Layer 2 Protocols PDF

Layer 2 Protocols
ExtremeXOS 15.5 User Guide
120936-00 Rev. 2
Published June 2014
Copyright 20112014 All rights reserved.
Legal Notice
Extreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys Networks,
Inc., reserves the right to make changes in specifications and other information contained in this
document and its website without prior notice. The reader should in all cases consult
representatives of Extreme Networks to determine whether any such changes have been made.
The hardware, firmware, software or any specifications described or referred to in this document
are subject to change without notice.
Trademarks
Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of
Extreme Networks, Inc. in the United States and/or other countries.
All other names (including any product names) mentioned in this document are the property of
their respective owners and may be trademarks or registered trademarks of their respective
companies/owners.
For additional information on Extreme Networks trademarks, please see:
www.extremenetworks.com/company/legal/trademarks/
Support
For product support, including documentation, visit: www.extremenetworks.com/support/
For information, contact:
Extreme Networks, Inc.
145 Rio Robles
San Jose, California 95134
USA
Table of Contents
Preface......................................................................................................................................... 7
Conventions............................................................................................................................................................................. 7
Related Publications............................................................................................................................................................8
Providing Feedback to Us................................................................................................................................................ 9
Navigating the ExtremeXOS User Guide......................................................................................................................... 10
Chapter 1: EAPS......................................................................................................................... 11
EAPS Protocol Overview.................................................................................................................................................. 11
Configuring EAPS...............................................................................................................................................................23
Displaying EAPS Information....................................................................................................................................... 33
Configuration Examples..................................................................................................................................................34
Chapter 2: ERPS....................................................................................................................... 67
ERPS Overview....................................................................................................................................................................67
Supported ERPS Features.............................................................................................................................................68
G.8032 Version 2 ...............................................................................................................................................................69
Configuring ERPS............................................................................................................................................................... 75
Sample Configuration.......................................................................................................................................................77
Debugging ERPS................................................................................................................................................................ 79
ERPS Feature Limitations.............................................................................................................................................. 79
Chapter 3: Protocol Filters.....................................................................................................80

Chapter 4: Layer 2 Protocol Tunneling................................................................................ 82
Chapter 5: Layer 2 Tunneling and Filtering......................................................................... 84
Protocol Tunneling............................................................................................................................................................ 84
Protocol Filtering................................................................................................................................................................86
Chapter 6: L2PT Limitations...................................................................................................88

Chapter 7: STP..........................................................................................................................89
Spanning Tree Protocol Overview.............................................................................................................................89
Span Tree Domains........................................................................................................................................................... 96
STP Configurations..........................................................................................................................................................104
Per VLAN Spanning Tree................................................................................................................................................ 111
Rapid Spanning Tree Protocol.....................................................................................................................................112
Multiple Spanning Tree Protocol............................................................................................................................... 123
STP and Network Login.................................................................................................................................................135
STP Rules and Restrictions.......................................................................................................................................... 136
Configure STP on the Switch...................................................................................................................................... 137
Display STP Settings....................................................................................................................................................... 138
STP Configuration Examples......................................................................................................................................140
Chapter 8: Layer 2 Protocol Commands............................................................................ 146

clear counters erps.......................................................................................................................................................... 149
clear counters stp.............................................................................................................................................................150
clear eaps counters........................................................................................................................................................... 151
configure eaps add control vlan................................................................................................................................152
configure eaps add protected vlan..........................................................................................................................153
configure eaps cfm.......................................................................................................................................................... 154
Layer 2 Protocols
Table of Contents
configure eaps config-warnings off.........................................................................................................................155

configure eaps config-warnings on......................................................................................................................... 156
configure eaps delete control vlan...........................................................................................................................157
configure eaps delete protected vlan.....................................................................................................................158
configure eaps failtime expiry-action.....................................................................................................................160
configure eaps failtime....................................................................................................................................................161
configure eaps fast-convergence.............................................................................................................................162
configure eaps hello-pdu-egress.............................................................................................................................. 163
configure eaps hellotime...............................................................................................................................................164
configure eaps mode...................................................................................................................................................... 165
configure eaps multicast add-ring-ports.............................................................................................................. 167
configure eaps multicast send-query..................................................................................................................... 168
configure eaps multicast send-igmp-query........................................................................................................ 169
configure eaps multicast temporary-flooding duration................................................................................170
configure eaps multicast temporary-flooding.....................................................................................................171
configure eaps name.......................................................................................................................................................172
configure eaps port..........................................................................................................................................................173
configure eaps priority................................................................................................................................................... 175
configure eaps shared-port common-path-timers.......................................................................................... 176
configure eaps shared-port link-id........................................................................................................................... 177
configure eaps shared-port mode............................................................................................................................178
configure eaps shared-port segment-timers expiry-action........................................................................ 179
configure eaps shared-port segment-timers health-interval..................................................................... 180
configure eaps shared-port segment-timers timeout..................................................................................... 181
configure erps add control vlan................................................................................................................................ 182
configure erps add protected vlan.......................................................................................................................... 183
configure erps cfm md-level....................................................................................................................................... 184
configure erps cfm port ccm-interval.....................................................................................................................185
configure erps cfm port group.................................................................................................................................. 186
configure erps cfm port mepid..................................................................................................................................187
configure erps cfm protection group..................................................................................................................... 188
configure erps delete control vlan........................................................................................................................... 189
configure erps delete protected vlan.....................................................................................................................190
configure erps dynamic-state clear.......................................................................................................................... 191
configure erps name.........................................................................................................................................................191
configure erps neighbor port......................................................................................................................................192
configure erps notify-topology-change................................................................................................................ 193
configure erps protection-port..................................................................................................................................194
configure erps revert...................................................................................................................................................... 195
configure erps ring-ports east | west......................................................................................................................195
configure erps subring-mode.....................................................................................................................................196
configure erps sub-ring................................................................................................................................................. 197
configure erps timer guard..........................................................................................................................................198
configure erps timer hold-off..................................................................................................................................... 199
configure erps timer periodic................................................................................................................................... 200
configure erps timer wait-to-block..........................................................................................................................201
configure erps timer wait-to-restore...................................................................................................................... 201
configure erps topology-change.............................................................................................................................202
configure forwarding L2-protocol fast-convergence................................................................................... 203
Layer 2 Protocols
Table of Contents
configure ip-arp fast-convergence........................................................................................................................ 204

configure mstp format..................................................................................................................................................206
configure mstp region...................................................................................................................................................207
configure mstp revision................................................................................................................................................208
configure stpd add vlan............................................................................................................................................... 209
configure stpd default-encapsulation.....................................................................................................................212
configure stpd delete vlan........................................................................................................................................... 214
configure stpd description........................................................................................................................................... 215
configure stpd flush-method...................................................................................................................................... 216
configure stpd forwarddelay.......................................................................................................................................217
configure stpd hellotime............................................................................................................................................... 218
configure stpd maxage..................................................................................................................................................219
configure stpd max-hop-count................................................................................................................................ 220
configure stpd mode.......................................................................................................................................................221
configure stpd ports active-role disable.............................................................................................................. 223
configure stpd ports active-role enable...............................................................................................................224
configure stpd ports bpdu-restrict......................................................................................................................... 225
configure stpd ports cost............................................................................................................................................ 226
configure stpd ports edge-safeguard disable...................................................................................................228
configure stpd ports edge-safeguard enable....................................................................................................229
configure stpd ports link-type....................................................................................................................................231
configure stpd ports mode.........................................................................................................................................234
configure stpd ports port-priority...........................................................................................................................235
configure stpd ports priority......................................................................................................................................236
configure stpd ports restricted-role disable...................................................................................................... 238
configure stpd ports restricted-role enable....................................................................................................... 239
configure stpd priority..................................................................................................................................................240
configure stpd tag............................................................................................................................................................241
configure vlan add ports stpd...................................................................................................................................243
create eaps shared-port...............................................................................................................................................245
create eaps......................................................................................................................................................................... 246
create erps ring.................................................................................................................................................................247
create stpd..........................................................................................................................................................................248
debug erps show............................................................................................................................................................. 250
debug erps..........................................................................................................................................................................250
delete eaps shared-port................................................................................................................................................ 251
delete eaps.......................................................................................................................................................................... 252
delete erps...........................................................................................................................................................................253
delete stpd.......................................................................................................................................................................... 253
disable eaps........................................................................................................................................................................254
disable erps block-vc-recovery................................................................................................................................ 256
disable erps ring-name................................................................................................................................................. 256
disable erps topology-change...................................................................................................................................257
disable erps.........................................................................................................................................................................258
disable stpd auto-bind.................................................................................................................................................. 259
disable stpd ports........................................................................................................................................................... 260
disable stpd rapid-root-failover.................................................................................................................................261
disable stpd........................................................................................................................................................................ 262
enable eaps.........................................................................................................................................................................263
Layer 2 Protocols
Table of Contents
enable erps block-vc-recovery.................................................................................................................................264

enable erps ring-name.................................................................................................................................................. 265
enable erps topology-change................................................................................................................................... 266
enable erps......................................................................................................................................................................... 266
enable stpd auto-bind................................................................................................................................................... 267
enable stpd ports............................................................................................................................................................ 270
enable stpd rapid-root-failover..................................................................................................................................271
enable stpd..........................................................................................................................................................................272
MSTP...................................................................................................................................................................................... 273
RSTP....................................................................................................................................................................................... 273
run erps force-switch | manual-switch..................................................................................................................273
show eaps cfm groups..................................................................................................................................................274
show eaps counters shared-port............................................................................................................................. 275
show eaps counters....................................................................................................................................................... 280
show eaps shared-port neighbor-info.................................................................................................................. 284
show eaps shared-port................................................................................................................................................. 285
show eaps............................................................................................................................................................................289
show erps ring-name..................................................................................................................................................... 295
show erps statistics........................................................................................................................................................ 297
show erps............................................................................................................................................................................ 298
show stpd ports............................................................................................................................................................... 299
show stpd............................................................................................................................................................................302
show vlan eaps................................................................................................................................................................. 306
show vlan stpd..................................................................................................................................................................307
Spanning Tree Domains...............................................................................................................................................309
STP Rules and Restrictions.......................................................................................................................................... 312
STP........................................................................................................................................................................................... 313
unconfigure eaps port.................................................................................................................................................... 313
unconfigure eaps shared-port link-id..................................................................................................................... 314
unconfigure eaps shared-port mode...................................................................................................................... 315
unconfigure erps cfm......................................................................................................................................................316
unconfigure erps neighbor-port................................................................................................................................ 317
unconfigure erps notify-topology-change........................................................................................................... 317
unconfigure erps protection-port.............................................................................................................................318
unconfigure erps ring-ports west............................................................................................................................. 319
unconfigure mstp region............................................................................................................................................. 320
unconfigure stpd ports link-type.............................................................................................................................. 321
unconfigure stpd.............................................................................................................................................................. 322
Layer 2 Protocols
Preface
Conventions
This section discusses the conventions used in this guide.
Text Conventions
The following tables list text conventions that are used throughout this guide.
Table 1: Notice Icons
Icon
Notice Type
Alerts you to...
Note
Important features or instructions.
Caution
Risk of personal injury, system damage, or loss of data.
Warning
Risk of severe personal injury.
New
This command or section is new for this release.
Table 2: Text Conventions

Convention
Screen displays
Description
This typeface indicates command syntax, or represents information as it appears on
the screen.
The words enter and

type
When you see the word enter in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says type.
[Key] names
Key names are written with brackets, such as [Return] or [Esc]. If you must press two
or more keys simultaneously, the key names are linked with a plus sign (+). Example:
Press [Ctrl]+[Alt]+[Del]
Words in italicized type
Italics emphasize a point or denote new terms at the place where they are defined in
the text. Italics are also used when referring to publication titles.
Layer 2 Protocols
Preface
Platform-Dependent Conventions
Unless otherwise noted, all information applies to all platforms supported by ExtremeXOS software,
which are the following:
BlackDiamond X8 series switch

BlackDiamond 8800 series switches
Cell Site Routers (E4G-200 and E4G-400)
Summit family switches
SummitStack
When a feature or feature implementation applies to specific platforms, the specific platform is noted in
the heading for the section describing that implementation in the ExtremeXOS command
documentation. In many cases, although the command is available on all platforms, each platform uses
specific keywords. These keywords specific to each platform are shown in the Syntax Description and
discussed in the Usage Guidelines.
Terminology
When features, functionality, or operation is specific to a switch family, the family name is used.
Explanations about features and operations that are the same across all product families simply refer to
the product as the switch.
Related Publications
Documentation for Extreme Networks products is available at: www.extremenetworks.com. The
following is a list of related publications currently available:
ExtremeXOS User Guide

ExtremeXOS Hardware and Software Compatibility Matrix
ExtremeXOS Legacy CLI Quick Reference Guide
ExtremeXOS ScreenPlay User Guide
Using AVB with Extreme Switches
BlackDiamond 8800 Series Switches Hardware Installation Guide

BlackDiamond X8 Switch Hardware Installation Guide
Extreme Networks Pluggable Interface Installation Guide
Summit Family Switches Hardware Installation Guide
Ridgeline Installation and Upgrade Guide

Ridgeline Reference Guide
SDN OpenFlow Implementation Guide

SDN OpenStack Install Guide
Some ExtremeXOS software files have been licensed under certain open source licenses. Information is
available at: www.extremenetworks.com/services/osl-exos.aspx
Layer 2 Protocols
Preface
Providing Feedback to Us
We are always striving to improve our documentation and help you work better, so we want to hear
from you! We welcome all feedback but especially want to know about:
Content errors or confusing or conflicting information.
Ideas for improvements to our documentation so you can find the information you need faster.
Broken links or usability issues.
If you would like to provide feedback to the Extreme Networks Information Development team about
this document, please contact us using our short online feedback form. You can also email us directly at
internalinfodev@extremenetworks.com.
Layer 2 Protocols
Navigating the ExtremeXOS User Guide

This guide consists of the following eight volumes that contain feature descriptions, conceptual
material, configuration details, command references and examples:
Basic Switch Operation
Policies and Security
Layer 2 Basics
Layer 2 Protocols
Layer 3 Basics
Layer 3 Unicast Protocols
Multicast
Advanced Features
Layer 2 Protocols
10
1 EAPS
EAPS Protocol Overview
Configuring EAPS
Displaying EAPS Information
Configuration Examples
This chapter provides an overview and discusses various topologies of Extreme's Automatic Protection
Switching (EAPS) feature. The chapter offers configuration and monitoring details, and also provides
configuration examples.
EAPS Protocol Overview

The EAPS protocol provides fast protection switching to Layer 2 switches interconnected in an
Ethernet ring topology, such as a Metropolitan Area Network (MAN) or large campus (see the following
figure).
Figure 1: Gigabit Ethernet Fiber EAPS MAN Ring
EAPS Benefits
EAPS offers the following benefits:
Layer 2 Protocols
11
EAPS
Fast Recovery time for link or node failuresWhen a link failure or switch failure occurs, EAPS
provides fast recovery times. EAPS provides resiliency for voice, video and data services.
Scalable network segmentation and fault isolationEAPS domains can protect groups of multiple
VLANs, allowing scalable growth and broadcast loop protection. EAPS domains provide logical and
physical segmentation, which means the failures in one EAPS ring do not impact network service for
other rings and VLANs.
Resilient foundation for non-stop IP routing servicesEAPS provides a resilient foundation for
upper level routing protocols such as Open Shortest Path First (OSPF) and Border Gateway
Protocol (BGP), minimizing route-flapping and dropped neighbors within the routed IP network.
Predictable convergence regardless of failure locationEAPS provides consistent and predictable
recovery behavior regardless of where link failures occur. The simple blocking architecture and
predictable performance of EAPS allows for enforceable Service Level Agreements (SLAs). This
allows easier network troubleshooting and failure scenario analysis without lengthy testing or
debugging on live production networks.
EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol (STP),
but EAPS offers the advantage of converging in less than one second when a link in the ring breaks.
An Ethernet ring built using EAPS can have resilience comparable to that provided by SONET rings, at a
lower cost and with fewer restraints (such as ring size). The EAPS technology developed by Extreme
Networks to increase the availability and robustness of Ethernet rings is described in RFC 3619:
Extreme Networks Ethernet Automatic Protection Switching (EAPS) Version 1.
EAPS Single Ring Topology

The simplest EAPS configuration operates on a single ring.
This section describes how this type of EAPS configuration operates. Later sections describe more
complex configurations.
An EAPS domain consists of one master node and one or more transit nodes (see the following figure),
and includes one control VLAN and one or more protected VLANs.
A domain is a single instance of the EAPS protocol that defines the scope of protocol operation. A
single logical EAPS domain typically exists on a given physical ring topology (fiber or copper).
Layer 2 Protocols
12
EAPS
Figure 2: EAPS Operation

A protected VLAN is a user data VLAN that uses the ring for a protected connection between all edge
ports. The protected VLAN uses 802.1q trunking on the ring ports and supports tagged and untagged
edge ports.
One ring port of the master node is designated the master nodes primary port (P), and another port is
designated as the master nodes secondary port (S) to the ring. In normal operation, the master node
blocks the secondary port for all protected VLAN traffic, thereby preventing a loop in the ring. (The
spanning tree protocol, STP, provides the same type of protection.) Traditional Ethernet bridge learning
and forwarding database mechanisms direct user data around the ring within the protected VLANs.
Note
Although primary and secondary ports are configured on transit nodes, both port types
operate identically as long as the transit node remains a transit node. If the transit node is
reconfigured as a master node, the configured states of the primary and secondary ports
apply.
The control VLAN is a dedicated 802.1q tagged VLAN that is used to transmit and receive EAPS control
frames on the ring. The control VLAN can contain only two EAPS ring ports on each node. Each EAPS
domain has a unique control VLAN, and control traffic is not blocked by the master node at any time.
The control VLAN carries the following EAPS control messages around the ring:
Health-check messages, which are sent from the master node primary port. Transit nodes forward
health-check messages toward the master node secondary port on the control VLAN. When the
master node receives a health check message on the secondary port, the EAPS ring is considered
intact.
Link-down alert messages, which are sent from a transit node to the master node when the transit
node detects a local link failure.
Flush-FDB messages, which are sent by the master node to all transit nodes when ring topology
changes occur. Upon receiving this control frame, the transit node clears its MAC address
forwarding table (FDB) and relearns the ring topology.
Layer 2 Protocols
13
EAPS
When the master node detects a failure, due to an absence of health-check messages or a received
link-down alert, it transitions the EAPS domain to the Failed state and unblocks its secondary port to
allow data connectivity in the protected VLANs.
EAPS Multiple Ring Topology

EAPS works with multiple ring networks to support more complex topologies for interconnecting
multiple EAPS domains. This allows larger EAPS end-to-end networks to be built from edge to core.
Note
Minimal EAPS support is provided at all license levels. EAPS multiple ring topologies and
common link topologies are supported at higher license levels as described in the Feature
License Requirements document.
The simplest multiple ring topology uses a single switch to join two EAPS rings.
The common link feature uses two switches, which share a common link, to provide redundancy and
link multiple EAPS rings.
Two Rings Connected by One Switch
The following figure shows how a data VLAN can span two rings interconnected by a common switch
a figure eight topology.
Figure 3: Two Rings Interconnected by One Switch

A data VLAN that spans multiple physical rings or EAPS domains and is protected by EAPS is called an
overlapping VLAN. An overlapping VLAN requires loop protection for each EAPS domain to which it
belongs.
In the following figure, there is an EAPS domain with its own control VLAN running on ring 1 and
another EAPS domain with its own control VLAN running on ring 2. A data VLAN that spans both rings
is added as a protected VLAN to both EAPS domains to create an overlapping VLAN. Switch S5 has
two instances of EAPS domains running on it, one for each ring.
Layer 2 Protocols
14
EAPS
Multiple Rings Sharing an EAPS Common Link

EAPS Common Link Operation
The following figure shows an example of a multiple ring topology that uses the EAPS common link
feature to provide redundancy for the switches that connect the rings.
Figure 4: Multiple Rings Sharing a Common Link

An EAPS common link is a physical link that carries overlapping VLANs that are protected by more
than one EAPS domain.
In the example shown earlier in the preceding figure, switch S5 could be a single point of failure. If
switch S5 were to go down, users on Ring 1 would not be able to communicate with users on Ring 2. To
make the network more resilient, you can add another switch. A second switch, S10, connects to both
rings and to S5 through a common link, which is common to both rings.
The EAPS common link in the following figure requires special configuration to prevent a loop that
spans both rings. The software entity that requires configuration is the eaps shared-port, so the
common link feature is sometimes called the shared port feature.
Note
If the shared port is not configured and the common link goes down, a superloop between
the multiple EAPS domains occurs.
The correct EAPS common link configuration requires an EAPS shared port at each end of the common
link. The role of the shared port (and switch) at each end of the common link must be configured as
either controller or partner. Each common link requires one controller and one partner for each EAPS
domain. Typically the controller and partner nodes are distribution or core switches. A controller or
partner can also perform the role of master or transit node within its EAPS domain.
During normal operation, the master node on each ring protects the ring as described in EAPS Single
Ring Topology on page 12. The controller and partner nodes work together to protect the overlapping
VLANs from problems caused by a common link failure or a failed controller (see the following figure).
Layer 2 Protocols
15
EAPS
Figure 5: Master Node Operation in a Multiple Ring Topology

If a link failure occurs in one of the outer rings, only a single EAPS domain is affected. The EAPS master
detects the failure in its domain, and converges around the failure. In this case, the controller does not
take any blocking action, and EAPS domains on other rings are not affected. Likewise, when the link is
restored, only the local EAPS domain is affected. The controller and any EAPS domains on other rings
are not affected, and continue forwarding traffic normally.
To detect common-link faults, the controller and partner nodes send segment health check messages
at one-second intervals to each other through each segment. A segment is the ring communication
path between the controller and partner. The common link completes the ring, but it is a separate entity
from the segment. To discover segments and their up or down status, segment health-check messages
are sent from controller to partner, and also from partner to controller (see the following figure).
Figure 6: Segment Health-Check Messages

Common Link Fault Detection and Response
With one exception, when a common link fails, each master node detects the failure and unblocks its
secondary port, as shown in the following figure.
Layer 2 Protocols
16
EAPS
Figure 7: Common Link Failure

Because the secondary port of each master node is now unblocked, the new topology introduces a
broadcast loop spanning the outer rings.
The controller and partner nodes immediately detect the loop, and the controller does the following:
Selects an active-open port for protected VLAN communications.
Blocks protected VLAN communications on all segment ports except the active-open port.
Note
When a controller goes into or out of the blocking state, the controller sends a flush-fdb
message to flush the FDB in each of the switches in its segments. In a network with multiple
EAPS ports in the blocking state, the flush-fdb message gets propagated across the
boundaries of the EAPS domains.
The exception mentioned above occurs when the partner node is also a master node, and the shared
port that fails is configured as a primary port. In this situation, the master node waits for a link-down
PDU from the controller node before opening the secondary port. This delay prevents a loop that might
otherwise develop if the master/partner node detects the link failure before the controller node.
Note
If the common link and a ring link fail, and if the common link restores before the ring link,
traffic down time can be as long as three seconds. This extended delay is required to prevent
loops during the recovery of multiple failed links.
Common Link Recovery
When a common link recovers, each master node detects that the ring is complete and immediately
blocks their secondary ports. The controller also detects the recovery and puts its shared port to the
common link into a temporary blocking state called pre-forwarding as shown in the following figure.
Layer 2 Protocols
17
EAPS
Figure 8: Common Link in Pre-Forwarding State

Because the topology has changed, the EAPS nodes must learn the new traffic paths. Each master
node notifies all switches in their domain to clear their FDB tables, and traditional Ethernet bridge
learning and forwarding mechanisms establish the new traffic paths. Once the controller receives flushfdb messages for all of its connected EAPS domains, the controller shared-port state for the common
link changes to forwarding, the controller state changes to Ready, and traffic flows normally as shown
in the following figure.
Figure 9: Common-Link Restored

Controller and Partner Node States
EAPS controller and partner nodes can be in the following states:
Layer 2 Protocols
18
EAPS
ReadyIndicates that the EAPS domains are running, the common-link neighbor can be reached
through segment health-checks, and the common link is up.
BlockingIndicates that the EAPS domains are running, the common-link neighbor can be reached
through segment health-checks, but the common-link is down. Only the controller node (and not
the partner) performs blocking.
PreforwardingIndicates the EAPS domain was in a blocking state, and the common link was
restored. The controller port is temporarily blocked to prevent a loop during state transition from
Blocking to Ready.
IdleIndicates the EAPS common-link neighbor cannot be reached through segment health-check
messages.
Spatial Reuse with an EAPS Common Link

The common-link topology supports multiple EAPS domains (spatial reuse) on each ring as shown in
the following figure.
Figure 10: EAPS Common Link Topology with Spatial Reuse

Note
If you are using the older method of enabling STP instead of EAPSv2 to block the super loop
in a shared-port environment, you can continue to do so. In all other scenarios, we
recommendsthat you do not use both STP and EAPS on the same port.
Additional Common Link Topology Examples
Basic Core Topology
The following figure shows a core topology with two access rings. In this topology, there are two EAPS
common links.
Layer 2 Protocols
19
EAPS
Figure 11: Basic Core Topology

Right-Angle Topology
In the right-angle topology, there are still two EAPS common links, but the common links are adjacent
to each other.
To configure a right-angle topology, there must be two common links configured on one of the
switches. The following figure shows a right-angle topology.
Figure 12: Right-Angle Topology

Combined Basic Core and Right-Angle Topology
The following figure shows a combination basic core and right-angle topology.
Layer 2 Protocols
20
EAPS
Figure 13: Basic Core and Right Angle Topology

The following figure shows an extension of the basic core and right angle configuration.
Figure 14: Advanced Basic Core and Right Angle Topology

Large Core and Access Ring Topology
The following figure shows a single large core ring with multiple access rings hanging off of it.
This is an extension of a basic core configuration.
Layer 2 Protocols
21
EAPS
Figure 15: Large Core and Access Ring Topology
Fast Convergence
The fast convergence mode allows EAPS to converge more rapidly. In EAPS fast convergence mode,
the link filters on EAPS ring ports are turned off. In this case, an instant notification is sent to the EAPS
process if a ports state transitions from up to down or vice-versa.
You must configure fast convergence for the entire switch, not by EAPS domain.
EAPS and Hitless Failover--Modular Switches and SummitStack Only

