps cfmunconfigure erps neighbor-portunconfigure erps notify-topology-changeunconfigure erps protection-portunconfigure erps ring-ports westunconfigure mstp regionunconfigure stpd ports link-typeunconfigure stpd

Topic paragraph

clear counters erps

clear counters erps ring-name

DescriptionClear statistics on the specified ERPS ring.

Syntax Description

ring-name Alphanumeric string that identifies the ERPS ring.

DefaultN/A.

Usage GuidelinesUse this command to clear statistics on the specified ERPS ring.



Example

The following command clears statistics on the ERPS ring named “ring1”:

clear counters erps ring1

HistoryThis command was first available in ExtremeXOS 15.1.

Platform AvailabilityThis command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.

clear counters stp

clear counters stp {[all | diagnostics | domains | ports]}

DescriptionClears, resets all STP statistics and counters.

Syntax Description

all Specifies all STP domain, port, and diagnostics counters.

diagnostics Specifies STP diagnostics counters.

domains Specifies STP domain counters.

ports Specifies STP port counters.

DefaultN/A.

Usage GuidelinesIf you do not enter a parameter, the result is the same as specifying the all parameter: the counters forall domains, ports, and diagnostics are reset.

Enter one of the following parameters to reset the STP counters on the switch:

• all—Specifies the counters for all STPDs and ports, and clears all STP counters.

• diagnostics—Clears the internal diagnostic counters.

• domains—Clears the domain level counters.

• ports—Clears the counters for all ports and leaves the domain level counters.



Viewing and maintaining statistics on a regular basis allows you to see how well your network isperforming. If you keep simple daily records, you will see trends emerging and notice problems arisingbefore they cause major network faults. By clearing the counters, you can see fresh statistics for thetime period that you are monitoring.

Example

The following command clears all of the STP domain, port, and diagnostic counters:

clear counters stp


Platform AvailabilityThis command is available on all platforms.

clear eaps counters

clear eaps counters

DescriptionClears, resets the counters gathered by EAPS for all of the EAPS domains and any EAPS shared portsconfigured on the switch.

Syntax DescriptionThis command has no arguments or variables.

DefaultN/A.

Usage GuidelinesUse this command to clear, reset the EAPS counters.

The counters continue to increment until you clear the information. By clearing the counters, you cansee fresh statistics for the time period you are monitoring.

To display information about the EAPS counters, use the following commands:

• show eaps counters —This command displays summary EAPS counter information.



• show eaps counters shared-port —If configured for EAPS shared ports, this commanddisplays summary EAPS shared port counter information.

Example

The following command clears, resets all of the counters for EAPS:

clear eaps counters



configure eaps add control vlanconfigure eaps name add control {vlan} vlan_name

DescriptionAdds the specified control VLAN to the specified EAPS domain.

Syntax Description

name Specifies the name of an EAPS domain.

vlan_name Specifies the name of the control VLAN.

DefaultN/A.

Usage GuidelinesYou must configure one control VLAN for each EAPS domain. The control VLAN is used only to sendand receive EAPS messages.

The control VLAN must be configured as follows:

• The VLAN must NOT be assigned an IP address, to avoid loops in the network.

• Only ring ports can be added as members of the control VLAN.

• The ring ports of the control VLAN must be tagged.



A control VLAN cannot belong to more than one EAPS domain. When the EAPS domain is active, youcannot delete or modify the configuration of the control VLAN.

By default, EAPS protocol data units (PDUs) are automatically assigned to QoS profile QP8. Thisensures that the control VLAN messages reach their intended destinations. You do not need toconfigure a QoS profile for the control VLAN.

The VLAN must already exist before you can add it as a control VLAN. If you attempt to add a VLANthat does not exist, the switch displays a message similar to the following:

* Switch.8 # configure eaps megtest add control foo^%% Invalid input detected at

'^' marker.

To create the VLAN, use the create vlan command.

Example

The following command adds the control VLAN keys to the EAPS domain eaps_1.

configure eaps eaps_1 add control vlan keys



configure eaps add protected vlanconfigure eaps name add protected {vlan} vlan_name

DescriptionAdds the specified protected VLAN to the specified EAPS domain.

Syntax Description


vlan_name Specifies the name of the protected VLAN.

DefaultN/A.



Usage GuidelinesYou must configure one or more protected VLANs for each EAPS domain. The protected VLANs arethe data-carrying VLANs.

A protected VLAN can be added to one or more EAPS domains.

When you configure a protected VLAN, the ring ports of the protected VLAN must be tagged (exceptin the case of the default VLAN). As long as the ring is complete, the master node blocks the protectedVLANs on its secondary port.

The VLAN must already exist before you can add it as a protected VLAN. If you attempt to add a VLANthat does not exist, the switch displays a message similar to the following:

* Switch.5 # configure eaps megtest add protected foo^%% Invalid input detected

at '^' marker.

To create the VLAN, use the create vlan command.

Example

The following command adds the protected VLAN orchid to the EAPS domain eaps_1:

configure eaps eaps_1 add protected vlan orchid



configure eaps cfm

configure eaps cfm [add | delete] group group_name

DescriptionNotifies the CFM that EAPs is interested in notifications for the specified MEP and RMEP pair.

Syntax Description

cfm Connectivity Fault Management.

add Add a MEP group.

delete Delete a MEP group.

group group_name MEP group to bind.



DefaultN/A.

Usage GuidelinesThis command notifies CFM that EAPs is interested in notifications for this MEP and RMEP pair. ThisMEP should already be bound to a physical port, so when notification is received, EAPS associates thatnotification with a ring-port failure.

Example

The following command deletes the control VLAN keys from the EAPS domain eaps_1:

configure eaps cfm add


Platform AvailabilityThis command is available on all EXOS platforms; however, not all platforms support hardware-basedCFM. Platforms with no hardware-based CFM support are limited to software-based CFM transmitintervals of 100ms., or higher. Hardware-based intervals can go as low as 3.3ms.

Currently, only the x460 and E4G platforms support hardware-based CFM.



DescriptionDisables the loop protection warning messages displayed when configuring specific EAPS parameters.


DefaultBy default, loop protection warnings are enabled and displayed when configuring specific EAPSparameters.



Usage GuidelinesThis is a global EAPS command. You configure the warning message display on a per switch basis, notper EAPS domain.

When configuring the following EAPS parameters, the switch displays loop protection warningmessages:







We recommend that you keep the loop protection warning messages enabled. If you have considerableknowledge and experience with EAPS, you might find the EAPS loop protection warning messagesunnecessary. For example, if you use a script to configure your EAPS settings, disabling the warningmessages allows you to configure EAPS without replying to each interactive yes/no question.

To confirm the setting on the switch, use the following command:


Example

The following command disables the loop protection warning messages:






DescriptionEnables the loop protection warning messages displayed when configuring specific EAPS parameters.




DefaultBy default, loop protection warnings are enabled and displayed when configuring specific EAPSparameters.

Usage GuidelinesThis is a global EAPS command. You configure the warning message display on a per switch basis, notper EAPS domain.

When configuring the following EAPS parameters, the switch displays loop protection warningmessages:







We recommend that you keep the loop protection warning messages enabled.

Example

The following command enables the loop protection warning messages:




configure eaps delete control vlan

configure eaps name delete control {vlan} vlan_name

DescriptionDeletes the specified control VLAN from the specified EAPS domain.



Syntax Description


vlan_name Specifies the name of the control VLAN.

DefaultN/A.

Usage GuidelinesNone.

Example

The following command deletes the control VLAN keys from the EAPS domain eaps_1:

configure eapseaps_1 delete control vlan keys



configure eaps delete protected vlan

configure eaps name delete protected {vlan} vlan_name

DescriptionDeletes the specified protected VLAN from the specified EAPS domain.

Syntax Description


vlan_name Specifies the name of the protected VLAN.

DefaultN/A.



Usage GuidelinesTo prevent loops in the network, you must delete the ring ports (the primary and the secondary ports)from the protected VLAN before deleting the protected VLAN from the EAPS domain. Failure to do socan cause a loop in the network.

The switch displays by default a warning message and prompts you to delete the VLAN from the EAPSdomain. When prompted, do one of the following:

• Enter y delete the VLAN from the specified EAPS domain.

• Enter n or press [Return] to cancel this action.

If you have considerable knowledge and experience with EAPS, you might find the EAPS loopprotection warning messages unnecessary. For more information, see the configure eapsconfig-warnings off command.

Useful show CommandsUse the following show commands to display information about your EAPS domain, includingprotected VLANs and primary and secondary ports:

• show vlan —This command displays summary information for all of the VLANs on the device. Ifthe VLAN is a protected VLAN, the P flag appears in the flag column. To see more detailedinformation about the protected VLAN, use the following command: show vlanvlan_name .

• show eaps —This command displays summary EAPS domain information, including the name ofthe domain and the primary and secondary ports. To see more detailed information, including thename of the protected VLAN and the primary and secondary ports, use the show eapseapsDomaincommand.

• show vlan eaps —This command displays whether the VLAN is a control or partner VLAN for anEAPS domain. This command also displays if the VLAN is not a member of any EAPS domain.

Example

The following command deletes the protected VLAN orchid from the EAPS domain eaps_1:

configure eapseaps_1delete protected vlan orchid

The switch displays the following warning message and prompts you to confirm this action:

WARNING: Make sure EAPS ring-ports are deleted from the VLAN first.Otherwise deleting the VLAN from the EAPS domain could cause a loop inthe network! Are you sure you want to remove the VLAN before deletingEAPS ring-ports.? (y/n)

Enter y to delete the VLAN from the specified EAPS domain. Enter n to cancel this action.


The interactive messages were added in ExtremeXOS 11.4.




configure eaps failtime expiry-action

configure eaps name failtime expiry-action [open-secondary-port | send-alert]

DescriptionConfigures the action taken when the failtimer expires.

Syntax Description


open-secondary-port Specifies to open the secondary port when the failtimer expires.

send-alert Specifies that a critical message is sent to the syslog when the failtimerexpires.

DefaultDefault is send-alert.

Usage GuidelinesBy default the action is to send an alert if the failtimer expires. Instead of going into a Failed state, themaster node remains in a Complete or Init state, maintains the secondary port blocking, and writes acritical error message to syslog warning the user that there is a fault in the ring. An SNMP trap is alsosent.

If the EAPS ring contains non-EAPS devices, you must use the open-secondary-port parameter.

Note

Use caution when setting the failtimer expiry action to open-secondary port. Using thisconfiguration, if the master node loses three consecutive hello PDUs, the failtimer expires—but there might not be a break in the ring. Opening the secondary port in this situationcreates a loop.

Example

The following command configures the failtimer expiry action for EAPS domain eaps_1:

configure eapseaps_1 failtimeexpiry-action open-secondary-port





configure eaps failtime

configure eaps name failtime seconds milliseconds

DescriptionConfigures the period after which the master node declares a failure if no hello PDUs are received.

Syntax Description


seconds Specifies the number of seconds the master node waits before the failtimer expires. Defaultis 3 seconds, and the range is 0 to 300 seconds.

milliseconds Specifies the number of milliseconds to wait before the failtimer expires. The range is 300to 999 milliseconds.

DefaultThe default is 3 seconds.

Usage GuidelinesUse the failtime keyword and its associated seconds parameter to specify the amount of time themaster node waits before the failtimer expires. The failtime period (seconds plus milliseconds) must beset greater than the configured value for hellotime. The default value is three seconds.

Increasing the failtime value reduces the likelihood of false failure detections caused by networkcongestion.

Note

You configure the action taken when the failtimer expires by using the configure eapsfailtime expiry-action command.

In ExtremeXOS 11.0, the failtimer range was 2 to 60 seconds.



Example

The following command configures the failtimer value for the EAPS domain eaps_1 to 15 seconds:

configure eapseaps_1failtime15 0

The following command configures the failtimer value for the EAPS domain eaps_2 to 300milliseconds:

configure eapseaps_2failtime0 300


The range for the failtimer was changed to 2 to 300 seconds in ExtremeXOS 11.1. The default value forthe failtimer remains unchanged.

The milliseconds parameter was added in ExtremeXOS 12.4.2.


configure eaps fast-convergence

configure eaps fast-convergence[off | on]

DescriptionEnables EAPS to converge more quickly.

Syntax Description

off Turns fast-convergence off. Default is off.

on Turns fast-convergence on.

DefaultDefault is off.

Usage GuidelinesThis command acts on the switch, not per domain.



In certain environments to keep packet loss to a minimum when the ring is broken, configure EAPS withfast-convergence turned on. If fast convergence is turned on, you can view the configuration with the show eaps command.

Note

If fast-convergence is turned on, the link filters on all EAPS ring ports are turned off. This canresult problems if the port’s hardware encountered a problem and started “flapping”between link-up/link-down states.

Example

The following command configures fast convergence for all of the EAPS domains on the switch:

configure eapsfast-convergence on



configure eaps hello-pdu-egress

configure eaps name hello-pdu-egress [primary-port | secondary-port]

DescriptionConfigures the port through which a master node sends EAPS hello PDUs.

Syntax Description


DefaultDefault is the primary port.



Usage GuidelinesThis command is provided for special network topologies that use spatial reuse and require that allEAPS hello PDUs travel in the same direction on the ring.

Note

We recommend the default (primary-port) configuration for this command.

Example

The following command configures the master switch to send EAPS hello packets from the secondaryport:

configure eaps "domain12" hello-pdu-egress secondary-port

HistoryThis command was first available in ExtremeXOS 12.4.2.


configure eaps hellotime

configure eaps name hellotime seconds milliseconds

DescriptionConfigures the period at which the master node sends EAPS hello PDUs to verify ring connectivity.

Syntax Description


seconds Specifies the number of seconds to wait between transmission of hello PDUs on the controlVLAN. The range is 0 to 15 seconds.

milliseconds

Specifies the number of milliseconds to wait between transmission of hello PDUs on the controlVLAN. The range is 0 to 999 milliseconds.

DefaultDefault is 1 second.



Usage GuidelinesUse the hellotime keyword and its associated parameters to specify the amount of time the masternode waits between transmissions of hello PDUs on the control VLAN. Increasing the hellotime valueresults in a reduced load on the processor and less traffic on the EAPS ring.

Note

The hello PDU timer value must be smaller than the fail timer value to prevent false failuredetection. If you change the hello PDU timer, verify that the fail timer value remains larger.

This command applies only to the master node. If you configure the hello PDU timer for a transit node,the timer value is ignored. If you later reconfigure that transit node as the master node, the masternode uses the configured hello PDU timer value.

In ExtremeXOS 11.0, the range is 1 to 15 seconds. If you are running ExtremeXOS 11.0 with the hello timervalue greater than 15 seconds and you upgrade to ExtremeXOS 11.1 or later, you must modify the hellotimer to be within the 1 to 15 seconds range.

Example

The following command configures the hellotime value for the EAPS domain eaps_1 to 300milliseconds:

configure eapseaps_1hellotime0 300


The range for the hello timer was changed to 1 to 15 seconds in ExtremeXOS 11.1. The default value forthe hello timer remains unchanged.

Support for a specific number of milliseconds was added in ExtremeXOS 12.4.2.


configure eaps mode

configure eaps name mode [master | transit]

DescriptionConfigures the switch as either the EAPS master node or as an EAPS transit node for the specifieddomain.



Syntax Description


master Specifies that this switch should be the master node for the named EAPSdomain.

transit Specifies that this switch should be the transit node for the named EAPSdomain.

DefaultN/A.

Usage GuidelinesOne node (or switch) on the ring must be configured as the master node for the specified domain; allother nodes (or switches) on the ring are configured as transit nodes for the same domain.

If you configure a switch to be a transit node for an EAPS domain, the switch displays by defaultmessages to:

• Remind you to configure a master node in the EAPS domain.

• Notify you that changing a master node to a transit node might cause a loop in the network. If youhave not assigned a new master node before changing the current master node to a transit node,you might cause a loop in the network.

When prompted, do one of the following:



If you have considerable knowledge and experience with EAPS, you might find the EAPS loopprotection warning messages unnecessary. For more information, see the configure eapsconfig-warnings off command.

Example

The following command identifies this switch as the master node for the domain named eaps_1:

configure eapseaps_1mode master

The following command identifies this switch as a transit node for the domain named eaps_1:

configure eapseaps_1mode transit


WARNING: Make sure this specific EAPS domain has a Master node in thering. If you change this node from EAPS master to EAPS transit, you couldcause a loop in the network. Are you sure you want to change mode totransit? (y/n)



Enter y to identify the switch as a transit node. Enter n to cancel this action.




configure eaps multicast add-ring-portsconfigure eaps multicast add-ring-ports [on | off]

DescriptionConfigures the switch to add previously blocked ring ports to existing multicast groups when an EAPStopology change occurs.

Syntax Description

on Enables the multicast add-ring-ports feature.

off Disables the multicast add-ring-ports feature.

DefaultOff.

Usage GuidelinesWhen this feature is set to on and an EAPS topology change occurs, multicast traffic is fastpathforwarded using the switch hardware during the topology transition. The on setting improves multicastforwarding performance during the transition.

Note

EAPS multicast flooding must be enabled before this feature will operate. For information onenabling EAPS multicast flooding, see the configure eaps multicast temporary-flooding command description.

When this feature is set to off and an EAPS topology change occurs, multicast traffic is slowpathforwarded using the CPU during the topology transition. The off setting reduces multicast forwardingperformance during the transition.

For other methods of supporting multicast traffic during an EAPS topology change, see thedescriptions for the following commands:



• configure eaps multicast send-igmp-query

• configure eaps multicast temporary-flooding

Example

The following command enables the add-ring-ports feature:

configure eaps multicast add-ring-ports on



configure eaps multicast send-queryconfigure eaps multicast send-query [on | off]

DescriptionConfigures the switch to send IGMP and MLD query messages to all protected VLANs when an EAPStopology change occurs.

This command replaces the configure eaps multicast send-igmp-query [on | off]command.

Syntax Description

on Enables the multicast send-query feature.

off Disables the multicast send-query feature.

DefaultOn.

Usage GuidelinesWhen this feature is set to on and an EAPS topology change occurs, the switch sends IGMP and MLDquery messages to all protected VLANs. If the protected VLANs in the node detecting (and generating)the topology change do not have IP address, a query is generated with the source IP address set to thequerier address in that VLAN.



In a EAPS ring with many protected VLANs, the many responses can impact switch performance. Thisis the default behavior and was the only method for supporting multicast traffic during EAPS topologychanges prior to release 12.1.2.

When this feature is set to off and an EAPS topology change occurs, the switch does not automaticallysend IGMP or MLD queries to all protected VLANS during the topology transition. The off settingimproves switch performance during the transition, but you should use one of the following commandsto see that multicast traffic is supported during and after the topology change:

• configure eaps multicast add-ring-ports


Example

The following command disables the send-query feature:

configure eaps multicast send-query off

HistoryThe current format of the command was first available in ExtremeXOS 15.2.1.

The configure eaps multicast send-igmp-query version of the command applied only for IGMP,and was first available in ExtremeXOS 12.1.2.


configure eaps multicast send-igmp-query

configure eaps multicast send-igmp-query [on | off]

DescriptionConfigures the switch to send IGMP query messages to all protected VLANs when an EAPS topologychange occurs.

Syntax Description

on Enables the multicast send-igmp-query feature.

off Disables the multicast send-igmp-query feature.

DefaultOn.



Usage GuidelinesWhen this feature is set to on and an EAPS topology change occurs, the switch sends IGMP querymessages to all protected VLANs. If the protected VLANs in the node detecting (and generating) thetopology change do not have IP address, a query is generated with the source IP address set to thequerier address in that VLAN.

In a EAPS ring with many protected VLANs, the many responses can impact switch performance. Thisis the default behavior and was the only method for supporting multicast traffic during EAPS topologychanges prior to release 12.1.2.

When this feature is set to off and an EAPS topology change occurs, the switch does not automaticallysend IGMP queries to all protected VLANS during the topology transition. The off setting improvesswitch performance during the transition, but you should use one of the following commands to seethat multicast traffic is supported during and after the topology change:

• configure eaps multicast add-ring-ports


Example

The following command disables the send-igmp-query feature:

configure eaps multicast send-igmp-query off



configure eaps multicast temporary-flooding duration

configure eaps multicast temporary-flooding duration seconds

DescriptionConfigures the duration for which the switch temporarily enables multicast flooding when an EAPStopology change occurs.

Syntax Description

seconds Specifies the period (in seconds) for which the switch enables multicastflooding.



Default15 seconds.

Usage GuidelinesThe flooding duration configuration applies only when the temporary-flooding feature is enabled withthe following command:

configure eaps multicast temporary-flooding

Example

The following command configures the temporary-flooding feature duration for 30 seconds:

configure eaps multicast temporary-flooding duration 30



configure eaps multicast temporary-floodingconfigure eaps multicast temporary-flooding [on | off]

DescriptionConfigures the switch to temporarily enable multicast flooding when an EAPS topology change occurs.

Syntax Description

on Enables the multicast temporary-flooding feature.

off Disables the multicast temporary-flooding feature.

DefaultOff.

Usage GuidelinesWhen this feature is set to on and an EAPS topology change occurs, the switch temporarily enablesmulticast flooding to all protected VLANs for the duration specified by the following command:



configure eaps multicast temporary-flooding duration

If you change the configuration to off, topology changes that occur after this command do not result intemporary flooding. For example, if you change the configuration to off while flooding is in progress fora protected VLAN or set of protected VLANs (due to an EAPS topology change), the floodingcontinues for the configured duration period. New topology changes on the protected VLANs do notcause flooding.

When this feature is set to off and an EAPS topology change occurs, the switch does not enableflooding to all protected VLANS during the topology transition. The default switch response formulticast traffic during an EAPS topology change is that defined by the following command:

configure eaps multicast send-igmp-query

You can also use the following command to configure the switch response for multicast traffic duringan EAPS topology change:

configure eaps multicast add-ring-ports

Example

The following command enables the temporary-flooding feature:

configure eaps multicast temporary-flooding on



configure eaps name

configure eaps old_name name new_name

DescriptionRenames an existing EAPS domain.