When you install two Management Switch Fabric Modules (MSMs) or Management Modules (MMs) in a
BlackDiamond chassis or use redundancy in a SummitStack, one MSM/MM (node) assumes the role of
primary and another node assumes the role of backup.
The primary node executes the switchs management functions, and the backup node acts in a standby
role. Hitless failover transfers switch management control from the primary to the backup and
maintains the state of EAPS. EAPS supports hitless failover. You do not explicitly configure hitless
failover support; rather, if you have two MSMs/MMs installed in a chassis or you are operating with
redundancy in a SummitStack, hitless failover is available.
Note
Not all platforms support hitless failover in the same software release. To verify if the
software version you are running supports hitless failover, see the following table in
Managing the Switch. For more information about protocol, platform, and MSM/MM support
for hitless failover, see Understanding Hitless Failover Support.
Layer 2 Protocols
22
EAPS
To support hitless failover, the primary node replicates all EAPS PDUs to the backup, which allows the
backup to be aware of the EAPS domain state. Since both nodes receive EAPS PDUs, each node
maintains equivalent EAPS states.
By knowing the state of the EAPS domain, the EAPS process running on the backup node can quickly
recover after a primary node failover. Although both nodes receive EAPS PDUs, only the primary
transmits EAPS PDUs to neighboring switches and actively participates in EAPS.
Note
For instructions on how to manually initiate hitless failover, see Relinquishing Primary Status.
EAPS Licensing
Different EAPS features are offered at different license levels.
For complete information about software licensing, including how to obtain and upgrade your license
and what licenses are appropriate for these features, see the Feature License Requirements document.
Configuring EAPS
Single Ring Configuration Tasks

To configure and enable an EAPS protected ring, do the following on each ring node:
1
2
3
4
5
6
7
Create an EAPS domain and assign a name to the domain as described in Creating and Deleting an
EAPS Domain on page 24.
Create and add the control VLAN to the domain as described in Adding the EAPS Control VLAN on
page 24.
Create and add the protected VLAN(s) to the domain as described in Adding Protected VLANs on
page 25.
Configure the EAPS mode (master or transit) for the switch in the domain as described in Defining
the Switch Mode (Master or Transit) on page 25.
Configure the EAPS ring ports, including the master primary and secondary ring ports, as described
in Configuring the Ring Ports on page 26.
If desired, configure the polling timers and timeout action as described in Configuring the Polling
Timers and Timeout Action on page 26.*
Enable EAPS for the entire switch as described in Enabling and Disabling EAPS on the Switch on
page 27.
Layer 2 Protocols
23
EAPS
8 If desired, enable Fast Convergence as described in Enabling and Disabling Fast Convergence on
page 28.*
9 Enable EAPS for the specified domain as described in Enabling and Disabling an EAPS Domain on
page 28.
Note
If you configure a VMAN on a switch running EAPS, make sure you configure the VMAN
attributes on all of the switches that participate in the EAPS domain. For more information
about VMANs, see VMAN (PBN) and PBBN.
Creating and Deleting an EAPS Domain
Each EAPS domain is identified by a unique domain name.
To create an EAPS domain, use the following command:

create eaps name
To delete an EAPS domain, use the following command:

delete eaps name
Adding the EAPS Control VLAN

You must create and configure one control VLAN for each EAPS domain. For instructions on creating a
VLAN, see VLANs.
To configure EAPS to use a VLAN as the EAPS control VLAN for a domain, use the following
command:
configure eaps name add control {vlan} vlan_name
Note
A control VLAN cannot belong to more than one EAPS domain. If the domain is active,
you cannot delete the domain or modify the configuration of the control VLAN.
The control VLAN must NOT be configured with an IP address. In addition, only ring ports
may be added to this control VLAN. No other ports can be members of this VLAN. Failure
to observe these restrictions can result in a loop in the network.
The ring ports of the control VLAN must be tagged.
By default, EAPS PDUs are automatically assigned to QoS profile QP8. This ensures that the control
VLAN messages reach their intended destinations. You do not need to configure a QoS profile for
the control VLAN.
Layer 2 Protocols
24
EAPS
Adding Protected VLANs

You must add one or more protected VLANs to each EAPS domain. The protected VLANs are the datacarrying VLANs.
Note
When you configure a protected VLAN, the ring ports of the protected VLAN must be tagged
(except in the case of the default VLAN).
For instructions on creating a VLAN, see VLANs.
To configure a VLAN as an EAPS protected VLAN, use the following command:

configure eaps name add protected {vlan} vlan_name
Configuring the EAPS Domain Priority

The EAPS domain priority feature allows you to select the EAPS domains that are serviced first when a
break occurs in an EAPS ring. For example, you might set up a network topology with two or more
domains on the same physical ring, such as in spatial reuse. In this topology, you could configure one
domain as high priority and the others as normal priority. You would then add a small subset of the
total protected VLANs to the high priority domain, and add the rest of the protected vlans to the
normal priority domain. The secondary port of the normal and high priority domains can be the same,
or as is typically the case of spatial reuse, opposite. If a ring fault occurs in this topology, the protected
VLANs in the high priority domain are the first to recover.
To configure the EAPS domain priority, use the following command:

configure eaps name priority {high | normal}
Defining the Switch Mode (Master or Transit)

We recommend keeping the loop protection warning messages enabled. If you have considerable
knowledge and experience with EAPS, you might find the EAPS loop protection warning messages
unnecessary.
1
Configure the EAPS switch mode for a domain using the following command:
configure eaps name mode [master | transit]
One switch on the ring must be configured as the master node for the specified domain; all other
switches on the same ring and domain are configured as transit nodes.
If you configure a switch to be a transit node for an EAPS domain, the default switch configuration
displays the following message and prompts you to confirm the command:
WARNING: Make sure this specific EAPS domain has a Master node in the ring. If
you change this node from EAPS master to EAPS transit, you could cause a loop
in the network. Are you sure you want to change mode to transit? (y/n)
2 When prompted, do one of the following:
Enter y to identify the switch as a transit node.

Enter n or press [Return] to cancel the command.
For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.
Layer 2 Protocols
25
EAPS
Configuring the Ring Ports

Each node on the ring connects to the ring through two ring ports. The ports that you choose on each
switch should be tagged and added to the control VLAN and all protected VLANs. For information on
adding tagged ports to a VLAN, see VLANs.
On the master node, one ring port must be configured as the primary port, and the other must be
configured as the secondary port.
We recommend that you keep the loop protection warning messages enabled. If you have considerable
unnecessary.
1
To configure a node port as primary or secondary, use the following command:

configure eaps name [primary | secondary] port ports
If you attempt to add an EAPS ring port to a VLAN that is not protected by EAPS, the default switch
configuration prompts you to confirm the command with the following message:
Make sure <vlan_name> is protected by EAPS. Adding EAPS ring ports to a VLAN
could cause a loop in the network. Do you really want to add these ports (y/n)

Enter n or press [Return] to cancel the command.
For information on configuring a VLAN for EAPS, see the following sections:
Adding the EAPS Control VLAN on page 24

Adding Protected VLANs on page 25
Configuring the Polling Timers and Timeout Action
The polling timers provide an alternate way to detect ring breaks. In a ring that uses only Extreme
Networks switches, the master switch learns about a ring break by receiving a link-down PDU. When
the ring uses only Extreme networks switches, the polling timers are not needed and can remain
configured for the default values.
In a ring that contains switches made by other companies, the polling timers provide an alternate way
to detect ring breaks. The master periodically sends hello PDUs at intervals determined by the hello
PDU timer and waits for a reply. If a hello PDU reply is not received before the failtime timer expires, the
switch detects a failure and responds by either sending an alert or opening the secondary port. The
response action is defined by a configuration command.
Set the polling timer values the master node uses for detecting ring failures.
configure eaps name hellotime seconds milliseconds
Layer 2 Protocols
26
EAPS
configure eaps name failtime seconds milliseconds
Note
These commands apply only to the master node. If you configure the polling timers for a
transit node, they are ignored. If you later reconfigure that transit node as the master
node, the polling timer values are used as the current values.
Use the hellotime keyword and its associated parameters to specify the amount of time the
master node waits between transmissions of health check messages on the control VLAN. The
combined value for seconds and milliseconds must be greater than 0. The default value is 1 second.
Use the failtime keyword and its associated parameters to specify the amount of time the master
node waits before the failtimer expires. The combined value for seconds and milliseconds must be
greater than the configured value for hellotime. The default value is 3 seconds.
Note
Increasing the failtime value increases the time it takes to detect a ring break using the
polling timers, but it can also reduce the possibility of incorrectly declaring a failure when
the network is congested.
Configure the action taken when a ring break is detected.

configure eaps name failtime expiry-action [open-secondary-port | send-alert]
Use the send-alert parameter to send an alert when the failtimer expires. Instead of going into a
failed state, the master node remains in a Complete or Init state, maintains the secondary port
blocking, and writes a critical error message to syslog warning the user that there is a fault in the
ring. An SNMP trap is also sent.
Use the open-secondary-port parameter to open the secondary port when the failtimer
expires.
Enabling and Disabling EAPS on the Switch
unnecessary.
To enable the EAPS function for the entire switch, use the following command:
enable eaps
To disable the EAPS function for the entire switch, use the following command:
disable eaps
If you enter the command to disable EAPS, the default switch configuration displays the following
warning message and prompts you to confirm the command:
WARNING: Disabling EAPS on the switch could cause a loop in the network! Are
you sure you want to disable EAPS? (y/n)
When prompted, do one of the following:

a Enter y to disable EAPS for the entire switch.
b Enter n or press [Return] to cancel the command.
Layer 2 Protocols
27
EAPS
Enabling and Disabling Fast Convergence
You can enable or disable fast convergence for the entire switch to improve EAPS convergence times.
Note
Possible factors affecting EAPS fast convergence time:
The medium type of the link being flapped (Fiber link-down events are detected faster
than copper, causing better convergence).
Number of VLANs protected by the EAPS domain (convergence time increases with the
number of protected VLANs).
Number of FDB entries present during the switch over (convergence time increases with
the number of FDBs learned).
Topology change event (link down or link up) causes the master node to send an FDB
flush to all transits. In the event ofa shared port failure, FDB is flushed twice, causing an
increase in convergence time.
Number of hops between the switch where the link flap happens and the master node
(convergence increases with the number of hops).
To enable or disable fast convergence on the switch, use the following command:
configure eaps fast-convergence[off | on]
Enabling and Disabling an EAPS Domain

unnecessary.
To enable a specific EAPS domain, use the following command:

enable eaps {name}
To disable a specific EAPS domain, use the following command:

disable eaps {name}
If you enter the disable eaps command, the default switch configuration displays the following
warning message and prompts you to confirm the command:
WARNING: Disabling specific EAPS domain could cause a loop in the network! Are
you sure you want to disable this specific EAPS domain? (y/n)

a Enter y to disable EAPS for the specified domain.
b Enter n or press [Return] to cancel the command.
Layer 2 Protocols
28
EAPS
Configuring EAPS Support for Multicast Traffic

The ExtremeXOS software provides several commands for configuring how EAPS supports multicast
traffic after an EAPS topology change.
Note
EAPS multicast flooding must be enabled before the add-ring-ports feature will operate. For
information on enabling EAPS multicast flooding, see the command:
configure eaps multicast temporary-flooding [on | off]
Unconfiguring an EAPS Ring Port

Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to
appear in the Idle state with a port status of Unknown. This occurs when you use the show eaps
{eapsDomain} {detail} command to display the status information about the port.
unnecessary.
1
To unconfigure an EAPS primary or secondary ring port for an EAPS domain, use the following
command:
unconfigure eaps eapsDomain [primary | secondary] port
To prevent loops in the network, the switch displays by default a warning message and prompts
you to unconfigure the specified EAPS primary or secondary ring port.
a Enter y to unconfigure the specified port.
b Enter n or press [Return] to cancel this action.
The following command example unconfigures this nodes EAPS primary ring port on the
domain eaps_1:
unconfigure eaps eaps_1 primary port
WARNING: Unconfiguring the Primary port from the EAPS domain could cause a
loop in The network! Are you sure you want to unconfigure the Primary EAPS
Port? (y/n)
3 Enter y to continue and unconfigure the EAPS primary ring port. Enter n to cancel this action.
The switch displays a similar warning message if you unconfigure the secondary EAPS port.
Disabling EAPS Loop Protection Warning Messages
The switch displays by default loop protection messages when configuring the following EAPS
parameters:
Adding EAPS primary or secondary ring ports to a VLAN
Deleting a protected VLAN
Layer 2 Protocols
29
EAPS
Disabling the global EAPS setting on the switch

Disabling an EAPS domain
Configuring an EAPS domain as a transit node
Unconfiguring EAPS primary or secondary ring ports from an EAPS domain
We recommend keeping the loop protection warning messages enabled. If you have considerable
unnecessary. For example, if you use a script to configure your EAPS settings, disabling the warning
messages allows you to configure EAPS without replying to each interactive yes/no question.
To disable loop protection messages, use the following command:

configure eaps config-warnings off
To re-enable loop protection messages, use the following command:

configure eaps config-warnings on
Common Link Topology Configuration Tasks

To create a common link topology, you must configure the shared ports at each end of the common
link.
EAPS Shared Port Configuration Rules
The following rules apply to EAPS shared port configurations:
Each common link in the EAPS network must have a unique link ID, which is configured at the
shared port at each end of the link.
The shared port mode configured on each side of a common link must be different from the other;
one must be a controller and one must be a partner.
The controller and partner shared ports on either side of a common link must have the same
link ID. The common link is established only when the shared ports at each end of the common link
have the same link ID.
There can be up to two shared ports per switch.
There cannot be more than one controller on a switch.
Valid combinations on any one switch are:
1 controller
1 partner
Layer 2 Protocols
30
EAPS
1 controller and 1 partner

2 partners
A shared port cannot be configured on an EAPS masters secondary port.

Note
When a common link fails, one of the segment ports becomes the active-open port, and
all other segment ports are blocked to prevent a loop for the protected VLANs. For some
topologies, you can improve network performance during a common link failure by
selecting the port numbers to which segments connect. For information on how the
active-open port is selected, see Common Link Fault Detection and Response.
Common Link Configuration Overview

To configure and enable a common link to serve multiple rings, do the following on the controller and
partner nodes:
1
Create a shared port for the common link as described in Creating and Deleting a Shared Port on
page 31.
2 Configure the shared port as either a controller or a partner as described in Defining the Mode of the
Shared Port on page 31.
3 Configure the link ID on the shared port as described in Configuring the Link ID of the Shared Port
on page 32.
4 If desired, configure the polling timers and timeout action as described in Configuring the Shared
Port Timers and Timeout Action on page 32.
This step can be configured at any time, even after the EAPS domains are running.
5 Configure EAPS on each ring as described in Single Ring Configuration Tasks on page 23.
Creating and Deleting a Shared Port
To configure a common link, you must create a shared port on each switch belonging to the common
link.
To create a shared port, use the following command:

create eaps shared-port ports
Where ports is the common link port.

Note
A switch can have a maximum of two shared ports.
To delete a shared port on the switch, use the following command:

delete eaps shared-port ports
Defining the Mode of the Shared Port

The shared port on one end of the common link must be configured to be the controller. This is the end
responsible for blocking ports when the common link fails, thereby preventing the superloop.
Layer 2 Protocols
31
EAPS
The shared port on the other end of the common link must be configured to be the partner. This end
does not participate in any form of blocking. It is responsible for only sending and receiving healthcheck messages.
To configure the mode of the shared port, use the following command:
configure eaps shared-port ports mode controller | partner
Configuring the Link ID of the Shared Port

Each common link in the EAPS network must have a unique link ID. The controller and partner shared
ports that belong to the same common link must have matching link IDs. No other instance in the
network should have that link ID.
If you have multiple adjacent common links, we recommend that you configure the link IDs in
ascending order of adjacency. For example, if you have an EAPS configuration with three adjacent
common links, moving from left to right of the topology, configure the link IDs from the lowest to the
highest value.
To configure the link ID of the shared port, use the following command:
configure eaps shared-port ports link-id id
The link ID range is 165534.

Configuring the Shared Port Timers and Timeout Action
To configure the shared port timers, use the following commands:

configure eaps shared-port port common-path-timers {[health-interval |
timeout] seconds}
configure eaps shared-port port segment-timers health-interval seconds
configure eaps shared-port port segment-timers timeout seconds
To configure the time out action for segment timers, use the following command:
configure eaps shared-port port segment-timers expiry-action [segment-down |
send-alert]
Unconfiguring an EAPS Shared Port
To unconfigure a link ID on a shared port, use the following command:
To unconfigure the mode on a shared port, use the following command:
unconfigure eaps shared-port ports link-id
unconfigure eaps shared-port ports mode
To delete a shared port, use the following command:

Layer 2 Protocols
32
EAPS
Clearing the EAPS Counters

The EAPS counters continue to increment until you explicitly clear the information. By clearing the
counters, you can see fresh statistics for the time period you are monitoring.
To clear the counters used by EAPS, use the following commands:

clear counters
clear eaps counters
Displaying EAPS Information
Displaying Single Ring Status and Configuration Information
To display EAPS status and configuration information, use the following command:
show eaps {eapsDomain} {detail}
Note
You might see a slightly different display, depending on whether you enter the command
on the master node or the transit node.
If you specify a domain with the optional eapsDomain parameter, the command displays status
information for a specific EAPS domain.
The display from the show eaps detail command shows all the information shown in the show
eaps eapsDomain command for all configured EAPS domains.
Displaying Domain Counter Information
To display EAPS counter information for one or all domains, use the following command:
show eaps counters [eapsDomain | global]
If you specify the name of an EAPS domain, the switch displays counter information related to only
that domain.
If you specify the global keyword, the switch displays a list of the counter totals for all domains. To
see the counters for a specific domain, you must specify the domain name.
Note
If a PDU is received, processed, and consumed, only the Rx counter increments. If a PDU is
forwarded in slow path, both the Rx counter and Fw counter increment.
Layer 2 Protocols
33
EAPS
Displaying Common Link Status and Configuration Information

Each controller and partner node can display status and configuration information for the shared port
or ports on the corresponding side of the common link.
To display EAPS common link information, use the following command:

show eaps shared-port {port} {detail}
If you enter the show eaps shared-port command without an argument or keyword, the
command displays a summary of status information for all configured EAPS shared ports on the
switch.
If you specify a shared port, the command displays information about that specific port.
You can use the detail keyword to display more detailed status information about the segments
and VLANs associated with each shared port.
Displaying Common Link Counter Information

Each controller and partner node can display counter information for the shared port or ports through
which the switch connects to a common link.
To display EAPS shared port counter information, use the following command:
show eaps counters shared-port [global | port {segment-port segport
{eapsDomain}}]
If you specify the global keyword, the switch displays a list of counters that show the totals for all
shared ports together. To view the counters for a single shared port, enter the command with the
port number.
If you specify a particular EAPS segment port, the switch displays counter information related to
only that segment port for the specified EAPS domain.
Configuration Examples
Migrating from STP to EAPS

This section explains how to migrate or reconfigure an existing STP network to an EAPS network.
Note
Actual implementation steps on a production network may differ based on the physical
topology, switch models, and software versions deployed.
The sample STP network is a simple two-switch topology connected with two Gigabit Ethernet trunk
links, which form a broadcast loop. Both Extreme Networks switches are configured for 802.1D mode
STP running on a single data VLAN named Data. The sample STP network for migration to EAPS is
shown in the following figure.
Layer 2 Protocols
34
EAPS
Figure 16: Sample STP Network for Migration to EAPS

Creating and Configuring the EAPS Domain
The first step in the migration process is to create an EAPS Domain and configure the EAPS mode,
then define the primary and secondary ports for the domain. Follow this step for both switches.
Switch2 is configured as EAPS Master to ensure the same port blocking state is maintained as in the
original STP topology.
Switch 1 EAPS domain configuration:
*
*
*
*
SWITCH#1.1
SWITCH#1.2
SWITCH#1.3
SWITCH#1.4
#
#
#
#
create eaps new-eaps

configure new-eaps mode transit
configure new-eaps primary port 4:1
configure new-eaps secondary port 4:2
Switch 2 EAPS domain configuration:

*
*
*
*
SWITCH#2.1
SWITCH#2.2
SWITCH#2.3
SWITCH#2.4
#
#
#
#
create eaps new-eaps

configure new-eaps mode master
configure new-eaps primary port 4:1
configure new-eaps secondary port 4:2
Creating and Configuring the EAPS Control VLAN

1 You must create the EAPS control VLAN and configure the 802.1q tag and ring ports.
2 Configure the control VLANs as part of the EAPS domain. Do this for both switches.
Switch 1 control VLAN configuration:
*
*
*
*
SWITCH#1.5
SWITCH#1.6
SWITCH#1.8
SWITCH#1.9
#
#
#
#
create vlan control-1

configure vlan control-1 tag 4001
configure vlan control-1 add port 4:1,4:2 tagged
configure eaps new-eaps add control vlan control-1
Switch 2 control VLAN configuration:

*
*
*
*
SWITCH#2.5
SWITCH#2.6
SWITCH#2.8
SWITCH#2.9
#
#
#
#

configure eaps new-eaps add control vlan control-1
Enabling EAPS and Verify EAPS Status

1
Enable the EAPS protocol and the EAPS domain.
Layer 2 Protocols
35
EAPS
2 Confirm that the master node is in Complete state and its secondary port is blocking.
Switch 1 commands to enable EAPS and the domain:
* SWITCH#1.10 # enable eaps
* SWITCH#1.11 # enable eaps new-eaps
Switch 2 commands to enable EAPS and verify status:

* SWITCH#2.10 # enable eaps
* SWITCH#2.11 # enable eaps new-eaps
* SWITCH#2.12 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: On
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 1
# EAPS domain configuration :
---------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
---------------------------------------------------------------------------new-eaps
Complete
M
Y
4:1
4:2
control-1
(4001) 0
----------------------------------------------------------------------------
Configuring the STP Protected VLAN as an EAPS Protected VLAN

Configure the data VLAN (currently protected by STP as an untagged VLAN) as an EAPS protected
VLAN.
1
Assign an 802.1q tag to the data VLAN, as this might not be required with the previous STP
configuration.
2 Next, the data VLAN is added to the EAPS domain as a protected VLAN.
3 Configure the VLAN port changes at the end to prevent any broadcast loop from forming during
the transition from STP to EAPS protection.
A warning message is displayed on the CLI, but this can be ignored, as it is just a reminder that the
ring ports have not been added to the protected VLAN yet.
4 Change the port membership for the data VLAN from untagged to 802.1q tagged trunk ports.
Switch#2 commands to add EAPS protected VLAN and tagged ports:
* SWITCH#2.13 # configure vlan data tag 1000
* SWITCH#2.14 # configure new-eaps add protect vlan data
WARNING: Primary port [4:1] is not tagged on vlan "data", EAPS="new-eaps"
WARNING: Secondary port [4:2] is not tagged on vlan "data", EAPS="new-eaps"
* SWITCH#2.15 # configure data add port 4:1,4:2 tagged
Switch#1 commands to add EAPS protected VLAN and tagged ports:

* SWITCH#1.13 # configure vlan data tag 1000
* SWITCH#1.14 # configure new-eaps add protect vlan data
WARNING: Primary port [4:1] is not tagged on vlan "data", EAPS="new-eaps"
Layer 2 Protocols
36
EAPS
WARNING: Secondary port [4:2] is not tagged on vlan "data", EAPS="new-eaps"

* SWITCH#1.15 # configure data add port 4:1,4:2 tagged
Verifying the EAPS Blocking State for the Protected VLAN
To ensure there is no potential for a broadcast storm, confirm that EAPS is successfully blocking the
protected VLAN, as shown in the following example:
* SWITCH#2.16 # show new-eaps
Name: new-eaps
State: Complete
Running: Yes
Enabled: Yes Mode: Master
Primary port:
4:1
Port status: Up
Tag status: Tagged
Secondary port: 4:2
Port status: Blocked
Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last valid EAPS update: From Master Id 00:04:96:10:51:50, at Fri Sep 10
13:38:39 2004
EAPS Domains Controller Vlan: control-1 4001
EAPS Domains Protected Vlan(s): data 1000
Number of Protected Vlans: 1
After you verify that EAPS is protecting the data VLAN, you can safely remove the STP configuration.
Verifying the STP Status and Disabling STP
Once you have successfully verified that EAPS has taken over loop prevention for the data VLAN, you
no longer need the STP configuration.
Now, verify whether the data VLAN is removed from the STP domain, and then disable the STP
protocol.
Switch 2 commands to verify STP status and disable STP:
* SWITCH#2.17 # show stp s0
Stpd: s0
Stp: ENABLED
Rapid Root Failover: Disabled
Operational Mode: 802.1D
802.1Q Tag: (none)
Ports: (none)
Participating Vlans: (none)
Auto-bind Vlans: Default
Bridge Priority: 32768
BridgeID:
80:00:00:04:96:10:51:50
Designated root:
80:00:00:04:96:10:51:50
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s
Topology Change Detected: FALSE
Number of Topology Changes: 4
Time Since Last Topology Change: 1435s
* SWITCH#2.18 # show s0 port
Layer 2 Protocols
Number of Ports: 0
Default Binding Mode: 802.1D
ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE
37
EAPS
Port Mode State Cost Flags Priority Port ID Designated Bridge

* SWITCH#2.19 # disable stp
Switch 1 commands to verify STP status and disable STP:

* SWITCH#1.16 # show stp s0
Stpd: s0
Stp: ENABLED
Number of Ports: 0
Operational Mode: 802.1D
Default Binding Mode: 802.1D
802.1Q Tag: (none)
Ports: (none)
Participating Vlans: (none)
Bridge Priority: 1
BridgeID:
00:01:00:04:96:10:30:10
Designated root:
00:01:00:04:96:10:30:10
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Hold time: 1s
Topology Change Detected: FALSE
Topology Change: FALSE
* SWITCH#1.17 # show stp s0 po
Port Mode State Cost Flags Priority Port ID Designated Bridge
* SWITCH#1.18 # disable stp s0
* SWITCH#1.19 # disable stp
The network should now be successfully migrated from STP to EAPS.
Designing and Implementing a Highly Resilient Enterprise Network Using