Syntax Description

old_name Specifies the current name of an EAPS domain.

new_name Specifies a new name for the EAPS domain.



DefaultN/A.

Usage GuidelinesIf you use the same name across categories (for example, STPD and EAPS names), we recommend thatyou specify the identifying keyword as well as the actual name. If you do not use the keyword, thesystem might return an error message.

Example

The following command renames EAPS domain eaps-1 to eaps-5:

configure eaps eaps-1 name eaps-5



configure eaps port

configure eaps name [primary | secondary] port ports

DescriptionConfigures a node port as the primary or secondary port for the specified EAPS domain.

Syntax Description


primary Specifies that the port is to be configured as the primary port.

secondary Specifies that the port is to be configured as the secondary port.

ports Specifies one port or slot and port.

DefaultN/A.



Usage GuidelinesEach node on the ring connects through two ring ports. One port must be configured as the primaryport; the other must be configured as the secondary port.

The primary and secondary ports have significance only on a master node. The health-check messagesare sent out the primary port of the master node, and the master node blocks the protected VLANs onthe secondary port.

The master node’s secondary EAPS port cannot be configured on ports that are already configured asfollows:

• Shared-port

• MLAG ISC port

There is no distinction between the primary and secondary ports on a transit node.

Beginning with ExtremeXOS 11.1, if you have a primary or secondary port that is a member of a load-shared group, you do not need to disable your EAPS domain and remove that ring port whenmodifying the load-shared group. For more information about configuring load sharing on your switch,see Configuring Slots and Ports on a Switch in the ExtremeXOS Concepts Guide.

For complete information about software licensing, including how to obtain and upgrade your licenseand what licenses are appropriate for this feature, see the Feature License Requirements document.

Messages Displayed when Adding EAPS Ring Ports to a VLANIf you attempt to add EAPS ring ports to a VLAN that is not protected by EAPS, the switch promptsyou by default to confirm this action. For example, if you use the configure vlan vlan_name addports port_list command, and the ports that you are attempting to add to the VLAN are currentlyused by EAPS as either primary or secondary ring ports, the switch displays the following message:

Make sure <vlan_name> is protected by EAPS. Adding EAPS ring ports to aVLAN could cause a loop in the network. Do you really want to add theseports (y/n)

Enter y to add the ports to the VLAN. Enter n or press [Return] to cancel this action.

If you see this message, either configure the VLAN as an EAPS protected VLAN by using the configure eaps add protected vlan command or add ports that the EAPS domain does notuse as primary or secondary ring ports.

If you have considerable knowledge and experience with EAPS, you might find the EAPS loopprotection warning messages unnecessary. For more information, see the configure eapsconfig-warnings off .

Example

The following command adds port 1 of the module installed in slot 8 to the EAPS domain eaps_1 as theprimary port:

configure eapseaps_1primary port8:1






configure eaps priority

configure eaps name priority {high | normal}

DescriptionConfigures an EAPS domain priority.

Syntax Description


DefaultNormal.

Usage GuidelinesExtreme Networks recommends that no more than 200 protected VLANs be configured as highpriority domains. Priority protection works best when the majority of protected VLANs are configuredfor normal priority and a relatively small percentage of the protected VLANs are configured as highpriority domains.

When EAPS domains on two separate physical rings share a common link (shared-port configuration)and have one or more protected VLANs in common, the domains must be configured with the samedomain priority.

When EAPS domain priority is configured on separate physical rings that are connected to the sameswitch, the priorities on each ring are serviced independently. For example, if there is a break on bothRing A and Ring B, the high priority domains on each ring are serviced before the lower prioritydomains. However, the switch does not attempt to process the high priority domains on Ring B beforeservicing the normal priority domains on Ring A.

For a high priority domain to get priority over normal priority domains, all switches in the EAPS domainmust support high priority domains. If high priority domains are configured on a switch that is in a ringwith one or more switches that do not support high priority domains (software releases beforeExtremeXOS Release 12.5), the high priority domain operates as a normal priority domain.



Example

The following command configures the eaps_1 domain as a high priority domain:

configure eapseaps_1 priority high



configure eaps shared-port common-path-timers

configure eaps shared-port port common-path-timers {[health-interval | timeout]

seconds}

DescriptionConfigures the common path health interval or timeout value.

Syntax Description

port Specifies the port number of the common link port.

health-interval Specifies the interval for health check messages on the common link.

timeout Specifies the timeout value for the common link.

seconds Specifies the amount of health interval, in seconds.

DefaultN/A.

Usage GuidelinesThis command allows you to configure the length of the common path health interval, in seconds, for agiven port. The range is from 1 to 10 seconds.

Example

The following command configures a common-link health interval of 5 seconds on port 1:1.

configure eaps shared-port 1:1 common-path-timers health-interval 5



The following command configures a segment timeout of 10 seconds on port 1:1.

configure eaps shared-port 1:1 common-path-timers timeout 10


Platform AvailabilityThis command is available on all platforms with the appropriate license. For complete informationabout software licensing, including how to obtain and upgrade your license and what licenses areappropriate for this feature, see the Feature License Requirements document.

configure eaps shared-port link-id

configure eaps shared-port ports link-id id

DescriptionConfigures the link ID of the shared port.

Syntax Description

ports Specifies the port number of the common link port.

id Specifies the link ID of the port. The link ID range is 1 to 65535.

DefaultN/A.

Usage GuidelinesEach common link in the EAPS network must have a unique link ID. The controller and partner sharedports belonging to the same common link must have matching link IDs. No other instance in thenetwork should have that link ID.

If you have multiple adjacent common links, we recommend that you configure the link IDs inascending order of adjacency. For example, if you have an EAPS configuration with three adjacentcommon links, moving from left to right of the topology, configure the link IDs from the lowest to thehighest value.




ExampleThe following command configures the EAPS shared port 1:1 to have a link ID of 1.

configure eaps shared-port 1:1 link-id 1



configure eaps shared-port mode

configure eaps shared-port ports mode controller | partner

DescriptionConfigures the mode of the shared port.

Syntax Description

ports Specifies the port number of the shared port.

controller Specifies the controller mode. The controller is the end of the common linkresponsible for blocking ports when the common link fails thereby preventingthe superloop.

partner Specifies partner mode. The partner is responsible only for sending andreceiving health-check messages.

DefaultN/A.

Usage GuidelinesThe shared port on one end of the common link must be configured to be the controller. This is the endresponsible for blocking ports when the common link fails thereby preventing the superloop.

The shared port on the other end of the common link must be configured to be the partner. This enddoes not participate in any form of blocking. It is responsible only for sending and receiving health-check messages.




Example

The following command configures the shared port 1:1 to be the controller.

configure eaps shared-port 1:1 mode controller



configure eaps shared-port segment-timers expiry-action

configure eaps shared-port port segment-timers expiry-action [segment-down |

send-alert]

DescriptionConfigures the action taken when the segment timeout timer expires.

Syntax Description


segment-down Marks the segment as DOWN if the segment timer expires. No link-status-query is sent to verify that links are down.

send-alert If the segment timer expires, the switch keeps segments up, but sends awarning message to the log. The segment fail flag is set, an SNMP trap is sent,and a link-status-query is sent to verify if any links are down.

DefaultDefault is send-alert.

Usage GuidelinesBy default, the action is to send an alert if the segment timeout timer expires. Instead of the segmentgoing into a failed state and being marked as down, the segment remains in a segment up state with




the failed flag set. The switch writes a critical error message to the syslog warning the user that there isa fault in the segment. An SNMP trap is also sent.

Note

Use caution when setting the segment-timeout expiry action to segment-down. Using thisconfiguration, if the controller or partner node loses three consecutive hello PDUs, thefailtimer expires—but there might not be a break in the segment. Opening a blocked port inthis situation creates a loop.

The following describes some general recommendations for using this command:

• When you configure your Extreme Networks switches as the partner and controller, respectively,make sure that their segment timer configurations are identical.

For example, if you have a partner switch with the segment-timeout expiry action set to send-alert,make sure the controller switch has its segment-timeout expiry action set to send-alert.

However, if you have a partner switch with the segment-timeout expiry action set to send-alert, andthe controller switch does not have a segment timer configuration, you must configure the partnerswitch’s segment-timeout expiry action to segment-down.

• If you have a network containing non-Extreme Networks switches or non-EAPS devices, set thesegment-timeout expiry action to segment-down.

The following events can cause a ring segment failure:

• There is a hardware failure.

• The controller or partner received a Link Down message from the partner or controller, respectively.

• The segment timer expires and the expiry action was set to segment-down. This means that eitherthe controller or partner did not receive health check messages during the defined segment timeoutperiod.

To view shared-port information, including shared-port segment status, use the following command:

show eaps shared-port {port}{detail}



configure eaps shared-port segment-timers health-interval

configure eaps shared-port port segment-timers health-interval seconds




DescriptionConfigures the shared-port health interval timeout.

Syntax Description



DefaultN/A.

Usage GuidelinesThis command allows you to configure the length of the shared-port health interval timeout, inseconds, for a given port.

Example

The following command configures a shared-port health interval timeout of 10 seconds on port 1:1.

configure eaps shared-port 1:1 segment-timers health-interval 10



configure eaps shared-port segment-timers timeout

configure eaps shared-port port segment-timers timeout seconds

DescriptionConfigures the shared-port timeout.




Syntax Description



DefaultN/A.

Usage GuidelinesThis command allows you to configure the length of the shared-port timeout, in seconds, for a givenport.

Example

The following command configures a shared-port timeout of 10 seconds on port 1:1.

configure eaps shared-port 1:1 segment-timers timeout 10



configure erps add control vlan

configure erps ring-name add control {vlan} vlan_name

DescriptionAdd a control VLAN on the ERPS ring.

Syntax Description


control VLAN that carries ERPS control traffic.

vlan_name Alphanumeric string identifying the VLAN to be used for control traffic.




DefaultN/A.

Usage GuidelinesUse this command to add a control VLAN on the ERPS ring. This is the VLAN that carries ERPS controltraffic.

NoteOther VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used for controltraffic. A control VLAN cannot be deleted from a ring that has CFM configured.

Example

The following command adds a control VLAN named “vlan10” to an ERPS ring named “ring1”:

configure erps ring1 add control vlan vlan10



configure erps add protected vlan


DescriptionAdd a protected VLAN on the ERPS ring. This is a data VLAN that ERPS will protect.

Syntax Description


vlan_name Alphanumeric string identifying the data VLAN to be added that ERPS willprotect. This can be a VLAN, SVLAN, BVLAN or VMAN.

DefaultN/A.



Usage GuidelinesUse this command to add a protected data VLAN on the ERPS ring. This VLAN will be protected byERPS, and it can be a VLAN, SVLAN, BVLAN or VMAN.

NoteThe SVLAN-BVLAN combination cannot both be added to the same ring or sub-ring.

Example

The following command adds a protected VLAN named “vlan10” to an ERPS ring named “ring1”:

configure erps ring1 add protected vlan vlan10



configure erps cfm md-level

configure erps ring-name cfm md-level level

DescriptionSpecify the connectivity fault management (CFM) maintenance domain level for an ERPS ring.

Syntax Description


level Maintenance domain level specified for the ERPS ring.

DefaultN/A.

Usage GuidelinesUse this command to specify the CFM maintenance domain level for an ERPS ring.



Example

The following command sets the CFM maintenance domain level to 6 for an ERPS ring named “ring1”:

configure erps ring1 cfm md-level 6



configure erps cfm port ccm-interval

configure erps ring-name cfm port [east | west] ccm-interval [100 | 1000 | 10000

| 60000 | 600000]

DescriptionSpecify the time interval for transmitting CFM connectivity check messages (CCM) on a port of anERPS ring.


east East port.

west West port.

100 100 milliseconds.





DefaultN/A.

Usage GuidelinesUse this command to specify the time interval at which CCMs are transmitted for a port of an ERPSring.



Example

The following command sets the CCM time interval to 1000 for the east port of an ERPS ring named“ring1”:

configure erps ring1 cfm port east ccm-interval 1000



configure erps cfm port group

configure erps ring_name cfm port [east | west] [add | delete] group group_name

DescriptionAssociates or disassociates fault monitoring entities on the ERPS ring ports.

Syntax Description

ring_name Alphanumeric string that identifies the ERPS ring.

east East port.

west West port.

add Associates a CFM Down-MEP entity.

delete Disassociates a CFM Down-MEP entity.

group Specifies a CFM Down-MEP group.

group_name Specifies the name of the Down MEP group.

DefaultN/A.

Usage GuidelinesUse this command to associate or disassociate fault monitoring entities on the ERPS ring ports.



Example

The following command associates fault monitoring on the group "group1":

configure erps ring1 cfm port east add group1


Platform AvailabilityThis command is available on all platforms running ExtremeXOS.

configure erps cfm port mepid

configure erps ring-name cfm port [east | west] mepid mepid remote-mepid rmepid

DescriptionSpecify the maintenance end point identifier for the connectivity fault management (CFM) on a port ofan ERPS ring.

Syntax Description


east East port.

west West port.

mepid Maintenance End Point identifier for the ring ports.

rmepid Remote Maintenance End Point identifier for the ring ports.

DefaultN/A.

Usage GuidelinesUse this command to specify the maintenance end point identifier for CFM on a port of an ERPS ring.



Example

The following command specifies the maintenance end point identifier for the east port of an ERPS ringnamed “ring1”:

configure erps ring1 cfm port east mepid 1 remote-mepid 3



configure erps cfm protection group

configure erps ring_name cfm protection [add delete] group cfm_group

DescriptionAssociates or disassociates a CFM UP MEP group for subring protection across the main ring.

Syntax Description


east East port.

west West port.

add Associates a CFM Up-MEP entity.

delete Disassociates a CFM Up-MEP entity.

group Specifies a CFM Up-MEP group.

group_name Specifies the name of the Up MEP group.

DefaultN/A.

Usage GuidelinesUse this command to associate or disassociate a CFM UP MEP group for subring protection across themain ring.



Example

The following command associates a CFM UP MEP group for subring protection on the group "group1":

configure erps ring1 cfm protection add group1


Platform AvailabilityThis command is available on all platforms running ExtremeXOS.

configure erps delete control vlan

configure erps ring-name delete control {vlan} vlan_name

DescriptionDelete a control VLAN on the ERPS ring.

Syntax Description


vlan_name Alphanumeric string identifying the VLAN used for control traffic.

DefaultN/A.

Usage GuidelinesUse this command to delete a control VLAN from the ERPS ring. This is the VLAN that carries ERPScontrol traffic.

Note

Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used for controltraffic.

A control VLAN cannot be deleted from a ring that has CFM configured.



Example

The following command deletes a control VLAN named “vlan10” from an ERPS ring named “ring1”:

configure erps ring1 delete control vlan vlan10



configure erps delete protected vlan

configure erps ring-name delete protected {vlan} vlan_name

DescriptionDelete a protected data VLAN from the ERPS ring.

Syntax Description


vlan_name Alphanumeric string identifying the data VLAN to be deleted from the ERPSring.

DefaultN/A.

Usage GuidelinesUse this command to delete a protected VLAN from the ERPS ring.

Example

The following command deletes a protected VLAN named “vlan10” from an ERPS ring named “ring1”:

configure erps ring1 delete protected vlan vlan10





configure erps dynamic-state clear

configure erps ring-name dynamic-state [force-switch | manual-switch | clear]

port slot:port

DescriptionClear force and manual switch triggers to the ERPS ring/sub-ring.

Syntax Description

dynamic-state Configure force/manual/clear switch on the active ERPS ring.

force-switch Force switch operation.

manual-switch Manual switch operation.

clear Clear.

DefaultN/A.

Usage GuidelinesUse this command to clear force and manual switch triggers to the ERPS ring/sub-ring.

Example

The following command clears force and manual switch triggers of an ERPS ring named "ring1":

configure erps ring1 dynamic-state clear



configure erps name

configure erps old-ring-name name new-ring-name



DescriptionRename the ERPS ring/sub-ring.

Syntax Description

old-ring-name Alphanumeric string that identifies the ERPS ring.

new-ring-name New alphanumeric string identifying the ERPS ring.

DefaultN/A.

Usage GuidelinesUse this command to rename the ERPS ring or sub-ring.

Example

The following command an ERPS ring from “ring1” to “ring2”:

configure erps ring1 name ring2



configure erps neighbor port

configure erps ring-name neighbor-port port

DescriptionAdd RPL (ring protection link) neighbor configuration for the ERPS ring.

Syntax Description


port The slot:port number for RPL neighbor.



DefaultN/A.

Usage GuidelinesUse this command to add RPL neighbor configuration for the ERPS ring.

Note

This command implicitly makes the node on which it is configured the RPL neighbor.

Example

The following command adds RPL neighbor on port 5 to an ERPS ring named “ring1”:

configure erps ring1 neighbor-port 5



configure erps notify-topology-change

configure {erps} ring-name notify-topology-change {eaps} domain_name

DescriptionAdd an ERPS sub-ring to the EAPS domain.

Syntax Description

ring-name Alphanumeric string identififying the ERPS sub-ring.

domain_name Alphanumeric string identifying the EAPS domain.

DefaultN/A.

Usage GuidelinesUse this command to add an ERPS sub-ring to the EAPS domain.



Example

Example output not yet available and will be provided in a future release.



configure erps protection-port

configure erps ring-name protection-port port

DescriptionAdd ring protection link (RPL) owner configuration for the ERPS ring.

Syntax Description


port The slot:port number for the ring protection link (RPL) owner.

DefaultN/A.

Usage GuidelinesUse this command to add ring protection link (RPL) owner configuration for the ERPS ring.

Note

This command implicitly makes the node on which it is configured the RPL owner.

Example

The following command adds RPL owner configuration on port 5 to an ERPS ring named “ring1”:

configure erps ring1 protection-port 5





configure erps revert

configure {erps} ring-name revert [ enable | disable ]

DescriptionAdd or delete ERPS revert operation along with the “wait-to-restore” time interval.

Syntax Description


enable Enable revert mode to ERPS ring.

disable Disable revert mode from ERPS ring.

DefaultThe default is the revertive mode (enable).

Usage GuidelinesUse this command to enable/disable a G.8032 ring to revert to the original ring protection link (RPL)block state.

Example

The following command disables revert mode from an ERPS ring named “ring1”:

configure erps ring1 revert disable



configure erps ring-ports east | west

configure erps ring-name ring-ports [east | west] port



DescriptionAdd ring ports on the ERPS ring. Ths ring ports connect the switch to the ERPS ring.

Syntax Description


east Add the ring port to the east port of the switch.

west Add the ring port to the west port of the switch.

port The slot:port number for the ring port.

DefaultN/A.

Usage GuidelinesUse this command to add ring ports on the ERPS ring. The ring ports can be added to the east or westport of the switch. The ring ports connect the switch to the ERPS ring.

Example

The following command adds port 5 as a ring port on the east port of the switch for an ERPS ringnamed “ring1”:

configure erps ring1 add ring-ports east 5



configure erps subring-mode

configure erps ring_name subring-mode [no-virtualChannel | virtualChannel]

DescriptionConfigures sub-ring mode.



Syntax Description


no-virtualChannel No Virtual Channel required to complete it's control path.

virtualChannel Virtual Channel required to complete it's control path.

DefaultN/A.

Usage GuidelinesUse this command to add or delete ERPS sub-rings.

Example

The following example configures a virtual channel for the control path:

configure erps ring1 subring-mode virtualChannel


Platform AvailabilityThis command is available on all platforms that are running ExtremeXOS.

configure erps sub-ring

configure {erps} ring-name [add | delete] sub-ring-name sub_ring

DescriptionAdd or delete a sub-ring to the main ring.

Syntax Description


add Add sub-ring.

delete Delete sub-ring.

sub_ring Alphanumeric string identifying the ERPS sub-ring.



DefaultN/A.

Usage GuidelinesUse this command to add or delete ERPS sub-rings.

Example

The following example adds sub-ring “ring2” to “ring1”:

configure erps ring1 add sub-ring-name ring2



configure erps timer guard

configure {erps} ring-name timer guard [ default | milliseconds ]

DescriptionConfigure a guard timer to control when the node should act on received R-APS (ring automaticprotection switching) messages.

Syntax Description


default The default value, 500 milliseconds.

milliseconds The interval for the guard timer in milliseconds, with a range of 10 to 2000.

DefaultThe default is 500 milliseconds.

Usage GuidelinesUse this command to configure a guard timer to control when the node should act on received R-APSmessages.



Example

The following command sets the guard timer to 1000 milliseconds for an ERPS ring named “ring1”:

configure erps ring1 timer guard 1000



configure erps timer hold-off

configure {erps} ring-name timer hold-off [ default | milliseconds ]

DescriptionConfigure a hold-off timer to control when a signal fault is relayed.

Syntax Description



milliseconds The interval for the hold-off time in milliseconds, with a range of 0 to 10000.


Usage GuidelinesUse this command to configure a hold-off timer to control when a signal fault is relayed.

Example

The following command sets the hold-off timer to 1000 milliseconds for an ERPS ring named “ring1”:

configure erps ring1 timer hold-off 1000





configure erps timer periodic

configure {erps} ring-name timer periodic [ default | milliseconds ]

DescriptionConfigure a periodic timer to control the interval between signal failures.

Syntax Description



milliseconds The interval for the periodic time in milliseconds, with a range of 2000 to7000.


Usage GuidelinesUse this command to configure a periodic timer to control the interval between signal failure.

Example

The following command sets the periodic timer to 6000 milliseconds for an ERPS ring named “ring1”:

configure erps ring1 timer periodic 6000





configure erps timer wait-to-block


DescriptionConfigure a wait-to-block timer for revertive operations on RPL owner initiated reversion.