EAPS
Network managers can design and employ a highly resilient end-to-end enterprise network using the
Extreme Networks switching platform and the EAPS protocol as shown in the following figure.
Layer 2 Protocols
38
EAPS
Figure 17: Extreme Networks EAPS Everywhere

EAPS can be used in the network edge to provide link resiliency for Ethernet and IP services in a partialmeshed design. In the aggregation layer, EAPS interconnects multiple edge and core domains. When
combined with VRRP and OSPF in the aggregation layer, EAPS provides the foundation for highly
resilient IP routing by protecting against link and switch failures.
In the network core, EAPS is used with OSPF to provide a high-performance IP routing backbone with
zero downtime or route flaps. Using EAPS and dual-homed server farms in the data center provides
high availability for mission-critical server resources.
The collapsed core/aggregation layer and data center also make use of EAPS resilient ring topology to
ensure network availability to all critical sources.
Layer 2 Protocols
39
EAPS
Designing and Configuring the Unified Access Layer

The unified access network layer makes use of EAPS in a partial-meshed ring topology for maximum
resiliency. The edge of the network is the first point of entry for client devices such as PCs, servers, VoIP
phones, wireless devices, and printers.
Utilizing EAPS and redundant uplink ports on edge switches increases network resiliency and
availability. Edge switches connect their primary and secondary uplink trunk ports to one or more
switches in the aggregation network layer (as shown in the following figure). If the primary uplink port
fails, traffic can use the alternate secondary uplink.
Figure 18: Converged Network Edge (Unified Access Layer)

In this sample network, each edge switch is configured with a unique EAPS domain and control VLAN.
Protected VLANs can overlap across multiple EAPS domains, or remain local to their own domain.
By putting each edge switch and VLAN into a separate EAPS domain, you gain resiliency and
management benefits. First, any link or switch failures in one ring do not affect the other edge switches.
Also, this type of modular design allows you to add edge switches easily without impacting other parts
of the network. Troubleshooting becomes easier as the scope of failures can be quickly isolated to a
specific EAPS ring or switch.
This section describes how to design the access edge network switches as EAPS transit nodes to
provide Ethernet L2 connectivity services. In this example, upstream aggregation switches perform
Layer 3 (L3) inter-VLAN routing functions. Although not discussed in the scope of this section, the edge
switches could also be configured with additional routing, QoS, WLAN, or security features.
Layer 2 Protocols
40
EAPS
Creating and Configuring the EAPS Domain
Create the EAPS domain, configure the switch as a transit node, and define the EAPS primary and
secondary ports as shown in the following example:
*
*
*
*
Edge-Switch#1:1
Edge-Switch#1:2
Edge-Switch#1:3
Edge-Switch#1:4
#
#
#
#
create eaps e1-domain

configure eaps e1-domain mode transit
configure eaps e1-domain primary port 49
configure eaps e1-domain secondary port 50
Creating and Configuring the EAPS Control VLAN
1 Create the EAPS control VLAN and configure its 802.1q tag and ring ports.
2 Configure the control VLAN as part of the EAPS domain. The control VLAN only contains the EAPS
primary and secondary ports configured earlier. The following commands accomplish these tasks:
*
*
*
*
Edge-Switch#1:5
Edge-Switch#1:6
Edge-Switch#1:8
Edge-Switch#1:9
#
#
#
#

configure vlan control-1 add port 49,50 tagged
configure eaps e1-domain add control vlan control-1
Creating and Configuring EAPS Protected VLANs
1 Create at least one EAPS protected VLAN, and configure its 802.1q tag and ports.
2 Configure the protected VLAN as part of the EAPS domain.
The Protect VLAN contains the EAPS primary and secondary ports as tagged VLAN ports.
Additional VLAN ports connected to client devices such as a PC could be untagged or tagged. The
following commands accomplish these tasks and should be repeated for all additional protected
VLANs:
*
*
*
*
*
Edge-Switch#1:10
Edge-Switch#1:11
Edge-Switch#1:12
Edge-Switch#1:13
Edge-Switch#1:14
#
#
#
#
#
create vlan purple-1

configure purple-1 tag 1
configure purple-1 add port 49,50 tagged
configure purple-1 add port 1 untagged
configure eaps e1-domain add protect vlan purple-1
Enabling the EAPS Protocol and EAPS Domain
Enable EAPS to run on the domain as shown in the following example:

* Edge-Switch#1:15 # enable eaps
* Edge-Switch#1:16 # enable eaps e1-domain
Verifying the EAPS Configuration and Status
The command in the following example allows you to verify that the EAPS configuration is correct
and that the EAPS state is Links-Up.
Both ring ports must be plugged in to see the Links-Up state.
* Edge-Switch#1:17 # show eaps e1-domain detail
Name: "e1-domain" (instance=0) Priority: High
Layer 2 Protocols
41
EAPS
State: Links-Up
Running: Yes
Enabled: Yes
Mode: Transit
Primary port:
49
Port status: Up
Tag status: Tagged
Secondary port: 50
Port status: Up
Tag status: Tagged
Hello Timer interval: 1 sec 0 millisec
Fail Timer interval: 3 sec
Preforwarding Timer interval: 0 sec
Last valid EAPS update: From Master Id 00:04:96:10:51:50, at Sun Sep 5
23:20:10 2004
EAPS Domain has following Controller Vlan:
Vlan Name
VID
"control-1"
4000
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
"purple-1"
0001
Designing and Configuring the Aggregation Layer

The network switches in the aggregation layer provide additional resiliency benefits.
In the following example, aggregation switches are typically deployed in pairs that protect against
single switch failures. Each aggregation switch is physically connected to all edge switches and
participates in multiple EAPS domains. The aggregation switches can serve a different role within each
EAPS domain, with one switch acting as a transit node and the other as a master node.
Layer 2 Protocols
42
EAPS
In this example, we have a common link with overlapping domains (and protected VLANs), which
includes an EAPS controller and partner configuration. The result is a partial-mesh network design of
EAPS from the access edge to the aggregation layer (see the following figure).
Figure 19: L2 Aggregation
8800
8800
Network Layer
The aggregation switches are configured to act as multi-function EAPS nodes to provide L2
connectivity services. After EAPS and L2 connectivity is configured, additional L3 routing configuration
can be added.
Using redundant aggregation switches helps protect against a single point of failure at the switch level,
while EAPS domains provide fault isolation and minimize the impact that failures have on the network.
With shared port configurations, the partial-mesh physical design is maintained without broadcast
loops, regardless of where a failure might occur.
To configure the L2 aggregate switches, complete the tasks described in the following sections on all
aggregate switches:
1 Create and configure the EAPS domains.
2 Create and configure the EAPS control VLANs.
Layer 2 Protocols
43
EAPS
3
4
5
6
Create and configure the EAPS shared ports.

Enable the EAPS protocol and EAPS domain.
Create and configure the EAPS protected VLANs.
Verify the EAPS configuration and operating state.
Creating and Configuring the EAPS Domains
Create the EAPS domains for each ring (one domain for one edge switch) and configure the EAPS
mode.
Define the primary and secondary ports for each domain. In this example, however, the primary port
is the same as the common link. One aggregation switch has EAPS mode configured as master and
partner, while the other aggregation switch is configured as transit and controller.
EAPS master node configuration:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#2.1 # create eaps e1-domain

AGG-SWITCH#2.5 # configure eaps e1-domain mode master
AGG-SWITCH#2.9 # configure eaps e1-domain primary port 2:1
AGG-SWITCH#2.10 # configure eaps e1-domain secondary port 1:1
EAPS transit node configuration:

*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*

AGG-SWITCH#1.5 # configure eaps e1-domain mode transit
Layer 2 Protocols
44
EAPS
Creating and Configuring the EAPS Control VLANs
Create the EAPS control VLANs (one for each domain) and configure the 802.1q tag and ring ports
for each.
2 Configure the control VLANs as part of their respective EAPS domain.
The control VLAN only contains the EAPS primary and secondary ports configured earlier. The
following commands are entered on both aggregate switches:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH.17
AGG-SWITCH.18
AGG-SWITCH.19
AGG-SWITCH.20
AGG-SWITCH.21
AGG-SWITCH.22
AGG-SWITCH.23
AGG-SWITCH.24
AGG-SWITCH.29
AGG-SWITCH.30
AGG-SWITCH.31
AGG-SWITCH.32
AGG-SWITCH.33
AGG-SWITCH.34
AGG-SWITCH.35
AGG-SWITCH.36
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#

configure vlan control-1
configure eaps e1-domain
tag
tag
tag
tag
add
add
add
add
add
add
add
add
4001
4002
4003
4004
port 2:1,1:1
port 2:1,1:4
port 2:1,3:1
port 2:1,3:2
control vlan
control vlan
control vlan
control vlan
tagged
tagged
tagged
tagged
control-1
control-2
control-3
control-4
Creating and Configuring the EAPS Shared Ports
Create the EAPS shared ports, which are used to connect a common-link between the aggregate
switches.
On the first switch, define the shared port mode as partner, and define the link ID. Repeat this step
on the other aggregate switch, but configure the shared port mode as controller. The link ID
matches the value configured for the partner.
The following shows an example configuration for the partner:
* AGG-SWITCH#2.37 # create eaps shared-port 2:1
* AGG-SWITCH#2.38 # configure eaps shared-port 2:1 mode partner
* AGG-SWITCH#2.39 # configure eaps shared-port 2:1 link-id 21
Enabling the EAPS Protocol and EAPS Domain
Enable the EAPS protocol on the switch, and enable EAPS to run on each domain created.
The following commands are entered on both aggregate switches.
*
*
*
*
*
AGG-SWITCH.40
AGG-SWITCH.41
AGG-SWITCH.42
AGG-SWITCH.43
AGG-SWITCH.44
#
#
#
#
#
enable
enable
enable
enable
enable
eaps
eaps
eaps
eaps
eaps
e1-domain
e2-domain
e3-domain
e4-domain
Creating and Configuring the EAPS Protected VLANs
Create the EAPS protected VLANs for each domain.
Layer 2 Protocols
45
EAPS
2 Configure an 802.1q tag and the ports for each protected VLAN.
3 Configure each protected VLAN as part of the EAPS domain.
Depending on the scope of the VLAN, it could be added to multiple EAPS domains. This type of
VLAN is referred to as an overlapping protected VLAN, and requires shared port configurations.
In this example, there is one overlapping protected VLAN, purple-1, while all other VLANs are
isolated to a single EAPS domain (VLANs green-1, orange-1, and red-1). Protected VLAN
configuration, such as 802.1q tagging, must match on the edge switch. The commands in the
following example are entered on both aggregate switches.
This procedure can also be repeated for additional protected VLANs as needed:
* AGG-SWITCH.44
* AGG-SWITCH.45
* AGG-SWITCH.46
* AGG-SWITCH.47
* AGG-SWITCH.48
* AGG-SWITCH.49
* AGG-SWITCH.50
* AGG-SWITCH.51
* AGG-SWITCH.52
* AGG-SWITCH.53
* AGG-SWITCH.54
* AGG-SWITCH.55
* AGG-SWITCH.56
* AGG-SWITCH.57
* AGG-SWITCH.58
* AGG-SWITCH.59
tagged
* AGG-SWITCH.60
* AGG-SWITCH.61
* AGG-SWITCH.62
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
create vlan purple-1

create vlan green-1
create vlan orange-1
create vlan red-1
configure purple-1 tag 1
configure green-1 tag 2
configure orange-1 tag 3
configure red-1 tag 4
configure eaps e2-domain add protect vlan green-1
configure eaps e3-domain add protect vlan orange-1
configure eaps e4-domain add protect vlan red-1
configure vlan purple-1 add port 2:1,1:1,1:4,3:1,3:2
# configure vlan green-1 add port 2:1,1:4 tagged

# configure vlan orange-1 add port 2:1,3:1 tagged
# configure vlan red-1 add port 2:1,3:2 tagged
Verifying the EAPS Configuration and Operating State
When the configuration is complete, confirm that the EAPS domain and shared port configuration is
correct.
2 Verify whether the EAPS state is Complete and the shared port status is Ready.
Both ring ports must be plugged in to see the Links-Up state. This verification is performed on both
aggregate switches.
EAPS master and partner node status verification example:
* AGG-SWITCH#2.63 # show eaps
EAPS Enabled: Yes
----------------------------------------------------------------------------
Layer 2 Protocols
46
EAPS
---Domain State Mo En Pri Sec Control-Vlan VID Count

------------------------------------------------------------------------------e1-domain Complete M Y 2:1 1:1 control-1 (4001) 1
e2-domain Complete M Y 2:1 1:4 control-2 (4002) 2
------------------------------------------------------------------------------* AGG-SWITCH#2.64 # show eaps shared-port
EAPS shared-port count: 1
------------------------------------------------------------------------------Link Domain Vlan RB RB
Shared-port Mode Id Up State count count Nbr State Id
------------------------------------------------------------------------------2:1 Partner 21 Y Ready 4 4 Yes None None
-------------------------------------------------------------------------------
EAPS transit and controller node status verification example:

EAPS Enabled: Yes
---------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count
---------------------------------------------------------------------------e1-domain Links-Up M Y 2:1 1:1 control-1 (4001) 1
e2-domain Links-Up M Y 2:1 1:4 control-2 (4002) 2
---------------------------------------------------------------------------* AGG-SWITCH#1.64 # show eaps shared-port
---------------------------------------------------------------------------Link Domain Vlan RB RB
Shared-port Mode Id Up State count count Nbr State Id
---------------------------------------------------------------------------2:1 Controller 21 Y Ready 4 4 Yes None None
----------------------------------------------------------------------------
Designing and Configuring L3 Services on top of EAPS

This section explains how to run L3 routing services on top of EAPS as a foundation.
Layer 2 Protocols
47
EAPS
In this example, OSPF is used as the dynamic IP routing protocol to communicate between different
VLANs. To provide redundancy at the router level, VRRP is used to protect against an aggregation
switch failure. VRRP allows one aggregation switch to route IP traffic, and if it fails the other
aggregation switch takes over the IP routing role. Each EAPS protected VLAN provides L3 connectivity
to the clients by configuring IP addressing, OSPF routing, and VRRP on the aggregation switches.
Figure 20: L2 and L3 Aggregation Network Layer

IP routing is added to the design on the access network switches by configuring each EAPS protected
VLAN as an OSPF interface. Because these are broadcast OSPF interfaces, we need to specify a
Designated Router (DR) and Backup Designated Router (BDR). While the EAPS transit and controller
node is not blocking any ports, it is configured as the OSPF DR.
The EAPS master and partner node is then configured as the BDR. Similarly, the EAPS transit and
controller node is also configured as the VRRP master, which provides L3 routing to the hosts. The
EAPS master and partner node is configured as the VRRP backup router for redundancy.
Layer 2 Protocols
48
EAPS
Using redundant aggregation switches with VRRP protects against a single point of failure at the switch
level. Client devices receive non-stop IP routing services in the event of link or aggregation switch
failure without any reconfiguration. OSPF provides fast convergence from any routing failures. EAPS
provides the resilient L2 foundation and minimizes the occurrence of routing interface flaps or dropped
OSPF neighbor adjacencies.
To configure L3 on the aggregation switches, completed the tasks described in the following sections:
1
2
3
4
Configure OSPF on the EAPS protected VLANs.

Configure OSPF on the EAPS protected VLANs.
Configure VRRP on the EAPS protected VLANs.
Verify OSPF and VRRP configuration status.
Configuring IP Addresses on the EAPS Protected VLANs
Client host stations need the IP address configuration to match their protected VLANs. The edge
switches do not require IP addresses, but this could optionally be done for management or
troubleshooting purposes.
The following example shows IP address configuration:
*
*
*
*
*
*
*
*
AGG-SWITCH#1.1
AGG-SWITCH#1.2
AGG-SWITCH#1.3
AGG-SWITCH#1.4
AGG-SWITCH#2.1
AGG-SWITCH#2.2
AGG-SWITCH#2.3
AGG-SWITCH#2.4
#
#
#
#
#
#
#
#
configure
configure
configure
configure
configure
configure
configure
configure
vlan
vlan
vlan
vlan
vlan
vlan
vlan
vlan
green-1 ipaddress 172.16.1.1/24

purple-1 ipaddress 172.16.2.1/24
orange-1 ipaddress 172.16.3.1/24
red-1 ipaddress 172.16.4.1/24
green-1 ipaddress 172.16.1.2/24
purple-1 ipaddress 172.16.2.2/24
orange-1 ipaddress 172.16.3.2/24
red-1 ipaddress 172.16.4.2/24
Configuring OSPF on the EAPS Protected VLANs
Because OSPF broadcast networks are being used, configure the DR and BDR for each VLAN.
Configure the EAPS transit and controller as the DR by using a higher OSPF priority value since it is not
performing L2 blocking. The EAPS master and partner switch is configured as the BDR. In this example,
all edge EAPS protected VLANs are placed in the OSPF backbone area, but another OSPF area could
be created if desired.
Example OSPF DR configuration:
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#1.5 # enable ipforwarding vlan green-1

AGG-SWITCH#1.6 # enable ipforwarding vlan purple-1
AGG-SWITCH#1.7 # enable ipforwarding vlan orange-1
AGG-SWITCH#1.8 # enable ipforwarding vlan red-1
AGG-SWITCH#1.9 # configure ospf routerid 172.16.1.1
AGG-SWITCH#1.10 # configure ospf add vlan green-1 area 0.0.0.0
AGG-SWITCH#1.11 # configure ospf add vlan purple-1 area 0.0.0.0
AGG-SWITCH#1.12 # configure ospf add vlan orange-1 area 0.0.0.0
AGG-SWITCH#1.13 # configure ospf add vlan red-1 area 0.0.0.0
AGG-SWITCH#1.14 # configure ospf vlan green-1 priority 110
AGG-SWITCH#1.15 # configure ospf vlan purple-1 priority 110
AGG-SWITCH#1.16 # configure ospf vlan orange-1 priority 110
Layer 2 Protocols
49
EAPS
* AGG-SWITCH#1.17 # configure ospf vlan red-1 priority 110

* AGG-SWITCH#1.18 # enable ospf
Example OSPF BDR configuration:

*
*
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#2.5 # enable ipforwarding vlan green-1

AGG-SWITCH#2.6 # enable ipforwarding vlan purple-1
AGG-SWITCH#2.7 # enable ipforwarding vlan orange-1
AGG-SWITCH#2.8 # enable ipforwarding vlan red-1
AGG-SWITCH#2.9 # configure ospf routerid 172.16.1.2
AGG-SWITCH#2.10 # configure ospf add vlan green-1 area 0.0.0.0
AGG-SWITCH#2.11 # configure ospf add vlan purple-1 area 0.0.0.0
AGG-SWITCH#2.12 # configure ospf add vlan orange-1 area 0.0.0.0
AGG-SWITCH#2.13 # configure ospf add vlan red-1 area 0.0.0.0
AGG-SWITCH#2.14 # configure ospf vlan green-1 priority 100
AGG-SWITCH#2.15 # configure ospf vlan purple-1 priority 100
AGG-SWITCH#2.16 # configure ospf vlan orange-1 priority 100
AGG-SWITCH#2.17 # configure ospf vlan red-1 priority 100
AGG-SWITCH#2.18 # enable ospf
Configuring VRRP on the EAPS Protected VLANs
The VRRP virtual router is configured with the virtual IP address of 172.16.x.254 for each VLAN
(example VLAN green-1 = 172.16.1.254). The VRRP virtual router IP address is configured as the default
gateway of each client machine. Since it is not performing L2 blocking, configure the EAPS transit and
controller as VRRP master router by using a higher priority value. The EAPS master and partner switch
is configured as the VRRP backup router.
Example VRRP master router configuration:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#1.19
AGG-SWITCH#1.20
AGG-SWITCH#1.21
AGG-SWITCH#1.22
AGG-SWITCH#1.23
AGG-SWITCH#1.24
AGG-SWITCH#1.25
AGG-SWITCH#1.26
AGG-SWITCH#1.27
AGG-SWITCH#1.28
AGG-SWITCH#1.29
AGG-SWITCH#1.30
AGG-SWITCH#1.31
AGG-SWITCH#1.32
AGG-SWITCH#1.33
AGG-SWITCH#1.34
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
create vrrp vlan green-1 vrid 1

configure vrrp vlan green-1 vrid 1 priority 110
configure vrrp vlan green-1 vrid 1 add 172.16.1.254
enable vrrp vlan green-1 vrid 1
create vrrp vlan purple-1 vrid 1
configure vrrp vlan purple-1 vrid 1 priority 110
configure vrrp vlan purple-1 vrid 1 add 172.16.2.254
enable vrrp vlan purple-1 vrid 1
create vrrp vlan orange-1 vrid 1
configure vrrp vlan orange-1 vrid 1 priority 110
configure vrrp vlan orange-1 vrid 1 add 172.16.3.254
enable vrrp vlan orange-1 vrid 1
create vrrp vlan red-1 vrid 1
configure vrrp vlan red-1 vrid 1 priority 110
configure vrrp vlan red-1 vrid 1 add 172.16.4.254
enable vrrp vlan red-1 vrid 1
Example VRRP backup router configuration:

*
*
*
*
*
AGG-SWITCH#2.19
AGG-SWITCH#2.20
AGG-SWITCH#2.21
AGG-SWITCH#2.22
AGG-SWITCH#2.23
Layer 2 Protocols
#
#
#
#
#
create vrrp vlan green-1 vrid 1

configure vrrp vlan green-1 vrid 1 priority 100
configure vrrp vlan green-1 vrid 1 add 172.16.1.254
enable vrrp vlan green-1 vrid 1
create vrrp vlan purple-1 vrid 1
50
EAPS
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#2.24
AGG-SWITCH#2.25
AGG-SWITCH#2.26
AGG-SWITCH#2.27
AGG-SWITCH#2.28
AGG-SWITCH#2.29
AGG-SWITCH#2.30
AGG-SWITCH#2.31
AGG-SWITCH#2.32
AGG-SWITCH#2.33
AGG-SWITCH#2.34
#
#
#
#
#
#
#
#
#
#
#
configure vrrp vlan purple-1 vrid 1 priority 100

configure vrrp vlan purple-1 vrid 1 add 172.16.2.254
enable vrrp vlan purple-1 vrid 1
create vrrp vlan orange-1 vrid 1
configure vrrp vlan orange-1 vrid 1 priority 100
configure vrrp vlan orange-1 vrid 1 add 172.16.3.254
enable vrrp vlan orange-1 vrid 1
create vrrp vlan red-1 vrid 1
configure vrrp vlan red-1 vrid 1 priority 100
configure vrrp vlan red-1 vrid 1 add 172.16.4.254
enable vrrp vlan red-1 vrid 1
Verifying OSPF and VRRP Configuration Status
1 Verify the OSPF neighbor adjacencies are established and that the DR and BDR status is correct.
2 Verify that the VRRP virtual router is running and the VRRP master/backup status is correct.
OSPF and VRRP verification example:
* AGG-SWITCH#1.35 # show ospf neighbor
Neighbor ID Pri State Up/Dead Time Address Interface
172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.3.2 orange-1
172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.4.2 red-1
172.16.1.2 100 FULL /BDR 00:17:54:17/00:00:00:03 172.16.1.2 green-1
172.16.1.2 100 FULL /BDR 00:17:54:07/00:00:00:03 172.16.2.2 purple-1
* AGG-SWITCH#1.36 # show vrrp
VLAN Name VRID Pri Virtual IP Addr State Master Mac Address TP/TR/TV/P/T
green-1(En) 0001 110 172.16.1.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
purple-(En) 0001 110 172.16.2.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
orange-(En) 0001 110 172.16.3.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
red-1(En) 0001 110 172.16.4.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
* AGG-SWITCH#2.35 # show ospf neighbor
172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.3.1 orange-1
172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.4.1 red-1
172.16.1.1 110 FULL /DR 00:17:54:17/00:00:00:03 172.16.1.1 green-1
172.16.1.1 110 FULL /DR 00:17:54:07/00:00:00:03 172.16.2.1 purple-1
* AGG-SWITCH#2.36 # show vrrp
VLAN Name VRID Pri Virtual IP Addr State Master Mac Address TP/TR/TV/P/T
green-1(En) 0001 100 172.16.1.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
purple-(En) 0001 100 172.16.2.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
orange-(En) 0001 100 172.16.3.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
red-1(En) 0001 100 172.16.4.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
Designing and Configuring the Core Layer with EAPS

The core switches provide high performance backbone routing between the edge, aggregation, data
center, and external Internet networks.
An additional high availability backbone ring is built that combines EAPS and OSPF. Using EAPS and
OSPF together increases the stability of IP routing tables. Since EAPS provides 50-millisecond
convergence for link failures, OSPF adjacencies do not flap. In this example, the backbone ring is
Layer 2 Protocols
51
EAPS
formed by adding two core L2/L3 switches and connecting them to the two existing aggregation
switches. The core switches also provide routing to the Internet using BGP (see the following figure).
Figure 21: Core EAPS and OSPF Network Layer

Using redundant core switches protects against a single point of failure at the switch level. OSPF
provides fast convergence from any routing failures. EAPS provides the resilient L2 foundation and
minimizes the occurrence of routing interface flaps or dropped OSPF neighbor adjacencies. Combining
EAPS and OSPF provides the highest level of network resiliency and routing stability.
Configuring the core switches requires a new EAPS domain with a single EAPS protected VLAN with
OSPF forming the backbone IP network. Additional configuration is needed on the aggregation
switches to connect them to the backbone EAPS and OSPF ring. Since the steps are similar to previous
configuration examples, the L2 (EAPS) and L3 (OSPF) configurations are combined. Since the BGP
configuration is independent of EAPS configuration, BGP configuration is not discussed here.
To configure backbone connectivity on the core and aggregation switches, complete the tasks
described in the following sections:
1 Create and configure the backbone EAPS domain.
2 Create and configure the backbone EAPS protected VLANs.
Layer 2 Protocols
52
EAPS
3 Configure an IP address and OSPF on the backbone VLAN.