Syntax Description



milliseconds The time interval to wait before restoring, with a range of 5000 to 7000milliseconds.


Usage GuidelinesUse this command to configure a wait-to-block timer for revertive operations on RPL owner-initiatedreversion.

Example

The following command sets the wait-to-block timer to 6000 milliseconds for an ERPS ring named“ring1”:

configure erps ring1 timer wait-to-block 6000



configure erps timer wait-to-restore

configure {erps} ring-name timer wait-to-restore [ default | milliseconds ]



DescriptionConfigure a time interval to wait before restoring.

Syntax Description



milliseconds The time interval to wait before restoring, with a range of 0 to 720000milliseconds.


Usage GuidelinesUse this command to configure a time interval to wait before restoring.

ExampleThe following command sets the wait-to-restore timer to 3000 milliseconds for an ERPS ring named“ring1”:

configure erps ring1 timer wait-to-restore 3000



configure erps topology-change

configure erps ring-name [add | delete] topology-change ring-list

DescriptionIdentify the rings to which topology change events need to be propagated.



Syntax Description


add Add rings/sub-rings to topology change propagation list.

delete Delete rings/sub-rings from topology change propagation list.

ring-list List of ERPS rings/sub-rings to which topology change needs to bepropagated.

DefaultN/A.

Usage GuidelinesUse this command to add or delete ERPS rings/sub-rings from the topology change propagation list.

Example




configure forwarding L2-protocol fast-convergence

configure forwarding L2-protocol fast-convergence on | off

DescriptionConfigures the switch to flooding the unicast traffic during L2 protocol convergence.

Syntax Description

on Used to avoid flooding the unicast traffic during L2 protocol convergence.

off Used to Temporarily flooding unicast traffic during L2 protocol convergence.(default)

DefaultOn.



Usage GuidelinesUse this command to influence the L2-protocol convergence when topology changes in the network tominimize the congestion.

Example

The following command will influence the L2-Protocol control traffic:

configure forwarding L2-protocol fast-convergence off


Platform AvailabilityThis command available on all Summit, BD8K, BD-X8 platforms.

configure ip-arp fast-convergence

configure ip-arp fast-convergence [on | off]

DescriptionThis command improves IP convergence for IP traffic.

Syntax Description

on Fast-convergence on.

off Fast-convergence off (default).

DefaultOff.

Usage GuidelinesUse this command for quick recovery when running IP traffic over an EAPS ring.

Example

The following example shows output from the configure ip-arp fast-convergence on command:

E4G200-1.2 # show iparpVR Destination Mac Age Static VLAN



VID PortVR-Default 10.109.1.2 00:04:96:52:2b:16 0 NO box1-box2 950 3VR-Default 10.109.1.6 00:04:96:52:2a:f2 0 NO box1-box3 951 1Dynamic Entries : 2 Static Entries : 0Pending Entries : 0In Request : 1 In Response : 1Out Request : 1 Out Response : 1Failed Requests : 0Proxy Answered : 0Rx Error : 0 Dup IP Addr : 0.0.0.0Rejected Count : Rejected IP :Rejected Port : Rejected I/F :Max ARP entries : 8192 Max ARP pending entries : 256ARP address check: Enabled ARP refresh : EnabledTimeout : 20 minutes ARP Sender-Mac Learning : DisabledLocktime : 1000 millisecondsRetransmit Time : 1000 millisecondsReachable Time : 900000 milliseconds (Auto)Fast Convergence : OffE4G200-1.3 #E4G200-1.4 # show iparpVR Destination Mac Age Static VLAN VID PortVR-Default 10.109.1.2 00:04:96:52:2b:16 1 NO box1-box2 950 3VR-Default 10.109.1.6 00:04:96:52:2a:f2 1 NO box1-box3 951 1Dynamic Entries : 2 Static Entries : 0Pending Entries : 0In Request : 1 In Response : 1Out Request : 1 Out Response : 1Failed Requests : 0Proxy Answered : 0Rx Error : 0 Dup IP Addr : 0.0.0.0Rejected Count : Rejected IP :Rejected Port : Rejected I/F :Max ARP entries : 8192 Max ARP pending entries : 256ARP address check: Enabled ARP refresh : EnabledTimeout : 20 minutes ARP Sender-Mac Learning : DisabledLocktime : 1000 millisecondsRetransmit Time : 1000 millisecondsReachable Time : 900000 milliseconds (Auto)



Fast Convergence : OnE4G200-1.5 #



configure mstp format

configure mstp format format_identifier

DescriptionConfigures the number used to identify the MSTP BPDUs sent in the MSTP region.

Syntax Description

format_identifier Specifies a number that MSTP uses to identify all BPDUs sent in the MSTPregion. The default is 0. The range is 0 to 255.

DefaultThe default value used to identify the MSTP BPDU is 0.

Usage GuidelinesFor a switch to be part of an MSTP region, you must configure each switch in the region with the sameMSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist of thefollowing:

• Region Name—The name of the MSTP region.

• Format Selector—The number used to identify the format of MSTP BPDUs. The default is 0.


You can configure only one MSTP region on the switch at any given time.

The switches contained in a region transmit and receive BPDUs that contain information relevant toonly that MSTP region. By having devices look at the region identifiers, MSTP discovers the logicalboundary of a region.

If you have an active MSTP region, Extreme Networks recommends that you disable all active STPDs inthe region before modifying the value used to identify MSTP BPDUs on all participating switches.



Example

The following command configures the number 2 to identify the MSTP BPDUs sent within an MSTPregion:

configure mstp format 2



configure mstp region


DescriptionConfigures the name of an MSTP region on the switch.

Syntax Description

regionName Specifies a user-defined name for the MSTP region. May be up to 32characters.

DefaultBy default, the switch uses the MAC address of the switch to generate an MSTP region.

Before you configure the MSTP region, it also has the following additional defaults:

• MSTP format Identifier—0.

• MSTP Revision Level—3.

Usage GuidelinesThe maximum length for a name is 32 characters. Names can contain alphanumeric characters andunderscores ( _ ) but cannot be any reserved keywords, for example, mstp. Names must start with analphabetical character, for example, a, Z.

By default, the switch uses the unique MAC address of the switch to generate an MSTP region. Sinceeach MAC address is unique, every switch is in its own region by default.



For multiple switches to be part of an MSTP region, you must configure each switch in the region withthe same MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consistof the following:




You can configure only one MSTP region on the switch at any given time.

The switches inside a region exchange BPDUs that contain information for MSTIs. The switchesconnected outside of the region exchange CIST information. By having devices look at the regionidentifiers, MSTP discovers the logical boundary of a region.

If you have an active MSTP region, we recommend that you disable all active STPDs in the regionbefore renaming the region on all of the participating switches.

Viewing MSTP InformationTo view the MSTP configuration on the switch, use the show stpd command. Output from thiscommand contains global MSTP settings, including the name of the MSTP region, the number or tagthat identifies all of the BPDUs sent in the MSTP region, and the reserved MSTP revision level. Ifconfigured, the output also displays the name of the Common and Internal Spanning Tree (CIST), andthe number of Multiple Spanning Tree Instances (MSTIs).

Example

The following command creates an MSTP region named purple:

configure mstp region purple



configure mstp revision

configure mstp revision revision

DescriptionConfigures the revision number of the MSTP region.



Syntax Description

revision This parameter is reserved for future use.

DefaultThe default value of the revision level is 3.

Usage GuidelinesAlthough this command is displayed in the CLI, it is reserved for future use. Please do not use thiscommand.

If you accidentally configure this command, remember that each switch in the region must have thesame MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist ofthe following:




Example

The following command returns the MSTP revision number to 3, the default revision number:

configure mstp revision 3



configure stpd add vlanconfigure stpd stpd_name add vlan vlan_name ports [all | port_list] {[dot1d |


DescriptionAdds all ports or a list of ports within a VLAN to a specified STPD.



Syntax Description

stpd_name Specifies an STPD name on the switch.

vlan_name Specifies a VLAN name.

all Specifies all of the ports in the VLAN to be included in the STPD.

port_list Specifies the port or ports to be included in the STPD.

dot1d Specifies the STP encapsulation mode of operation to be 802.1D.

emistp Specifies the STP encapsulation mode of operation to be EMISTP.

pvst-plus Specifies the STP encapsulation mode of operation to be PVST+.

DefaultPorts in the default STPD (s0) are in dot1.d mode.

Ports in user-created STPDs are in emistp mode.

Usage GuidelinesTo create an STP domain, use the create stpd command. To create a VLAN, use the create vlancommand.

In an EMISTP or PVST+ environment, this command adds a list of ports within a VLAN to a specifiedSTPD provided the carrier VLAN already exists on the same set of ports. You can also specify theencapsulation mode for those ports.

In an MSTP environment, you do not need a carrier VLAN. A CIST controls the connectivity ofinterconnecting MSTP regions and sends BPDUs across the regions to communicate region status. Youmust use the dot1d encapsulation mode in an MSTP environment.

You cannot configure STP on the following ports:

• Mirroring target ports.

• Software-controlled redundant ports.

If you see an error similar to the following:

Error: Cannot add VLAN default port 3:5 to STP domain

You might be attempting to add:

• A carrier VLAN port to a different STP domain than the carrier VLAN belongs.

• A VLAN/port for which the carrier VLAN does not yet belong.

NoteThis restriction is enforced only in an active STP domain and when you enable STP tomake sure you have a legal STP configuration.

Care must be taken to ensure that ports in overlapping domains do not interfere with the orderlyworking of each domain’s protocol.



By default, when the switch boots for the first time, it automatically creates a VLAN named default witha tag value of 1 and STPD s0. The switch associates VLAN default to STPD s0. All ports that belong tothis VLAN and STPD are in 802.1D encapsulation mode with autobind enabled. If you disable autobindon the VLAN default, that configuration is saved across a reboot.

Naming ConventionsIf your STPD has the same name as another component, for example a VLAN, we recommend that youspecify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,the keywords stpd and vlan are optional.

STP Encapsulations ModesYou can specify the following STP encapsulation modes:

• dot1d—This mode is reserved for backward compatibility with previous STP versions. BPDUs aresent untagged in 802.1D mode. Because of this, any given physical interface can have only one STPDrunning in 802.1D mode.


• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN ID field.


• pvst-plus—This mode implements PVST+ in compatibility with third-party switches running thisversion of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, andsend and process packets in PVST+ format.


These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs tomultiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run indifferent modes for different domains for which it belongs.

MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of yourMSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.

STPD IdentifierAn StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD and that VLAN cannotbelong to another STPD.

MSTP uses two different methods to identify the STPDs that are part of the MSTP network. An instanceID of 0 identifies the Common and Internal Spanning Tree (CIST). The switch assigns this IDautomatically when you configure the CIST STPD. A multiple spanning tree instance identifier identifieseach STP domain that is part of an MSTP region. You assign the MSTI ID when configuring the STPDthat participates in the MSTP region. In an MSTP region, MSTI IDs only have local significance. You canreuse MSTI IDs across MSTP regions.



Automatically Inheriting Ports--MSTP OnlyIn an MSTP environment, whether you manually or automatically bind a port to an MSTI in an MSTPregion, the switch automatically binds that port to the CIST. The CIST handles BPDU processing foritself and all of the MSTIs; therefore, the CIST must inherit ports from the MSTIs in order to transmit andreceive BPDUs.

Example

Create a VLAN named marketing and an STPD named STPD1 as follows:

create vlan marketingcreate stpd stpd1

The following command adds the VLAN named marketing to the STPD STPD1, and includes all the portsof the VLAN in STPD1:

configure stpd stpd1 add vlan marketing ports all



configure stpd default-encapsulation

configure stpd stpd_name default-encapsulation [dot1d | emistp | pvst-plus]

DescriptionConfigures the default encapsulation mode for all ports added to the specified STPD.

Syntax Description


dot1d Specifies the STP encapsulation mode of operation to be 802.1d.



DefaultPorts in the default STPD (s0) are dot1d mode.




Usage GuidelinesCare must be taken to ensure that ports in overlapping domains do not interfere with the orderlyworking of each domain’s protocol.

By default, when the switch boots for the first time, it automatically creates a VLAN named default witha tag value of 1 and STPD s0. The switch associates VLAN default to STPD s0. All ports that belong tothis VLAN and STPD are in 802.1d encapsulation mode with autobind enabled. If you disable autobindon the VLAN default, that configuration is saved across a reboot.


Naming ConventionsIf your STPD has the same name as another component, for example a VLAN, we recommend that youspecify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,the keyword stpd is optional. For name creation guidelines and a list of reserved names, see ObjectNames in the .

STP Encapsulation ModesYou can specify the following STP encapsulation modes:





• pvst-plus—This mode implements PVST+ in compatibility with third-party switches running thisversion of STP. The STPDs running in this mode have a one-to-one relationship with VLANs andsend and process packets in PVST+ format.


Note

These encapsulation modes are for STP ports, not for physical ports. When a physical portbelongs to multiple STPDs, it is associated with multiple STP ports. It is possible for thephysical port to run in different modes for different domains for which it belongs.

STPD IdentifierAn StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STP domain, and that VLANcannot belong to another STPD.



MSTP uses two different methods to identify the STPDs that are part of the MSTP network. An instanceID of 0 identifies the Common and Internal Spanning Tree (CIST). The switch assigns this IDautomatically when you configure the CIST STPD. A multiple spanning tree instance identifier identifieseach STP domain that is part of an MSTP region. You assign the MSTI ID when configuring the STPDthat participates in the MSTP region. In an MSTP region, MSTI IDs only have local significance. You canreuse MSTI IDs across MSTP regions.

Example

The following command specifies that all ports subsequently added to the STPD STPD1 be in PVST+encapsulation mode unless otherwise specified or manually changed:

configure stpd stpd1 default-encapsulation pvst-plus



configure stpd delete vlan


DescriptionDeletes one or more ports in the specified VLAN from an STPD.

Syntax Description



all Specifies that all of the ports in the VLAN are to be removed from the STPD.

port_list Specifies the port or ports to be removed from the STPD.

DefaultN/A.



Usage GuidelinesIf your STPD has the same name as another component, for example a VLAN, we recommend that youspecify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,the keywords stpd and vlan are optional.

In EMISTP and PVST+ environments, if the specified VLAN is the carrier VLAN, all protected VLANs onthe same set of ports are also removed from the STPD.

You also use this command to remove autobind ports from a VLAN. ExtremeXOS records the deletedports so that the ports are not automatically added to the STPD after a system restart.

When a port is deleted on the MSTI, it is automatically deleted on the CIST as well.

Example

The following command removes all ports of a VLAN named Marketing from the STPD STPD1:

configure stpd stpd1 delete vlan marketing ports all



configure stpd description

configure {stpd} stpd_name description [stpd-description | none}

DescriptionAdds or overwrites the STP domain description field.

Syntax Description


stpd-description Specifies an STPD description.

none Clears the STPD string.

DefaultThe STP domain description string is empty.



Usage GuidelinesUse this command to add or overwrite the STP domain description field.

The maximum STP domain description length is 180 characters.

The stpd-description must be in quotes if the string contains any spaces.

To display the description, use the show stpd stpd_name command. When no STP domaindescription is configured, Description is not displayed in the output.

To clear the STP domain description string, either specify the keyword none in this command or use the unconfigure stpd {stpd_name} command.

Example

The following command adds the description “this is s0 domain” to the STPD named s0:

configure stpd s0 description “this is s0 domain”



configure stpd flush-method

configure stpd flush-method [vlan-and-port | port-only]

DescriptionConfigures the method used by STP to flush the FDB during a topology change.

Syntax Description

vlan-and-port Specifies a VLAN and port combination flush method.

port-only Specifies a port flush method.

DefaultThe default flush method is vlan-and-port.



Usage GuidelinesFor scaled up configurations where there are more than 1000 VLANs and more than 70 portsparticipating in STP, the number of messages exchanged between STP/FDB/HAL modules canconsume a lot of system memory during an STP topology change using the default configuration forflush method. In such situations, setting the flush method to “port-only” can help reduce the systemmemory consumption.

Example

The following command sets the flush method to port-only:

configure stpd flush-method port-only

HistoryThis command was available in ExtremeXOS 12.4.5.


configure stpd forwarddelay

configure stpd stpd_name forwarddelay seconds

DescriptionSpecifies the time (in seconds) that the ports in this STPD spend in the listening and learning stateswhen the switch is the root bridge.

Syntax Description


seconds Specifies the forward delay time in seconds. The default is 15 seconds, and therange is 4 to 30 seconds.

DefaultThe default forward delay time is 15 seconds.

Usage GuidelinesIf your STPD has the same name as another component, for example a VLAN, we recommend that youspecify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,the keyword stpd is optional.



You should not configure any STP parameters unless you have considerable knowledge and experiencewith STP. The default STP parameters are adequate for most networks.

The range for the seconds parameter is 4 through 30 seconds.

Example

The following command sets the forward delay from STPD1 to 20 seconds:

configure stpd stpd1 forwarddelay 20



configure stpd hellotime

configure stpd stpd_name hellotime seconds

DescriptionSpecifies the time delay (in seconds) between the transmission of BPDUs from this STPD when it is theroot bridge.

Syntax Description


seconds Specifies the hello time in seconds. The default is 2 seconds, and the range is 1to 10 seconds.

DefaultThe default hello time is 2 seconds.


In an MSTP environment, configure the hello timer only on the CIST, not on the MSTIs.





Example

The following command sets the time delay from STPD1 to 10 seconds:

configure stpd stpd1 hellotime 10



configure stpd maxage

configure stpd stpd_name maxage seconds

DescriptionSpecifies the maximum age of a BPDU in the specified STPD.

Syntax Description


seconds Specifies the maxage time in seconds. The default is 20 seconds, and therange is 6 to 40 seconds.

DefaultThe default maximum age of a BPDU is 20 seconds.





In an MSTP environment, configure the maximum age of a BPDU only on the CIST, not on the MSTIs.


Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 *(Forward Delay –1).

Example

The following command sets the maximum age of STPD1 to 30 seconds:

configure stpd stpd1 maxage 30



configure stpd max-hop-count

configure stpd stpd_name max-hop-count hopcount

DescriptionSpecifies the maximum hop count of a BPDU until the BPDU is discarded in the specified MSTP STPdomain.

Syntax Description


hopcount Specifies the number of hops required to age out information and notifychanges in the topology. The default is 20 hops, and the range is 6 to 40hops.

DefaultThe default hop count of a BPDU is 20 hops.

Usage GuidelinesThis command is applicable only in an MSTP environment.



If your STPD has the same name as another component, for example a VLAN, Extreme Networksrecommends that you specify the identifying keyword as well as the name. If your STPD has a nameunique only to that STPD, the keyword stpd is optional.


The range for the hopcount parameter is 6 through 40 hops.

In an MSTP environment, the hop count has the same purpose as the maxage timer for 802.1D and802.1w environments.

The main responsibility of the CIST is to exchange or propagate BPDUs across regions. The switchassigns the CIST an instance ID of 0, which allows the CIST to send BPDUs for itself in addition to all ofthe MSTIs within an MSTP region. Inside a region, the BPDUs contain CIST records and piggybacked M-records. The CIST records contain information about the CIST, and the M-records contain informationabout the MSTIs. Boundary ports only exchange CIST record BPDUs.

On boundary ports, only CIST record BPDUs are exchanged. In addition, if the other end is an 802.1D or802.1w bridge, the maxage timer is used for interoperability between the protocols.

Example

The following command sets the hop of the MSTP STPD, STPD2, to 30 hops:

configure stpd stpd2 max-hop-count 30



configure stpd mode


DescriptionConfigures the operational mode for the specified STP domain.

Syntax Description


dot1d Specifies the STPD mode of operation to be 802.1D.



dot1w Specifies the STPD mode of operation to be 802.1w, and rapid configuration isenabled.

mstp Specifies the STPD mode of operation to be 802.1s, and rapid configuration isenabled.

cist Configures the specified STPD as the common instance spanning tree for theMSTP region.

msti Configures the specified STPD as a multiple spanning tree instance for theMSTP region.

instance Specifies the Id of the multiple spanning tree instance. The range is 1 to 4,094.

DefaultThe STPD operates in 802.1D mode.


If you configure the STP domain in 802.1D mode, the rapid reconfiguration mechanism is disabled.

If you configure the STP domain in 802.1w mode, the rapid reconfiguration mechanism is enabled. Youenable or disable RSTP on a per STPD basis only. You do not enable RSTP on a per port basis.

If you configure the STP domain in MSTP mode, the rapid reconfiguration mechanism is enabled. Youenable or disable MSTP on a per STPD basis only. You do not enable MSTP on a per port basis. MSTPSTPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your MSTPSTPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.

You must first configure a Common and Internal Spanning Tree (CIST) before configuring any multiplespanning tree instances (MSTIs) in the region. You cannot delete or disable a CIST if any of the MSTIsare active in the system.

Example

The following command configures STPD s1 to enable the rapid reconfiguration mechanism andoperate in 802.1w mode:

configure stpd s1 mode dot1w

The following command configures STPD s2 to operate as an MSTI in an MSTP domain:

configure stpd s2 mode mstp msti 3




The mstp parameter was added in ExtremeXOS 11.4.


configure stpd ports active-role disable

configure stpd stpd_name ports active-role disable port

DescriptionAllows a port to be selected as an alternate or backup port.

Syntax Description


port Specifies a port.

DefaultThe default is disabled.

Usage GuidelinesUse this command to revert to the default that allows a specified port to be elected to any STP portrole.

Example

The following command disables an active role on STDP s1, port 6:3:

configure stpd s1 ports active-role disable 6:3





configure stpd ports active-role enable

configure stpd stpd_name ports active-role enable port

DescriptionPrevents a port from becoming an alternate or backup port.

Syntax Description


port Specifies a port.


Usage GuidelinesUse this command to keep a port in an active role. It prevents a specified port from being elected to analternate or backup role which puts the port in a blocking state.

The following describes the port role and state when RSTP stabilizes.

STP Port Role Port State

Alternate (inactive) Blocking

Backup (inactive Blocking

Root (active) Forwarding

Designated (active) Forwarding

This feature can be enabled on only one STP port in the STP domain.

The restricted port role cannot be combined with this feature.

An active port role (root or designated) cannot be enabled with an edge port.

To disable this command, use the configure stpd ports active-role disable command.

To view the status of the active role, use the show stpd ports command.

Example

The following command enables an active role on STDP s1, port 6:3:

configure stpd s1 ports active-role enable 6:3





configure stpd ports bpdu-restrict

configure {stpd} stpd_name ports bpdu-restrict [enable | disable] port_list


DescriptionConfigures BPDU Restrict.

Syntax Description


port_list Specifies one or more ports or slots and ports.

bpdu-restrict Disables port as soon as a BPDU is received.

recovery-timeout Time after which the port will be re-enabled.

seconds Specifies the time in seconds. The range is 60 to 600. The default is 300.


Usage GuidelinesBefore using this command, the port(s) should be configured for edge-safeguard.

Example

The following command enables bpdu-restrict on port 2 of STPD s1:

configure stpd s1 ports bpdu-restrict enable 2





configure stpd ports cost

configure stpd stpd_name ports cost [auto | cost] port_list

DescriptionSpecifies the path cost of the port in the specified STPD.

Syntax Description


auto Specifies the switch to remove any user-defined port cost value(s) and usethe appropriate default port cost value(s).

cost Specifies a numerical port cost value. The range is 1 through 200,000,000.


DefaultThe switch automatically assigns a default path cost based on the speed of the port, as follows:

• 10 Mbps port—the default cost is 2,000,000.

• 100 Mbps port—the default cost is 200,000.

• 1000 Mbps port—the default cost is 20,000.

• 10000 Mbps ports—the default cost is 2,000.

The default port cost for trunked ports is dynamically calculated based on the available bandwidth.



The 802.1D-2004 standard modified the default port path cost value to allow for higher link speeds. Ifyou have a network with both 802.1D-2004 and 802.1D-1998 compliant bridges, a higher link speed cancreate a situation whereby an 802.1D-1998 compliant bridge could become the most favorable transitpath and possibly cause the traffic to span more bridges. To prevent this situation, configure the portpath cost to make links with the same speed use the same path host value. For example, if you have



100 Mbps links on all bridges, configure the port path cost for the 802.1D-2004 compliant bridges to 19instead of using the default 200,000.

Note

You cannot configure the port path cost on 802.1D-1998 compliant bridges to 200,000because the path cost range setting is 1 to 65,535.

The range for the cost parameter is 1 through 200,000,000. If you configure the port cost, a setting of 1indicates the highest priority.

If you configured a port cost value and specify the auto option, the switch removes the user-definedport cost value and returns to the default, automatically assigned, port cost value.

The auto port cost of a trunk port is calculated based on number member ports in the trunk port. Linkup and down of the member port does not affect the trunk port cost, thus it does not trigger topologychange. Only adding or removing a member port to/from the trunk port causes auto trunk port cost tochange. Also, by so configuring a static trunk port cost, the value is frozen regardless of the number ofmember ports in the trunk port.

ExtremeXOS 11.5 and EarlierIf you have switches running ExtremeXOS 11.5 and earlier, the default costs are different than switchesrunning ExtremeXOS 11.6 and later.

The range for the cost parameter is 1 through 65,535.

The switch automatically assigns a default path cost based on the speed of the port, as follows:

• 10 Mbps port—the default cost is 100.



• 10000 Mbps ports—the default cost is 2.

Example

The following command configures a cost of 100 to slot 2, ports 1 through 5 in STPD s0:

configure stpd s0 ports cost 100 2:1-2:5


The auto option was added in ExtremeXOS 11.0.

The default costs were updated based on support for the 802.1D-2004 standard in ExtremeXOS 11.6.




configure stpd ports edge-safeguard disable

configure {stpd} stpd_name ports edge-safeguard disable port_list {bpdu-restrict}


DescriptionDisables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.

Syntax Description


port_list Specifies one or more edge ports.




DefaultBy default, this feature is disabled.

Usage GuidelinesThis command applies only to ports that have already been configured as edge ports.

Loop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.An edge port configured with edge safeguard immediately enters the forwarding state and transmitsBPDUs.

If you disable this feature, the edge port enters the forwarding state but no longer transmits BPDUsunless a BPDU is received by that edge port. This is the default behavior.

Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is specified, the portis permanently disabled.

BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-restrictdisableport_list command.

If edge safeguard is disabled, BPDU restrict is also disabled.

To view the status of the edge safeguard feature use the show {stpd} stpd_name ports {[detail|port_list {detail}]} command. You can also use the show stpd {stpd_name | detail}



command to display the STPD configuration on the switch, including the enable/disable state for edgesafeguard.

Note

In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.

To enable or re-enable edge safeguard, use one of the following commands:

• configure {stpd} stpd_name ports edge-safeguard enableport_list {bpdu-



point]port_list | edgeport_list {edge-safeguard [enable | disable] {bpdu-

restrict} {recovery-timeoutseconds}}]

Example

The following command disables edge safeguard on RSTP edge port 4 in STPD s1 on a stand-aloneswitch:

configure stpd s1 ports edge-safeguard disable 4

The following command disables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1 ona modular switch:

configure stpd s1 ports edge-safeguard disable 2:3


The BPDU Restrict function was added in ExtremeXOS 12.4.


configure stpd ports edge-safeguard enable

configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdu-restrict}


DescriptionEnables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.



Syntax Description


port_list Specifies one or more edge ports.




DefaultBy default, this feature is disabled.

Usage GuidelinesThis command applies only to ports that have already been configured as edge ports.

Loop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.You configure edge safeguard on RSTP or MSTP edge ports to prevent accidental or deliberatemisconfigurations (loops) resulting from connecting two edge ports together or by connecting a hub orother non-STP switch to an edge port. Edge safeguard also limits the impact of broadcast storms thatmight occur on edge ports.

An edge port configured with edge safeguard immediately enters the forwarding state and transmitsBPDUs. This advanced loop prevention mechanism improves network resiliency but does not interferewith the rapid convergence of edge ports.


BPDU restrict can be disabled using the configure {stpd} stpd_name ports bpdu-restrict[enable | disable]port_list {recovery-timeout {seconds}} command and selectingdisable.


To view the status of the edge safeguard feature use the show {stpd} stpd_name ports {[detail|port_list {detail}]} command. You can also use the show stpd {stpd_name | detail}command to display the STPD configuration on the switch, including the enable/disable state for edgesafeguard.

Note


To disable edge safeguard, use one of the following commands:

• configure {stpd} stpd_name ports edge-safeguard disableport_list {bpdu-



point]port_list | edgeport_list {edge-safeguard [enable | disable] {bpdu-

restrict} {recovery-timeoutseconds}}]



Example

The following command enables edge safeguard on RSTP edge port 4 in STPD s1 on a stand-aloneswitch:

configure stpd s1 ports edge-safeguard enable 4

The following command enables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1 ona modular switch:

configure stpd s1 ports edge-safeguard enable 2:3




configure stpd ports link-type




DescriptionConfigures the ports in the specified STPD as auto, broadcast, edge, or point-to-point link types.

Syntax Description


auto Specifies the switch to automatically determine the port link type. An autolink behaves like a point-to-point link if the link is in full-duplex mode or if linkaggregation is enabled on the port. Used for 802.1w configurations.

broadcast Specifies a port attached to a LAN segment with more than two bridges.Used for 802.1D configurations. A port with broadcast link type cannotparticipate in rapid reconfiguration using RSTP or MSTP. By default, all STP.1Dports are broadcast links.

point-to-point Specifies a port attached to a LAN segment with only two bridges. A portwith point-to-point link type can participate in rapid reconfiguration. Used for802.1w and MSTP configurations. By default, all 802.1w and MSTP ports arepoint-to-point link types.




edge Specifies a port that does not have a bridge attached. An edge port is placedand held in the STP forwarding state unless a BPDU is received by the port.Used for 802.1w and MSTP configurations.

edge-safeguard Specifies that the edge port be configured with edge safeguard, a loopprevention and detection mechanism. Used for 802.1w and MSTPconfigurations.

enable Specifies that edge safeguard be enabled on the edge port(s).

disable Specifies that edge safeguard be disabled on the edge port(s).




DefaultSTP.1D ports are broadcast link types 802.1w and MSTP ports are point-to-point link types.


The default, broadcast links, supports legacy STP (802.1D) configurations. If the switch operates in802.1D mode, any configured port link type will behave the same as the broadcast link type.

RSTP rapidly moves the designated ports of a point-to-point link type into the forwarding state. Thisbehavior is supported by RSTP and MSTP only.


Auto Link TypeAn auto link behaves like a point-to-point link if the link is in full duplex mode or if link aggregation isenabled on the port; otherwise, an auto link behaves like a broadcast link. If a non-STP switch existsbetween several switches operating in 802.1w mode with auto links, the non-STP switch may negotiatefull-duplex even though the broadcast domain extends over several STP devices.

Edge Link TypeRSTP does not send any BPDUs from an edge port nor does it generate topology change events whenan edge port changes its state.

If you configure a port to be an edge port, the port immediately enters the forwarding state. Edge portsremain in the forwarding state unless the port receives a BPDU. In that case, edge ports enter theblocking state. The edge port remains in the blocking state until it stops receiving BPDUs and themessage age timer expires.



Edge SafeguardLoop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.You configure edge safeguard on RSTP or MSTP edge ports to prevent accidental or deliberatemisconfigurations (loops) resulting from connecting two edge ports together or by connecting a hub orother non-STP switch to an edge port. Edge safeguard also limits the impact of broadcast storms thatmight occur on edge ports.

An edge port configured with edge safeguard immediately enters the forwarding state and transmitsBPDUs. This advanced loop prevention mechanism improves network resiliency but does not interferewith the rapid convergence of edge ports.


BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-restrictdisableport_list command.


To configure a port as an edge port and enable edge safeguard on that port, use the configure stpdstpd_name ports link-type edgeport_list edge-safeguard command and specify enable.

To disable edge safeguard on the edge port, use the configure stpd stpd_name ports link-type edgeport_list edge-safeguard command and specify disable.

Two other commands are also available to enable and disable edge safeguard:

configure stpd ports edge-safeguard enable configure stpd ports edge-safeguarddisable


Example

The following command configures slot 2, ports 1 through 4 to be point-to-point links in STPD s1:

configure stpd s1 ports link-type point-to-point 2:1-2:4

The following command enables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1configured for RSTP:

configure stpd s1 ports link-type edge 2:3 edge-safeguard enable






configure stpd ports mode

configure stpd stpd_name ports mode [dot1d | emistp | pvst-plus] port_list

DescriptionConfigures the encapsulation mode for the specified port list.

Syntax Description






DefaultPorts in the default STPD (s0) are dot1d mode.




You can specify the following STP encapsulation modes:









Example

The following command configures STPD s1 with PVST+ packet formatting for slot 2, port 1:

configure stpd s1 ports mode pvst-plus 2:1



configure stpd ports port-priority

configure stpd stpd_name ports port-priority priority port_list

DescriptionSpecifies the port priority of the port in the specified STPD.

Syntax Description


priority Specifies a numerical port priority value. The range is 0 through 240 and issubject to the multiple of 16 restriction.


DefaultThe default is 128.





By changing the priority of the port, you can make it more or less likely to become the root port or adesignated port.

To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existing configure stpd ports priority command is available in ExtremeXOS 11.6. If you have anExtremeXOS 11.5 or earlier configuration, the switch interprets the port priority based on the802.1D-1998 standard. If the switch reads a value that is not supported in ExtremeXOS 11.6, the switchrejects the entry. For example, if the switch reads the configure stpd ports priority 16 command from anExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command configure stpd portspriority 8 entered through CLI), the switch saves the value in the new ExtremeXOS 11.6 configuration asconfigure stpd ports port-priority 128.

A setting of 0 indicates the highest priority.

The range for the priority parameter is 0 through 240 and is subject to the multiple of 16 restriction.

Example

The following command assigns a priority of 32 to slot 2, ports 1 through 5 in STPD s0:

configure stpd s0 ports port-priority 32 2:1-2:5



configure stpd ports priority

configure stpd stpd_name ports priority priority port_list

DescriptionSpecifies the port priority of the port in the specified STPD.



Syntax Description


priority Specifies a numerical port priority value. The range is 0 through 31 for STPand 0 through 15 for MSTP and RSTP.


DefaultThe default is 128.



By changing the priority of the port, you can make it more or less likely to become the root port or adesignated port.

To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existing configure stpd ports priority command is available in ExtremeXOS 11.6. If you have anExtremeXOS 11.5 or earlier configuration, the switch interprets the port priority based on the802.1D-1998 standard. If the switch reads a value that is not supported in ExtremeXOS 11.6, the switchrejects the entry.

A setting of 0 indicates the highest priority.

The range for the priority parameter is 0 through 31 for STP and 0 through 15 for MSTP and RSTP.

ExtremeXOS 11.6 introduces support for a new ports priority command: configure stpd portsport-priority. When you save the port priority value in an ExtremeXOS 11.6 configuration, the switchsaves it as the new command configure stpd ports port-priority with the correspondingchange in priority values. The priority range of this command is 0 through 240 and is subject to themultiple of 16 restriction. For more information see configure stpd ports port-priority.

ExtremeXOS 11.5 and EarlierIf you have switches running ExtremeXOS 11.5 and earlier, the default value for the priority range aredifferent than switches running ExtremeXOS 11.6.

The range for the priority parameter is 0 through 31.

The default is 16.



Example

The following command assigns a priority of 1 to slot 2, ports 1 through 5 in STPD s0:

configure stpd s0 ports priority 1 2:1-2:5


The priority range and behavior was updated based on support for the 802.1D-2004 standard inExtremeXOS 11.6.


configure stpd ports restricted-role disable

configure stpd stpd_name ports restricted-role disable port_list

DescriptionDisables restricted role on the specified port inside the core network.

Syntax Description



DefaultN/A.

Usage GuidelinesThe restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. Anetwork administrator enables the restricted role to prevent bridges external to a core region of thenetwork from influencing the spanning tree active topology, possibly because those bridges are notunder the full control of the administrator.

Note

Disabling Restricted Role at CIST is inherited by all MSTI.



Example

The following command disables restricted role for s1 on port 6:3:

configure stpd s1 ports restricted-role disable 6:3


This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.


configure stpd ports restricted-role enable

configure stpd stpd_name ports restricted-role enable port_list

DescriptionEnables restricted role on the specified port inside the core network.

Syntax Description



DefaultN/A.

Usage GuidelinesEnabling restricted role causes the port not to be selected as a root port even if it has the best spanningtree priority vector. Such a port is selected as an alternate port after the root port has been selected.

The restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. Anetwork administrator enables the restricted role to prevent bridges external to a core region of thenetwork from influencing the spanning tree active topology, possibly because those bridges are notunder the full control of the administrator.

Note

Restricted role should not be enabled with edge mode.

Enabling Restricted Role at CIST is inherited by all MSTI.



Example

The following command enables restricted role on port 6:3:

configure stpd s1 ports restricted-role enable 6:3


This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.


configure stpd priority

configure stpd stpd_name priority priority

DescriptionSpecifies the bridge priority of the STPD.

Syntax Description


priority Specifies the bridge priority of the STPD. The range is 0 through 61,440 and issubject to the multiple of 4,096 restriction.

DefaultThe default priority is 32,768.



By changing the bridge priority of the STPD, you can make it more or less likely to become the rootbridge.



The range for the priority parameter is 0 through 61,440 and is subject to the multiple of 4,096restriction. A setting of 0 indicates the highest priority.

If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP bridge prioritythat is not a multiple of 4,096, the switch rejects the entry and the bridge priority returns to the defaultvalue. The MSTP implementation already uses multiples of 4,096 to determine the bridge priority.

For example, to lower the numerical value of the priority (which gives the priority a higher precedence),you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672. If you modify the priority by avalue other than 4,096, the switch rejects the entry.

ExtremeXOS 11.5 and EarlierIf you have switches running ExtremeXOS 11.5 and earlier, the priority range is different than switchesrunning ExtremeXOS 11.6 and later.

The range for the priority parameter is 0 through 65,535. A setting of 0 indicates the highest priority.

Example

The following command sets the bridge priority of STPD1 to 16,384:

configure stpd stpd1 priority 16384


The priority range and behavior was updated based on support for the 802.1D-2004 standard inExtremeXOS 11.6.


configure stpd tagconfigure stpd stpd_name tag stpd_tag

DescriptionAssigns an StpdID to an STPD.

Syntax Description


stpd_tag Specifies the VLAN ID of the carrier VLAN that is owned by the STPD.



DefaultN/A.



An STPD ID is used to identify each STP domain. You assign the StpdID when configuring the domain.An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STP domain, and that VLANcannot belong to another STPD. Unless all ports are running in 802.1D mode, an STPD with portsrunning in either EMISTP mode or PVST+ mode must be configured with an STPD ID.

You must create and configure the VLAN, along with the tag, before you can configure the STPD tag.To create a VLAN, use the create vlan command. To configure the VLAN, use the configure vlancommands.

MSTP OnlyMSTPuses two different methods to identify the STPDs that are part of the MSTP network. An instanceID of 0 identifies the CIST. The switch assigns this ID automatically when you configure the CIST STPD.To configure the CIST STPD, use the configure stpd stpd_name mode [dot1d | dot1w | mstp[cist | mstiinstance]] command.

An MSTI identifier (MSTI ID) identifies each STP domain that is part of an MSTP region. You assign theMSTI ID when configuring the STPD that participates in the MSTP region. Each STPD that participates ina particular MSTP region must have the same MSTI ID. To configure the MSTI ID, use the configurestpd stpd_name mode [dot1d | dot1w | mstp [cist | mstiinstance]] command.

Example

The following example assigns an StpdID to the purple_st STPD:

configure stpd purple_st tag 200





configure vlan add ports stpdconfigure vlan vlan_name add ports [all | port_list] {tagged {tag} | untagged}

stpd stpd_name {[dot1d | emistp | pvst-plus]}

DescriptionAdds one or more ports in a VLAN to a specified STPD.

Syntax Description


all Specifies all of the ports to be included in the STPD.

port_list Specifies the port or ports to be included in the STPD.

tagged Specifies the ports should be configured as tagged.

tag Specifies the port-specific VLAN tag. When there are multiple portsspecified in the port_list, the same tag is used for all of them. Whenunspecified port tag is equal to the VLAN tag.

untagged Specifies the ports should be configured as untagged.





DefaultPorts in the default STPD (s0) are in dot1.d mode.


Usage GuidelinesTo create a VLAN, use the create vlan command. To create an STP domain, use the create stpdcommand.

In an EMISTP or PVST+ environment, this command adds a list of ports to a VLAN and a specified STPDat the same time provided the carrier VLAN already exists on the same set of ports. You can alsospecify the encapsulation mode for those ports.

In an MSTP environment, you do not need a carrier VLAN. A CIST controls the connectivity ofinterconnecting MSTP regions and sends BPDUs across the regions to communicate region status. Youmust use the dot1d encapsulation mode in an MSTP environment.

You cannot configure STP on the following ports:

• Mirroring target ports.



• Software-controlled redundant ports.

If you see an error similar to the following:

Error: Cannot add VLAN default port 3:5 to STP domain

You might be attempting to add:

• A carrier VLAN port to a different STP domain than the carrier VLAN belongs.

• A VLAN/port for which the carrier VLAN does not yet belong.

NoteThis restriction is only enforced in an active STP domain and when you enable STP toensure you have a legal STP configuration.

Naming ConventionsIf your VLAN has the same name as another component, for example an STPD, we recommend thatyou specify the identifying keyword as well as the name. If your VLAN has a name unique only to thatVLAN, the keywords vlan and stpd are optional.

STP Encapsulation ModesYou can specify the following STP encapsulation modes:







These encapsulation modes are for STP ports, not for physical ports. When a physical ports belongs tomultiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run indifferent modes for different domains for which it belongs.

MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from configuringEMISTP or PVST+ encapsulation mode for MSTP STPDs.

Specify the port tag when you need to put multiple vlans into a broadcast domain.




Example

The following command adds slot 1, port 2 and slot 2, port 3, members of a VLAN named Marketing, tothe STPD named STPD1, and specifies that they be in EMISTP mode:

configure vlan marketing add ports 1:2, 2:3 tagged stpd stpd1 emistp

The following examples illustrate the tag variable in ExtremeXOS 15.4.

The following example configures vlan with tag 100 and port tag of 10 and 11 on two different ports:

create vlan exchange tag 100config vlan exchange add ports 3 tagged 10config vlan exchange add ports 4 tagged 11

The following example configures a VLAN with tag 100, and port tag of 10 and 11 on the same ports:

create vlan exchange tag 100config vlan exchange add ports 3 tagged 10config vlan exchange add ports 3 tagged 11

The following example configures VLAN with tag 100, and port tag of 10 on two ports and 11 on adifferent port:

create vlan exchange tag 100config vlan exchange add ports 2:3,2:4 tagged 10config vlan exchange add ports 2:5 tagged 11


The nobroadcast keyword was removed in ExtremeXOS 11.4.

The tag variable was added in ExtremeXOS 15.4.


create eaps shared-port

create eaps shared-port ports



DescriptionCreates an EAPS shared port on the switch.

Syntax Description

ports Specifies the port number of the common link port.

DefaultN/A.

Usage GuidelinesTo configure a common link, you must create a shared port on each switch on either end of thecommon link.