4 Verify EAPS and OSPF configuration status.
Creating and Configuring the Backbone EAPS Domain
1 Create the backbone EAPS domains and configure the EAPS mode.
2 Define the primary and secondary ports for each domain.
Configure on both core and aggregation switches.
Core-Switch 1 EAPS configuration:
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.3
CORE-SWITCH#1.4
#
#
#
#

configure eaps e5-domain primary port 2:1
configure eaps e5-domain secondary port 2:4
Core-Switch 2 EAPS configuration:

*
*
*
*
CORE-SWITCH#2.1
CORE-SWITCH#2.2
CORE-SWITCH#2.3
CORE-SWITCH#2.4
#
#
#
#

configure eaps e5-domain mode master
Agg-Switch 1 EAPS configuration:

*
*
*
*
AGG-SWITCH#1.1
AGG-SWITCH#1.2
AGG-SWITCH#1.3
AGG-SWITCH#1.4
#
#
#
#

Agg-Switch 2 EAPS configuration:

*
*
*
*
AGG-SWITCH#2.1
AGG-SWITCH#2.2
AGG-SWITCH#2.3
AGG-SWITCH#2.4
#
#
#
#

Creating and Configuring the Backbone EAPS Control VLAN
1 Create the EAPS control VLAN and configure its 802.1q tag, and ring ports.
2 Configure the control VLANs as part of the backbone EAPS domain. Enable EAPS and the backbone
EAPS domain. Configure on both core and aggregation switches (EAPS is already enabled on
aggregation switches).
Core-Switch#1 control VLAN configuration:
*
*
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.4
CORE-SWITCH#1.5
CORE-SWITCH#1.6
CORE-SWITCH#1.7
#
#
#
#
#
#

enable eaps
enable eaps e5-domain

* CORE-SWITCH#2.1 # create vlan control-5
* CORE-SWITCH#2.2 # configure vlan control-5 tag 4005
Layer 2 Protocols
53
EAPS
*
*
*
*
CORE-SWITCH#2.4
CORE-SWITCH#2.5
CORE-SWITCH#2.6
CORE-SWITCH#2.7
#
#
#
#

enable eaps
Agg-Switch#1 control VLAN configuration:

*
*
*
*
*
AGG-SWITCH#1.1
AGG-SWITCH#1.2
AGG-SWITCH#1.4
AGG-SWITCH#1.5
AGG-SWITCH#1.6
#
#
#
#
#

Agg-Switch#2 control VLAN configuration:

*
*
*
*
*
AGG-SWITCH#2.1
AGG-SWITCH#2.2
AGG-SWITCH#2.4
AGG-SWITCH#2.5
AGG-SWITCH#1.6
#
#
#
#
#

Creating and Configuring the Backbone EAPS Protected VLANs
1 Create the EAPS protected VLAN for the backbone domain.

2 Configure the 802.1q tag and ports for the protected VLANs.
Because this VLAN is only used for transit routing, there are no other ports besides the ring ports.
3 Configure the protected VLAN as part of the EAPS domain. Do this configuration on both the core
and aggregate switches.
Core-Switch#1 protected VLAN configuration:
*
*
*
*
CORE-SWITCH#1.8 # create vlan backbone

CORE-SWITCH#1.9 # configure vlan backbone tag 3000
CORE-SWITCH#1.10 # configure vlan backbone add port 2:1,2:4 tagged
CORE-SWITCH#1.11 # configure eaps e5-domain add protect vlan backbone

*
*
*
*
CORE-SWITCH#2.8 # create vlan backbone

CORE-SWITCH#2.9 # configure vlan backbone tag 3000
CORE-SWITCH#2.10 # configure vlan backbone add port 2:1,2:4 tagged
CORE-SWITCH#2.11 # configure eaps e5-domain add protect vlan backbone
Agg-Switch#1 protected VLAN configuration:

*
*
*
*
AGG-SWITCH#1.7 # create vlan backbone

AGG-SWITCH#1.8 # configure vlan backbone tag 3000
AGG-SWITCH#1.9 # configure vlan backbone add port 2:4,2:6 tagged
AGG-SWITCH#1.10 # configure eaps e5-domain add protect vlan backbone
Layer 2 Protocols
54
EAPS
Agg-Switch#2 protected VLAN configuration:

*
*
*
*
AGG-SWITCH#2.7 # create vlan backbone

AGG-SWITCH#2.8 # configure vlan backbone tag 3000
AGG-SWITCH#2.9 # configure vlan backbone add port 2:4,2:6 tagged
AGG-SWITCH#2.10 # configure eaps e5-domain add protect vlan backbone
Configuring an IP Address and OSPF on the Backbone VLAN
1 Configure an IP address and enable IP forwarding (routing) on the backbone protected VLAN.
2 OSPF is configured and because an OSPF broadcast network is used, configure the designated
router and backup designated router for each VLAN.
Since it is not performing L2 blocking, configure the EAPS transit core switch as the DR by using a
higher OSPF priority value. The EAPS master core switch is configured as the BDR. The aggregation
transit switches need not perform DR/BDR duties for the backbone VLAN, so their OSPF priority is
configured at 0 to force ODR behavior.
Core-Switch#1 OSPF configuration:
*
*
*
*
*
*
CORE-SWITCH#1.12
CORE-SWITCH#1.13
CORE-SWITCH#1.14
CORE-SWITCH#1.15
CORE-SWITCH#1.16
CORE-SWITCH#1.17
#
#
#
#
#
#
configure vlan backbone ipaddress 192.168.1.1/24

enable ipforwarding vlan backbone
configure ospf routerid 192.168.1.1
configure ospf add vlan backbone area 0.0.0.0
configure ospf vlan backbone priority 110
enable ospf

*
*
*
*
*
*
CORE-SWITCH#2.12
CORE-SWITCH#2.13
CORE-SWITCH#2.14
CORE-SWITCH#2.15
CORE-SWITCH#2.16
CORE-SWITCH#2.17
#
#
#
#
#
#

configure ospf routerid 192.168.1.2
enable ospf
Agg-Switch#1 OSPF configuration:

*
*
*
*
AGG-SWITCH#1.11
AGG-SWITCH#1.12
AGG-SWITCH#1.13
AGG-SWITCH#1.14
#
#
#
#

Agg-Switch#2 OSPF configuration:

*
*
*
*
AGG-SWITCH#2.11
AGG-SWITCH#2.12
AGG-SWITCH#2.13
AGG-SWITCH#2.14
#
#
#
#

Verifying EAPS and OSPF Configuration Status
Verify that the backbone EAPS domain and OSPF configuration is correct.
Layer 2 Protocols
55
EAPS
2 Confirm that the OSPF neighbor adjacencies and DR/BDR/ODR status are correct. Verify this status
on both aggregate switches.
Core-Switch#1 EAPS and OSPF status example:
* CORE-SWITCH#1.18 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: On
---------------------------------------------------------------------------e5-domain Links-Up T Y 2:1 2:4 control-5 (4005) 1
---------------------------------------------------------------------------* CORE-SWITCH#1.19 # show ospf neighbor
192.168.1.3 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.3 backbone
192.168.1.2 100 FULL /BDR 00:05:23:17/00:00:00:09 192.168.1.2 backbone
Core-Switch#2 EAPS and OSPF status example:

EAPS Enabled: Yes
------------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count
------------------------------------------------------------------------------e5-domain Complete T Y 2:1 2:4 control-5 (4005) 1
------------------------------------------------------------------------------* CORE-SWITCH#2.19 # show ospf neighbor
192.168.1.1 110 FULL /DR 00:05:23:17/00:00:00:09 192.168.1.1 backbone
Agg-Switch#1 EAPS and OSPF status example:

EAPS Enabled: Yes
Layer 2 Protocols
56
EAPS

---------------------------------------------------------------------------e1-domain Links-Up T Y 1:1 2:1 control-1 (4001) 2
e2-domain Links-Up T Y 1:4 2:1 control-2 (4002) 2
---------------------------------------------------------------------------* AGG-SWITCH#1.16 # show ospf neighbor
192.168.1.1 110 FULL /DR 00:00:28:51/00:00:00:01 192.168.1.1 backbone
172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.3.2 orange-1
172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.4.2 red-1
172.16.1.2 100 FULL /BDR 00:17:54:17/00:00:00:03 172.16.1.2 green-1
172.16.1.2 100 FULL /BDR 00:17:54:07/00:00:00:03 172.16.2.2 purple-1
Agg-Switch#2 EAPS and OSPF status example:

EAPS Enabled: Yes
---------------------------------------------------------------------------e1-domain Complete M Y 2:1 1:1 control-1 (4001) 2
---------------------------------------------------------------------------* AGG-SWITCH#2.16 # show ospf neighbor
Interface
192.168.1.1 110 FULL /DR 00:00:28:51/00:00:00:01 192.168.1.1 backbone
172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.3.1 orange-1
172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.4.1 red-1
172.16.1.1 110 FULL /DR 00:17:54:17/00:00:00:03 172.16.1.1 green-1
172.16.1.1 110 FULL /DR 00:17:54:07/00:00:00:03 172.16.2.1 purple-1
Layer 2 Protocols
57
EAPS
Designing and Configuring the Data Center Switches with EAPS

Building from the network core, you can expand the network with additional EAPS rings to provide
resiliency to mission-critical server farms.
The core switches provide high performance backbone routing between the data center and the rest of
the network, which includes both internal and external (Internet) destinations. The core switch acts as
the EAPS master node for each ring, while the data center switches act as EAPS transit nodes to
complete the ring. The core switch also acts as the OSPF routing node to provide gateway routing
functionality to the server-farms. For an additional level of resiliency, each server is dual-homed (dual
attached) to both EAPS transit L2 switches. Even if a switch or link fails, the servers are available.
The network design and configuration is similar to the edge and aggregation EAPS and OSPF layers.
The modular approach is simple and scalable, and allows additional data center rings to be added to
provide room for growth. In our example, server-farms are isolated into separate categories such as
external and internal service groups, which yield additional security and resiliency benefits.
To configure the data center switches, you need a new EAPS domain with a single EAPS protected
VLAN to form the server-farm network. In this example, two data center switches are configured as
EAPS transit nodes (L2 switch only) and attach to the existing core switch acting as the EAPS master.
Each server in the server-farm is dual-homed to both EAPS transit switches in the data center for
additional physical resiliency. IP routing functionality is performed by the core switch via OSPF, which
provides L3 connectivity to the rest of the network.
Figure 22: Data Center EAPS and OSPF Network Layer

To configure data center connectivity, complete the tasks described in the following sections:
Layer 2 Protocols
58
EAPS
1
2
3
4
5
Create and configure the data center EAPS domain.

Create and configure the data center EAPS Control VLAN.
Create and configure the data center EAPS protected VLANs.
Configure an IP address and OSPF on the backbone VLAN.
Verify EAPS and OSPF configuration status.
Creating and Configuring the Data Center EAPS Domain
Create the backbone EAPS domains, configure the EAPS mode, and define the primary and
secondary ports for each domain. Do this configuration on both core and aggregation switches.
Core-Switch#1 EAPS configuration:
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.3
CORE-SWITCH#1.4
#
#
#
#

configure eaps e6-domain mode master
Data center-Switch#1 EAPS configuration:

*
*
*
*
DC-SWITCH#1.1
DC-SWITCH#1.2
DC-SWITCH#1.3
DC-SWITCH#1.4
#
#
#
#

Datacenter -Switch#2 EAPS configuration:

*
*
*
*
DC-SWITCH#2.1
DC-SWITCH#2.2
DC-SWITCH#2.3
DC-SWITCH#2.4
#
#
#
#

Creating and Configuring the Data Center EAPS Control VLAN
1 Create the EAPS control VLAN and configure its 802.1q tag, and ring ports.
2 Configure the control VLANs as part of the data center EAPS domain. Enable EAPS and the data
center EAPS domain. You need to do this configuration on the core and data center L2 switches.
*
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.4
CORE-SWITCH#1.5
CORE-SWITCH#1.6
#
#
#
#
#

Data center-Switch#1 control VLAN configuration:

*
*
*
*
DC-SWITCH#1.1
DC-SWITCH#1.2
DC-SWITCH#1.4
DC-SWITCH#1.5
Layer 2 Protocols
#
#
#
#

59
EAPS
* DC-SWITCH#1.6 # enable eaps

* DC-SWITCH#1.7 # enable eaps e6-domain
Dat acenter-Switch#2 control VLAN configuration:

*
*
*
*
*
*
DC-SWITCH#2.1
DC-SWITCH#2.2
DC-SWITCH#2.4
DC-SWITCH#2.5
DC-SWITCH#2.6
DC-SWITCH#2.7
#
#
#
#
#
#

enable eaps
Create and Configure the Data Center EAPS Protected VLANs
1 Create the EAPS protected VLAN for the data center domain.
2 Configure the 802.1q tag and ports for the protected VLANs.
Because each server is dual-homed to each data center switch, add a VLAN port on each switch for
each server.
3 Configure the protected VLAN as part of the EAPS domain. Do this configuration on the core and
data center switches.
*
*
*
*
CORE-SWITCH#1.7 # create vlan srvfarm-1

CORE-SWITCH#1.8 # configure vlan srvfarm-1 tag 1000
CORE-SWITCH#1.9 # configure vlan srvfarm-1 add port 4:1,4:2 tagged
CORE-SWITCH#1.10 # configure eaps e6-domain add protect vlan srvfarm-1
Data center-Switch#1 protected VLAN configuration:

*
*
*
*
*
DC-SWITCH#1.8 # create vlan srvfarm-1

DC-SWITCH#1.9 # configure vlan srvfarm-1 tag 1000
DC-SWITCH#1.10 # configure vlan srvfarm-1 add port 49,50 tagged
DC-SWITCH#1.11 # configure vlan srvfarm-1 add port 1 untagged
DC-SWITCH#1.12 # configure eaps e5-domain add protect vlan srvfarm-1
Data center-Switch#2 protected VLAN configuration:

*
*
*
*
*
DC-SWITCH#2.8 # create vlan srvfarm-1

DC-SWITCH#2.9 # configure vlan srvfarm-1 tag 1000
DC-SWITCH#2.10 # configure vlan srvfarm-1 add port 49,50 tagged
DC-SWITCH#2.11 # configure vlan srvfarm-1 add port 1 untagged
DC-SWITCH#2.12 # configure eaps e5-domain add protect vlan srvfarm-1
Configuring an IP Address and OSPF on the Backbone VLAN
Configure an IP address and enable IP forwarding (routing) on the data center protected VLAN.
This step is only performed on the core switch. Servers are configured accordingly with the core
switch IP address as their default gateway. Since there are no additional routers on this VLAN,
configure it as an OSPF passive interface. In this example, the data center VLAN is placed on the
backbone OSPF area, but additional OSPF areas can be configured if needed.
Layer 2 Protocols
60
EAPS

* CORE-SWITCH#1.11 # configure vlan srvfarm-1 ipaddress 10.10.10.10/24
* CORE-SWITCH#1.12 # enable ipforwarding vlan srvfarm-1
* CORE-SWITCH#1.13 # configure ospf add vlan srvfarm-1 area 0.0.0.0 passive
Verifying EAPS and OSPF Configuration Status
1 Verify that the data center EAPS domain and OSPF configuration is correct.
2 Verify whether the data center subnet is advertised to other routers through OSPF.
Core-Switch#2 route verification example:
* CORE-SWITCH#2.1 # show iproute 10.10.10.0/24
Ori Destination
Gateway
Mtr Flags
VLAN
Duration
#oa 10.10.10.0/24
192.168.1.1
6
UG-D---um--f backbone
0d:0h:
25m:5s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route
(L) Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast
(P) LPM-routing, (R) Modified, (S) Static, (s) Static LSP
(T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
(f) Provided to FIB (c) Compressed Route
Mask distribution:
1 routes at length 16 1 routes at length 24
Route Origin distribution:
1 routes from OSPFIntra 1 routes from OSPFExt1
Total number of routes = 2
Total number of compressed routes = 0
Core-Switch#1 EAPS status:

EAPS Enabled: Yes
---------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
---------------------------------------------------------------------------e5-domain
Links-Up
T
Y
2:1
2:4
control-5
(4005) 1
Layer 2 Protocols
61
EAPS
e6-domain
Complete
T
Y
4:1
4:2
control-6
(4006) 1
----------------------------------------------------------------------------
Data center-Switch#1 EAPS status:

* DC-SWITCH#1.15 # show eaps
EAPS Enabled: Yes
---------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
---------------------------------------------------------------------------e6-domain
Links-Up
T
Y
49
50
control-6
(4006) 1
----------------------------------------------------------------------------
Data center-Switch#2 EAPS status:

* DC-SWITCH#2.15 # show eaps
EAPS Enabled: Yes
---------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
---------------------------------------------------------------------------e6-domain
Links-Up
M
Y
49
50
control-6
(4006) 1
----------------------------------------------------------------------------
CFM Support in EAPS

ExtremeXOS provides Connectivity Fault Management (CFM) support within EAPS protocol.
CFM reports fault connectivity failures to EAPS, and EAPS communicates with the CFM process to set
up point-to-point DOWN MEPs (Management Endpoints) to monitor link connectivity. The CFM module
notifies EAPS of any link-connectivity issues, and triggers EAPS to take necessary action.
802.1ag CFM supports link monitoring. It does this by sending out PDUs at designated transmit
intervals. If the CFM fails to receive PDUs, it assumes the link is out of service, and notifies its clients. In
this instance, EAPS acts as a CFM client.
First, you will create a down MEP within the CFM CLI. Configure the CLI to create a MEP group that
associates this down MEP with a remote MEP (RMEP). There is a 1:1 relationship between a port and the
Layer 2 Protocols
62
EAPS
down MEP, and as such, each MEP group is tied to a single port. Using the EAPS CLI, you can add the
MEP groups you wish to monitor. For each MEP group added to EAPS, EAPS will receive UP/DOWN
notifications from CFM when CFM detects a MEP state change for that group. Each MEP group
corresponds to an EAPS ring port. Notifications from those MEP groups that are inadvertently added,
that do not correspond to an EAPS ring port, are ignored in EAPS.
The CFM configuration is independent of EAPS, and MEPs and MEP groups may use different VLANs
other than the EAPS control VLAN to monitor links.
When EAPS receives a CFM notification that the link failed, EAPS blocks that port on all of the EAPS
control VLANs. This prevents EAPS control PDUs from being hardware forwarded on the link, in case
the link is still up. Any EAPS PDUs that are received on a CFM failed port are dropped in EAPS.
Configuring EAPS for CFM Support
Use the following command to configure EAPS for CFM support:
For additional configuration details for CFM support, refer to Configuring CFM.
Binding to a MEP Group
To bind to a MEP Group, use the following command:

configure eaps cfm [add | delete] group group_name
This command notifies CFM that EAPs is interested in notifications for this MEP and RMEP pair. This
MEP should already be bound to a physical port, so when notification is received, EAPS associates
that notification with a ring-port failure.
Create MPs and the CCM Transmission Interval
Within an MA, you configure the following MPs:
Maintenance end points (MEPs), which are one of the following types:
UP MEPstransmit CCMs and maintain CCM database
DOWN MEPstransmit CCMs and maintain CCM database
Maintenance intermediate points (MIPs)pass CCMs through
Each MEP must have an ID that is unique for that MEP throughout the MA.
To configure UP and DOWN MEPs and its unique MEP ID, use the following command:
configure cfm domain domain_name association association_name [ports
<port_list add [[end-point [up|down] mepid {group group_name}] |
[intermediate-point]]
To change the MEP ID on an existing MEP, use the following command:

configure cfm domain domain-name association association_name ports port_list
end-point [up | down] mepid mepid
To delete UP and DOWN MEPs, use the following command:

configure cfm domain domain-name association association_name ports port_list
end-point [up | down] intermediate-point
Layer 2 Protocols
63
EAPS
To configure a MIP, use the following command:

<port_list add [[end-point [up|down] mepid {group group_name}] |
To delete a MIP, use the following command:

<port_list delete [[end-point [up|down] mepid {group group_name}] |
To configure the transmission interval for the MEP to send CCMs, use the following command:
configure cfm domain domain_name association association_name {ports port_list
end-point [up | down]} transmit-interval [3|10|100|1000|10000|60000|600000]
To unconfigure the transmission interval for the MEP to send CCMs and return it to the default, use
the following command:
unconfigure cfm domain domain_name association association_name {ports
port_list end-point [up | down]} transmit-interval
To enable of disable a MEP, use the following command:

configure cfm domain domain_name association association_name ports port_list
end-point [up | down] [enable | disable]
Displaying EAPS MEP Group Bindings
Display EAPS MEP group bindings with the command: show eaps cfm groups
X480-48t.2 # sh eaps cfm groups
---------------------------------------------------------------------MEP Group Name
Status Port
MEP ID
---------------------------------------------------------------------eapsCfmGrp1
Up
41
11
eapsCfmGrp2
Up
31
12
Displaying EAPS Output Change
Display EAPS output changes using the command show eaps

The existing output places a ! next to a CFM monitored ring port if the CFM indicates the MEP group
for that port is down.
X480-48t.1 # sh eaps
EAPS Enabled: Yes
EAPS Display Config Warnings: Off
---------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count Prio
---------------------------------------------------------------------------d2
Failed
M
Y
!41
31
v2
(101 ) 1
N
Layer 2 Protocols
64
EAPS
---------------------------------------------------------------------------Flags : (!) CFM Down
Configuration Example
Below is a sample configuration of CFM support in EAPS:
switch 1 # sh configuration cfm
#
# Module dot1ag configuration.
#
create cfm domain string "MD1" md-level 6
configure cfm domain "MD1" add association string "MD1v1" vlan "v1"
configure cfm domain "MD1" add association string "MD1v2" vlan "v2"
configure cfm domain "MD1" association "MD1v1" ports 17 add end-point down 6
configure cfm domain "MD1" association "MD1v1" ports 17 end-point down add
group "eapsCfmGrp1"
group "eapsCfmGrp2"
group "eapsCfmGrp3"
configure cfm group "eapsCfmGrp1" add rmep 2
switch 2 # sh configuration "eaps"s
#
# Module eaps configuration.
#
enable eaps
create eaps d1
configure eaps d1 mode transit
configure eaps d1 primary port 17
configure eaps d1 secondary port 23
enable eaps d1
create eaps d2
configure eaps d2 mode transit
configure eaps d2 primary port 31
configure eaps d2 secondary port 23
enable eaps d2
configure eaps d1 add control vlan v1
configure eaps d1 add protected vlan pv1
configure eaps d2 add control vlan v2
configure eaps d2 add protected vlan pv2
create eaps shared-port 23
configure eaps shared-port 23 mode partner
configure eaps shared-port 23 link-id 100
configure eaps cfm add group eapsCfmGrp1
Limitations
Layer 2 Protocols
65
EAPS
CFM PDU transmit intervals are limited by the supported limits of CFM module. Platforms that do not
support CFM in hardware are limited to a minimum interval of 100 ms.
The maximum number of down MEPs is limited by the CFM module. This is as low as 32 MEPs in some
platforms. See CFM scaling limitations in EXOS_1AG_(CFM)_Functional_Spec.doc
Platforms Supported
All ExtremeXOS platforms support this feature; however, not all platforms support hardware-based
CFM.
Platforms with no hardware-based CFM support are limited to software-based CFM transmit intervals
of 100 ms or higher. Hardware-based intervals can go as low as 3.3 ms.
Currently, only the x460 and E4G platforms support hardware-based CFM.
Layer 2 Protocols
66
2 ERPS
ERPS Overview
Supported ERPS Features
G.8032 Version 2
Configuring ERPS
Sample Configuration
Debugging ERPS
ERPS Feature Limitations
This chapter provides an overview to ERPS, and discusses various ERPS features. The chapter also
offers configuration details, provides configuration examples, and shows you how to debug ERPS.
ERPS Overview
The basic concept of G.8032/ERPS is that traffic may flow on all links of a ring network except on one
link called the Ring Protection Link (RPL).
The RPL owner is the node that blocks the RPL, and the other node of the RPL is called the RPL
neighbor node. All other nodes are called non-RPL nodes. When a link fails, the RPL owner unblocks the
RPL to allow connectivity to the nodes in the ring. The G.8032/ERPS rings utilize a channel (dedicated
path) for carrying their control traffic which is the R-APS messages (Ring Automatic Protection
Switching).
The ring protection architecture relies on the existence of an APS protocol to coordinate ring
protection actions around an Ethernet ring, as shown in the following figure.
Figure 23: Simple Ring with RPL, RPL Owner, RPL Neighbor, and Non-RPL Nodes
More complex topologies include ladder ring networks which are called sub-rings in G.8032
terminology. In these networks, there could exist one or more rings and sub-rings which complete their
connectivity through the interconnected nodes of the ring(s). Multiple ladder networks are supported
only if the following conditions are met:
R-APS channels are not shared across Ethernet ring interconnections.

On each ring port, each traffic channel and each R-APS channel are controlled by the Ethernet Ring
Protection (ERP) Control process of only one Ethernet ring.
Layer 2 Protocols
67
ERPS
Each major ring or sub-ring must have its own RPL.

Note
One important aspect of sub-rings is that they complete their channel through the virtual
channel (when using the virtual channel mode), which can span the network and cross the
sub-ring boundaries. This entails that the virtual channel is provisioned on all the nodes it
spans across.
In the following figure, the ring comprises nodes A, B, C, and D with links AB, BC, CD, and DA while
the control channel for this ring has its own dedicated VLAN. The sub-ring consists of nodes D, F, E, and
C with links DF, FE, and EC. D and C are interconnected nodes. The channel for the sub-ring spans
the links CE, EF, and FD and their nodes while the virtual channel comprises the links D-A, A-B, B-C
and DC and their nodes. This means that the virtual channel for the sub-ring needs to not only exist on
the interconnected nodes, but also on the nodes A and B.
Figure 24: Ring and Sub-ring Network

When using G.8032 in networks, take care to design the virtual channel paths, since the VLAN
provisioning has to exist on all the nodes through which the virtual channel can pass and which is solely
dedicated to the sub-ring in question.
Sub-ring topology changes may impact flow forwarding over the domain of the other (interconnected)
network, as such topology change events are signaled to the domain of the other network using the
Topology Change signal.
Supported ERPS Features

The following are the ERPS features supported in the current release:
G.8032 version 1 support.