Example

The following command creates a shared port on the EAPS domain.

create eaps shared-port 1:2



create eaps

create eaps name

DescriptionCreates an EAPS domain with the specified name.

Syntax Description

name Specifies the name of an EAPS domain to be created. Can be up to 32characters in length.




DefaultN/A.

Usage GuidelinesAn EAPS domain name must begin with an alphabetical character and may contain alphanumericcharacters and underscores (_), but it cannot contain spaces. The maximum allowed length for a nameis 32 characters. For name creation guidelines and a list of reserved names, see Object Names in theExtremeXOS Concepts Guide.

Example

The following command creates EAPS domain eaps_1:

create eaps eaps_1



create erps ring

create erps ring-name

DescriptionCreates an ERPS ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to create an ERPS ring.



Example

The following command creates an ERPS ring named “ring1”:

create erps ring1



create stpd


DescriptionCreates a user-defined STPD.

Syntax Description

stpd_name Specifies a user-defined STPD name to be created. May be up to 32characters in length.

stpd-description Specifies an STP domain description string.

DefaultThe default device configuration contains a single STPD called s0.

When an STPD is created, the STPD has the following default parameters:

• State—disabled.

• StpdID—none.

• Assigned VLANs—none.

• Bridge priority—32,768.

• Maximum BPDU age—20 seconds.

• Hello time—2 seconds.

• Forward delay—15 seconds.

• Operational mode—802.1D.

• Rapid Root Failover—disabled.

• Default Binding Mode (encapsulation mode)—Ports in the default STPD (s0) are in 802.1d mode.Ports in user-created STPDs are in emistp mode.



• Maximum hop count (when configured for MSTP)—20 hops.

• STP domain description string—empty.

Usage GuidelinesThe maximum length for a name is 32 characters. Names can contain alphanumeric characters andunderscores ( _ ) but cannot be any reserved keywords, for example, stp or stpd. Names must startwith an alphabetical character, for example, a, Z. For name creation guidelines and a list of reservednames, see Object Names in the .

Each STPD name must be unique and cannot duplicate any other named STPDs on the switch. If youare uncertain about the STPD names on the switch, use the show stpd command to view the STPDnames.

You can, however, re-use names across multiple categories of switch configuration. For example, youcan use the name Test for an STPD and a VLAN. If you use the same name, we recommend that youspecify the appropriate keyword when configuring the STPD. If you do not specify the appropriatekeyword, the switch displays a message similar to the following:

%% Ambiguous command: "configure Test"

To view the names of the STPDs on the switch, enter configure and press [Tab]. Scroll to the end of theoutput to view the names.

The maximum length for an STPD description is 180 characters. The description must be in quotes if thestring contains any spaces. To display the description, use the show stpd stpd_name command.

Each STPD has its own Root Bridge and active path. After the STPD is created, one or more VLANs canbe assigned to it.

Example

The following example creates an STPD named purple_st:

create stpd purple_st


The STPD description option was added in ExtremeXOS 12.4.4.




debug erps show

debug erps show ring-name

DescriptionDebugs ERPS ring by checking "show" output.

Syntax Description


DefaultN/A.

Usage GuidelinesTo debug this feature, check the output of "show erps" and "show erps ring" to see if the node state isas expected. In steady state, the node should be in "Idle" or "Protected" state.

Check the output of "show erps ring statistics" to see if any error/dropped counters are incrementing. Ifthey are check the state of the ring ports and trace these links to the neighbor node to see the state ofthe links. The output of "show log" after turning on the filters for ERPS should provide more informationon what is happening on the switch.

ExampleExample output not yet available and will be provided in a future release.



debug erps


DescriptionDebugs an ERPS ring.



Syntax Description

options Different options to enable looking at debug information.

DefaultN/A.

Usage GuidelinesUse this command to debug an ERPS ring.

Example

The following command debugs an ERPS ring:




delete eaps shared-port


DescriptionDeletes an EAPS shared port on a switch.

Syntax Description

ports Specifies the port number of the Common Link port.

DefaultN/A.




Example

The following command deletes shared port 1:1.

delete eaps shared-port 1:1



delete eaps

delete eaps name

DescriptionDeletes the EAPS domain with the specified name.

Syntax Description

name Specifies the name of an EAPS domain to be deleted.

DefaultN/A.


Example

The following command deletes EAPS domain eaps_1:

delete eaps eaps_1






delete erps

delete erps ring-name

DescriptionDeletes an ERPS ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to delete an ERPS ring.

Example

The following command deletes an ERPS ring named “ring1”:

delete erps ring1



delete stpd

delete stpd stpd_name

DescriptionRemoves a user-defined STPD from the switch.



Syntax Description

stpd_name Specifies a user-defined STPD name on the switch.

DefaultN/A.

Usage GuidelinesIf your STPD has the same name as another component, for example a VLAN, we recommend that youspecify the identifying keyword as well as the name. If you do not specify the stpd keyword, an errormessage similar to the following is displayed:

%% Ambiguous command: "delete Test"

In this example, to delete the STPD Test, enter delete stpd Test.

If you created an STPD with a name unique only to that STPD, the keyword stpd is optional.

The default STPD, s0, cannot be deleted.

In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are active in thesystem.

Example

The following command deletes an STPD named purple_st:

delete stpd purple_st



disable eaps

disable eaps {name}

DescriptionDisables the EAPS function for a named domain or for an entire switch.



Syntax Description


DefaultDisabled for the entire switch.

Usage GuidelinesTo prevent loops in the network, the switch displays by default a warning message and prompts you todisable EAPS for a specific domain or the entire switch. When prompted, do one of the following:

• Enter y to disable EAPS for a specific domain or the entire switch.



Example

The following command disables the EAPS function for entire switch:

disable eaps


WARNING: Disabling EAPS on the switch could cause a loop in the network!

Are you sure you want to disable EAPS? (y/n) Enter y to disable EAPS on the switch. Enter n to cancelthis action.

The following command disables the EAPS function for the domain eaps-1:

disable eaps eaps-1


WARNING: Disabling specific EAPS domain could cause a loop in thenetwork!

Are you sure you want to disable this specific EAPS domain? (y/n)

Enter y to disable the EAPS function for the specified domain. Enter n to cancel this action.






disable erps block-vc-recovery

disable erps ring-name block-vc-recovery

DescriptionDisables the ability on ERPS rings to block virtual channel recovery to avoid temporary loops .

Syntax Description


block-vc-recovery Block on Virtual channel recovery.

DefaultN/A.

Usage GuidelinesUse this command to disable the ability on ERPS rings to block on virtual channel recovery to avoidtemporary loops. This is done on interconnected nodes for sub-ring configurations.

Example

The following example disables a virtual channel recovery block on “ring1”:

diable erps ring1 block-vc-recovery







DescriptionDisable an existing ERPS ring/sub-ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to disable an existing ERPS ring/sub-ring.

Example

The following example disables an existing ERPS ring identified as “ring1”:

disable erps ring1



disable erps topology-change

disable erps ring-name topology-change

DescriptionDisable the ability of ERPS to set the topology-change bit to send out Flush events.

Syntax Description

ring-name Alphanumeric string that identifies the ERPS sub-ring.

topology-change Topology change propagation control.



DefaultN/A.

Usage GuidelinesUse this command to disable the ability of ERPS to set the topology-change bit to send out Flushevents.

Example

The following example disables the ability to set the topology-change bit for an existing ERPS sub-ringidentified as “ring1”:

disable erps ring1 topology-change



disable erps

disable erps

DescriptionDisable ERPS (Ethernet Ring Protection Switching/ITU-T G.8032 standard).

Syntax DescriptionN/A.

DefaultN/A.

Usage GuidelinesUse this command to disable ERPS.



Example

The following command disables ERPS:

disable erps



disable stpd auto-bindDisables the ability to automatically add ports to an STPD when they are added to a member VLAN.

disable stpd stpd_name auto-bind vlan vlan_name

Syntax Description


vlan_name Specifies the name of a member VLAN with autobind enabled.

DefaultThe autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the defaultVLAN that participates in the default STPD S0.

Usage Guidelines

Note

Ports already in the STPD remain in that domain (as if they were added manually).

If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are optional.

Ports added to the STPD automatically when autobind is enabled are not removed when autobind isdisabled. The ports are present after a switch reboot.

To view STP configuration status of the ports in a VLAN, use the following command:

show {vlan} vlan_name stpd



Example

The following example disables autobind on an STPD named s8:

disable stpd s8 auto-bind v5



disable stpd portsDisables STP on one or more ports for a given STPD.

disable stpd stpd_name ports [all | port_list]

Syntax Description


all Specifies all ports for a given STPD.


DefaultEnabled.

Usage GuidelinesIf you create the STPD with a unique name, the keyword stpd is optional.

Disabling STP on one or more ports puts those ports in the forwarding state; all BPDUs received onthose ports are disregarded and dropped.

Use the all keyword to specify that all ports of a given STPD are disabled.

Use the port_list parameter to specify a list of ports of a given STPD are disabled.

If you do not use the default STPD, you must create one or more STPDs and configure and enable theSTPD before you can use the disable stpd ports command.



Example

The following command disables slot 2, port 4 on an STPD named Backbone_st:

disable stpd backbone_st ports 2:4



disable stpd rapid-root-failover

disable stpd stpd_name rapid-root-failover

DescriptionDisables rapid root failover for STP recovery times.

Syntax Description


DefaultDisabled.

Usage GuidelinesThis command is applicable for STPDs operating in 802.1D.

After you have created the STPD with a unique name, the keyword stpd is optional.

To view the status of rapid root failover on the switch, use the show stpd command. The show stpdcommand displays information about the STPD configuration on the switch including the enable/disable state for rapid root failover.

Example

The following command disables rapid root fail over on STPD Backbone_st:

disable stpd backbone_st rapid-root-failover





disable stpd

disable stpd {stpd_name}

DescriptionDisables the STP protocol on a particular STPD or for all STPDs.

Syntax Description


DefaultDisabled.

Usage GuidelinesAfter you have created the STPD with a unique name, the keyword stpd is optional.

If you want to disable the STP protocol for all STPDs, do not specify an STPD name.

In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are active in thesystem.

Example

The following command disables an STPD named purple_st:

disable stpd purple_st

The following command disables the STP protocol for all STPDs on the switch:

disable stpd





enable eaps

enable eaps {name}

DescriptionEnables the EAPS function for a named domain or for an entire switch.

Syntax Description


DefaultDisabled.

Default command enables EAPS for the entire switch.

Usage Guidelines

Note

If you use the same name across categories (for example, STPD and EAPS names), you mustspecify the identifying keyword as well as the actual name.

To configure and enable an EAPS, complete the following steps:

1 Create EAPS domain and assign the name.

2 Configure the control VLAN.

3 Configure the protected VLAN(s).

4 Add the control VLAN to EAPS domain.

5 Add the protected VLAN(s) to EAPS domain.

6 Configure EAPS mode, master or transit.

7 Configure EAPS port, secondary and primary.

8 If desired, configure timeout and action for failtimer expiration*.

9 If desired, configure the hello time for the health-check packets*.

10 Enable EAPS for the entire switch.

11 If desired, enable Fast Convergence*.

12 Enable EAPS for the specified domain.

Although you can enable EAPS prior to configuring these steps, the EAPS domain(s) does not run untilyou configure these parameters.

* These steps can be configured at any time, even after the EAPS domains are running.



You must enable EAPS globally and specifically for each named EAPS domain.

Example

The following command enables the EAPS function for entire switch:

enable eaps

The following command enables the EAPS function for the domain eaps-1:

enable eaps eaps-1



enable erps block-vc-recovery

enable erps ring-name block-vc-recovery

DescriptionEnable ability on ERPS rings to block virtual channel recovery to avoid temporary loops .

Syntax Description


block-vc-recovery Block on Virtual channel recovery.

DefaultN/A.

Usage GuidelinesUse this command to enable ability on ERPS rings to block on virtual channel recovery to avoidtemporary loops. This is done on interconnected nodes for sub-ring configurations.



Example

The following example enables a virtual channel recovery block on “ring1”:

enable erps ring1 block-vc-recovery





DescriptionEnable an existing ERPS ring/sub-ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to enable an existing ERPS ring/sub-ring.

Example

The following example enables an existing ERPS ring identified as “ring1”:

enable erps ring1





enable erps topology-change

enable erps ring-name topology-change

DescriptionEnable the ability of ERPS to set the topology-change bit to send out Flush events.

Syntax Description

ring-name Alphanumeric string that identifies the ERPS sub-ring.

topology-change Topology change propagation control.

DefaultN/A.

Usage GuidelinesUse this command to enable the ability of ERPS to set the topology-change bit to send out Flushevents.

Example

The following example enables the ability to set the topology-change bit for an existing ERPS sub-ringidentified as “ring1”:

enable erps ring1 topology-change



enable erps

enable erps



DescriptionEnable ERPS (Ethernet Ring Protection Switching/ITU-T G.8032 standard).


DefaultN/A.

Usage GuidelinesUse this command to enable ERPS.

Example

enable erps



enable stpd auto-bindenable stpd stpd_name auto-bind vlan vlan_name

DescriptionAutomatically adds ports to an STPD when ports are added to a member VLAN.

Syntax Description


vlan_name Specifies the name of the VLAN to have autobind enabled.

DefaultThe autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the defaultVLAN that participates in the default STPD S0.



If you enable autobind and add ports to a member VLAN, those ports are automatically added to theSTPD.

Usage GuidelinesIf you create an STPD and a VLAN with unique names, the keywords stpd and vlan are optional.

You cannot configure the autobind feature on a network login VLAN.

In an EMISTP or PVST+ environment, when you issue this command, any port or list of ports that youadd to the carrier VLAN are automatically added to the STPD with autobind enabled. In addition, anyport or list of ports that you remove from a carrier VLAN are automatically removed from the STPD.This allows the STPD to increase or decrease its span as you add ports to or remove ports from acarrier VLAN.

For MSTP, when you issue this command, any port or list of ports that gets automatically added to anMSTI are automatically inherited by the CIST. In addition, any port or list of ports that you remove froman MSTI protected VLAN are automatically removed from the CIST. For more information see thesection. For more information, see Automatically Inheriting Ports--MSTP Only on page 269.

Carrier VLANA carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belongto the STPD and the 802.1Q tag used to transport STP BPDUs in the encapsulation mode is EMISTP orPVST+. Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside thecontrol of any STPD at the same time.

NoteThe STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD.

If you configure MSTP, you do not need a carrier VLAN. With MSTP, you configure a CIST that controlsthe connectivity of interconnecting MSTP regions and sends BPDUs across the regions to communicatethe status of MSTP regions. All VLANs participating in the MSTP region have the same privileges.

Protected VLANProtected VLANs are all other VLANs that are members of the STPD. These VLANs “piggyback” on thecarrier VLAN. Protected VLANs do not transmit or receive STP BPDUs, but they are affected by STPstate changes and inherit the state of the carrier VLAN. Protected VLANs can participate in multipleSTPDs, but any particular port in the VLAN can belong to only one STPD.

Enabling autobind on a protected VLAN does not expand the boundary of the STPD. However, theVLAN and port combinations are added to or removed from the STPD subject to the boundaries of thecarrier VLAN.

If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs donot transmit or receive STP BPDUs, but they are affected by STP state changes communicated by theCIST to the MSTP regions. MSTIs cannot share the same protected VLAN; however, any port in aprotected VLAN can belong to multiple MSTIs.




Displaying STP InformationTo view STP configuration status of the ports on a VLAN, use the following command:


Example

The examples in this section assume that you have already removed the ports from the Default VLAN.

To automatically add ports to an STPD running 802.1D, EMISTP, or PVST+ and to expand the boundaryof the STPD, you must complete the following tasks:

• Create the carrier VLAN.

• Assign a VLAN ID to the carrier VLAN.

• Add ports to the carrier VLAN.

• Create an STPD (or use the default, S0).

• Enable autobind on the STPDs carrier VLAN.

• Configure the STPD tag (the STPD ID must be identical to the VLAN ID of the carrier VLAN in theSTP domain).

• Enable STP.

The following example enables autobind on an STPD named s8 after creating a carrier VLAN named v5:

create vlan v5configure vlan v5 tag 100configure vlan v5 add ports 1:1-1:20 taggedcreate stpd s8enable stpd s8 auto-bind v5configure stpd s8 tag 100enable stpd s8

To automatically add ports to the CIST STPD and to expand the boundary of the STPD, you mustcomplete the following tasks:

• Create a VLAN or use the Default VLAN. (In this example, the Default VLAN is used.)

• Create the MSTP region.

• Create the STPD to be used as the CIST, and configure the mode of operation for the STPD.

• Specify the priority for the CIST.

• Enable the CIST.

The following example enables autobind on the VLAN Default for the CIST STPD named s1:

configure mstp region 1create stpd s1configure stpd s1 mode mstp cist



configure stpd s1 priority 32768enable stpd s1

The following example enables autobind on the VLAN math for the MSTI STPD named s2:

create vlan mathconfigure vlan math tag 2configure vlan math add ports 2-3configure mstp region 1create stpd s2configure stpd s2 mode mstp msti 1configure stpd s2 priority 32768enable stpd s2 auto-bind vlan mathconfigure stpd s2 ports link-type point-to-point 5-6enable stpd s2



enable stpd ports

enable stpd stpd_name ports [all | port_list]

DescriptionEnables the STP protocol on one or more ports.

Syntax Description

stpd_name Specifies an STPD on the switch.

all Specifies all ports for a given STPD.


DefaultEnabled.

Usage GuidelinesIf you create an STPD with a unique name, the keyword stpd is optional.

If STP is enabled for a port, BPDUs are generated and processed on that port if STP is enabled for theassociated STPD.



You must configure one or more STPDs before you can use the enable stpd ports command. Tocreate an STPD, use the create stpd stpd_name {descriptionstpd-description} command. Ifyou have considerable knowledge and experience with STP, you can configure the STPD using theconfigure stpd commands. However, the default STP parameters are adequate for most networks.

Example

The following command enables slot 2, port 4 on an STPD named Backbone_st:

enable stpd backbone_st ports 2:4



enable stpd rapid-root-failover

enable stpd stpd_name rapid-root-failover

DescriptionEnables rapid root failover for faster STP recovery times.

Syntax Description


DefaultDisabled.

Usage GuidelinesThis command is applicable for STPDs operating in 802.1D.

If you create an STPD with a unique name, the keyword stpd is optional.

To view the status of rapid root failover on the switch, use the show stpd command. The show stpdcommand displays information about the STPD configuration on the switch including the enable/disable state for rapid root failover.



Example

The following command enables rapid root fail over on STPD Backbone_st:

enable stpd backbone_st rapid-root-failover



enable stpd


DescriptionEnables the STP protocol for one or all STPDs.

Syntax Description


DefaultDisabled.

Usage GuidelinesIf you want to enable the STP protocol for all STPDs, do not specify an STPD name.

Example

The following command enables an STPD named Backbone_st:

enable stpd backbone_st





MSTP

MSTP logically divides a Layer 2 network into regions.

Each region has a unique identifier and contains multiple spanning tree instances (MSTIs). An MSTI is aspanning tree domain that operates within and is bounded by a region. MSTIs control the topologyinside the regions. The Common and Internal Spanning Tree (CIST) is a single spanning tree domainthat interconnects MSTP regions. The CIST is responsible for creating a loop-free topology byexchanging and propagating BPDUs across regions to form a Common Spanning Tree (CST).

MSTP uses RSTP as its converging algorithm and is interoperable with the legacy STP protocols: STP(802.1D) and RSTP (802.1w).

RSTP

The Rapid Spanning Tree Protocol (RSTP) IEEE 802.1w provides an enhanced spanning tree algorithmthat improves the convergence speed of bridged networks.

RSTP takes advantage of point-to-point links in the network and actively confirms that a port can safelytransition to the forwarding state without relying on any timer configurations. If a network topologychange or failure occurs, RSTP rapidly recovers network connectivity by confirming the change locallybefore propagating that change to other devices across the network. For broadcast links, there is nodifference in convergence time between STP and RSTP.

RSTP supersedes legacy STP protocols, supports the existing STP parameters and configurations, andallows for seamless interoperability with legacy STP.

run erps force-switch | manual-switch

run erps ring-name [force-switch | manual-switch] {port} port

DescriptionSet up force and manual switch triggers to the ERPS ring/sub-ring.

Syntax Description


force-switch Force switch operation.

manual-switch Manual switch operation.

port The slot:port number for the ring port.



DefaultN/A.

Usage GuidelinesUse this command to set up force and manual switch triggers to the ERPS ring/sub-ring.

Example

The following command sets up force switch operation on port 6 of an ERPS ring named “ring1”:

run erps ring1 force-switch port 6



show eaps cfm groups

show eaps cfm groups

DescriptionDisplays summary EAPS CFM groups information.

Syntax DescriptionThere are no keywords or variables for this command.

DefaultN/A.

Usage Guidelines

The following command displays EAPS CFM group information:

X480-48t.2 # sh eaps cfm groups--------------------------------------------------------------------------------MEP Group Name Status Port MEP ID



--------------------------------------------------------------------------------eapsCfmGrp1 Up 41 11eapsCfmGrp2 Up 31 12



show eaps counters shared-port

show eaps counters shared-port [global | port {segment-port segport

{eapsDomain}}]

DescriptionDisplays summary EAPS shared port counter information.

Syntax Description

global Displays general counter information for all configured EAPS shared port instances. The outputdisplayed is calculated for all configured EAPS shared ports; not just one specific shared portinstance.

port Identifies the port number of the specified common link port.

segport Identifies the segment port. The segment port is the other ring port of an EAPS domain that isnot the shared-port.

eapsDomain Specifies the name of the EAPS domain. If no EAPS domain is specified, all counters for all EAPSdomains on the specified segment port are displayed.

DefaultN/A.

Usage GuidelinesIf the switch is configured for EAPS shared ports, use this command to display an array of countersassociated with the EAPS shared port functionality.