G.8032 version 2 support with a restricted VC option.
Revertive mode support for version 1 and 2.
Basic interoperability with EAPS with G.8032 acting as an access ring. Flush notifications will be sent
Link monitoring using CFM or native local link monitoring methods.
Layer 2 Protocols
68
ERPS
Support for hardware accelerated CFM in specific platforms that have this capability.
G.8032 version 2 with no Virtual Channel support.
Support for attaching to a CFM DOWN-MEP configured external to ERPS.
Multiple failure protection for sub-rings using UP-MEP as per Appendix X.3 of the G.8032 standard.
G.8032 Version 2
The concept of sub-rings is introduced to add multiple rings to the main ring. A sub-ring is an
incomplete ring that completes its path through the main ring or other sub-rings. The control path for
the sub-ring completes either through the implementation of a virtual channel, or by changing the flow
of control packets in the sub-rings. Virtual channels are supported through the use of the sub-rings
control channel being configured as a data VLAN in the main ring.
You can configure the sub-ring in no virtual channel mode, where the control path for the sub-ring is
through all the nodes of the sub-ring (including the RPL owner and neighbor). You must be careful,
however, to avoid using the sub-rings control channel across the main ring because that will cause a
loop. ExtremeXOS supports the use of CFM, in conjunction with Manual Switch (MS), to protect the
sub-rings against multiple failures in the main ring.
CFM Link Monitoring

To enable CFM to report link events, the link must first be registered with CFM. ERPS acts as a client of
CFM and creates the required Management Entity Points (MEPs). For G.8032 v1/v2 implementation,
ERPS has two methods to create a DOWN-MEP for link monitoring:
One method of creating a DOWN-MEP is using the CLI that specifies all the DOWN-MEP details
within ERPS itself. This creates the MEP on the specified ring ports and registers it with CFM.
Notifications for this DOWN-MEP are received from the CFM and passed on to ERPS. A Maintenance
Domain (MD) string is automatically generated based on the user-defined MD level. For example, for
an MD level of 6, we use erps_6 as the MD string. A Maintenance Association (MA) string is
automatically generated based on the ring Control VLAN name. For example, if the VLAN has tag of
v1, the Control VLAN is 100, we create erps_MA_100 as the MA string.
The MD, MA, and DOWN-MEP are automatically configured on the CFM server when the ring is
enabled. When the ring is disabled, the MEP is automatically unconfigured from the CFM server. You
can use the standard ExtremeXOS CFM commands to view the CFM configuration or status.
Another method of creating a DOWN-MEP is by creating the DOWN-MEP with the CFM commands,
and then assigning a group name to it. This group can then be associated to the ERPS ring.
You must choose one of the two methods above for CFM link monitoring. You cannot use both
simultaneously.
Here is an example:
switch # sh cfm
Domain: "erps_6", MD Level: 6
Association: "erps_MA_100", Destination MAC Type:
with 2 cfm ports
Layer 2 Protocols
Multicast, VLAN "v2"
69
ERPS
Transmit Interval: 1000 ms

port 27; Down End Point, mepid: 11, transmit-interval: 10000 ms
(configured),
MEP State: Enabled, CCM Message: Enabled, Send SenderId TLV:
Disabled
port 37; Down End Point, mepid: 21,
transmit-interval: 10000 ms (configured),
MEP State: Enabled, CCM Message: Enabled, Send SenderId TLV:
Disabled
Association: "erps_MA_100", Destination MAC Type: Multicast, VLAN "v2"
with 2 cfm ports
Transmit Interval: 1000 ms
Total Number of Domain
: 1
Total Number of Association
: 2
Total Number of Up MEP
: 0
Total Number of Down MEP
: 2
Total Number of MIP
: 0
Total Number of Number of CFM port : 4
Total Number of VPLS MIP(Static/Up): 0 / 0
switch # show cfm detail
Domain/
Port
MP Remote End-Point Remote End-Point
MEP
Life
Flags
Association
MAC Address
IP Address
ID
time
Age
==============================================================================
========
erps_6
erps_MA_100 27
DE
00:04:96:34:e3:43 0.0.0.0
10
35000
4430
DM
37
DE
00:04:96:27:fb:7b 0.0.0.0
20
35000
2790
DM
==============================================================================
========
Maintenance Point: (UE) Up End-Point, (DE) Down End-Point
Flags: S - Static Entry D - Dynamic Entry
CCM Destination MAC: (U) Unicast (M) Multicast
NOTE: The Domain and Association names are truncated to 13 characters,
Lifetime and Age are in milliseconds.
==============================================================================
========
Total Number of Dynamic Up RMEP
: 0
Total Number of Dynamic Down RMEP
: 2
Total Number of Active Static RMEP
: 0
Total Number of Inactive Static RMEP : 0
Note
You must configure a remote MEP-ID for the local MEPs so that a specific association can be
maintained between the two ends.
Multiple Failure Protection using CFM
You can use CFM UP-MEP support in the sub-ring to provide protection against multiple failures in the
main ring. Configure an UP-MEP on the interconnected nodes, where a segmentation of the main ring
results in the UP-MEP notifying the sub-ring of a failure. This causes the sub-ring to open its RPL and
Layer 2 Protocols
70
ERPS
place the interconnected node in manual switch. This is done to avoid a super-loop during recovery of
the main ring. This implementation is as directed in Appendix X.3 of the G.8032 standard.
Revertive and Non-revertive Mode

In the revertive mode, you can revert back to the RPL being blocked once the Signal Fault has cleared.
In non-revertive mode, the SF remains blocked even after the fault clears. Reversion is handled in the
following way:
The reception of an R-APS No Request (NR) message causes the RPL owner node to start the waitto-restore (WTR) timer.
The WTR timer is cancelled if, during the WTR period, a request with a higher priority than NR is
accepted by the RPL owner node, or is declared locally at the RPL owner node.
When the WTR timer expires, without the presence of any other higher priority request, the RPL
owner node initiates reversion by blocking its traffic channel over the RPL, transmitting an R-APS
(NR, RB) message over both ring ports, informing the Ethernet ring that the RPL is blocked, and
performing a flush FDB action. The ERPS Ring will be in the idle state.
The acceptance of the R-APS (NR, RB) message causes all Ethernet ring nodes to unblock any
blocked non-RPL link that does not have an SF condition. If it is an R-APS (NR, RB) message without
a DNF indication, all Ethernet ring nodes perform a necessary flush FDB action.
In non-revertive operation, the Ethernet ring does not automatically revert when all ring links and
Ethernet ring nodes have recovered and no external requests are active. Non-revertive operation is
handled in the following way:
The RPL owner node does not generate a response on reception of an R-APS (NR) messages.
When other healthy Ethernet ring nodes receive the NR (node ID) message, no action is taken in
response to the message.
When the operator issues a clear command for non-revertive mode at the RPL owner node, the
non-revertive operation is cleared, the RPL owner node transmits an R-APS (NR, RB) message in
both directions, repeatedly. The ERPS Ring will be in pending state.
Upon receiving an R-APS (NR, RB) message, any blocking Ethernet ring node should unblock its
non-failed ring port. If it is an R-APS (NR, RB) message without a DNF indication, all Ethernet ring
nodes perform a necessary flush FDB action.
Force Switch/Clearing
In the absence of any failure in the ring network, an operator-initiated Force Switch (FS) results in the
RPL getting unblocked, and the node on which the FS has been issued is blocked. This condition is
indicated by the transmission of R-APS FS messages, which are continuous until this condition is
unconfigured. Two or more Forced Switches are allowed in the Ethernet ring, but this may cause the
segmentation of an Ethernet ring. It is the responsibility of the operator to prevent this effect if it is
undesirable.
You can remove a Forced Switch condition by issuing a clear command to the same Ethernet ring node
where the Forced Switch is presented. The clear command removes existing local operator commands
and triggers reversion in case the Ethernet ring is in revertive behavior. The Ethernet ring node where
Layer 2 Protocols
71
ERPS
the Forced Switch was cleared continuously transmits the R-APS (NR) message on both ring ports,
informing that no request is present at the Ethernet ring node.
Manual Switch
Manual Switch is similar to the Force Switch except that only one Manual Switch is allowed for an
Ethernet ring. The processing of which node retains the Manual Switch is based on the priority table
and the node state. However only one Manual Switch is retained at the end for the ring.
Clearing the Manual Switch is done similar to the Force Switch.
Virtual Channel for Sub-rings
While the standard describes how the sub-rings can function with a virtual channel, in this
implementation sub-rings will function only with the presence of virtual channels.
Channel Blocking
The R-APS control channel is blocked, as is traffic on the blocked ports for the control traffic entering
on one ring port and getting forwarded to the other ring port. However, locally generated or delivered
control traffic on the blocked port is supported.
Traffic Blocking
Traffic is always blocked for the protected VLANs on the blocked ports of the ring/sub-ring in a G.8032
network.
Signal Failure and Recovery
In the absence of a higher priority request in the node, the following Signal Failure (SF) actions are
taken.
An Ethernet ring node detecting an SF condition on one of its ring ports blocks the traffic channel
and R-APS channel on the failed ring port.
The Ethernet ring node detecting an SF condition transmits an R-APS message indicating SF on
both ring ports. The R-APS (SF) message informs other Ethernet ring nodes of the SF condition. RAPS (SF) messages are continuously transmitted by the Ethernet ring node detecting the SF
condition while this condition persists. (The Periodic timer determines the interval of sending the SF
after the first three.) For sub-ring interconnection nodes, the R-APS (SF) message is transmitted on
the R-APS channel of the Sub-Ring port.
Assuming the Ethernet ring node was in an idle state before the SF condition occurred, upon
detection of this SF condition the Ethernet ring node triggers a local FDB flush.
An Ethernet ring node accepting an R-APS (SF) message unblocks any blocked ring port that does
not have an SF condition. This action unblocks the traffic channel on the RPL.
An Ethernet ring node accepting an R-APS (SF) message stops transmission of other R-APS
messages.
An Ethernet ring node accepting an R-APS (SF) message without a DNF indication performs a flush
FDB.
An Ethernet ring node that has one or more ring ports in an SF condition (upon detection of clearance
of the SF condition) keeps at least one of these ring ports blocked for the traffic channel and for the RAPS channel, until the RPL is blocked as a result of Ethernet ring protection reversion, or until there is
Layer 2 Protocols
72
ERPS
another higher priority request (for example, an SF condition) in the Ethernet ring. An Ethernet ring
node that has one ring port in an SF condition, and detects clearing of this SF condition, continuously
transmits the R-APS (NR) message with its own Node ID as the priority information over both ring
ports, informing that no request is present at the Ethernet ring node and initiates a guard timer as
described in sub-clause 10.1.5. Another recovered Ethernet ring node (or Nodes) holding the link block
receives the message and compares the Node ID information with its own Node ID. If the received RAPS (NR) message has the higher priority, the Ethernet ring node unblocks its ring ports. Otherwise,
the block remains unchanged. There is only one link with one-end block. The Ethernet ring nodes stop
transmitting R-APS (NR) messages when they accept an R-APS (NR, RB), or when another higher
priority request is received
Timers
This section discusses the various timers associated with ERPS.
Guard Timer
The guard timer is used to prevent Ethernet ring nodes from acting upon outdated R-APS messages,
and to prevent the possibility of forming a closed loop. The guard timer is activated whenever an
Ethernet ring node receives an indication that a local switching request has cleared (i.e., local clear SF,
clear). The guard timer can be configured in 10 ms steps, between 10 ms and two seconds, with a
default value of 500 ms. This timer period should be greater than the maximum expected forwarding
delay in which an R-APS message traverses the entire ring. The longer the period on the guard timer,
the longer an Ethernet ring node is unaware of new or existing relevant requests transmitted from
other Ethernet ring nodes, and is unable to react to them.
A guard timer is used in every Ethernet ring node. Once a guard timer is started, it expires by itself.
While the guard timer is running, any received R-APS Request/State and Status information is blocked
and not forwarded to the Priority Logic. When the guard timer is not running, the R-APS Request/State
and Status information is forwarded unchanged.
Hold-off Timer
W hen a new defect, or more severe defect occurs (new SF), this event is not be reported immediately
to protection switching if the provisioned hold-off timer is a non-zero value. Instead, the hold-off timer
is started. When the hold-off timer expires, the trail that started the timer is checked to see if a defect
still exists. If one does exist, that defect is reported to protection switching. The suggested range of the
hold-off timer is 0 to 10 seconds in steps of 100 ms with an accuracy of 5 ms. The default value for a
hold-off timer is 0 seconds.
Delay Timers
In revertive mode, the wait-to-restore (WTR) timer is used to prevent frequent operation of the
protection switching caused by intermittent signal failure defects. The wait-to-block (WTB) timer is
used when clearing Forced Switch and Manual Switch commands. As multiple Forced Switch
commands are allowed to coexist in an Ethernet ring, the WTB timer ensures that clearing of a single
Forced Switch command does not trigger the re-blocking of the RPL. When clearing a Manual Switch
command, the WTB timer prevents the formation of a closed loop due to a possible timing anomaly
where the RPL owner node receives an outdated remote MS request during the recovery process.
Layer 2 Protocols
73
ERPS
Here is a sample configuration of the ERPS feature:
create vlan cv1
config vlan cv1 tag 10
config vlan cv1 add port 5 6 tagged
create
config
config
config
vlan
vlan
vlan
vlan
pv1
pv1 tag 1000
pv1 add port 1
pv1 add port 5 6 tagged
create erps ring1

configure erps ring1
enable erps r1
enable erps
add ring-ports east 5

add ring-ports west 6
add control cv1
add protected vlan pv1
add protection-port 5
revert enabled wait-to-restore 500
CFM DOWN-MEP Configuration to Provide Link Monitoring/Notifications

create cfm domain string "MD3" md-level 3
configure cfm domain "MD3" add association string "MD3vsub1" vlan "vsub1"
configure cfm domain "MD3" association "MD3vsub1" ports 20 add end-point down
14
configure cfm domain "MD3" association "MD3vsub1" ports 24 add end-point down
13
configure cfm domain "MD3" association "MD3vsub1" ports 20 end-point down add
group "erpsDn1"
configure cfm domain "MD3" association "MD3vsub1" ports 24 end-point down add
group "erpsDn2"
configure cfm group "erpsDn1" add rmep 15
configure cfm group "erpsDn2" add rmep 12
configure erps subring1 cfm port east add group erpsDn2
configure erps subring1 cfm port west add group erpsDn1
Sub-ring Configuration
First, configure a main ring on the Interconnected node:
create erps main-ring1
configure erps main-ring1 add ring-ports east 5
configure erps main-ring1 add ring-ports west 6
configure erps ring1 add control cv1
Next, configure a sub-ring on the interconnected node:

create erps sub-ring1
configure erps sub-ring1 add ring-ports east 10
configure erps sub-ring1 add control subv1
configure erps main-ring1 add sub-ring sub-ring1
Layer 2 Protocols
74
ERPS
enable erps main-ring1

enable erps sub-ring1
Virtual Channel for Sub-ring

configure vlan subv1 add port 5 6 tagged
configure main-ring1 add protected vlan subv1
No Virtual Channel for Sub-ring

configure erps subring1 subring-mode no-virtualChannel
Sub-ring Protection using UP MEP

create cfm domain string "ERPS-UP" md-level 4
configure cfm domain "ERPS-UP" add association string "ERPS-UP-cfmVlan" vlan
"cfmVlan"
configure cfm domain "ERPS-UP" association "ERPS-UP-cfmVlan" ports 24 add endpoint up 21
configure cfm domain "ERPS-UP" association "ERPS-UP-cfmVlan" ports 24 endpoint up add group "erpsUp1"
configure cfm group "erpsUp1" add rmep 22
Configuring ERPS
ERPS Version 1 Commands
To create or delete an ERPS ring, use the following commands:

create erps ring-name
delete erps ring-name
To add or delete a control VLAN on the ERPS ring, use the following commands:
configure erps ring-name add control {vlan} vlan_name
configure erps ring-name delete control {vlan} vlan_name
To add or delete a protected VLAN on the ERPS ring, use the following commands:
configure erps ring-name add protected {vlan} vlan_name
configure erps ring-name delete protected {vlan} vlan_name
To add ring ports on the ERPS ring, use the following command:
configure erps ring-name ring-ports [east | west] port
To delete ring ports on the ERPS ring, use the following command:
unconfigure erps ring-name ring-ports west
To add or delete RPL (ring protection link) owner configuration for the ERPS ring, use the following
commands:
configure erps ring-name protection-port port
Layer 2 Protocols
75
ERPS
unconfigure erps ring-name protection-port
To add or delete RPL (ring protection link) neighbor configuration for the ERPS ring, use the
following commands:
configure erps ring-name neighbor-port port
unconfigure erps ring-name neighbor-port
To add or delete ERPS revert operation along with the wait-to-restore time interval, use the
following commands:
configure {erps} ring-name revert [ enable | disable ]
To configure the periodic timer, use the following command:

configure {erps} ring-name timer periodic [ default | milliseconds ]
To configure the guard timer, use the following command:

configure {erps} ring-name timer guard [ default | milliseconds ]
To configure the hold-off timer, use the following command:

configure {erps} ring-name timer hold-off [ default | milliseconds ]
To configure the wait-to-restore timer, use the following command:

configure {erps} ring-name timer wait-to-restore [ default | milliseconds ]
To associate and disassociate fault monitoring entities on the ERPS ring ports, use the following
commands:
configure erps ring-name cfm md-level level
configure erps ring-name cfm port [east | west] ccm-interval [100 | 1000 |
10000 | 60000 | 600000]
configure erps ring-name cfm port [east | west] mepid mepid remote-mepid
rmepid
unconfigure {erps} ring-name cfm
To rename the ERPS ring/sub-ring, use the following command:

configure erps old-ring-name name new-ring-name
To enable or disable ERPS, use the following commands:

enable erps
disable erps
To enable or disable an existing ERPS ring/sub-ring, , use the following command:

enable erps ring-name
disable erps ring-name
Run or clear force and manual switch triggers to the ERPS ring/sub-ring.
configure erps ring-name dynamic-state [force-switch | manual-switch | clear]
port slot:port
To display global information for ERPS, use the following command:

show erps
To display specific details about an ERPS ring, use the following command:
show erps ring-name
Layer 2 Protocols
76
ERPS
To display ERPS statistics, use the following command:

show erps ring-name statistics
To clear statistics on an ERPS ring, use the following command:

clear counters erps ring-name
To debug ERPS, use the following commands:

debug erps [options]
debug erps show ring-name
ERPS Version 2 Commands
To set the rings to which to propagate topology change events, use the following command:
configure erps ring-name [add | delete] topology-change ring-list
To add or delete a sub-ring to the main ring, use the following command:
configure {erps} ring-name [add | delete] sub-ring-name sub_ring
To configure the wait-to-block timer, use the following command:

configure {erps} ring-name timer wait-to-block [ default | milliseconds]
To add or delete an ERPS sub-ring to the EAPS domain, use the following commands:
configure {erps} ring-name notify-topology-change {eaps} domain_name
unconfigure {erps} ring-name notify-topology-change {eaps} domain_name
To configure a wait-to-block timer, use the following command:

To configure sub-ring mode, use the following command:

configure erps ring_name subring-mode [no-virtualChannel | virtualChannel]
To enable or disable the ability of ERPS to allow the topology-change bit to be set (to send out
Flush events), , use the following commands:
enable erps ring-name topology-change
disable erps ring-name topology-change
To enable or disable the ability of ERPS rings to block on virtual channel recovery to avoid
temporary loops. This is done on interconnected nodes for sub-ring configurations, use the
following commands:
enable erps ring-name block-vc-recovery
disable erps ring-name block-vc-recovery
The following is a sample ERPS configuration:
create
config
config
create
vlan
vlan
vlan
vlan
Layer 2 Protocols
cv1
cv1 tag 10
cv1 add port 5 6 tagged
pv1
77
ERPS
config vlan pv1 tag 1000

config vlan pv1 add port 5 6 tagged
create erps ring1
configure erps ring1 ring-ports east 5
configure erps ring1 ring-ports west 6
configure erps ring1 add control cv1
configure erps ring1 add protected vlan pv1
configure erps ring1 add protection-port 5
configure erps ring1 revert enable wait-to-restore 500
configure erps ring1 timer wait-to-restore 500
enable erps ring1
enable erps
Sub-ring Configuration
First, configure a main ring on the interconnected node:
create vlan Major_Cvl
configure vlan Major_Cvl tag 300
configure vlan Major_Cvl add ports 1 3 tag
create vlan Major_Pvl
configure vlan Major_Pvl tag 301
configure vlan Major_Pvl add ports 1 3 27 tag
create erps Major
configure erps Major add control Major_Cvl
configure erps Major add protected vlan Major_Pvl
configure erps Major ring-port east 1
configure erps Major ring-port west 3
configure erps Major protection-port 1
configure erps Major cfm md-level 2
configure erps Major cfm port east mepid 1 remote-mepid 3
configure erps Major cfm port west mepid 2 remote-mepid 4
enable erps Major
enable erps
Next, configure a sub-ring on the interconnected node:

create vlan Sub_Cvl
configure vlan Sub_Cvl tag 299
configure vlan Sub_Cvl add ports 1 3 27 tag
create erps Sub1
configure erps Sub1 add control Sub_Cvl
configure erps Sub1 add protected vlan Major_Pvl
configure erps Sub1 ring-port east 27
configure erps Sub1 protection-port 27
configure erps Major add sub-ring Sub1
configure erps Sub1 cfm md-level 3
configure erps Sub1 cfm port east mepid 1 remote-mepid 2
enable erps Sub1
enable erps
Virtual Channel for Sub-ring
Layer 2 Protocols
78
ERPS
Debugging ERPS
1
Check the output of show erps ring statistics to see if any error/dropped counters are
incrementing.
a If they are, check the state of the ring ports and trace these links to the neighbor node to see the
state of the links.
The output of show log after turning on the filters for ERPS should provide more information
on what is happening on the switch.
2 Check the output of show erps and show erps ring to see if the node state is as expected.
In steady state, the node should be in Idle and the failed state ring should be in Protected state.
ERPS Feature Limitations

The following are ERPS feature limitations:
Backup MSM Failover and checkpointing for both v1 and v2 are not available in the current release.
In platforms that do not have hardware OAM (operations and management), the optimum CFM
interval recommended is one second for link monitoring, which will give rise to approximately threesecond overhead in convergence times.
Other than the basic EAPS interoperability stated above, all other EAPS related interoperability is
not supported.
There is no interoperability with STP in the current release.
SNMP is not supported in the current release.
Layer 2 Protocols
79
3 Protocol Filters
Both L2PT and protocol filtering allow you to tunnel or filter many protocols on an interface. For this
purpose, EXOS supports creating protocol filters. A protocol filter contains a number of protocols to
which you can apply some action (like tunneling and filtering). Each protocol in a protocol filter is
defined using the following fields:
The destination MAC address of PDUs of the protocol. This field is mandatory for all protocols that
are to be tunneled or filtered.
The protocol id (EtherType, LLC, SNAP). This field is mandatory for all protocols that are to be
tunneled.
User defined field. This is an arbitrary field in the PDU of the protocol that is specified using the
offset of the field from the start of the PDU, the value of the field and a mask.
For example, use the following command to create a protocol filter that includes LACP and EFM OAM:
# Create a protocol filter
create protocol filter my_slow_protocols_filter
# Add LACP to the protocol filter
configure protocol filter my_slow_protocols_filteradd dest-mac
01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF
# Add EFM OAM to the protocol filter
configure protocol filter my_slow_protocols_filteradd dest-mac
01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF
The following validity checks are performed when a protocol is added to a protocol filter:
Ensure that the protocol does not already exist in the protocol filter.
If the protocol filter is used by any L2PT profile:
Ensure that the protocol defines a destination MAC address.
Ensure that the protocol defines a protocol identifier.
For every L2PT profile that is using the protocol filter:

Ensure that the protocol is unique within the L2PT profile. If the action for the protocol filter is
tunnel in the L2PT profile:
For every service interface using the L2PT profile: ensure that the protocol is not filtered on
the underlying port of the service interface.
Ensure that the protocol is not tunneled on the underlying port of the service interface.
If the protocol filter is used by any port for the purpose of protocol filtering:
Ensure that the protocol defines a destination MAC address.
For every port that has the protocol filter attached for the purpose of protocol filtering:
Layer 2 Protocols
80
Protocol Filters
Ensure that the protocol is not tunneled by a service on that port.