If you specify the global keyword, the switch displays general counter information for all configuredEAPS shared port instances. The output displayed is calculated for all configured EAPS shared ports;not just one specific shared port instance.



If you specify a particular EAPS shared port, the switch displays counter information related to onlythat shared port.

If you specify a particular EAPS segment port, the switch displays counter information related to onlythat segment port for the specified EAPS domain.

Viewing and maintaining statistics on a regular basis allows you to see how well your network isperforming. If you keep simple daily records, you will see trends emerging and notice problems arisingbefore they cause major network faults.

Clearing the CountersThe counters continue to increment until you clear the information. By clearing the counters, you cansee fresh statistics for the time period you are monitoring. To clear, reset the EAPS counters, includingthe shared port counters, use one of the following commands:

• clear counters

• clear eaps counters

Understanding the OutputThe following table describes the significant fields and values in the display output of the show eapscounters shared-port global command:

Field Description

Rx-Invalid-Instance Displays the number of dropped EAPS shared-port PDUs because there is not a validEAPS shared port instance for the incoming port.

Rx-Unknown Displays the number of unknown EAPS PDUs dropped by the shared port instances.

Fw-Invalid-Instance Displays the number of EAPS shared-port PDUs that could not be forwarded in slowpath because the shared port instances could not find a valid EAPS shared portinstance for the outgoing port.

The following table describes the significant fields and values in the display output of the show eapscounters shared-port portsegment-port segport eapsDomain command:

Field Description

Rx-Seg-Health Indicates the shared port instance received EAPS shared ports Segment-Health-Check PDUs.

Rx-Path-Detect Indicates the shared port instance received EAPS shared ports Path-Detect PDUs.

Rx-Flush-Notify Indicates the shared port instance received EAPS shared ports Flush-Notify PDUsand flushed the FDB.If this PDU reaches a port of the shared ports pair that initiated the PDU, theshared port instance might terminate the PDU. Otherwise, the shared portinstance forwards the PDU.

Rx-Unknown Displays the number of unknown EAPS PDUs dropped by the shared portinstance.



Field Description

Rx-Seg-Health-Dropped Displays the number of EAPS shared ports Segment-Health-Check PDUs droppedby the shared port instance.This counter increments if the Segment-Health-Check PDU returns to the sendingswitch. If that occurs, the switch drops the Segment-Health-Check PDU.

Rx-Path-Detect-Dropped Displays the number of EAPS shared ports Path-Detect PDUs dropped by theshared port instance.This counter increments in the following situations:If the packet’s Fwd-id matches the EAPS shared port’s Link-Id, the port is not inthe blocking state, and the incoming port is a segment port.If the packet’s Link-Idmatches the EAPS shared port’s Link-Id, the port is not in the blocking state, andthe incoming port is a segment port.

Rx-Flush-Notify-Dropped Displays the number of EAPS shared ports Flush-Notify-Dropped PDUs droppedby the shared port instance.This counter increments in the following situations:If the Flush-Notify-Dropped PDU returns to the sending switch.If the packet’sFwd-Id matches the EAPS shared port’s Link-Id and the port is not in the blockingstate.

Rx-Dropped-Invalid-Port Displays the number of EAPS shared ports PDUs dropped by the shared portinstance because it does not exist.

Tx-Seg-Health Indicates the shared port instance sent EAPS shared ports Segment-Health-CheckPDUs.

Tx-Path-Detect Indicates the shared port instance sent EAPS shared ports Path-Detect PDUs.NOTE: This counter appears under Common Link Port Stats and should always be0.

Tx-Flush-Notify Indicates the shared port instance sent EAPS shared ports Flush-Notify PDUs toflush the FDB.NOTE: This counter appears under Common Link Port Stats and should always be0.

Tx-Flush-Fdb Indicates the shared port instance sent EAPS Flush-Fdb PDUs because the FDBneeds to be flushed.NOTE: This counter appears under Common Link Port Stats and should always be0.

Tx-Unknown Indicates the number of unknown EAPS PDUs sent by the shared port instance.NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does nottrack in the sending routine.

Tx-Transmit-Err Indicates the number of EAPS PDUs the shared port instance was unable to sendbecause of an error.

Fw-Seg-Health Indicates the number of EAPS shared ports Segment-Health-Check PDUs receivedby the shared port instance and forwarded in slow path.

Fw-Path-Detect Indicates the number of EAPS shared ports Path-Detect PDUs received by theshared port instance and forwarded in slow path.

Fw-Flush-Notify Indicates the number of EAPS Flush-Notify PDUs received by the shared portinstance and forwarded in slow path to flush the FDB.

Fw-Flush-Fdb Indicates the number of EAPS Flush-Fdb PDUs received by the shared portinstance and forwarded in slow path.



Field Description

Fw-Unknown Indicates the number of unknown EAPS PDUs forwarded in slow path.NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does nottrack in the forwarding routine.

Fw-Transmit-Err Indicates the number of EAPS PDUs the shared port instance was unable toforward in slow path because of an error.

Example

The following command displays global, high-level counter information for EAPS shared port:

show eaps counters shared-port global

The following is sample output from this command:

Global counters for EAPS Shared-Ports:Rx DroppedRx-Invalid-Instance : 0Rx-Unknown : 0Fw DroppedFw-Invalid-Instance : 0

The following example assumes that port 17 is configured as an EAPS shared port. The followingcommand displays counter information the specified EAPS shared port:

show eaps counters shared-port 17


Counters for EAPS Shared-Port 17:Common Link Port StatsRx StatsRx-Seg-Health : 0Rx-Path-Detect : 0Rx-Flush-Notify : 0Rx DroppedRx-Seg-Health-Dropped : 0Rx-Path-Detect-Dropped : 0Rx-Flush-Notify-Dropped : 0Rx-Dropped-Invalid-Port : 0Tx StatsTx-Seg-Health : 0Tx-Path-Detect : 0Tx-Flush-Notify : 0Tx-Flush-Fdb : 0Tx DroppedTx-Unknown : 0Tx-Transmit-Err : 0Fw Stats



Fw-Seg-Health : 0Fw-Path-Detect : 0Fw-Flush-Notify : 0Fw DroppedFw-Unknown : 0Fw-Transmit-Err : 0

The following example assumes that port 1:2 is configured as an EAPS shared port and port 1:1 is asegment port. The following command displays counter information the specified EAPS shared port,segment port, and EAPS domain:

show eaps counters shared-port 1:2 segment-port 1:1 eaps1


Counters for EAPS Shared-Port 1:2, Segment Port: 1:1, EAPS Domain: eaps1Rx StatsRx-Seg-Health : 0Rx-Path-Detect : 0Rx-Flush-Notify : 0Rx-Seg-Health-Dropped : 0Rx-Path-Detect-Dropped : 0Rx-Flush-Notify-Dropped : 0Rx-Dropped-Invalid-Port : 0Tx StatsTx-Seg-Health : 2275Tx-Path-Detect : 0Tx-Flush-Notify : 0Tx-Flush-Fdb : 0Tx-Transmit-Err : 0Tx-Unknown : 0Fw StatsFw-Seg-Health : 0Fw-Path-Detect : 0Fw-Flush-Notify : 0Fw-Transmit-Err : 0Fw-Unknown : 0






show eaps counters

show eaps counters [eapsDomain | global]

DescriptionDisplays summary EAPS counter information.

Syntax Description

eapsDomain Specifies the name of an EAPS domain. The switch displays counter information for onlythat domain.

global Displays EAPS counter information when the events counted are not applicable to anyspecific EAPS domain.

DefaultN/A.

Usage GuidelinesIf you specify the name of an EAPS domain, the switch displays counter information related to only thatdomain. If you specify the global keyword, the switch displays EAPS counter information when theevents counted are not applicable to any specific EAPS domain. The output displayed is for allconfigured EAPS domains, not just one specific EAPS domain.

Viewing and maintaining statistics on a regular basis allows you to see how well your network isperforming. If you keep simple daily records, you will see trends emerging and notice problems arisingbefore they cause major network faults.

Clearing the CountersThe counters continue to increment until you clear the information. By clearing the counters, you cansee fresh statistics for the time period you are monitoring. To clear, reset the EAPS counters, use one ofthe following commands:

• clear counters

• clear eaps counters

Understanding the OutputThe following table describes the significant fields and values in the display output of the show eapscounters eapsDomain command:



Field Description

Rx-Health Indicates the EAPS domain received EAPS Health PDUs.

Rx-RingUp-FlushFdb Indicates the EAPS ring is up, and the EAPS domain received EAPS RingUp-FlushFdb PDUs to flush the FDB.

Rx-RingDown-FlushFdb Indicates the EAPS ring is down, and the EAPS domain received EAPS RingDown-FlushFdb PDUs to flush the FDB.

Rx-Link-Down Indicates the EAPS domain received EAPS Link-Down PDUs and took down thelink.

Rx-Flush-Fdb Indicates the EAPS domain received EAPS Flush-Fdb PDUs and flushed the FDB.

Rx-Suspend-Prefwd-Timer Indicates the EAPS domain received EAPS Suspend-Preforward-Timer PDUs.NOTE: Switches running ExtremeWare send this PDU during an MSM/MM failover.Switches running ExtremeXOS 10.1 or later do not send or receive this PDU.

Rx-Query-Link-Status Indicates the EAPS domain received EAPS Query-Link-Status PDUs.

Rx-Link-Up Indicates the EAPS domain received EAPS Link-Up PDUs and brought the linkback up.

Rx-Unknown Indicates the EAPS domain dropped unknown EAPS PDUs.

Rx-Another-Master Indicates the EAPS domain dropped EAPS PDUs because there is another Masterswitch in the same EAPS domain.

Rx-Unconfigured-Port Indicates the EAPS domain dropped EAPS PDUs because the ingress port is notconfigured to be a ring port for the EAPS domain and the corresponding controlVLAN.

Rx-Health-Pdu-Pri-Port Indicates the EAPS domain dropped EAPS Health PDUs because the primary portreceived them instead of the secondary port.NOTE: The secondary port of the Master switch must receive EAPS Health PDUs,not the primary port.

Tx-Health Indicates the EAPS domain sent EAPS Health PDUs.

Tx-RingUp-FlushFdb Indicates the EAPS ring is up, and the EAPS domain sent EAPS RingUp-FlushFdbPDUs to flush the FDB.

Tx-RingDown-FlushFdb Indicates the EAPS ring is down, and the EAPS domain sent EAPS RingDown-FlushFdb PDUs to flush the FDB.

Tx-Link-Down Indicates the EAPS domain sent EAPS Link-Down PDUs because the link wentdown.

Tx-Flush-Fdb Indicates the EAPS domain sent EAPS Flush-Fdb PDUs because the FDB needs tobe flushed.

Tx-Suspend-Prefwd-Timer Indicates the EAPS domain sent EAPS Suspend-Preforward-Timer PDUs.NOTE: Switches running ExtremeWare send this PDU during an MSM/MM failover.Switches running ExtremeXOS 10.1 or later do not send or receive this PDU. Thiscounter should remain at 0.

Tx-Query-Link-Status Indicates the EAPS domain sent EAPS Query-Link-Status PDUs.

Tx-Link-Up Indicates the EAPS domain sent EAPS Link-Up PDUs and the link is up.

Tx-Unknown Indicates the number of unknown EAPS PDUs sent by the EAPS domain.NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does nottrack in the sending routine.

Tx-Transmit-Err Indicates the number of EAPS PDUs the EAPS domain was unable to sendbecause of an error.



Field Description

Fw-Link-Down Indicates the number of EAPS Link-Down PDUs received by the EAPS domain andforwarded in slow path.

Fw-Flush-Fdb Indicates the number of EAPS Flush-Fdb PDUs received by the EAPS domain andforwarded in slow path.

FW-Query-Link-Status Indicates the number of EAPS Query-Link-Status PDUs received by the EAPSdomain and forwarded in slow path.

Fw-Unknown Indicates the number of unknown EAPS PDUs forwarded in slow path.NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does nottrack in the forwarding routine.

Fw-Transmit-Er Indicates the number of EAPS PDUs the EAPS domain was unable to forward inslow path because of an error.

Note

Rx and Fw counters—If a PDU is received, processed, and consumed, only the Rx counterincrements. If a PDU is forwarded in slow path, both the Rx counter and Fw counterincrement.

The following table describes the significant fields and values in the display output of the show eapscounters global command:

Field Description

Rx-Failed Indicates an error occurred when receiving packets from the Layer 2forwarding engine.

Rx-Invalid-Vlan-Intf Indicates that the VLAN interface for the incoming VLAN cannot befound.

Rx-Undersize-Pkt Indicates the length of the packet is less than the length of the header.

Rx-Invalid-8021Q-Tag Indicates the VlanTypeLength field in the Ethernet header does notmatch the default Ethernet value for the 802.1Q tag.

Rx-Invalid-SNAP-Type Indicates an invalid Subnetwork Access Protocol (SNAP) value in theEthernet header.

Rx-Invalid-OUI Indicates the Organizational Unique Identifier (OUI) value in theEthernet header does not match 00:E0:2B.

Rx-EEP-Unsupported-Version Indicates an unsupported Extreme Encapsulation Protocol (EEP)version. The EEP version should be 1.

Rx-EEP-Invalid-Length Indicates the length of the EEP header is greater than the length of thepacket.

Rx-EEP-Checksum-Invalid Indicates the EEP checksum is invalid.

Rx-Domain-Invalid Indicates the control VLAN’s incoming PDU is not associated with anEAPS domain.

Rx-Lif-Invalid Indicates that EAPS is unable to determine the logical interface (LIF)for the ingress port.



Field Description

Rx-Lif-Down Indicates the LIF for the ingress port is in the Down state.

Tx-Failed Indicates an error occurred when sending packets to the Layer 2forwarding engine.

Example

The following command displays the counters for a specific EAPS domain named eaps1:

show eaps counters eaps1


Counters for EAPS domain: eaps1Rx StatsRx-Health : 0Rx-Ringup-Flushfdb : 0Rx-Ringdown-Flushfdb : 0Rx-Link-Down : 0Rx-Flush-Fdb : 0Rx-Suspend-Prefwd-Timer : 0Rx-Query-Link-Status : 0Rx-Link-Up : 0Rx DroppedRx-Unknown : 0Rx-Another-Master : 0Rx-Unconfigured-Port : 0Rx-Health-Pdu-Pri-Port : 0Tx StatsTx-Health : 5011Tx-Ringup-Flushfdb : 0Tx-Ringdown-Flushfdb : 0Tx-Link-Down : 0Tx-Flush-Fdb : 0Tx-Suspend-Prefwd-Timer : 0Tx-Query-Link-Status : 3342Tx-Link-Up : 0Tx DroppedTx-Unknown : 0Tx-Transmit-Err : 0Fw StatsFw-Link-Down : 0Fw-Flush-Fdb : 0Fw-Query-Link-Status : 0Fw DroppedFw-Unknown : 0Fw-Transmit-Err : 0

The following command displays the global EAPS counters:

show eaps counters global




Global counters for EAPS:Rx-Failed : 0Rx-Invalid-Vlan-Intf : 0Rx-Undersize-Pkt : 0Rx-Invalid-SNAP-Type : 0Rx-Invalid-OUI : 0Rx-EEP-Unsupported-Version : 0Rx-EEP-Invalid-Length : 0Rx-EEP-Checksum-Invalid : 0Rx-Domain-Invalid : 0Rx-Failed : 0Rx-Lif-Invalid : 0Rx-Lif-Down : 0Tx-Failed : 0



show eaps shared-port neighbor-info

show eaps shared-port {port} neighbor-info {detail}

DescriptionDisplays shared-port information from neighboring shared links for one or more EAPS domains.

Syntax Description

port Specifies a shared-port.

detail Specifies to display the status of all segments and VLANs.

DefaultN/A.

Usage GuidelinesIf you enter the command without the detail keyword, the command displays a summary of statusinformation for all configured EAPS shared ports from neighboring shared links. If you specify an EAPSshared-port, the command displays information about that specific port. Otherwise, the commanddisplays information about all of the shared-ports configured on the switch.



You can use the detail keyword to display more detailed status information about the segments andVLANs associated with each shared port. For full details of the significant fields and values in thedisplay output of the command, see the relevant tables in the show eaps shared port {port}{detail} command description.



show eaps shared-port

show eaps shared-port {port} {detail}

DescriptionDisplays shared-port information for one or more EAPS domains.

Syntax Description

port Specifies a shared-port.

detail Specifies to display the status of all segments and VLANs.

DefaultN/A.

Usage GuidelinesIf you enter the show eaps shared-port command without the detail keyword, the commanddisplays a summary of status information for all configured EAPS shared ports.

If you specify an EAPS shared-port, the command displays information about that specific port and therelated segment ports. The segment ports are sorted in ascending order based on their port number.You can use this order and your knowledge of the EAPS topology to determine which segment portbecomes the active-open port if the common link fails. For more information, see Common Link FaultDetection and Response in the ExtremeXOS Concepts Guide.

You can use the detail keyword to display more detailed status information about the segments andVLANs associated with each shared port.

The following table describes the significant fields and values in the display output of the show eapsshared-port {port {detail} commands:



Field Description

Shared Port Displays the port number of the shared port.

Mode Indicates whether the switch on either end of the common link is a controlleror partner. The mode is configured by the user.

Link ID The link ID is the unique common link identifier configured by the user.

Up Displays one of the following:Yes—Indicates that the link ID and the mode are configured.No—Indicatesthat the link ID or the mode is not configured.

State Displays one of the following states:Idle—Shared-port instance is not running.Ready—The EAPS shared-portinstance is running, the neighbor can be reached, and the common link isup.Blocking—The EAPS shared-port instance is running, the neighbor cannotbe reached, or the common link is down.Preforwarding—The EAPS shared-port instance is in a blocking state, and the common link came up. To preventa superloop, a temporary blocking state is created before going into Readystate.

Domain Count Indicates the number of EAPS domains sharing the common link.

VLAN Count Indicates the total number of VLANs that are protected under the EAPSdomains sharing this common link.

Nbr Yes—Indicates that the EAPS instance on the other end of the common link isconfigured with matching link ID and opposite modes. For example, if oneend of the common link is configured as a controller, the other end must beconfigured as a partner.Err—Indicates that the EAPS instance on the otherend of the common link is configured with a matching link ID, but the modesare configured the same. For example, both modes are configured ascontroller, or both modes are configured as partner.No—The neighbor on theother end of the common link cannot be reached. Indicates one or more ofthe following:- The switch on the other end of the common link is notrunning.- The shared port has not been created.- The link IDs on each side ofthe common link do not match.- The common link, and any other segment,between the controller and partner are not fully connected.

RB ID The ID of the root blocker. If the value is none, there are not two or morecommon-link failures.

RB State None—This EAPS shared-port is not the root blocker.Active—This EAPSshared-port is the root blocker and is currently active.Inactive—This EAPSshared-port is the root blocker but is currently inactive.

Active Open (available with thedetail keyword)

None—Indicates that there is no Active-Open port on the VLAN.Port #—Indicates the port that is Active-Open and is in a forwarding state.

Segment Timer expiry action Segment down—Specifies that if the controller or partner switch detects adown segment, that segment stays down and a query is not sent through thering. The switch marks the segment status as Down.Send alert—Specifies thatif the controller or partner switch detects a down segment, that switch keepsthe segment up and sends a warning message to the log (default). The switchsends a trap alert and sets the failed flag [F].

Segment Port (available with thedetail keyword or by specifying ashared port)

Identifies the segment port of an EAPS ring that shares the common link.



Field Description

Status (available with the detailkeyword or by specifying ashared port)

Up—Connectivity is established between the segment and the EAPS shared-port on the common link neighbor.Down—There is a break in the pathbetween the segment and the EAPS shared-port on the common linkneighbor. Blocking-Up—The path is Up, but due to the root blocker being inthe Active state, this port is blocked to prevent a loop.Blocking-Down—Theroot blocker is in the Active state; however, the path is Down. Because thepath is Down, there is no need to block the root blocker port to prevent aloop.[F]—The segment timer has expired but has not received an explicit link-down notification. The segment port remains in the Up state, with the timerexpired flag set to True.

EAPS Domain (available with thedetail keyword or by specifying ashared port)

The EAPS domain assigned to the segment port.

Vlan-port count (available withthe detail keyword or byspecifying a shared port)

The total number of VLANs being protected on this segment port.

Adjacent Blocking Id (availablewith the detail keyword or byspecifying a shared port)

None—The neighbor on this port is not reporting a Controller in the Blockingstate.Link-Id—The neighbor on this port is a controller in the Blocking statewith a link ID of Link-Id.

Segment RB Id (available with thedetail keyword or by specifying ashared port)

None—The neighbor on this port is not aware of a root blocker in thenetwork.RB-Id—The neighbor on this port has determined that there is aroot blocker in the network with a link ID of RB-Id.

Vlan (available with the detailkeyword or by specifying ashared port)

Displays a list of VLANs protected by the segment port.

Virtual-port Status (available withthe detail keyword or byspecifying a shared port)

This information appears for the Controller, when it is in either the Blocking orPreforwarding state.Active-Open—This VLAN or port is in the Forwarding state and hasconnectivity to the neighboring EAPS shared port via this port. Open—ThisVLAN or port is in the Forwarding state but does not have connectivity to theneighboring EAPS shared port via this port.Blocked—This VLAN or port is inthe Blocking state to prevent a loop in the network. Down—This port’s link isdown. Active—At this moment, this VLAN or port is not being handled byEAPS shared port. Rather, this VLAN or port is being handled by the regularEAPS protocol.

Bvlan When a common link connects an access VLAN (CVLAN or SVLAN) to a coreVLAN (BVLAN), this field displays the BVLAN name. For more information,see Common Link Fault Detection and Response in the .

Example

The following command displays shared-port information for all EAPS shared ports on a switch:

show eaps shared-portEAPS shared-port count: 1--------------------------------------------------------------------------------Link Domain Vlan RB RBShared-port Mode Id Up State count count Nbr State Id------------------------------------------------------------------------------



--10:1 Controller 1 Y Ready 2 1 Yes None NoneSegment Timer expiry action: Send alert--------------------------------------------------------------------------------

The following command displays detailed information for all EAPS shared ports:

show eaps shared-port detailEAPS shared-port count: 1--------------------------------------------------------------------------------Link Domain Vlan RB RBShared-port Mode Id Up State count count Nbr State Id--------------------------------------------------------------------------------4:1 Controller 10 Y Blocking 2 1 Yes Active 10Segment Timer expiry action: Send alertSegment Port: 5:7, Status: Blocking-UpEAPS Domain: d1Vlan-port count: 1Adjacent Blocking Id: NoneSegment RB Id: NoneVlan Virtual-port Statusp_1 BlockedSegment Port: 2:11, Status: DownEAPS Domain: d2Vlan-port count: 1Adjacent Blocking Id: 20Segment RB Id: NoneVlan Virtual-port Statusp_1 OpenVlan: p_1, Vlan-port count: 2, Active Open: NoneSegment Port Virtual-port Status5:7 Blocked2:11 Open

The following command displays detailed information for an EAPS shared port that is in the Blockingstate:

* Switch.2 # show eaps shared-port 1:24--------------------------------------------------------------------------------Link Domain Vlan RB RBShared-port Mode Id Up State count count Nbr State Id--------------------------------------------------------------------------------1:24 Controller 10 Y Blocking 3 5 Yes None NoneSegment Health Check interval: 1 secSegment Timeout: 3 secSegment Fail Timer expiry action: Send alertCommon Path Health Check interval: 1 secCommon Path Timeout: 3 secSegment Port: 3:35 Status: UpEAPS Domain: d3



Vlan-port count: 3Adjacent Blocking Id: NoneSegment RB Id: NoneSegment Port: 3:36 Status: UpEAPS Domain: d2Vlan-port count: 3Adjacent Blocking Id: NoneSegment RB Id: NoneSegment Port: 3:38 Status: UpEAPS Domain: d1Vlan-port count: 5Adjacent Blocking Id: NoneSegment RB Id: NoneVlan: data1, Vlan-port count: 3, Active Open: 3:38 Bvlan: metro1Vlan: data2, Vlan-port count: 3, Active Open: 3:38 Bvlan: metro1Vlan: data3, Vlan-port count: 3, Active Open: 3:38 Bvlan: metro2Vlan: metro1, Vlan-port count: 1, Active Open: 3:38Vlan: metro2, Vlan-port count: 1, Active Open: 3:38--------------------------------------------------------------------------------

Note

The BVLAN information in the previous example appears only when a BVLAN configuration ispresent.



show eaps


DescriptionDisplays EAPS status information.

Syntax Description

eapsDomain Specifies the name of an EAPS domain.

detail Specifies all available detail for each domain.




DefaultN/A.

Usage GuidelinesIf you enter the show eaps command without a keyword, the command displays less than with thedetail keyword.

Use the optional eapsDomain parameter to display status information for a specific EAPS domain.

Some state values are different on a transit node than on a master node.

When you enter the show eaps command without a domain name, the switch displays the followingfields:

EAPS Enabled: Current state of EAPS on this switch:Yes—EAPS is enabled on the switch.No—EAPS is not enabled.

EAPS Fast Convergence: Displays only when Fast Convergence is on.

EAPS Display Config Warnings: Displays the setting for loop protection messages:On—Loop protection messages are displayed (this is the default behavior).Off—Loop protection messages are not displayed.

EAPS Multicast Add Ring Ports: Displays the configuration of the multicast add-ring-ports feature asconfigured with the configure eaps multicast add-ring-ports command.

EAPS Multicast Send IGMP Query: Displays the configuration of the multicast send-igmp-query feature asconfigured with the configure eaps multicast send-igmp-query command.

EAPS Multicast TemporaryFlooding:

Displays the configuration of the multicast temporary-flooding feature asconfigured with the configure eaps multicast temporary-flooding command.

EAPS Multicast TemporaryFlooding Duration:

Displays the duration configuration for the multicast temporary-floodingfeature as configured with the configure eaps multicasttemporary-flooding duration command.

Number of EAPS instances: Number of EAPS domains created. The maximum number of EAPS domainsper switch is 128.

Domain: Entries in this column identify the name of an EAPS domain.



State: On a transit node, the command displays one of the following states:Idle—The EAPS domain has been enabled, but the configuration is notcomplete.Links-Up—This EAPS domain is running, and both its ports are upand in the FORWARDING state.Links-Down—This EAPS domain is running,but one or both of its ports are down.Preforwarding—This EAPS domain isrunning, and both of its ports are up, but one of them is in a temporaryBLOCKED state.On a master node, the command displays one of the following states:Idle—The EAPS domain has been enabled, but the configuration is notcomplete.Init—The EAPS domain has started but has not yet determined thestatus of the ring. The secondary port is in a BLOCKED state.Complete—Thering is in the COMPLETE state for this EAPS domain.Failed—There is a breakin the ring for this EAPS domain.Pre-Init—The EAPS domain has startedoperation for Init state and has sent a request to lower hardware layers toblock the secondary port. It is in transient state waiting for acknowledgementfrom hardware layer indicating the operation is completed.Pre-Complete—The EAPS domain has started operation for Complete state and has sent arequest to lower hardware layers to block the secondary port. It is in transientstate waiting for acknowledgement from the hardware layer indicating theoperation is completed.[Failtimer Expired]—When the failtimer expires andit’s action is set to send-alert, this flag is set. This flag indicates there is amisconfiguration or hardware problem in the EAPS ring. The EAPS masternode continues to remain in COMPLETE or INIT state with it’s secondary portblocking.

Mo: The configured EAPS mode for this switch: transit (T) or master (M).

Primary/Secondary port: The port numbers assigned as the EAPS primary and secondary ports. On themaster node, the port distinction indicates which port is blocked to avoid aloop.

Prio The EAPS domain priority, which is H for high priority or N for normal priority.

When you enter the show eaps command with a domain name or the detail keyword, the switchdisplays the following fields:

Name: Identifies the EAPS domain displayed.

Priority The EAPS domain priority, which is either High or Normal.



State: On a transit node, the command displays one of the following states:Idle—The EAPS domain has been enabled, but the configuration is notcomplete.Links-Up—This EAPS domain is running, and both its ports are upand in the FORWARDING state.Links-Down—This EAPS domain is running,but one or both of its ports are down.Preforwarding—This EAPS domain isrunning, and both of its ports are up, but one of them is in a temporaryBLOCKED state.On a master node, the command displays one of the following states:Idle—The EAPS domain has been enabled, but the configuration is notcomplete.Init—The EAPS domain has started but has not yet determined thestatus of the ring. The secondary port is in a BLOCKED state. Complete—Thering is in the COMPLETE state for this EAPS domain.Failed—There is a breakin the ring for this EAPS domain. Pre-Init—The EAPS domain has startedoperation for Init state and has sent a request to lower hardware layers toblock the secondary port. It is in transient state waiting for acknowledgementfrom hardware layer indicating the operation is completed. Pre-Complete—The EAPS domain has started operation for Complete state and has sent arequest to lower hardware layers to block the secondary port. It is in transientstate waiting for acknowledgement from the hardware layer indicating theoperation is completed. [Failtimer Expired]—When the failtimer expires andit’s action is set to send-alert, this flag is set. This flag indicates there is amisconfiguration or hardware problem in the EAPS ring. The EAPS masternode continues to remain in COMPLETE or INIT state with it’s secondary portblocking.

[Running: …] Yes—This EAPS domain is running. No—This EAPS domain is not running.

Enabled: Indicates whether EAPS is enabled on this domain.Y—EAPS is enabled on this domain. N—EAPS is not enabled.

Mode: The configured EAPS mode for this switch: transit (T) or master (M).

Primary/Secondary port: The port numbers assigned as the EAPS primary and secondary ports. On themaster node, the port distinction indicates which port is blocked to avoid aloop.

Port status: Unknown—This EAPS domain is not running, so the port status has not yetbeen determined. Up—The port is up and is forwarding data.Down—The portis down.Blocked—The port is up, but data is blocked from being forwarded.

Tagstatus: Tagged status of the control VLAN:Tagged—The control VLAN has this port assigned to it, and the port is taggedin the VLAN.Untagged—The control VLAN has this port assigned to it, but theport is untagged in the control VLAN.Undetermined—Either a VLAN has notbeen added as the control VLAN to this EAPS domain or this port has notbeen added to the control VLAN.

Hello timer interval: The configured value of the timer in seconds and milliseconds, specifying thetime that the master node waits between transmissions of health checkpackets.

Fail timer interval: The configured value of the timer in seconds, specifying the time that themaster node waits before the failtimer expires.

Failtimer expiry action: Displays the action taken when the failtimer expires:Send-alert—Sends a critical message to the syslog when the failtimerexpires.Open-secondary-port—Opens the secondary port when the failtimerexpires.Displays only for master nodes.



Preforwarding Timer interval: 1 The configured value of the timer. This value is set internally by the EAPSsoftware. The set value is 15 seconds.Note: If two links in an EAPS domain go down at the same time and one linkcomes back up, it takes 15 seconds for the reconnected link to start receivingtraffic again.Displays only for transit nodes.

Last valid EAPS update: Indicates the last time a hello packet was received.

EAPS Domain Controller Vlan: Lists the assigned name and ID of the control VLAN.

EAPS Domain Protected Vlan(s): Lists the assigned names and VLAN IDs of all the protected VLANsconfigured on this EAPS domain.

Number of Protected Vlans: The count of protected VLANs configured on this EAPS domain.

Example

The following command displays information for all EAPS domains:

Switch.5 # show eapsEAPS Enabled: YesEAPS Fast-Convergence: OffEAPS Display Config Warnings: OnEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 2# EAPS domain configuration :--------------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count Prio--------------------------------------------------------------------------------d1 Idle T N 1 2 cv1 (101 ) 0 Hd2 Links-Up T Y 3:8 3:16 c2 (1001) 100 H--------------------------------------------------------------------------------

The following command displays information for EAPS domain d1:

Switch.7 # show eaps d1Name: d1 Priority: HighState: Idle Running: NoEnabled: No Mode: TransitPrimary port: 1 Port status: Unknown Tag status: UndeterminedSecondary port: 2 Port status: Unknown Tag status: UndeterminedHello timer interval: 1 sec 0 millisecFail timer interval: 3 sec 0 millisecFail Timer expiry action: Send alertLast valid EAPS update: From Master Id 00:01:30:f9:9c:b0, at Wed Jun 9 09:09:35 2004

1 These fields apply only to transit nodes; they are not displayed for a master node.



EAPS Domain has following Controller Vlan:Vlan Name VIDc1 1000EAPS Domain has following Protected Vlan(s):Vlan Name VIDp_1 1p_2 2p_3 3p_4 4p_5 5p_6 6p_7 7p_8 8p_9 9p_10 10p_11 11p_12 12p_13 13p_14 14p_15 15p_16 16p_17 17p_18 18p_19 19p_20 20p_21 21p_22 22p_23 23p_24 24p_25 25p_26 26p_27 27p_28 28p_29 29p_30 30

The following command displays information on EAPS domain domain12, which is configured to sendhello packets on the secondary port:

Switch.9 # show eaps "domain12"Name: domain12 Priority: HighState: Complete Running: YesEnabled: Yes Mode: MasterPrimary port: 17 Port status: Up Tag status: TaggedSecondary port: 27 Port status: Blocked Tag status: TaggedHello Egress Port: SecondaryHello timer interval: 0 sec 100 millisecFail timer interval: 0 sec 300 millisecFail Timer expiry action: Send alertLast update: From Master Id 00:04:96:34:e3:43, at Tue May 11 15:39:29 2010EAPS Domain has following Controller Vlan:Vlan Name VIDvlanc12 1002EAPS Domain has following Protected Vlan(s):Vlan Name VIDpvlan11 204pvlan12 205



pvlan13 206Number of Protected Vlans: 3

Note

You might see a slightly different display, depending on whether you display the master nodeor the transit node.

The display from the show eaps detail command shows all the information shown in the show eapseapsDomain command, but displays information for all configured EAPS domains.

For the CFM support in EAPS, t he existing show eaps output places a “!” next to a CFM monitored ringport if the CFM indicates the MEP group for that port is down.

X480-48t.1 # sh eapsEAPS Enabled: YesEAPS Fast-Convergence: OffEAPS Display Config Warnings: OffEAPS Multicast Add Ring Ports: OffEAPS Multicast Send IGMP Query: OnEAPS Multicast Temporary Flooding: OffEAPS Multicast Temporary Flooding Duration: 15 secNumber of EAPS instances: 1# EAPS domain configuration :----------------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count Prio----------------------------------------------------------------------------------d2 Failed M Y !41 31 v2 (101 ) 1 N----------------------------------------------------------------------------------Flags : (!) CFM Down



show erps ring-name

show erps ring-name

DescriptionDisplay specific details for an ERPS ring.



Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to display specific details for an ERPS ring.

Example

The following example displays details for an ERPS ring named "R1":

# show erps "R1"

Name: R1Operational State: Protection enabled Node Type: RPL Owner, RevertiveConfigured State : Enabled

East Ring Port : 21 MepId: 1 Remote MepId: 3 Status: BlockedWest Ring Port : +20 MepId: 2 Remote MepId: 4 Status: Blocked

Periodic timer interval: 5000 millisec (Enabled)Hold-off timer interval: 0 millisec (Enabled)Guard timer interval : 500 millisec (Enabled)WTB timer interval : 5500 millisec (Enabled)WTR timer interval : 1000 millisec (Enabled)

Ring MD Level : 1CCM Interval East : 1000 millisecCCM Interval West : 1000 millisecNotify Topology Change : -------Subring Mode : Virtual Channel

ERPS Control Vlan: cvl VID:1000Topology Change Propogation List: NoneTopology Change Propogation : DisabledERPS Ring's Sub-Ring(s): NoneERPS Ring has following Protected Vlan(s): Vlan Name VID pvl 1001Number of Protected Vlans: 1(+) RPL Protection Port, (^) RPL Neighbor Port(f) Force Switch Port, (m) Manual Switch Port





show erps statistics

show erps ring-name statistics

DescriptionDisplay control packet and event statistics for an ERPS ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to display control packet and event statistics for an ERPS ring.

Example

The following example displays statistics for an ERPS ring named "R1":

# show erps "R1" statisticsport Sent Received Dropped Blocked Un-blocked SF SF-clear R-APS R-APS R-APS events events ----------------------------------------------------------------- 2:1 2309 3400 4 5 0 0 0 1:20 100 45 0 0 10 2000 100 -----------------------------------------------------------------





show erps

show erps

DescriptionDisplay global information for ERPS.


DefaultN/A.

Usage GuidelinesUse this command to display global information for ERPS.

Example

# show erps

ERPS Enabled: YesERPS Display Config Warnings: OnERPS Multicast Add Ring Ports: OffERPS Multicast Send IGMP Query: OnERPS Multicast Temporary Flooding: OffERPS Multicast Temporary Flooding Duration: 15 secNumber of ERPS instances: 1# ERPS ring configuration :

--------------------------------------------------------------------------------Ring State Type East West Control-Vlan VID--------------------------------------------------------------------------------R1 Protection R r 21 +20 cvl (1000)--------------------------------------------------------------------------------where State: Init/Idle/Protection/Manual-Switch/Force-Switch/Pending Type: (I) Interconnected node, (N) RPL Neighbor, R) RPL Owner, (X) Ring node Flags: (n) Non-revertive, (r) Revertive, (+) RPL Protection Port, (^) RPL Neighbor Port (f) Force Switch Port, (m) Manual Switch Port





show stpd ports


DescriptionDisplays the STP state of a port.

Syntax Description

stpd_name Specifies an STPD name.


detail Specifies more detailed information about one or more ports of the STPD.

DefaultN/A.

Usage GuidelinesThis command displays the following:

• STPD port configuration.

• STPD port encapsulation mode.

• STPD path cost.

• STPD priority.

• STPD state (root bridge, and so on).

• Port role (root designated, alternate and so on).

• STPD port state (forwarding, blocking, and so on).

• Configured port link type.

• Operational port link type.

• Edge port settings (inconsistent behavior, edge safeguard setting).

• Restricted role (enabled, disabled).

• MSTP port role (internal or boundary).

• Active port role.

To display more detailed information for one or more ports in the specified STPD, includingparticipating VLANs, specify the detail option.



If you have MSTP configured and specify the detail option, this command displays additionalinformation:

• MSTP internal path cost.

• MSTP timers.

If your STPD has the same name as another component, for example a VLAN, Extreme Networksrecommends that you specify the identifying keyword as well as the name. If you do not specify thestpd keyword, an error message similar to the following is displayed:

%% Ambiguous command: "show Test ports"

In this example, to view all of the port settings of STPD Test, enter show stpd Test ports.

If your STPD has a name unique only to that STPD, the keyword stpd is optional.

Example

The following command displays the state of ports 1, 2, and 4 on an STPD named s1:

show stpd s1 ports


Port Mode State Cost Flags Priority Port ID Designated Bridge1 EMISTP DISABLED 200000 e?pp-w---t 128 8001 00:00:00:00:00:00:00:002 EMISTP DISABLED 200000 e?pp-w---- 128 8002 00:00:00:00:00:00:00:004 EMISTP DISABLED 200000 e?pp-w---- 128 8004 00:00:00:00:00:00:00:00Total Ports: 3------------------------- Flags: ----------------------------1: e=Enable, d=Disable2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto4: (Oper. type) b=broadcast, p=point-to-point, e=edge5: p=proposing, a=agree6: (partner mode) d = 802.1d, w = 802.1w, m = mstp7: i = edgeport inconsistency8: S = edgeport safe guard actives = edgeport safe guard configured but inactive8: G = edgeport safe guard bpdu restrict active in 802.1w and mstpg = edgeport safe guard bpdu restrict active in 802.1d9: B = Boundary, I = Internal10: r = Restricted Role, t = active Role

The following command displays the detailed information for the ports in STPD s1:

show stpd s1 ports 1 detail




Stpd: s1 Port: 1 PortId: 8001 Stp: ENABLED Path Cost: 20000Port Mode: EMISTPPort State: DISABLED Topology Change Ack: FALSEPort Priority: 128Designated Root: 00:00:00:00:00:00:00:00 Designated Cost: 0Designated Bridge: 00:00:00:00:00:00:00:00 Designated Port Id: 0Partner STP version: Dot1wRestricted Role: DisabledActive Role: EnabledEdge Port Safe Guard: DisabledBpdu Restrict: DisabledParticipating Vlans: v1

The following command displays the detailed information for the ports in STPD s1 configured for MSTP:

show stpd s1 ports detail


Stpd: s1 Port: 1 PortId: 8001 Stp: ENABLED Path Cost: 4Port Mode: 802.1DPort State: FORWARDING Topology Change Ack: FALSEPort Priority: 16Designated Root: 80:00:00:04:96:1f:a8:44 Designated Cost: 0, IntCost: 0Designated Bridge: 80:00:00:04:96:1f:a8:44 Designated Port Id: 8001Partner STP version: MSTPRestricted Role: DisabledActive Role: DisabledEdge Port Safe Guard: DisabledmaxAge: 20 msgAge: 0 fwdDelay: 15 helloTime: 2 maxHops: 20Participating Vlans: v1Stpd: s1 Port: 2 PortId: 8002 Stp: ENABLED Path Cost: 4Port Mode: 802.1DPort State: BLOCKING Topology Change Ack: FALSEPort Priority: 16Designated Root: 80:00:00:04:96:1f:a8:44 Designated Cost: 0, IntCost: 0Designated Bridge: 80:00:00:04:96:1f:a8:44 Designated Port Id: 8002Partner STP version: Dot1dRestricted Role: EnabledActive Role: DisabledEdge Port Safe Guard: DisabledmaxAge: 20 msgAge: 0 fwdDelay: 15 helloTime: 2 maxHops: 20Participating Vlans: v1


Port Mode State Cost Flags Priority Port ID Designated Bridge9 EMISTP FORWARDING 20000 eDeepw-G-- 128 8009 80:00:00:04:96:1f:a8:48Total Ports: 1------------------------- Flags: ----------------------------



1: e=Enable, d=Disable2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto4: (Oper. type) b=broadcast, p=point-to-point, e=edge5: p=proposing, a=agree6: (partner mode) d = 802.1d, w = 802.1w, m = mstp7: i = edgeport inconsistency8: S = edgeport safe guard actives = edgeport safe guard configured but inactiveG = edgeport safe guard bpdu restrict activeg = edgeport safe guard bpdu restrict configured but inactive only dot1w, mstp9: B = Boundary, I = Internal10: r = Restricted Role, t = active role


Information about MSTP was added in ExtremeXOS 11.4.

Information about BPDU Restrict was added in ExtremeXOS 12.4.

Information about active role was added in ExtremeXOS 12.5.


show stpd


DescriptionDisplays STPD settings on the switch.

Syntax Description

stpd_name Specifies an STPD on the switch.

detail Specifies that STPD settings should be shown for each STPD.

DefaultN/A.

Usage GuidelinesIf you specify the command without any options, the following STPD information appears:



• Name—The name of the STPD.

• Tag—The StpdID of the domain, if configured.

• Flags—The following flags communicate information about the current state of the STPD:

• (C) Topology Change—A network topology change has occurred in the network.

• (D) Disable—The STPD is disabled.

• (E) Enable—The STPD is enabled.

• (R) Rapid Root Failover—The STPD has been configured for rapid root failover.

• (T) Topology Change Detected—The STPD has detected a change in the network topology.