Note
Protocol filters may be used with features other than L2PT and protocol filtering (for
example, Protocol Based VLANs). The validity tests listed above are only the ones relevant to
L2PT and protocol filtering.
Protocol filters for the following protocols are created automatically by the switch when the switch is
set to default configuration:
Cisco Discovery Protocol (CDP)
Unidirectional Link Detection (UDLD)
VLAN Trunking Protocol (VTP)
Port Aggregation Protocol (PAgP)
Dynamic Trunking Protocol (DTP)
Link Aggregation Control Protocol (LACP)
Link Layer Discovery Protocol (LLDP)
Spanning Tree Protocol (STP)
Extreme Discovery Protocol (EDP)
Layer 2 Protocols
81
4 Layer 2 Protocol Tunneling

Layer 2 protocol tunneling (L2PT) is achieved by encapsulating the PDUs at the ingress PE device
before transmitting them over the service provider network. The encapsulation prevents the PDUs from
being processed by the switches in the SP network. At the egress PE device, the encapsulated packets
are de-encapsulated, and transmitted to the CE device.
The encapsulation used for different types of networks is as follows:
VLAN/VMAN The Destination Address (DA) MAC of the Layer 2 PDU is changed to the L2PT DA
MAC. The switch shall also add any VLAN tags that may be required to the Layer 2 PDU before
transmitting over the SP network.
VPLS/VPWS The DA MAC of the Layer 2 PDU is changed to L2PT DA MAC. The Layer 2 PDU is
then treated like any other data packet by the MPLS stack. The MPLS stack shall add the labels and
L2 headers as per its configuration to the Layer 2 PDU before transmitting over the SP network.
Tunneling is configured on a service by specifying a tunneling action for each interface of the service.
The possible actions are:
Tunnel Configuring an interface of a service to tunnel for a protocol enables the interface to
tunnel PDUs of the configured protocol that are received by the underlying port of the interface.
Any PDUs that are received in its native format are tunneled instead of processing locally by the
switch. Any PDUs of the protocol that are received in its encapsulated format are dropped by the
switch (receiving an encapsulated packet on an interface configured to tunnel is considered proof of
network misconfiguration, or loops).
Encapsulate/Decapsulate Configuring an interface of a service to encapsulate or de-encapsulate
for a protocol enables the interface to transmit and receive PDUs of that protocol in its
encapsulated format. Native PDUs of the protocol may still be received by the underlying port of
the interface, but they will not be tunneled and instead are processed locally by the switch.
None Configuring an interface of a service to none for protocol marks the interface as not
participating in tunneling for that protocol. Native PDUs of the protocol that are received on the
underlying port of the interface shall either be processed locally by the switch or be tunneled by
another service which is configured to tunnel that protocol. Encapsulated PDUs that are received on
the interface are treated like any other L2 packet.
An operator can specify a CoS value for the tunneled PDUs. This can be useful since some L2 protocols
may have a higher priority than others (for example, STP may be considered higher priority than LLDP).
If a CoS value is specified for a protocol for which tunneling is enabled, the switch will transmit the
encapsulated PDUs for that protocol with the operator specified CoS towards the network. The CoS
value specified by the operator is transmitted on the SP network as follows:
VLAN/VMAN The CoS value is written to the PRI bits of the outermost VLAN tag if available.
VPLS/VPWS The CoS value is written to the EXP bits of the outermost MPLS label. The action
taken by the switch for PDUs of a protocol is as described in the following table.
Table 3: L2 PDU Actions
Ingress Action
Egress Action
Switch Action
None or Encap/Decap
NA
Process locally
Layer 2 Protocols
82
Layer 2 Protocol Tunneling
Table 3: L2 PDU Actions (continued)

Tunnel
None
Discard PDU at egress
Tunnel
Tunnel
Tx PDU natively
Tunnel
Encap/Decap
Tx PDU encapsulated
The action taken by the switch for encapsulated PDUs for a protocol is as described in the following
table.
Table 4: L2 Encapsulated PDU Actions
Service has at least one I/F with tunnel
action
Ingress Action
No
None or Encap/Decap None or Encap/Decap Forward
Yes
None or Tunnel
NA
Discard packet at ingress
Yes
Encap/Decap
None
Discard packet at egress
Yes
Encap/Decap
Tunnel
Tx PDU natively
Yes
Encap/Decap
Encap/Decap
Tx PDU encapsulated
Layer 2 Protocols
Egress Action
Switch Action
83
5 Layer 2 Tunneling and Filtering

Protocol Tunneling
Protocol Filtering
This EXOS feature introduces ability to tunnel and filter Layer 2 PDUs. Tunneling allows you to send
Layer 2 PDUs across a service provider network, and be delivered to remote switches. It is useful when
a network includes remote sites that are connected through a service provider network. Using
tunneling, you can make the service provider network transparent to the customer network.
Filtering prevents Layer 2 PDUs from being received on a port.
Protocol Tunneling
To make L2PT configuration easier, in EXOS you can create L2PT profiles. An L2PT profile specifies the
tunneling action and other parameters for protocols (specified using protocol filters) that should be
tunneled. You can then apply the profile to the interfaces of the service that are participating in L2PT.
And you can also change the profile when it is already bound to an interface.
The L2PT parameters that can be configured through a profile include the following:
Tunneling Action
Tunneling CoS
The following validity checks are performed when an entry for a protocol filter is created in an L2PT
profile:
Ensure that all protocols in the protocol filter define a destination MAC address.
Ensure that all protocols in the protocol filter define a protocol identifier.
Ensure that all protocols in the protocol filter are unique within the L2PT profile.
If the action for the protocol filter is encapsulate:
Ensure that there are no entries with action as tunnel in the L2PT profile.
Ensure that the service interface is either a tagged VLAN port or a PW.
If the action for the protocol filter is tunnel:

Ensure that there are no entries with action as encapsulate in the L2PT profile.
For every service interface using the L2PT profile:
Ensure that none of the protocols in the protocol filter are filtered on the underlying port of
the interface.
Ensure that none of the protocols in the protocol filter are tunneled on the underlying port of
the interface.
The following validity checks are performed when a L2PT profile is bound to an interface of a service:
If the profile specifies the action as tunnel for protocol filter:
Ensure that the interface is not a PW.
Layer 2 Protocols
84
Layer 2 Tunneling and Filtering
Ensure that none of the protocols in the L2PT profile are filtered on the underlying port of the
interface.
Ensure that none of the protocols in the L2PT profile are tunneled on the underlying port of the
interface.
Typically, you will want to configure the tunneling action for all customer facing interfaces of the
service that participate in L2PT as tunnel, and the tunneling action for all network facing interfaces as
encapsulate/decapsulate. Once any interface of the service is configured to tunnel a protocol, the
switch will configure all tagged ports and PWs of the service to encapsulate/decapsulate mode. You
can override this implicit configuration by binding a profile to the service interface that specifies a
different tunneling action.
For example, consider a VMAN service named c1 with customer facing ports 1, 2 and 3 and network
facing ports 4, 5, 6. Ports 4, 5 and 6 are added as tagged to the VMAN and 1, 2 and 3 are added as
untagged to the VMAN. The operator wants to tunnel LACP and EFM OAM on all customer facing ports
at CoS 5. The configurations that he or she must make are as follows:
# Create a protocol filter
create protocol filter my_slow_protocols_filter
# Add LACP to the protocol filter
configure protocol filter my_slow_protocols_filter
add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF
# Add EFM OAM to the protocol filter
configure protocol filter my_slow_protocols_filter
add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF
# Create an L2PT profile for the customer facing ports named c1_l2pt_profile
create l2pt profile c1_l2pt_profile
# Enable CDP tunneling with CoS 5
configure l2pt profile c1_l2pt_profile add protocol filter
my_slow_protocols_filter action tunnel cos 5
# Bind c1_l2pt_profile to all customer facing ports
configure vman c1 ports 1,2,3 l2pt profile c1_l2pt_profile
# Please note that the network facing port 4, 5 and 6 dont have to be
explicitly
# configured to encapsulate/decapsulate mode since the switch implicitly sets
all
# tagged ports to encapsulate/decapsulate mode when an L2PT profile is bound
to
# any port of the service.
The operator also has the option to configure the L2PT destination MAC address (i.e. the DA used by
L2PT encapsulated PDUs). This is may be done using the following CLI command:
configure l2pt encapsulation dest-mac mac_address
The L2PT destination MAC address may only be changed when no L2PT profiles have been bound to
any service interface. The default L2PT DA MAC is 01:00:0C:CD:CD:D0 (selected to be interoperable
with Cisco and Juniper).
Layer 2 Protocols
85
Use the following commands to view the status and statistics of L2PT:
show [vlan | vman] vlan_name {ports port_list} l2pt {detail}
show {l2vpn} [vpls vpls_name | vpws vpws_name] {peer ipaddress} l2pt {detail}
Use the following commands to clear L2PT stats:

clear l2pt counters {[vlan | vman] vlan_name {ports port_list}}
clear l2pt counters {[vpls vpls_name {peer ipaddress} | vpws vpws_name]}
Implementing L2PT in EXOS

In EXOS, the L2PT data-plane is implemented almost entirely in software. When you attach a L2PT
profile to a service interface, the following ACL rules are configured:
An ACL rule is added to copy and drop all packets with a destination address equal to the L2PT
destination MAC address, and an outer VLAN ID equal to the VLAN tag of the service.
For each protocol that is tunneled on the service interface, an ACL rule is added to copy and drop all
packets with the same the destination address as the protocol. If the protocol defines an EtherType,
then the rule is also qualified with the EtherType.
If any protocol is tunneled on the service interface, an ACL rule is added to drop all packets received
on the service interface with a destination address equal to the L2PT destination MAC address.
Protocol Filtering
You can enable filtering of PDUs of a protocol on any port. If you enable filtering for a protocol on a
port, the switch discards PDUs of that protocol on that port.
Use the following command to view protocol filter status and statistics:
show ports [port_list | all] protocol filter {detail}
Use the following command to clear protocol filtering stats:

clear counters ports {port_list} protocol filter
Implementing Protocol Filtering in EXOS

In EXOS, the protocol filtering data-plane is implemented partially in hardware and partially in software.
Filtering is performed only on the ingress. When a protocol filter is attached to a port, the following
ACL rules are configured:
For each protocol in the protocol filter: If the protocol does not define a user-defined field, and the
protocol identifier is EtherType, or does not have a protocol identifier:
An ACL rule is added to drop all packets on the port that match the destination address of the
packet. The rule is also qualified with the EtherType of the protocol if it defines one.
Layer 2 Protocols
86
Else:
An ACL rule is added to copy and drop all packets on the port that match the destination
address of the packet. The rule is also qualified with the EtherType of the protocol if it defines
one.
The protocol filtering data-plane inspects all packets received from ports that have protocol filters
attached, and drops any packet that matches any of the protocols configured in the protocol filter.
Layer 2 Protocols
87
6 L2PT Limitations
L2PT and protocol filtering is implemented in software, so the number of frames that can be filtered
or tunneled is limited.
Both L2PT and protocol filtering can be configured only through CLI. Configuration through
SNMP/XML is not supported for this release.
If L2PT configurations are made on PWs, these configurations are lost on a restart of the MPLS
process unless the L2PT process is also restarted.
If L2PT configurations are made on a VPLS or VPWS service, dot1p tag inclusion must be enabled on
the VPLS/VPWS.
When tunneling protocols are point-to-point in nature, it is your responsibility to ensure that there
are only two tunnel endpoints for the protocol.
If a protocol that is configured to be tunneled on a service interface cannot be uniquely identified by
its destination address and EtherType, then all packets with the same DA and EtherType of the
protocol being tunneled (but that are not really PDUs of the protocol) will be slow path forwarded.
Tagged protocol PDUs cannot be tunneled over VLANs. Tagged protocol PDUs can only be
tunneled over VMANs (the VMAN can be the service VMAN for a VPLS/VPWS service, or a
standalone VMAN). Untagged protocol PDUs can be tunneled over both VLANs and VMANs (the
VLAN/VMAN can be standalone, or be the service VMAN for a VPLS/VPWS service).
Untagged protocol PDUs cannot be bypassed if the ingress port is an untagged VMAN port with a
default CVID. Untagged protocol PDUs can be bypassed if the ingress port is an untagged VMAN
port without a default CVID.
In VPLS, only full-mesh configuration is supported for L2PT.
L2PT is not supported on VLAN ports that have a port specific tag.
L2PT is not supported over VPLS/VPWS in ExtremeXOS 15.5.1.
Layer 2 Protocols
88
7 STP
Spanning Tree Protocol Overview
Span Tree Domains
STP Configurations
Per VLAN Spanning Tree
Rapid Spanning Tree Protocol
Multiple Spanning Tree Protocol
STP and Network Login
STP Rules and Restrictions
Configure STP on the Switch
Display STP Settings
STP Configuration Examples
Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more fault
tolerant. This chapter explains more about STP and the STP features supported by ExtremeXOS.
Note
STP is a part of the 802.1D bridge specification defined by the IEEE Computer Society. To
explain STP in terms used by the IEEE 802.1D specification, the switch will be referred to as a
bridge.
ExtremeXOS version 12.0 and later supports the new edition of the IEEE 802.1D standard (known as
IEEE 802.1D-2004 ) for STP, which incorporates enhancements from the IEEE 802.1t-2001, IEEE 802.1W,
and IEEE 802.1y standards. The IEEE 802.1D-2004 standard is backward compatible with the IEEE
802.1D-1998 standard. For more information, see Compatibility Between IEEE 802.1D-1998 and IEEE
802.1D-2004 STP Bridges on page 90.
Spanning Tree Protocol Overview

STP is a bridge-based mechanism for providing fault tolerance on networks.
STP allows you to implement parallel paths for network traffic and to ensure that redundant paths are:
Disabled when the main paths are operational.
Enabled if the main path fails.
Note
STP and Extreme Standby Router Protocol (ESRP) cannot be configured on the same VLAN
simultaneously.
Layer 2 Protocols
89
STP
Compatibility Between IEEE 802.1D-1998 and IEEE 802.1D-2004 STP Bridges

The IEEE 802.1D-2004 compliant bridges interoperate with the IEEE 802.1D-1998 compliant bridges.
To ensure seamless operation of your STP network, read this section before you configure STP on any
Extreme Networks device running ExtremeXOS 11.6 or later.
Differences in behavior between the two standards include the:
Default port path cost

Bridge priority
Port priority
Edge port behavior
This section describes the bridge behavior differences in more detail.

Default Port Path Cost
The 802.1D-2004 standard modified the default port path cost value to allow for higher link speeds.
A higher link speed can create a situation whereby an 802.1D-1998 compliant bridge could become the
more favorable transit path.
For example, in the following figure, bridge A is the root bridge running the new 802.1D-2004 standard,
bridges B and C are running the old 802.1D-1998 standard, and bridges D, E, and F are running the new
802.1D-2004 standard. In addition, all ports are 100 Mbps links. The ports on bridges B and C have a
default path cost of 19, and the ports on bridge A, D, E, and F have a default path cost of 200,000.
Figure 25: 802.1D-1998 and 802.1D-2004 Mixed Bridge Topology
Layer 2 Protocols
90
STP
If you use the default port path costs, bridge D blocks its port to bridge E, and all traffic between
bridges D and E must traverse all of bridges in the network. Bridge D blocks its port to bridge E
because the path cost to the root bridge is less by going across bridges B and C (with a combined root
cost of 38) compared with going across bridge E (with a root cost of 200,000). In fact, if there were
100 bridges between bridges B, C, and D running the old 802.1D-1998 standard with the default port
path costs, bridge D would still use that path because the path cost is still higher going across bridge E.
As a workaround and to prevent this situation, configure the port path cost to make links with the same
speed use the same path host value. In the example described above, configure the port path cost for
the 802.1D-2004 compliant bridges (bridges A, D, E, and F) to 19.
Note
You cannot configure the port path cost on bridges B and C to 200,000 because the path
cost range setting for 802.1D-1998 compliant bridges is 1 to 65,535.
To configure the port path cost, use the following command:
configure stpd stpd_name ports cost [auto | cost] port_list
Bridge Priority
By configuring the STPD bridge priority, you make the bridge more or less likely to become the root
bridge.
Unlike the 802.1D-1998 standard, the 802.1D-2004 standard restricts the bridge priority to a 16-bit
number that must be a multiple of 4,096. The new priority range is 0 to 61,440 and is subject to the
multiple of 4,096 restriction. The old priority range was 0 to 65,535 and was not subject to the multiple
of 4,096 restriction (except for MSTP configurations). The default bridge priority remains the same at
32,768.
If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP bridge priority
that is not a multiple of 4,096, the switch rejects the entry and the bridge priority returns to the default
value while loading the structure. The MSTP implementation in ExtremeXOS already uses multiples of
4,096 to determine the bridge priority.
To configure the bridge priority, use the following command:
configure stpd stpd_name priority priority
For example, to lower the numerical value of the priority (which gives the priority a higher precedence),
you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672. If you modify the priority by a
value other than 4,096, the switch automatically changes the priority to the lower priority value. For
example, if you configure a priority of 31,000, the switch automatically changes the priority to 28,672.
Port Priority
The port priority value is always paired with the port number to make up the 16-bit port identifier,
which is used in various STP operations and the STP state machines.
Unlike the 802.1D-1998 standard, the 802.1D-2004 standard uses only the four most significant bits for
the port priority and it must be a multiple of 16. The new priority range available is 0 to 240 and is
Layer 2 Protocols
91
STP
subject to the multiple of 16 restriction. The 802.1D-1998 standard uses the eight most significant bits
for the port priority. The old priority range was 0 to 31 and was not subject to the multiple of 16
restriction.
To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existing
configure stpd ports priority command is available. If you have an ExtremeXOS 11.5 or
earlier configuration, the switch interprets the port priority based on the 802.1D-1998 standard. If the
switch reads a value that is not supported in ExtremeXOS 11.6 or later, the switch rejects the entry.
When you save the port priority value, the switch saves it as the command configure stpd ports
port-priority with the corresponding change in value.
For example, if the switch reads the configure stpd ports priority 16 command from an
ExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command configure stpd
ports priority 8 entered through CLI), the switch saves the value as configure stpd ports
port-priority 128.
Edge Port Behavior
In ExtremeXOS 11.5 or earlier, Extreme Networks had two edge port implementations: edge port and
edge port with safeguard.
The 802.1D-2004 standard has a bridge detection state machine, which introduced a third
implementation of edge port behavior. The following list describes the behaviors of the different edge
port implementations:
Edge port (ExtremeXOS 11.5 and earlier):

The port does not send bridge protocol data units (BPDUs).
The port does not run a state machine.
If BPDUs are received, the port discards the BPDU and enters the blocking state.
If subsequent BPDUs are not received, the port remains in the forwarding state.
Edge port with safeguard configured (ExtremeXOS 11.5 and 11.4 only):
The port sends BPDUs.
When configured for MSTP, the port runs a partial state machine.
If BPDUs are received, the port enters the blocking state.
If subsequent BPDUs are not received, the port attempts to enter the forwarding state.
Edge port running 802.1D-2004 with safeguard enabled:
The port sends BPDUs.
The port runs a state machine.
If BPDUs are received, the port behaves as a normal RSTP port by entering the forwarding state
and participating in RSTP.
If subsequent BPDUs are not received, the port attempts to become the edge port again.
Edge port with safeguard prevents accidental or deliberate misconfigurations (loops) by having edge
ports enter the blocking state upon receiving a BPDU. The 802.1D-2004 standard implements a bridge
detection mechanism that causes an edge port to transition to a non-edge port upon receiving a BPDU;
however, if the former edge port does not receive any subsequent BPDUs during a pre-determined
interval, the port attempts to become an edge port.
Layer 2 Protocols
92
STP
If an 802.1D-2004 compliant safeguard port (edge port) connects to an 802.1D-1998 compliant edge
port with safeguard configured, the old safeguard port enters the blocking state. Although the new
safeguard port becomes a designated port, the link is not complete (and thus no loop is formed)
because one side of the link is blocked.
Restricted Role
In a large metro environment, to prevent external bridges from influencing the spanning tree active
topology, the following commands have been introduced for Rapid Spanning Tree Protocol (RSTP) and
Multiple Spanning Tree Protocol (MSTP).
configure stpd stpd_name ports restricted-role enable port_list
This command enables restricted role on a specified port in the core network to prevent external
bridges from influencing the spanning tree active topology.
Restricted role should not be enabled with edge mode.
stpd_nameSpecifies an STPD name on the switch.
port_listSpecifies one or more ports or slots and ports.
Enabling restricted role causes a port to not be selected as a root port, even if it has the best
spanning tree priority vector. Such a port is selected as an alternate port after the root port is
selected. The restricted role is disabled by default. If set, it can cause a lack of spanning tree
connectivity.
A network administrator enables restricted role to prevent external bridges from influencing the
spanning tree active topology.
configure stpd stpd_name ports restricted-role disable port_list
This command disables restricted role on a specified port in the core network.
stpd_nameSpecifies an STPD name on the switch.
port_listSpecifies one or more ports or slots and ports.
Restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. A
network administrator enables restricted role to prevent external bridges from influencing the
spanning tree active topology.
BPDU Restrict on Edge Safeguard

BPDU restrict causes a port on which this feature is configured to be disabled as soon as an STP BPDU
is received on that port, thus allowing you to enforce the STP domain borders and keep the active
topology predictable.
The following figure shows a BPDU restrict example.
Layer 2 Protocols
93
STP
Figure 26: BPDU Restrict

In this figure, loops on the LAN access switches are not prevented since the ports towards the
distribution switches are not running STP but Software Redundant Ports (SRP). Currently, ExtremeXOS
software cannot run STP on ports that are configured for SRP. STP on the access switch is unaware of
the alternate path and therefore cannot prevent the loop that exists across the switches. Configuring a
port as an edge mode port alone cannot prevent the loop between the switches because edge ports
never send BPDUs. The edge safeguard feature is not able to prevent the loops because STP does not
have the information about the alternate path.
To prevent the loops across the switches, the edge safeguard feature can be configured with the BPDU
restrict function. When running in BPDU restrict mode, edge safeguard ports send STP BPDUs at a rate
of one very two seconds. The port is disabled as soon as an STP BPDU is received on the BPDU restrict
port, thereby preventing the loop. Flexibility is provided with an option to re-enable the port after a
user specified time period. If a user enables a port while STP has disabled it, the port is operationally
enabled; STP is notified and then stops any recovery timeout that has started.
When an STPD is disabled for a BPDU restrict configured port, an STP port in 802.1D operation mode
begins forwarding immediately, but in the RSTP or MSTP operation modes, the port remains in the
disabled state.
BPDU restrict is available on all of the three operational modes of STP: 802.1D, RSTP, and MSTP.
Although edge safeguard is not available in 802.1D operation mode, when you configure BPDU restrict
you do so in a similar way, that is, as an extension of edge safeguard; then only BPDU restrict is
available on the port and not edge safeguard.
To configure BPDU restrict, use the command:
configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdurestrict} {recovery-timeout {seconds}}
BPDU restrict can also be configured by using the following commands:
configure {stpd} stpd_name ports bpdu-restrict [enable | disable] port_list

{recovery-timeout {seconds}}
configure stpd stpd_name ports link-type [[auto | broadcast | point-topoint] port_list | edge port_list {edge-safeguard [enable | disable] {bpdurestrict} {recovery-timeout seconds}}]
Layer 2 Protocols
94
STP
To include BPDU restrict functionality when configuring link types or edge safeguard, see Configuring
Link Types on page 114 and Configuring Edge Safeguard on page 114.
The example below shows a BPDU restrict configuration:
* switch # configure s1 ports edge-safeguard enable 9 bpdu-restrict recoverytimeout 400.
The following is sample output from the show s1 ports command resulting from the configuration:
switch # show s1 ports
Port
Mode
State
Cost Flags
Priority Port ID Designated Bridge
9
EMISTP FORWARDING 20000 eDee-w-G-- 128
8009
80:00:00:04:96:26:5f:4e
Total Ports: 1
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
8:
G = edgeport safe guard bpdu restrict active in 802.1w and
mstp
g = edgeport safe guard bpdu restrict active in 802.1d
9:
B = Boundary, I = Internal
10:
r = Restricted Role
switch # show configuration stp
#
# Module stp configuration.
#
configure mstp region 000496265f4e
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
create stpd s1
configure stpd s1 mode dot1w
enable stpd s0 auto-bind vlan Default
configure stpd s1 add vlan v1 ports 9 emistp
configure stpd s1 ports mode emistp 9
configure stpd s1 ports cost auto 9
configure stpd s1 ports port-priority 128 9
configure stpd s1 ports link-type edge 9
configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400
configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400
enable stpd s1 ports 9
configure stpd s1 tag 10
enable stpd s1
Layer 2 Protocols
95
STP
The following is sample output for STP operation mode dot1d from the show configuration stp
command:
switch # show configuration stp
#
# Module stp configuration.
#
configure mstp region region2
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
create stpd s1
enable stpd s0 auto-bind vlan Default
configure stpd s1 add vlan v1 ports 9 emistp
configure stpd s1 ports mode emistp 9
configure stpd s1 ports cost auto 9
configure stpd s1 ports priority 16 9
configure stpd s1 ports link-type edge 9
configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400
configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400
enable stpd s1 ports 9
enable stpd s1
Span Tree Domains

The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent
Spanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). Each
STPD has its own root bridge and active path. After an STPD is created, one or more VLANs can be
assigned to it.
A physical port can belong to multiple STPDs. In addition, a VLAN can span multiple STPDs.
The key points to remember when configuring VLANs and STP are:
Each VLAN forms an independent broadcast domain.

STP blocks paths to create a loop-free environment.
Within any given STPD, all VLANs belonging to it use the same spanning tree.
To create an STPD, use the command:
To delete an STPD, use the command:
create stpd stpd_name {description stpd-description}
delete stpd stpd_name
User-created STPD names are not case-sensitive.

For detailed information about configuring STP and various STP parameters on the switch, see
Configure STP on the Switch on page 137.
Layer 2 Protocols
96
STP
Member VLANs
When you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types of
member VLANs in an STPD are:
Carrier
Protected
Carrier VLAN
A carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belong
to the STPD and if configured, the 802.1Q tag used to transport Extreme Multiple Instance Spanning
Tree Protocol (EMISTP) or Per VLAN Spanning Tree (PVST+) encapsulated bridge protocol data units
(BPDUs).
See Encapsulation Modes on page 99 for more information about encapsulating STP BPDUs.
Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside the control
of any STPD at the same time.
If you configure EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrier VLAN in
that STPD. See Specifying the Carrier VLAN on page 98 for an example.
If you have an 802.1D configuration, we recommend that you configure the StpdID to be identical to the
VLAN ID of the carrier VLAN in that STPD. See Basic 802.1D Configuration Example on page 140 for an
example.
If you configure Multiple Spanning Tree (MSTPIEEE 802.1Q-2003, formerly IEEE 802.1s), you do not
need carrier VLANs for MSTP operation. With MSTP, you configure a Common and Internal Spanning
Tree (CIST) that controls the connectivity of interconnecting MSTP regions and sends BPDUs across the
regions to communicate the status of MSTP regions. All VLANs participating in the MSTP region have
the same privileges. For more information about MSTP, see Multiple Spanning Tree Protocol on page
123.
Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD.
These VLANs piggyback on the carrier VLAN. Protected VLANs do not transmit or receive STP
BPDUs, but they are affected by STP state changes and inherit the state of the carrier VLAN. Protected
VLANs can participate in multiple STPDs, but any particular port in the VLAN can belong to only one
STPD. Also known as non-carrier VLANs.
If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs do
not transmit or receive STP BPDUs, but they are affected by STP state changes communicated by the
CIST to the MSTP regions. Multiple spanning tree instances (MSTIs) cannot share the same protected
VLAN; however, any port in a protected VLAN can belong to multiple MSTIs. For more information
about MSTP, see Multiple Spanning Tree Protocol on page 123.
Layer 2 Protocols
97
STP
Specifying the Carrier VLAN

The following example:
Creates and enables an STPD named s8.

Creates a carrier VLAN named v5.
Assigns VLAN v5 to STPD s8.
Creates the same tag ID for the VLAN and the STPD (the carrier VLANs ID must be identical to the
STPDs ID).
create vlan v5
configure vlan
configure vlan
create stpd s8
configure stpd
configure stpd
enable stpd s8
v5 tag 100
v5 add ports 1:1-1:20 tagged
s8 add vlan v5 ports all emistp
s8 tag 100
Notice how the tag number for the VLAN v5 (100) is identical to the tag for STPD s8. By using identical
tags, you have selected the carrier VLAN. The carrier VLAN's ID is now identical to the STPD's ID.
STPD Modes
An STPD has three modes of operation:
802.1D mode
Use this mode for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1D. When configured in this mode, all rapid
configuration mechanisms are disabled.
802.1w mode
Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode, all
rapid configuration mechanisms are enabled. The benefit of this mode is available on point-to-point
links only and when the peer is likewise configured in 802.1w mode. If you do not select point-topoint links and the peer is not configured for 802.1w mode, the STPD fails back to 802.1D mode.
You can enable or disable RSTP on a per STPD basis only; you cannot enable RSTP on a per port
basis.
For more information about RSTP and RSTP features, see Rapid Spanning Tree Protocol on page
112.
MSTP mode
Use this mode for compatibility with MSTP. MSTP is an extension of RSTP and offers the benefit of
better scaling with fast convergence. When configured in this mode, all rapid configuration
mechanisms are enabled. The benefit of MSTP is available only on point-to-point links and when you
configure the peer in MSTP or 802.1w mode. If you do not select point-to-point links and the peer is
not configured in 802.1w mode, the STPD fails back to 802.1D mode.
Layer 2 Protocols
98
STP
You must first configure a CIST before configuring any MSTIs in the region. You cannot delete or
disable a CIST if any of the MSTIs are active in the system.
You can create only one MSTP region on the switch, and all switches that participate in the region
must have the same regional configurations. You can enable or disable an MSTP on a per STPD basis
only; you cannot enable MSTP on a per port basis.
If configured in MSTP mode, an STPD uses the 802.1D BPDU encapsulation mode by default. To
ensure correct operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation
mode for MSTP STPDs.
For more information about MSTP and MSTP features, see Multiple Spanning Tree Protocol on page
123.
By default:
The STPD operates in 802.1D mode.

The default device configuration contains a single STPD called s0.
The default VLAN is a member of STPD s0 with autobind enabled.
To configure the mode of operation of an STPD, use the following command:

configure stpd stpd_name mode [dot1d | dot1w | mstp [cist | msti instance]]
All STP parameters default to the IEEE 802.1D values, as appropriate.
Encapsulation Modes
You can configure ports within an STPD to accept specific BPDU encapsulations.
This STP port encapsulation is separate from the STP mode of operation. For example, you can
configure a port to accept the PVST+ BPDU encapsulation while running in 802.1D mode.
An STP port has three possible encapsulation modes:
802.1D mode
third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. Because
of this, any given physical interface can have only one STPD running in 802.1D mode.
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode
EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physical
port to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significant
flexibility to STP network design. BPDUs are sent with an 802.1Q tag having an STPD instance
Identifier (STPD ID) in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
Per VLAN Spanning Tree (PVST+) mode
Layer 2 Protocols
99
STP
This mode implements PVST+ in compatibility with third-party switches running this version of STP.
The STPDs running in this mode have a one-to-one relationship with VLANs and send and process
packets in PVST+ format.
These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs to
multiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run in
different modes for different domains to which it belongs.
If configured in MSTP mode, an STPD uses the 802.1D BPDU encapsulation mode by default. To ensure
correct operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for
MSTP STPDs.
To configure the BPDU encapsulation mode for one or more STP ports, use the command:
configure stpd stpd_name ports mode [dot1d | emistp | pvst-plus] port_list
To configure the default BPDU encapsulation mode on a per STPD basis, use the command:
configure stpd stpd_name default-encapsulation [dot1d | emistp | pvst-plus]

Instead of accepting the default encapsulation modes of dot1d for the default STPD s0 and emistp for
all other STPDs, this command allows you to specify the type of BPDU encapsulation to use for all ports
added to the STPD (if not otherwise specified).
STPD Identifier
An StpdID is used to identify each STP domain.
When assigning the StpdID when configuring the domain, ensure that the carrier VLAN of that STPD
does not belong to another STPD. Unless all ports are running in 802.1D mode, an STPD with ports
running in either EMISTP mode or PVST+ mode must be configured with an StpdID.
An StpdID must be identical to the VLAN ID of the carrier VLAN in that STP domain. For an 802.1D
STPD, the VLAN ID can be either a user-defined ID or one automatically assigned by the switch.
Note
If an STPD contains at least one port not in 802.1D mode, you must configure the STPD with
an StpdID.
MSTP uses two different methods to identify the STPDs that are part of the MSTP network. An instance
ID of 0 identifies the CIST. The switch assigns this ID automatically when you configure the CIST STPD.
An MSTI identifier (MSTI ID) identifies each STP domain that is part of an MSTP region. You assign the
MSTI ID when configuring the STPD that participates in the MSTP region. In an MSTP region, MSTI IDs
only have local significance. You can reuse MSTI IDs across MSTP regions. For more information about
MSTP and MSTP features, see Multiple Spanning Tree Protocol on page 123.
STP States
Each port that belongs to a member VLAN participating in STP exists in one of the following states:
Layer 2 Protocols
100
STP
Blocking
A port in the blocking state does not accept ingress traffic, perform traffic forwarding, or learn MAC
source addresses. The port receives STP BPDUs. During STP initialization, the switch always enters
the blocking state.
Listening
A port in the listening state does not accept ingress traffic, perform traffic forwarding, or learn MAC
source addresses. The port receives STP BPDUs. This is the first transitional state a port enters after
being in the blocking state. The bridge listens for BPDUs from neighboring bridge(s) to determine
whether the port should or should not be blocked.
Learning
A port in the learning state does not accept ingress traffic or perform traffic forwarding, but it begins
to learn MAC source addresses. The port also receives and processes STP BPDUs. This is the second
transitional state after listening. From learning, the port will change to either blocking or forwarding.
Forwarding A port in the forwarding state accepts ingress traffic, learns new MAC source addresses, forwards
traffic, and receives and processes STP BPDUs.
Disabled
A port in the disabled state does not participate in STP; however, it will forward traffic and learn new
MAC source addresses.
Binding Ports
There are two ways to bind (add) ports to an STPD: manually and automatically. By default, ports are
manually added to an STPD.
Note
The default VLAN and STPD S0 are already on the switch.
Manually Binding Ports
To manually bind ports, use the commands:

configure stpd stpd_name add vlan vlan_name ports [all | port_list] {[dot1d |
emistp | pvst-plus]}
configure vlan vlan_name add ports [all | port_list] {tagged {tag} | untagged}
stpd stpd_name {[dot1d | emistp | pvst-plus]}
The first command adds all ports or a list of ports within the specified VLAN to an STPD. For EMISTP
and PVST+, the carrier VLAN must already exist on the same set of ports. The second command
adds all ports or a list of ports to the specified VLAN and STPD at the same time. If the ports are
added to the VLAN but not to the STPD, the ports remain in the VLAN.
For EMISTP and PVST+, if the specified VLAN is not the carrier VLAN and the specified ports are not
bound to the carrier VLAN, the system displays an error message. If you configure MSTP on your
switch, MSTP does not need carrier VLANs.
Note
The carrier VLAN's ID must be identical to the ID of the STP domain.
If you add a protected VLAN or port, that addition inherits the carrier VLANs encapsulation mode,
unless you specify the encapsulation mode when you execute the configure stpd add vlan
or configure vlan add ports stpd commands. If you specify an encapsulation mode
(dot1d, emistp, or pvst-plus), the STP port mode is changed to match; otherwise, the STP port
inherits either the carrier VLANs encapsulation mode on that port or the STPDs default
encapsulation mode.
Layer 2 Protocols
101
STP
For MSTP, you do not need carrier a VLAN. A CIST controls the connectivity of interconnecting
MSTP regions and sends BPDUs across the regions to communicate region status. You must use the
dot1d encapsulation mode in an MSTP environment. For more information about MSTP, see the
section Multiple Spanning Tree Protocol on page 123.
To remove ports, use the command:
configure stpd stpd_name delete vlan vlan_name ports [all | port_list]
If you manually delete a protected VLAN or port, only that VLAN or port is removed. If you manually
delete a carrier VLAN or port, all VLANs on that port (both carrier and protected) are deleted from
that STPD.
To learn more about member VLANs, see Member VLANs on page 97. For more detailed information
about these command line interface (CLI) commands, see the ExtremeXOS Command Reference Guide.
Automatically Binding Ports
To automatically bind ports to an STPD when the ports are added to a VLAN, use the command:
enable stpd stpd_name auto-bind vlan vlan_name
The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the
default VLAN that participates in the default STPD S0.
For EMISTP or PVST+, when you issue this command, any port or list of ports that you add to the
carrier VLAN are automatically added to the STPD with autobind enabled. In addition, any port or
list of ports that you remove from a carrier VLAN are automatically removed from the STPD. This
feature allows the STPD to increase or decrease its span as ports are added to or removed from a
carrier VLAN.
Note
The carrier VLAN's ID must be identical to the ID of the STP domain.
Enabling autobind on a protected VLAN does not expand the boundary of the STPD.
If the same set of ports are members of the protected VLAN and the carrier VLAN, protected
VLANs are aware of STP state changes. For example, assume you have the following scenario:
Carrier VLAN named v1

v1 contains ports 3:1-3:2
Protected VLAN named v2
v2 contains ports 3:1-3:4
Since v1 contains ports 3:1-3:2, v2 is aware only of the STP changes for ports 3:1 and 3:2, respectively.
Ports 3:3 and 3:4 are not part of the STPD, which is why v2 is not aware of any STP changes for
those ports.
In addition, enabling autobind on a protected VLAN causes ports to be automatically added or
removed as the carrier VLAN changes.
For MSTP, when you issue this command, any port or list of ports that gets automatically added to
an MSTI are automatically inherited by the CIST. In addition, any port or list of ports that you remove
from an MSTI protected VLAN are automatically removed from the CIST. For more information, see
Automatically Inheriting Ports--MSTP Only on page 103.
Layer 2 Protocols
102
STP
To remove ports, enter the command:

If you manually delete a port from the STPD on a VLAN that has been added by autobind,
ExtremeXOS records the deletion so that the port does not get automatically added to the STPD
after a system restart.
To learn more about the member VLANs, see Member VLANs on page 97. For more detailed
information about these CLI commands, see the ExtremeXOS Command Reference Guide.
Automatically Inheriting Ports--MSTP Only
In an MSTP environment, whether you manually or automatically bind a port to an MSTI in an MSTP
region, the switch automatically binds that port to the CIST.
The CIST handles BPDU processing for itself and all of the MSTIs; therefore, the CIST must inherit ports
from the MSTIs in order to transmit and receive BPDUs. You can only delete ports from the CIST if it is
no longer a member of an MSTI.
For more information about MSTP, see Multiple Spanning Tree Protocol on page 123.
Rapid Root Failover

ExtremeXOS supports rapid root failover for faster STP failover recovery times in STP 802.1D mode. If
the active root port link goes down, ExtremeXOS recalculates STP and elects a new root port. The rapid
root failover feature allows the new root port to immediately begin forwarding, skipping the standard
listening and learning phases. Rapid root failover occurs only when the link goes down and not when
there is any other root port failure, such as missing BPDUs.
The default setting for this feature is disabled.
To enable rapid root failover, enter the command:

enable stpd stpd_name rapid-root-failover
To display the configuration, enter the command:

show stpd {stpd_name | detail}
STP and Hitless Failover--Modular Switches Only

When you install two management modules (MSM/MM) in a BlackDiamond chassis or you are using
redundancy in a SummitStack, one node assumes the role of primary and the other node assumes the
role of backup. The primary executes the switchs management functions, and the backup acts in a
standby role. Hitless failover transfers switch management control from the primary to the backup and
Layer 2 Protocols
103
STP
maintains the state of STP. STP supports hitless failover. You do not explicitly configure hitless failover
support; rather, if you have two nodes installed, hitless failover is available.
Note
Not all platforms support hitless failover in the same software release. To verify if the
software version you are running supports hitless failover, see the following table in
Managing the Switch. For more information about protocol, platform, and MSM/MM support
for hitless failover, see Understanding Hitless Failover Support.
To support hitless failover, the primary node replicates STP BPDUs to the backup, which allows the
nodes to run STP in parallel. Although both primary and backup node receive STP BPDUs, only the
primary transmits STP BPDUs to neighboring switches and participates in STP.
Note
Before initiating failover, review the section Synchronizing Nodes--Modular Switches and
SummitStack Only to confirm that both primary and backup nodes are running software that
supports the synchronize command.
To initiate hitless failover on a network that uses STP:
1
Confirm that the nodes are synchronized and have identical software and switch configurations
using the command:
show switch {detail}
The output displays the status of the primary and backup nodes, with the primary node showing
MASTER and the backup node showing BACKUP (InSync).
If the primary and backup nodes are not synchronized and both nodes are running a version of
ExtremeXOS that supports synchronization, proceed to 2 on page 104.
If the primary and backup nodes are synchronized, proceed to 3 on page 104.
2 If the primary and backup nodes are not synchronized, use the synchronize command to
replicate all saved images and configurations from the primary to the backup.
After you confirm the nodes are synchronized, proceed to 3 on page 104.
3 If the nodes are synchronized, use the run failover (formerly run msm-failover) command
to initiate failover.
For more detailed information about verifying the status of the primary and backup nodes, and system
redundancy, see Understanding System Redundancy. For more information about hitless failover, see
Understanding Hitless Failover Support.
STP Configurations
When you assign VLANs to an STPD, pay careful attention to the STP configuration and its effect on
the forwarding of VLAN traffic.
This section describes three types of STP configurations:
Basic STP
Multiple STPDs on a single port (which uses EMISTP)
Layer 2 Protocols
104
STP
A VLAN that spans multiple STPDs
Basic STP Configuration

This section describes a basic, 802.1D STP configuration. The following figure illustrates a network that
uses VLAN tagging for trunk connections.
The following four VLANs have been defined:
Sales is defined on switch A, switch B, and switch M.

Personnel is defined on switch A, switch B, and switch M.
Manufacturing is defined on switch Y, switch Z, and switch M.
Engineering is defined on switch Y, switch Z, and switch M.
Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M).
Two STPDs are defined:
STPD1 contains VLANs Sales and Personnel.

STPD2 contains VLANs Manufacturing and Engineering.
The carrier and protected VLANs are also defined:
Sales is the carrier VLAN on STPD1.

Personnel is a protected VLAN on STPD1.
Manufacturing is a protected VLAN on STPD2.
Engineering is the carrier VLAN on STPD2.
Marketing is a member of both STPD1 and STPD2 and is a protected VLAN.
Layer 2 Protocols
105
STP
Figure 27: Multiple STPDs

When the switches in this configuration boot-up, STP configures each STPD such that the topology
contains no active loops. STP could configure the topology in a number of ways to make it loop-free.
In the following figure, the connection between switch A and switch B is put into blocking state, and
the connection between switch Y and switch Z is put into blocking state. After STP converges, all the
VLANs can communicate, and all bridging loops are prevented.
The protected VLAN Marketing, which has been assigned to both STPD1 and STPD2, communicates
using all five switches. The topology has no loops, because STP has already blocked the port
connection between switch A and switch B and between switch Y and switch Z.
Within a single STPD, you must be extra careful when configuring your VLANs. The following figure
illustrates a network that has been incorrectly set up using a single STPD so that the STP configuration
disables the ability of the switches to forward VLAN traffic.
Layer 2 Protocols
106
STP
Figure 28: Incorrect Tag-Based STPD Configuration

The tag-based network in the following figure has the following configuration:
Switch 1 contains VLAN Marketing and VLAN Sales.

Switch 2 contains VLAN Engineering and VLAN Sales.
Switch 3 contains VLAN Marketing, VLAN Engineering, and VLAN Sales.
The tagged trunk connections for three switches form a triangular loop that is not permitted in an
STP topology.
All VLANs in each switch are members of the same STPD.
STP can block traffic between switch 1 and switch 3 by disabling the trunk ports for that connection on
each switch.
Switch 2 has no ports assigned to VLAN Marketing. Therefore, if the trunk for VLAN Marketing on
switches 1 and 3 is blocked, the traffic for VLAN Marketing will not be able to traverse the switches.
Note
If an STPD contains multiple VLANs, all VLANs should be configured on all ports in that
domain, except for ports that connect to hosts (edge ports).
Multiple STPDs on a Port

Traditional 802.1D STP has some inherent limitations when addressing networks that have multiple
VLANs and multiple STPDs.
For example, consider the sample depicted in the following figure.
Layer 2 Protocols
107
STP
Figure 29: Limitations of Traditional STPD

The two switches are connected by a pair of parallel links. Both switches run two VLANs, A and B. To
achieve load-balancing between the two links using the traditional approach, you would have to
associate A and B with two different STPDs, called S1 and S2, respectively, and make the left link carry
VLAN A traffic while the right link carries VLAN B traffic (or vice versa). If the right link fails, S2 is
broken and VLAN B traffic is disrupted.
To optimize the solution, you can use the Extreme Multiple Instance Spanning (EMISTP) mode, which
allows a port to belong to multiple STPDs. EMISTP adds significant flexibility to STP network design.
Referring to the figure above, using EMISTP, you can configure all four ports to belong to both VLANs.
Assuming that S1 and S2 still correspond to VLANs A and B respectively, you can fine-tune STP
parameters to make the left link active in S1 and blocking in S2, while the right link is active in S2 and
blocking in S1. Again, if the right link fails, the left link is elected active by the STP algorithm for S2,
without affecting normal switching of data traffic.
Using EMISTP, an STPD becomes more of an abstract concept. The STPD does not necessarily
correspond to a physical domain; it is better regarded as a vehicle to carry VLANs that have STP
instances. Because VLANs can overlap, so do STPDs. However, even if the different STPDs share the
entire topology or part of the redundant topology, the STPDs react to topology change events in an
independent fashion.
VLANs Spanning Multiple STPDs

Traditionally, the mapping from VLANs to STP instances have been one-to-one or many-to-one.
In both cases, a VLAN is wholly contained in a single instance. In practical deployment there are cases
in which a one-to-many mapping is desirable. In a typical large enterprise network, for example, VLANs
span multiple sites and/or buildings. Each site represents a redundant looped area. However, between
any two sites the topology is usually very simple.
Alternatively, the same VLAN may span multiple large geographical areas (because they belong to the
same enterprise) and may traverse a great many nodes.
Layer 2 Protocols
108
STP
In this case, it is desirable to have multiple STP domains operating in a single VLAN, one for each
looped area.
The justifications include the following:
The complexity of the STP algorithm increases, and performance drops, with the size and
complexity of the network. The 802.1D standard specifies a maximum network diameter of seven
hops. By segregating a big VLAN into multiple STPDs, you reduce complexity and enhance
performance.
Local to each site, there may be other smaller VLANs that share the same redundant looped area
with the large VLAN. Some STPDs must be created to protect those VLANs. The ability to partition
VLANs allows the large VLAN to be "piggybacked" in those STPDs in a site-specific fashion.
The following figure has five domains. VLANs green, blue, brown, and yellow are local to each domain.
VLAN red spans all of the four domains. Using a VLAN that spans multiple STPDS, you do not have to
create a separate domain for VLAN red. Instead, VLAN red is piggybacked onto those domains local
to other VLANs.
Figure 30: VLANs Spanning Multiple STPDs

In addition, the configuration in the figure has these features:
Each site can be administered by a different organization or department within the enterprise.
Having a site-specific STP implementation makes the administration more flexible and convenient.
Between the sites the connections usually traverse distribution switches in ways that are known
beforehand to be safe with STP. In other words, the looped areas are already well defined.
EMISTP Deployment Constraints

Although EMISTP greatly enhances STP capability, these features must deployed with care.
This section describes configuration issues that, if not followed, could lead to an improper deployment
of EMISTP. This section also provides the following restrictive principles to abide by in network design:
Although a physical port can belong to multiple STPDs, any VLAN on that port can be in only one
domain. Put another way, a VLAN cannot belong to two STPDs on the same physical port.
Although a VLAN can span multiple domains, any LAN segment in that VLAN must be in the same
STPD. VLANs traverse STPDs only inside switches, not across links. On a single switch, however,
Layer 2 Protocols
109
STP
bridge ports for the same VLAN can be assigned to different STPDs. This scenario is illustrated in
the following figure.
Figure 31: VLANs Traverse Domains Inside Switches
The VLAN partition feature is deployed under the premise that the overall inter-domain topology
for that VLAN is loop-free. Consider the case in the following figure, VLAN red (the only VLAN in the
figure) spans STPDs 1, 2, and 3. Inside each domain, STP produces a loop-free topology. However,
VLAN red is still looped, because the three domains form a ring among themselves.
Layer 2 Protocols
110
STP
Figure 32: Looped VLAN Topology
A necessary (but not sufficient) condition for a loop-free inter-domain topology is that every two
domains only meet at a single crossing point.
Note
You can use MSTP to overcome the EMISTP constraints described in this section.
Per VLAN Spanning Tree

Switching products that implement Per VLAN Spanning Tree (PVST) have been in existence for many
years and are widely deployed.
To support STP configurations that use PVST, ExtremeXOS has an operational mode called PVST+.
Note
In this document, PVST and PVST+ are used interchangeably. PVST+ is an enhanced version
of PVST that is interoperable with 802.1Q STP. The following discussions are in regard to
PVST+, if not specifically mentioned.
STPD VLAN Mapping

Each VLAN participating in PVST+ must be in a separate STPD, and the VLAN number (VLAN ID) must
be the same as the STPD identifier (STPD ID).
As a result, PVST+ protected VLANs cannot be partitioned.
Layer 2 Protocols
111
STP
This fact does not exclude other non-PVST+ protected VLANs from being grouped into the same STPD.
A protected PVST+ VLAN can be joined by multiple non-PVST+ protected VLANs to be in the same
STPD.
Note
When PVST+ is used to interoperate with other networking devices, each VLAN participating
in PVST+ must be in a separate STP domain.
Native VLAN
In PVST+, the native VLAN must be peered with the default VLAN on Extreme Networks devices, as
both are the only VLANs allowed to send and receive untagged packets on the physical port.
Third-party PVST+ devices send VLAN 1 packets in a special manner. ExtremeXOS does not support
PVST+ for VLAN 1. Therefore, when the switch receives a packet for VLAN 1, the packet is dropped.
When a PVST+ instance is disabled, the fact that PVST+ uses a different packet format raises an issue. If
the STPD also contains ports not in PVST+ mode, the flooded packet has an incompatible format with
those ports. The packet is not recognized by the devices connected to those ports.
Rapid Spanning Tree Protocol

The Rapid Spanning Tree Protocol (RSTP), originally in the IEEE 802.1w standard and now part of the
IEEE 802.1D-2004 standard, provides an enhanced spanning tree algorithm that improves the
convergence speed of bridged networks.
RSTP takes advantage of point-to-point links in the network and actively confirms that a port can safely
transition to the forwarding state without relying on any timer configurations. If a network topology
change or failure occurs, RSTP rapidly recovers network connectivity by confirming the change locally
before propagating that change to other devices across the network. For broadcast links, there is no
difference in convergence time between STP and RSTP.
RSTP supersedes legacy STP protocols, supports the existing STP parameters and configurations, and
allows for seamless interoperability with legacy STP.
RSTP Concepts
Port Roles
RSTP uses information from BPDUs to assign port roles for each LAN segment. Port roles are not userconfigurable. Port role assignments are determined based on the following criteria:
A unique bridge identifier (MAC address) associated with each bridge

The path cost associated with each bridge port
A port identifier associated with each bridge port
Layer 2 Protocols
112
STP
RSTP assigns one of the following port roles to bridge ports in the network, as described in the
following table.
Table 5: RSTP Port Roles
Port Role
Description
Root
Provides the shortest (lowest) path cost to the root bridge. Each bridge has only one root port;
the root bridge does not have a root port. If a bridge has two or more ports with the same path
cost, the port with the best port identifier (lowest MAC address) becomes the root port.
Designated
Provides the shortest path connection to the root bridge for the attached LAN segment. To
prevent loops in the network, there is only one designated port on each LAN segment. To select
the designated port, all bridges that are connected to a particular segment listen to each others
BPDUs and agree on the bridge sending the best BPDU. The corresponding port on that bridge
becomes the designated port. If there are two or more ports connected to the LAN, the port with
the best port identifier becomes the designated port.
Alternate
Provides an alternate path to the root bridge and the root port.
Backup
Supports the designated port on the same attached LAN segment. Backup ports exist only when
the bridge is connected as a self-loop or to a shared-media segment.
Disabled
A port in the disabled state does not participate in RSTP; however, it will forward traffic and learn
new MAC source addresses.
When RSTP stabilizes:
All root ports and designated ports are in the forwarding state.
All alternate ports and backup ports are in the blocking state.
RSTP makes the distinction between the alternate and backup port roles to describe the rapid
transition of the alternate port to the forwarding state if the root port fails.
To prevent a port from becoming an alternate or backup port, use the command:
configure stpd stpd_name ports active-role enable port .
To revert to the default that allows a port to be elected to any STP port role, use the command:
configure stpd stpd_name ports active-role disable port
To view the active-role status, use teh command: show stpd ports
Link Types
With RSTP, you can configure the link type of a port in an STPD.
RSTP tries to rapidly move designated point-to-point links into the forwarding state when a network
topology change or failure occurs. For rapid convergence to occur, the port must be configured as a
point-to-point link.
The following table describes the link types.
Layer 2 Protocols
113
STP
Table 6: RSTP Link Types

Port Link Type
Description
Auto
Specifies the switch to automatically determine the port link type. An auto link behaves like a
point-to-point link if the link is in full-duplex mode or if link aggregation is enabled on the port.
Otherwise, the link behaves like a broadcast link used for 802.1w configurations.
Edge
Specifies a port that does not have a bridge attached. An edge port is held in the STP
forwarding state unless a BPDU is received by the port. In that case, the port behaves as a
normal RSTP port. The port is no longer considered an edge port. If the port does not receive
subsequent BPDUs during a pre-determined time, the port attempts to become an edge port.
ExtremeXOS 11.5 or earlierAn edge port is placed and held in the STP forwarding state unless
a BPDU is received by the port. In that case, an edge port enters and remains in the blocking
state until it stops receiving BPDUs and the message age timer expires.
Broadcast
Specifies a port attached to a LAN segment with more than two bridges. A port with a
broadcast link type cannot participate in rapid reconfiguration using RSTP or MSTP. By default,
all ports are broadcast links.
Point-to-point
Specifies a port attached to a LAN segment with only two bridges. A port with point-to-point
link type can participate in rapid reconfiguration. Used for 802.1w and MSTP configurations.
Configuring Link Types
By default, all ports are broadcast links.