• (M) MSTP CIST—The STPD has been configured for MSTP, and the STPD is the common andinternal spanning tree.

• (I) MSTP MSTI—The STPD has been configured for MSTP, and the STPD is a multiple instancespanning tree.

• Ports—The number of ports that are part of the STPD.

• Bridge ID—The MAC addresses of the switch.

• Designated Root—The MAC address of the switch that is the designated root bridge.

• Rt Port—The root port.

• Rt Cost—The path cost to the root port.

• Total Number of STPDs—The total number of STPDs configured on the switch.

• STP Flush Method—The method used to flush the FDB during a topology change.

If you have an MSTP region and associated spanning trees configured on the switch, the command alsodisplays the following global MSTP information:

• MSTP Region—The name of the MSTP region configured on the switch.

• Format Identifier—The number used by BPDUs to communicate within an MSTP region.

• Revision Level—This number is reserved for future use.

• Common and Internal Spanning Tree (CIST)—The name of the CIST that controls the connectivity ofinterconnecting MSTP regions.

• Total number of MST Instances (MSTI)—The number of MSTIs running in the MSTP region.

If you use the show stpd command and specify the name of an STPD, in addition to the data previouslydescribed, the command displays more detailed information about the STPD. If you specify the detailoption, the switch displays the same type of information for all of the STPDs configured on the switch.

The additional output includes the following:

• STPD mode of operation.

• Autobind mode.

• Active VLANs.

• Timer information.

• Topology change information.

If you have MSTP configured, the command also displays the following information:

• Bridge role.

• CIST root.

• CIST regional root.

• MSTI instances.

• Master port (Displayed only on MSTI STPDs).



If your STPD has the same name as another component, for example a VLAN, we recommend that youspecify the identifying keyword as well as the name. If you do not specify the stpd keyword, an errormessage similar to the following is displayed:

%% Ambiguous command: "show Test"

In this example, to view the settings of the STPD Test, enter show stpd Test.

If your STPD has a name unique only to that STPD, the keyword stpd is optional.

Example

The following command displays the STPD settings on a switch that has MSTP configured:

show stpd


MSTP Global Configuration:MSTP Region Name : 00304841ed97MSTP format Identifier : 0MSTP Revision Level : 3Common and Internal Spanning Tree (CIST) : ----Total Number of MST Instances (MSTI) : 0Name Tag Flags Ports Bridge ID Designated Root Rt Port Rt Costs0 0000 D----- 0 8000001030f99dc0 0000000000000000 ------- 0 Total number of STPDs: 1 STP Flush Method: Port onlyFlags: (C) Topology Change, (D) Disable, (E) Enable, (R) Rapid Root Failover (T) Topology Change Detected, (M) MSTP CIST , (I) MSTP MSTI

The following command displays STPD settings on an STPD named Backbone_st:

show stpd backbone_st


Stpd: backbone_st Stp: ENABLED Number of Ports: 51Description: this is backbone_st domainRapid Root Failover: DisabledOperational Mode: 802.1W Default Binding Mode: 802.1D802.1Q Tag: (none)Ports: 1:1,1:2,2:1,2:2,3:1,3:2,4:1,4:2,5:1,5:2,5:3,5:4,5:5,5:6,5:7,5:8,5:9,5:10,5:11,5:12,5:13,5:14,5:15,5:16,5:17,5:18,5:19,5:20,5:21,5:22,5:23,5:24,5:25,5:26,5:27,5:28,5:29,5:30,5:31,5:32,5:33,5:34,5:35,5:36,5:37,5:38,5:39,5:40,5:41,5:42,5:43



Participating Vlans: DefaultAuto-bind Vlans: DefaultBridge Priority: 5000BridgeID: 13:88:00:01:30:f4:06:80Designated root: 0a:be:00:01:30:28:b7:00RootPathCost: 19 Root Port: 28MaxAge: 20s HelloTime: 2s ForwardDelay: 15sCfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15sTopology Change Time: 35s Hold time: 1sTopology Change Detected: FALSE Topology Change: FALSENumber of Topology Changes: 7Time Since Last Topology Change: 4967s

The following is sample output for an STPD configured as the CIST (the output is similar for an STPDconfigured as an MSTI):

Stpd: s0 Stp: DISABLED Number of Ports: 0Description: this is s0 domainRapid Root Failover: Disabled Operational Mode: MSTP Default Binding Mode: 802.1dMSTP Instance :CIST CIST : s0802.1Q Tag: (none) Ports: (none) Participating Vlan Count: 1Auto-bind Vlans Count: 1Bridge Priority: 32768 BridgeID: 80:00:00:10:30:f9:9d:c0BridgeRole : CIST Regional RootCIST Root 80:00:00:10:30:f9:9d:c0CISTRegional Root: 80:00:00:10:30:f9:9d:c0Designated root: 00:00:00:00:00:00:00:00 RootPathCost: 0 External RootPathCost: 0 Root Port: ---- MaxAge:0sHelloTime:0sForwardDelay:0s CfgBrMaxAge:20sCfgBrHelloTime:2sCfgBrForwardDelay: 15s MaxHopCount: 20 CfgBrMaxHopCount : 20Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: FALSE Number of Topology Changes: 0 Time Since Last Topology Change: 0sParticipating Vlans : (none) Auto-bind Vlans : Default


Information about MSTP was added in ExtremeXOS 11.4.

Description was added in ExtremeXOS 12.4.4.




show vlan eaps

show {vlan} vlan_name eaps

DescriptionDisplays the EAPS configuration (control, partner, or not added to an EAPS domain) of a specific VLAN.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to see if the specified VLAN is associated with an EAPS domain.

The output of this command displays whether the VLAN is a control or partner VLAN for an EAPSdomain. This command also displays if the VLAN is not a member of any EAPS domain.

If a VLAN is a partner VLAN for more than one EAPS domain, all of the EAPS domains that the VLAN isa partner of appears in the output.

Example

The following command displays the EAPS configuration for the control VLAN orange in EAPS domaineaps1:

show vlan orange eaps


Vlan is Control in following EAPS domain:eaps1

The following command displays the EAPS configuration for the protected VLAN purple in EAPSdomain eaps1:

show vlan purple eaps




Vlan is Protected in following EAPS domain(s):eaps1

The following command displays information about the VLAN default not participating in EAPS:

show vlan default eaps


Vlan has not been added to any EAPS domain



show vlan stpd


DescriptionDisplays the STP configuration of the ports assigned to a specific VLAN.

Syntax Description


DefaultN/A.

Usage GuidelinesIf you have a VLAN that spans multiple STPDs, use this command to display the STP configuration ofthe ports assigned to that specific VLAN.

This command displays the following:



• STPD port configuration.

• STPD port mode of operation.

• STPD path cost.

• STPD priority.

• STPD state (root bridge, and so on).

• Port role (root designated, alternate and so on).

• STPD port state (forwarding, blocking, and so on).

• Configured port link type.

• Operational port link type.

If your VLAN has the same name as another component, for example an STPD, Extreme Networksrecommends that you specify the identifying keyword as well as the name. If you do not specify thevlan keyword, the switch displays an error message similar to the following:

%% Ambiguous command: "show Test stpd"

In this example, to view the STPD state of VLAN Test, enter show vlan Test stpd.

If you enter a VLAN name that is not associated with an STPD or does not exist, the switch displays anerror message similar to the following:

Failed to find vlan 'vlan1' or it has no STP domains configured on it

If this happens, check to make sure you typed the correct name of the VLAN and that the VLAN isassociated with an STPD.

If your VLAN has a name unique only to that VLAN, the keyword vlan is optional.

Example

The following command displays the spanning tree configurations for the VLAN Default:

show vlan default stpd


s0(enabled) Tag: (none) Ports: 8 Root/P/C: 80:00:00:01:30:94:79:00/-----/0Port Mode State Cost Flags Priority Port ID Designated Bridge1:1 802.1D LEARNING 19 eDbb-d- 16 8001 80:00:00:01:30:94:79:001:2 802.1D DISABLED 4 e------ 16 8002 00:00:00:00:00:00:00:001:3 802.1D DISABLED 4 e------ 16 8003 00:00:00:00:00:00:00:001:4 802.1D LEARNING 4 eDbb-d- 16 8004 80:00:00:01:30:94:79:001:5 802.1D LEARNING 4 eDbb-d- 16 8005 80:00:00:01:30:94:79:001:6 802.1D DISABLED 4 e------ 16 8006 00:00:00:00:00:00:00:001:7 802.1D DISABLED 4 e------ 16 8007



00:00:00:00:00:00:00:001:8 802.1D DISABLED 4 e------ 16 8008 00:00:00:00:00:00:00:00------------------------- Flags: ----------------------------1: e=Enable, d=Disable2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master, Y=Boundary3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto4: (Oper. type) b=broadcast, p=point-to-point, e=edge5: p=proposing, a=agree6: (partner mode) d=802.1d, w=802.1w, m=mstp7: i=edgeport inconsistency8: B = Boundary, I = Internal



Spanning Tree Domains

The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independentspanning tree instance. Each spanning tree instance is called a Spanning Tree Domain (STPD). EachSTPD has its own root bridge and active path. After an STPD is created, one or more VLANs can beassigned to it.

A port can belong to multiple STPDs. In addition, a VLAN can span multiple STPDs.

The key points to remember when configuring VLANs and STP are:

• Each VLAN forms an independent broadcast domain.

• STP blocks paths to create a loop-free environment.

• Within any given STPD, all VLANs belonging to it use the same spanning tree.

Member VLANsWhen you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types ofmember VLANs in an STPD are:

• Carrier.

• Protected.

Carrier VLANA carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belongto the STPD and if configured, the 802.1Q tag used to transport Extreme Multiple Instance SpanningTree Protocol (EMISTP) or Per VLAN Spanning Tree (PVST+) encapsulated Bridge Protocol Data Units



(BPDUs). Only one carrier VLAN can exist in a given STPD, although some of its ports can be outsidethe control of any STPD at the same time.

Note

If you use EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrierVLAN in that STPD.

If you have an 802.1D configuration, we recommend that you configure the StpdID to be identical to theVLAN ID of the carrier VLAN in that STPD.

If you configure MSTP, you do not need carrier VLANs for MSTP operation. With MSTP, you configure aCIST that controls the connectivity of interconnecting MSTP regions and sends BPDUs across theregions to communicate the status of MSTP regions. All VLANs participating in the MSTP region havethe same privileges.

Protected VLANProtected VLANs are all other VLANs that are members of the STPD. These VLANs “piggyback” on thecarrier VLAN. Protected VLANs do not transmit or receive STP BPDUs, but they are affected by STPstate changes and inherit the state of the carrier VLAN. Protected VLANs can participate in multipleSTPD, but any particular port in the VLAN can belong to only one STPD. Also known as non-carrierVLANs.

If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs donot transmit or receive STP BPDUs, but they are affected by STP state changes communicated by theCIST to the MSTP regions. MSTIs cannot share the same protected VLAN; however, any port in aprotected VLAN can belong to multiple MSTIs.

STPD ModesAn STPD has three modes of operation:

• 802.1D mode

Use this mode for backward compatibility with previous STP versions and for compatibility withthird-party switches using IEEE standard 802.1D. When configured in this mode, all rapidconfiguration mechanisms are disabled.

• 802.1w mode

Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode, allrapid configuration mechanisms are enabled. The benefit of this mode is available on point-to-pointand edge ports only.

You enable or disable RSTP on a per STPD basis only. You do not enable RSTP on a per port basis.

• MSTP mode

Use this mode for compatibility with Multiple Spanning Tree (MSTP, 802.1s). MSTP is an extension ofRSTP and offers the benefit of better scaling with fast convergence. When configured in this mode,all rapid configuration mechanisms are enabled. The benefit of MSTP is available only on point-to-point links and when you configure the peer in MSTP or 802.1w mode. If you do not select point-to-point links and the peer is not configured in 802.1w mode, the STPD fails back to 802.1D mode.



You can create only one MSTP region on the switch, and all switches that participate in the regionmust have the same regional configurations. You enable or disable an MSTP on a per STPD basisonly. You do not enable MSTP on a per port basis.

By default, the:

• STPD operates in 802.1D mode.

• Default device configuration contains a single STPD called s0.

• Default VLAN is a member of STPD s0 with autobind enabled.

All STP parameters default to the IEEE 802.1D values, as appropriate.

Encapsulation ModesYou can configure ports within an STPD to accept and transmit specific BPDU encapsulations. This STPport encapsulation is separate from the STP mode of operation. For example, you can configure a portto accept the PVST+ BPDU encapsulation while running in 802.1D mode.

An STP port has three possible encapsulation modes:

• 802.1D mode

This mode is used for backward compatibility with previous STP versions and for compatibility withthird-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. Becauseof this, any given physical interface can have only one STPD running in 802.1D mode.


• Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode

EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physicalport to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significantflexibility to STP network design. BPDUs are sent with an 802.1Q tag having an STPD instanceIdentifier (STPD ID) in the VLAN ID field.


• Per VLAN Spanning Tree (PVST+) mode

This mode implements PVST+ in compatibility with third-party switches running this version of STP.The STPDs running in this mode have a one-to-one relationship with VLANs, and send and processpackets in PVST+ format.


These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs tomultiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run indifferent modes for different domains to which it belongs.

MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from configuringEMISTP or PVST+ encapsulation mode for MSTP STPDs.



STP Rules and Restrictions

This section summarizes the rules and restrictions for configuring STP as follows:

• The carrier VLAN must span all ports of the STPD. (This is not applicable to MSTP.)

• The STPD ID must be the VLAN ID of the carrier VLAN; the carrier VLAN cannot be partitioned. (Thisis not applicable to MSTP.)

• A default VLAN cannot be partitioned. If a VLAN traverses multiple STPDs, the VLAN must betagged.

• An STPD can carry, at most, one VLAN running in PVST+ mode, and its STPD ID must be identicalwith that VLAN ID. In addition, the PVST+ VLAN cannot be partitioned.

• The default VLAN of a PVST+ port must be identical with the native VLAN on the PVST+ deviceconnected to that port.

• If an STPD contains both PVST+ and non-PVST+ ports, that STPD must be enabled. If that STPD isdisabled, the BPDUs are flooded in the format of the incoming STP port, which may be incompatiblewith those of the connected devices.

• The 802.1D ports must be untagged; and the EMISTP/PVST+ ports must be tagged in the carrierVLAN.

• An STPD with multiple VLANs must contain only VLANs that belong to the same virtual routerinstance.

• STP and network login operate on the same port as follows:

• STP (802.1D), RSTP (802.1W), and MSTP (802.1S) support both network login and STP on thesame port.

• At least one VLAN on the intended port should be configured both for STP and network login.

• When STP blocks a port, network login does not process authentication requests and BPDUs arethe only traffic in and out of the port. All user data forwarding stops.

• When STP places a port in forwarding state, network login operates and BPDUs and user dataflow in and out of the port. The forwarding state is the only STP state that allows network loginand user data forwarding.

• When RSTP is used with network login campus mode, autobind must be enabled on all VLANsthat support RSTP and network login campus mode.

• When RSTP is used with network login campus mode on a port, dynamic VLANs cannot besupported.

• STP cannot be configured on the following ports:

• A mirroring target port.

• A software-controlled redundant port.

• MSTP and 802.1D STPDs cannot share a physical port.

• Only one MSTP region can be configured on a switch.

• In an MSTP environment, A VLAN can belong to either a CIST or one of the MSTIs.

• A VLAN can belong to only one MSTP domain.

• MSTP is not interoperable with PVST+.

• The CIST can operate without any member VLANs.



STP

STP is a bridge-based mechanism for providing fault tolerance on networks. STP is a part of the 802.1Dbridge specification defined by the IEEE Computer Society. To explain STP in terms used by the 802.1Dspecification, the switch is referred to as a bridge.

STP allows you to implement parallel paths for network traffic and ensure that redundant paths are:

• Disabled when the main paths are operational.

• Enabled if the main path fails.

Note

STP and Extreme Standby Router Protocol (ESRP) cannot be configured on the sameVirtual LAN (VLAN) simultaneously.

unconfigure eaps port

unconfigure eaps eapsDomain [primary | secondary] port

DescriptionSets the specified port’s internal configuration state to INVALID.

Syntax Description

eapsDomain Specifies the name of an EAPS domain.

primary Specifies that the primary port should be unconfigured.

secondary Specifies that the secondary port should be unconfigured.

DefaultN/A.

Usage GuidelinesUnconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port toappear in the Idle state with a port status of Unknown when you use the show eaps detail command todisplay the status information about the port.

To prevent loops in the network, the switch displays by default a warning message and prompts you tounconfigure the specified EAPS primary or secondary ring port. When prompted, do one of thefollowing:

• Enter y to unconfigure the specified port.





Example

The following command unconfigures this node’s EAPS primary ring port on the domain eaps_1:

unconfigureeapseaps_1primary port


WARNING: Unconfiguring the Primary port from the EAPS domain could causea loop in the network! Are you sure you want to unconfigure the PrimaryEAPS Port? (y/n)

Enter y to continue and unconfigure the EAPS primary ring port. Enter n to cancel this action.

The switch displays a similar warning message if you unconfigure the secondary EAPS port.




unconfigure eaps shared-port link-id

unconfigure eaps shared-port ports link-id

DescriptionUnconfigures an EAPS link ID on a shared port on the switch.

Syntax Description


DefaultN/A.




Example

The following command unconfigures the link ID on shared port 1:1.

unconfigure eaps shared-port 1:1 link-id



unconfigure eaps shared-port mode

unconfigure eaps shared-port ports mode

DescriptionUnconfigures the EAPS shared port mode.

Syntax Description


DefaultN/A.


Example

The following command unconfigures the shared port mode on port 1:1:

unconfigure eaps shared-port 1:1 mode






unconfigure erps cfm

unconfigure {erps} ring-name cfm

DescriptionUnconfigure the CFM maintenance association for the ERPS ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to unconfigure connectivity fault management (CFM) for the ERPS ring.

Example

The following command unconfigures connectivity fault management on an ERPS ring named “ring1”:

unconfigure erps ring1 cfm






unconfigure erps neighbor-port

unconfigure erps ring-name neighbor-port

DescriptionDelete the ring protection link (RPL) neighbor configuration for the ERPS ring.

Syntax Description


DefaultN/A.

Usage GuidelinesSee Description.

Example

The following command deletes RPL neighbor configuration for the ERPS ring named “ring1”:

unconfigure erps ring1 neighbor-port



unconfigure erps notify-topology-change

unconfigure {erps} ring-name notify-topology-change {eaps} domain_name

DescriptionDelete an ERPS sub-ring from the EAPS domain.



Syntax Description

ring-name Alphanumeric string identififying the ERPS sub-ring.

domain_name Alphanumeric string identifying the EAPS domain.

DefaultN/A.

Usage GuidelinesUse this command to delete an ERPS sub-ring from the EAPS domain.

Example




unconfigure erps protection-port

unconfigure erps ring-name protection-port

DescriptionDelete ring protection link (RPL) owner configuration for the ERPS ring.

Syntax Description


DefaultN/A.

Usage GuidelinesUse this command to delete ring protection link (RPL) owner configuration for the ERPS ring.



Example

The following command deletes RPL owner configuration on an ERPS ring named “ring1”:

unconfigure erps ring1 protection-port



unconfigure erps ring-ports west

unconfigure erps ring-name ring-ports west

DescriptionDelete ring ports on the ERPS ring.

Syntax Description


west Delete the ring port on the west port of the switch.

DefaultN/A.

Usage GuidelinesUse this command to delete ring ports on the ERPS ring. Ring ports are the ports of the switch thatconnect it to the ERPS ring. This command deletes the ring port on the west port of the switch.

Note

On unconfiguring the west port, the node is treated as an interconnected node.



Example

The following command deletes the ring ports on the west port of the switch for an ERPS ring named“ring1”:

unconfigure erps ring1 ring-ports west





DescriptionUnconfigures the MSTP region on the switch and returns all MSTP settings to their default values.


DefaultN/A.

Usage GuidelinesBefore you unconfigure an MSTP region, we recommend that you disable all active STPDs in the region.This includes the CIST and any active MSTIs.

After you issue this command, all of the MSTP settings return to their default values, as describedbelow:

• Region Name—This indicates the name of the MSTP region. In the Extreme Networksimplementation, the maximum length of the name is 32 characters and can be a combination ofalphanumeric characters and underscores ( _ ).

• Format Selector—This indicates a number to identify the format of MSTP BPDUs. The default is 0.




Example

The following command unconfigures the MSTP region on the switch:




unconfigure stpd ports link-type

unconfigure stpd stpd_name ports link-type port_list

DescriptionReturns the specified port to the factory default setting of broadcast link.

Syntax Description



DefaultAll ports are broadcast link types.

Usage GuidelinesIf your STPD has the same name as another component, for example a VLAN, you must enter the stpdkeyword to specify the STPD. If your STPD has a name unique only to that STPD, the keyword stpd isoptional.

If the switch operates in 802.1D mode, any configured port link type will behave the same as thebroadcast link type.




Example

The following command configures slot 2, ports 1 through 4 to return to the factory default ofbroadcast links in STPD s1:

unconfigure stpd s1 ports link-type 2:1-2:4



unconfigure stpd

unconfigure stpd {stpd_name}

DescriptionRestores default STP values to a particular STPD or all STPDs.

Syntax Description


DefaultN/A.

Usage GuidelinesIf you create an STPD with a unique name, the keyword stpd is optional.

Use this command to restore default STP values to a particular STPD. If you want to restore default STPvalues on all STPDs, do not specify a spanning tree name.

Example

The following command restores default values to an STPD named Backbone_st:

unconfigure stpd backbone_st







Documents

Layer 2 Protocols - Extreme Networksextrcdn.extremenetworks.com/.../uploads/2014/04/Layer_2_Protocols.… · Layer 2 Protocols 9. Navigating the ExtremeXOS User Guide This guide consists