To configure the ports in an STPD, enter the command:.
configure stpd stpd_name ports link-type [[auto | broadcast | point-to-point]
port_list | edge port_list {edge-safeguard [enable | disable] {bpdu-restrict}
{recovery-timeout seconds}}]
Where the following is true:

autoConfigures the ports as auto links. If the link is in full-duplex mode or if link aggregation is
enabled on the port, an auto link behaves like a point-to-point link.
broadcastConfigures the ports as broadcast ports. By default, all ports are broadcast links.
point-to-pointConfigures the ports for rapid reconfiguration in an RSTP or MSTP environment.
edgeConfigures the ports as edge ports. For information about edge safeguard, see
Configuring Edge Safeguard on page 114.
To change the existing configuration of a port in an STPD, and return the port to factory defaults,
enter the command:
unconfigure stpd stpd_name ports link-type port_list
To display detailed information about the ports in an STPD, enter the command:
show {stpd} stpd_name ports {[detail | port_list {detail}]}
Configuring Edge Safeguard
Loop prevention and detection on an edge port configured for RSTP is called edge safeguard. You can
configure edge safeguard on RSTP edge ports to prevent accidental or deliberate misconfigurations
(loops) resulting from connecting two edge ports together or by connecting a hub or other non-STP
switch to an edge port. Edge safeguard also limits the impact of broadcast storms that might occur on
edge ports. This advanced loop prevention mechanism improves network resiliency but does not
interfere with the rapid convergence of edge ports.
Layer 2 Protocols
114
STP
An edge port configured with edge safeguard immediately enters the forwarding state and transmits
BPDUs. If a loop is detected, STP blocks the port. By default, an edge port without edge safeguard
configured immediately enters the forwarding state but does not transmit BPDUs unless a BPDU is
received by that edge port.
You can also configure edge safeguard for loop prevention and detection on an MSTP edge port.
To configure an edge port and enable edge safeguard on that port, use the command:
If you have already configured a port as an edge port and you want to enable edge safeguard on
the port, use the following command:
configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdurestrict} {recovery-timeout {seconds}}
To disable edge safeguard on an edge port, enter the command:

configure {stpd} stpd_name ports edge-safeguard disable port_list {bpdurestrict} {recovery-timeout {seconds}}
In ExtremeXOS 11.5 and earlier, ports that connect to non-STP devices are edge ports. Edge ports do
not participate in RSTP, and their role is not confirmed. Edge ports immediately enter the forwarding
state unless the port receives a BPDU. In that case, edge ports enter the blocking state. The edge port
remains in the blocking state until it stops receiving BPDUs and the message age timer expires.
ExtremeXOS 11.6 and later support an enhanced bridge detection method, which is part of the
802.1D-2004 standard. Ports that connect to non-STP devices are still considered edge ports. However,
if you have an 802.1D-2004 compliant edge port, the bridge detection mechanism causes the edge
port to transition to a non-edge port upon receiving a BPDU. If the former edge port does not receive a
subsequent BPDU during a pre-determined interval, the port attempts to become an edge port.
In ExtremeXOS 12.0.3 and 12.1.4 onwards, STP edge safeguard disables a port when a remote loop is
detected. ExtremeXOS versions prior to 12.0.3 and 12.1.4 place the port in blocking mode. The change
was made because BPDUs are still processed when a port is in a blocking state. A remote loop causes
BPDUs to be exponentially duplicated which caused high CPU utilization on the switch even though the
port was transitioned to a blocked state.
RSTP Timers
For RSTP to rapidly recover network connectivity, RSTP requires timer expiration. RSTP derives many
of the timer values from the existing configured STP timers to meet its rapid recovery requirements
rather than relying on additional timer configurations.
Table 7: User-Configurable Timers on page 116 describes the user-configurable timers, and the Table 8:
Derived Timers on page 116 describes the timers that are derived from other timers and are not user
configurable.
Layer 2 Protocols
115
STP
Table 7: User-Configurable Timers

Timer
Description
Hello
The root bridge uses the hello timer to send out configuration BPDUs through all of
its forwarding ports at a predetermined, regular time interval. The default value is 2
seconds. The range is 1 to 10 seconds.
Forward delay
A port moving from the blocking state to the forwarding state uses the forward
delay timer to transition through the listening and learning states. In RSTP, this timer
complements the rapid configuration behavior. If none of the rapid rules are in effect,
the port uses legacy STP rules to move to the forwarding state. The default is 15
seconds. The range is 4 to 30 seconds.
Table 8: Derived Timers

Timer
Description
TCN
The root port uses the topology change notification (TCN) timer when it detects a
change in the network topology. The TCN timer stops when the topology change
timer expires or upon receipt of a topology change acknowledgement. The default
value is the same as the value for the bridge hello timer.
Topology change
The topology change timer determines the total time it takes the forwarding ports to
send configuration BPDUs. The default value for the topology change timer depends
upon the mode of the port:
802.1D modeThe sum of the forward delay timer value (default value is 15 seconds;
range of 4 to 30 seconds) and the maximum age timer value (default value is 20
seconds; range of 6 to 40 seconds).
802.1w modeDouble the hello timer value (default value is 4 seconds).
Message age
A port uses the message age timer to time out receiving BPDUs. When a port
receives a superior or equal BPDU, the timer restarts. When the timer expires, the
port becomes a designated port and a configuration update occurs. If the bridge
operates in 1w mode and receives an inferior BPDU, the timer expires early. The
default value is the same as the STPD bridge max age parameter.
Hold
A port uses the hold timer to restrict the rate that successive BPDUs can be sent. The
default value is the same as the value for the bridge hello timer.
Recent backup
The timer starts when a port leaves the backup role. When this timer is running, the
port cannot become a root port. The default value is double the hello time (4
seconds).
Recent root
The timer starts when a port leaves the root port role. When this timer is running,
another port cannot become a root port unless the associated port is put into the
blocking state. The default value is the same as the forward delay time.
The protocol migration timer is neither user-configurable nor derived; it has a set value of 3 seconds.
The timer starts when a port transitions from STP (802.1D) mode to RSTP (802.1w) mode and viceversa. This timer must expire before further mode transitions can occur.
RSTP Operation
In an RSTP environment, a point-to-point link LAN segment has two bridges.
Layer 2 Protocols
116
STP
A switch that considers itself the unique, designated bridge for the attached LAN segment sends a
propose message to the other bridge to request a confirmation of its role. The other bridge on that
LAN segment replies with an agree message if it agrees with the proposal. The receiving bridge
immediately moves its designated port into the forwarding state.
Before a bridge replies with an agree message, it reverts all of its designated ports into the blocking
state. This introduces a temporary partition into the network. The bridge then sends another propose
message on all of its designated ports for further confirmation. Because all of the connections are
blocked, the bridge immediately sends an agree message to unblock the proposing port without
having to wait for further confirmations to come back or without the worry of temporary loops.
Beginning with the root bridge, each bridge in the network engages in the exchange of propose and
agree messages until they reach the edge ports. Edge ports connect to non-STP devices and do not
participate in RSTP. Their role does not need to be confirmed. If you have an 802.1D-2004 compliant
edge port, the bridge detection mechanism causes the edge port to transition to a non-edge port upon
receiving a BPDU. If the former edge port does not receive a subsequent BPDU during a predetermined interval, the port attempts to become an edge port.
RSTP attempts to transition root ports and designated ports to the forwarding state and alternate ports
and backup ports to the blocking state as rapidly as possible.
A port transitions to the forwarding state if any of the port:
Has been in either a root or designated port role long enough that the spanning tree information
supporting this role assignment has reached all of the bridges in the network;
Note
RSTP is backward-compatible with STP, so if a port does not move to the forwarding
state with any of the RSTP rapid transition rules, a forward delay timer starts and STP
behavior takes over.
Is now a root port and no other ports have a recent role assignment that contradicts with its root
port role;
Is a designated port and attaches to another bridge by a point-to-point link and receives an agree
message from the other bridge port; or
Is an edge port. An edge port is a port connected to a non-STP device and is in the forwarding state.
The following sections provide more information about RSTP behavior.

Root Port Rapid Behavior
In the following figure, the diagram on the left displays the initial network topology with a single bridge
having the following:
Two ports are connected to a shared LAN segment.

One port is the designated port.
One port is the backup port.
The diagram on the right displays a new bridge that:
Is connected to the LAN segment.

Has a superior STP bridge priority.
Layer 2 Protocols
117
STP
Becomes the root bridge and sends a BPDU to the LAN that is received by both ports on the old
bridge.
Figure 33: Example of Root Port Rapid Behavior

If the backup port receives the BPDU first, STP processes this packet and temporarily elects this port as
the new root port while the designated ports role remains unchanged. If the new root port is
immediately put into the forwarding state, there is a loop between these two ports.
To prevent this type of loop from occurring, the recent backup timer starts. The root port transition rule
does not allow a new root port to be in the forwarding state until the recent backup timer expires.
Another situation may arise if you have more than one bridge and you lower the port cost for the
alternate port, which makes it the new root port. The previous root port is now an alternate port.
Depending on your STP implementation, STP may set the new root port to the forwarding state before
setting the alternate port to the blocking state. This may cause a loop.
To prevent this type of loop from occurring, the recent root timer starts when the port leaves the root
port role. The timer stops if the port enters the blocking state. RSTP requires that the recent root timer
stop on the previous root port before the new root port can enter the forwarding state.
Designated Port Rapid Behavior
When a port becomes a new designated port, or the STP priority changes on an existing designated
port, the port becomes an unsynced designated port.
For an unsynced designated port to rapidly move into the forwarding state, the port must propose a
confirmation of its role on the attached LAN segment (unless the port is an edge port). Upon receiving
an agree message, the port immediately enters the forwarding state.
If the receiving bridge does not agree and it has a superior STP priority, the receiving bridge replies
with its own BPDU. Otherwise, the receiving bridge keeps silent, and the proposing port enters the
forwarding state and starts the forward delay timer.
The link between the new designated port and the LAN segment must be a point-to-point link. If there
is a multi-access link, the propose message is sent to multiple recipients. If only one of the recipients
Layer 2 Protocols
118
STP
agrees with the proposal, the port can erroneously enter the forwarding state after receiving a single
agree message.
Receiving Bridge Behavior
The receiving bridge must decide whether or not to accept a proposal from a port.
Upon receiving a proposal for a root port, the receiving bridge:
Processes the BPDU and computes the new STP topology.

Synchronizes all of the designated ports if the receiving port is the root port of the new topology.
Puts all unsynced, designated ports into the blocking state.
Sends down further propose messages.
Sends back an agree message through the root port.
If the receiving bridge receives a proposal for a designated port, the bridge replies with its own BPDU.
If the proposal is for an alternate or backup port, the bridge keeps silent.
Propagating Topology Change Information
When a change occurs in the topology of the network, such events are communicated through the
network.
In an RSTP environment, only non-edge ports entering the forwarding state cause a topology change.
A loss of network connectivity is not considered a topology change; however, a gain in network
connectivity must be communicated. When an RSTP bridge detects a topology change, that bridge
starts the topology change timer, sets the topology change flag on its BPDUs, floods all of the
forwarding ports in the network (including the root ports), and flushes the learned MAC address
entries.
Rapid Reconvergence
This section describes the RSTP rapid behavior following a topology change.
In this example, the bridge priorities are assigned based on the order of their alphabetical letters; bridge
A has a higher priority than bridge F.
Suppose you have a network, as shown in the following figure, with six bridges (bridge A through
bridge F) where the following is true:
Bridge A is the root bridge.

Bridge D contains an alternate port in the blocking state.
All other ports in the network are in the forwarding state.
Layer 2 Protocols
119
STP
Figure 34: Initial Network Configuration

The network reconverges in the following way:
If the link between bridge A and bridge F goes down, bridge F detects the root port is down. At this
point, bridge F:
Immediately disables that port from the STP.

Performs a configuration update.
As shown in the following figure, after the configuration update, bridge F:
Considers itself the new root bridge.

Sends a BPDU message on its designated port to bridge E.
Figure 35: Down Link Detected
Bridge E believes that bridge A is the root bridge. When bridge E receives the BPDU on its root port
from bridge F, bridge E:
Determines that it received an inferior BPDU.
Immediately begins the max age timer on its root port.
As shown in the following figure, after the configuration update, bridge E:
Regards itself as the new root bridge.

Sends BPDU messages on both of its designated ports to bridges F and D, respectively.
Layer 2 Protocols
120
STP
Figure 36: New Root Bridge Selected

As shown in the following figure, when bridge F receives the superior BPDU and configuration update
from bridge E, bridge F:
Decides that the receiving port is the root port.
Determines that bridge E is the root bridge.
Figure 37: Communicating New Root Bridge Status to Neighbors

Bridge D believes that bridge A is the root bridge. When bridge D receives the BPDU from bridge E on
its alternate port, bridge D:
Immediately begins the max age timer on its alternate port.
As shown in the following figure, after the configuration update, bridge D:
Moves the alternate port to a designated port.

Sends a propose message to bridge E to solicit confirmation of its designated role and to rapidly
move the port into the designated state.
Layer 2 Protocols
121
STP
Figure 38: Sending a Propose Message to Confirm a Port Role

Upon receiving the proposal, bridge E (as shown in the following figure):
Changes its receiving port to a root port.
The existing designated port enters the blocking state.
Bridge E then sends:
A propose message to bridge F.

An agree message from its root port to bridge D.
Figure 39: Communicating Port Status to Neighbors

To complete the topology change (as shown in the following figure):
Bridge D moves the port that received the agree message into the forwarding state.
Bridge F confirms that its receiving port (the port that received the propose message) is the root
port, and immediately replies with an agree message to bridge E to unblock the proposing port.
Layer 2 Protocols
122
STP
Figure 40: Completing the Topology Change

The following figure displays the new topology.
Figure 41: Final Network Configuration

Compatibility With STP (802.1D)
RSTP interoperates with legacy STP protocols; however, the rapid convergence benefits are lost when
interacting with legacy STP bridges.
Each RSTP bridge contains a port protocol migration state machine to ensure that the ports in the
STPD operate in the correct, configured mode. The state machine is a protocol entity within each
bridge configured to run in 802.1w mode. For example, a compatibility issue occurs if you configure
802.1w mode and the bridge receives an 802.1D BPDU on a port. The receiving port starts the protocol
migration timer and remains in 802.1D mode until the bridge stops receiving 802.1D BPDUs. Each time
the bridge receives an 802.1D BPDU, the timer restarts. When the port migration timer expires, no more
802.1D BPDUs have been received, and the bridge returns to its configured setting, which is 802.1w
mode.
Multiple Spanning Tree Protocol

The Multiple Spanning Tree Protocol (MSTP), based on IEEE 802.1Q-2003 (formerly known as IEEE
802.1s), allows the bundling of multiple VLANs into one spanning tree topology.
This concept is not new to Extreme Networks. Like MSTP, Extreme Networks proprietary EMISTP
implementation can achieve the same capabilities of sharing a virtual network topology among multiple
VLANs; however, MSTP overcomes some of the challenges facing EMISTP, including enhanced loop
protection mechanisms and new capabilities to achieve better scaling.
Layer 2 Protocols
123
STP
MSTP logically divides a Layer 2 network into regions. Each region has a unique identifier and contains
multiple spanning tree instances (MSTIs). An MSTI is a spanning tree domain that operates within and is
bounded by a region. MSTIs control the topology inside the regions. The Common and Internal
Spanning Tree (CIST) is a single spanning tree domain that interconnects MSTP regions. The CIST is
responsible for creating a loop-free topology by exchanging and propagating BPDUs across regions to
form a Common Spanning Tree (CST).
MSTP uses RSTP as its converging algorithm and is interoperable with the legacy STP protocols: STP
(802.1D) and RSTP (802.1w).
MSTP has three major advantages over 802.1D, 802.1w, and other proprietary implementations:
To save control path bandwidth and provide improved scalability, MSTP uses regions to localize
BPDU traffic. BPDUs containing information about MSTIs contained within an MSTP region do not
cross that regions boundary.
A single BPDU transmitted from a port can contain information for up to 64 STPDs. MSTP BPDU
processing utilizes less resources compared to 802.1D or 802.1w where one BPDU corresponds to
one STPD.
In a typical network, a group of VLANs usually share the same physical topology. Dedicating a
spanning tree per VLAN like PVST+ is CPU intensive and does not scale very well. MSTP makes it
possible for a single STPD to handle multiple VLANs.
MSTP Concepts
MSTP Regions
An MSTP network consists of either individual MSTP regions connected to the rest of the network with
802.1D and 802.1w bridges or as individual MSTP regions connected to each other.
An MSTP region defines the logical boundary of the network. With MSTP, you can divide a large
network into smaller areas similar to an OSPF area or a BGP Autonomous System, which contain a
group of switches under a single administration. Each MSTP region has a unique identifier and is bound
together by one CIST that spans the entire network. A bridge participates in only one MSTP region at a
time.
An MSTP region can hide its internal STPDs and present itself as a virtual 802.1w bridge to other
interconnected regions or 802.1w bridges because the port roles are encoded in 802.1w and MSTP
BPDUs.
By default, the switch uses the MAC address of the switch to generate an MSTP region. Since each MAC
address is unique, every switch is in its own region by default. For multiple switches to be part of an
MSTP region, you must configure each switch in the region with the same MSTP region identifiers. See
Configuring MSTP Region Identifiers on page 125 for information.
In the following figure, all bridges inside MSTP regions 1 and 2 are MSTP bridges; bridges outside of the
regions are either 802.1D or 802.1w bridges.
Layer 2 Protocols
124
STP
Figure 42: Sample MSTP Topology with Two MSTP Regions

Configuring MSTP Region Identifiers
For multiple switches to be part of an MSTP region, you must configure each switch in the region with
the same MSTP configuration attributes, also known as MSTP region identifiers. The following list
describes the MSTP region identifiers:
Region NameThis indicates the name of the MSTP region. In the Extreme Networks
implementation, the maximum length of the name is 32 characters and can be a combination of
alphanumeric characters and underscores ( _ ).
Format SelectorThis indicates a number to identify the format of MSTP BPDUs. The default is 0.
Revision LevelThis identifier is reserved for future use; however, the switch uses and displays a
default of 3.
The switches inside a region exchange BPDUs that contain information for MSTIs.
The switches connected outside of the region exchange CIST information. By having devices look at the
region identifiers, MSTP discovers the logical boundary of a region:
To configure the MSTP region name, use the command:

configure mstp region regionName
The maximum length of the region name is 32 characters and can be a combination of alphanumeric
characters and underscores ( _ ). You can configure only one MSTP region on the switch at any
given time.
If you have an active MSTP region, we recommend that you disable all active STPDs in the region
before renaming the region on all of the participating switches.
To configure the number used to identify MSTP BPDUs, use the command:
configure mstp format format_identifier
Layer 2 Protocols
125
STP
By default, the value used to identify the MSTP BPDUs is 0. The range is 0 to 255.
before modifying the value used to identify MSTP BPDUs on all participating switches.
To configure the MSTP revision level, use the command:
configure mstp revision revision
Although this command is available on the CLI, this command is reserved for future use.
Unconfiguring an MSTP Region
Before you unconfigure an MSTP region, we recommend that you disable all active STPDs in the region.
To unconfigure the MSTP region on the switch, use the command:
unconfigure mstp region
After you issue this command, all of the MSTP settings return to their default values. See Configuring
MSTP Region Identifiers on page 125 for information about the default settings.
Common and Internal Spanning Tree
MSTP logically divides a Layer 2 network into regions. The Common and Internal Spanning Tree (CIST)
is a single spanning tree domain that interconnects MSTP regions. The CIST is responsible for creating a
loop-free topology by exchanging and propagating BPDUs across regions to form a Common Spanning
Tree (CST).
In essence, the CIST is similar to having a large spanning tree across the entire network. The CIST has its
own root bridge that is common to all MSTP regions, and each MSTP region elects a CIST regional root
that connects that region to the CIST, thereby forming a CST.
The switch assigns the CIST an instance ID of 0, which allows the CIST to send BPDUs for itself in
addition to all of the MSTIs within an MSTP region. Inside a region, the BPDUs contain CIST records and
piggybacked M-records. The CIST records contain information about the CIST, and the M-records
contain information about the MSTIs. Boundary ports exchange only CIST record BPDUs.
All MSTP configurations require a CIST domain. You must first configure the CIST domain before
configuring any MSTIs. By default, all MSTI ports in the region are inherited by the CIST. You cannot
delete or disable a CIST if any of the MSTIs are active in the system.
Configuring the CIST
Configure an STPD as the CIST, specifying the mstp cist keywords in the following command:
You can enable MSTP on a per STPD basis only. By specifying the mstp cist keywords, you can
configure the mode of operation for the STPD as MSTP and identify the STPD to be the CIST.
CIST Root Bridge
In a Layer 2 network, the bridge with the lowest bridge ID becomes the CIST root bridge. The
parameters (vectors) that define the root bridge include the following:
Layer 2 Protocols
126
STP
User-defined bridge priority (by default, the bridge priority is 32,768)

MAC address
The CIST root bridge can be either inside or outside an MSTP region. The CIST root bridge is unique for
all regions and non-MSTP bridges, regardless of its location.
For more information about configuring the bridge ID, see the configure stpd priority
command.
CIST Regional Root Bridge
Within an MSTP region, the bridge with the lowest path cost to the CIST root bridge is the CIST regional
root bridge.
The path cost, also known as the CIST external path cost, is a function of the link speed and number of
hops. If there is more than one bridge with the same path cost, the bridge with the lowest bridge ID
becomes the CIST regional root. If the CIST root is inside an MSTP region, the same bridge is the CIST
regional root for that region because it has the lowest path cost to the CIST root. If the CIST root is
outside an MSTP region, all regions connect to the CIST root via their CIST regional roots.
The total path cost to the CIST root bridge from any bridge in an MSTP region consists of the CIST
internal path cost (the path cost of the bridge to the CIST regional root bridge) and the CIST external
path cost. To build a loop-free topology within a region, the CIST uses the external and internal path
costs, and the MSTI uses only the internal path cost.
Looking at MSTP region 1 in the following figure, the total path cost for the bridge with ID 60 consists of
an external path cost of A and an internal path cost of E.
Figure 43: Closeup of MSTP Region 1

CIST Root Port
The port on the CIST regional root bridge that connects to the CIST root bridge is the CIST root port
(also known as the master port for MSTIs).
Layer 2 Protocols
127
STP
The CIST root port is the master port for all MSTIs in that region, and it is the only port that connects
the entire region to the CIST root.
If a bridge is both the CIST root bridge and the CIST regional root bridge, there is no CIST root port on
that bridge.
Enabling the CIST
To enable the CIST, use the following command and specify the CIST domain as the stpd_name:
enable stpd {stpd_name}
Multiple Spanning Tree Instances

Multiple spanning tree instances (MSTIs) control the topology inside an MSTP region. An MSTI is a
spanning tree domain that operates within and is bounded by a region; an MSTI does not exchange
BPDUs with or send notifications to other regions. You must identify an MSTI on a per region basis. The
MSTI ID does not have any significance outside of its region so you can reuse IDs across regions. An
MSTI consists of a group of VLANs, which can share the same network topology. Each MSTI has its own
root bridge and a tree spanning its bridges and LAN segments.
You can map multiple VLANs to an MSTI; however, multiple MSTIs cannot share the same VLAN.
Configuring the MSTI and the MSTI ID
MSTP uses the MSTI ID, not an Stpd ID, to identify the spanning tree contained within the region. As
previously described, the MSTI ID only has significance within its local region, so you can re-use IDs
across regions.
To configure the MSTI that is inside an MSTP region and its associated MSTI ID, use the following
command and specify the mstp [msti instance] parameters:
The range of the MSTI instance ID is 14094.

MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your
MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs. For more
information, see Encapsulation Modes on page 99.
MSTI Regional Root Bridge
Each MSTI independently chooses its own root bridge. For example, if two MSTIs are bounded to a
region, there is a maximum of two MSTI regional roots and one CIST regional root.
The bridge with the lowest bridge ID becomes the MSTI regional root bridge. The parameters that
define the root bridge include the following:
User-defined bridge priority (by default, the bridge priority is 32,768)
Layer 2 Protocols
128
STP
MAC address
Within an MSTP region, the cost from a bridge to the MSTI regional root bridge is known as the MSTI
internal path cost. Looking at MSTP region 1 in Figure 43: Closeup of MSTP Region 1 on page 127, the
bridge with ID 60 has a path cost of F to the MSTI regional root bridge.
The MSTI regional root bridge can be the same as or different from the CIST regional root bridge of that
region. You achieve this by assigning different priorities to the STP instances configured as the MSTIs
and the CIST. For more information about configuring the bridge ID, see the configure stpd
priority command in the ExtremeXOS Command Reference Guide.
MSTI Root Port
The port on the bridge that has the lowest path cost to the MSTI regional root bridge is the MSTI root
port.
If a bridge has two or more ports with the same path cost, the port with the best port identifier
becomes the root port.
Enabling the MSTI
To enable the MSTI, use the following command and specify the MSTI domain as the <stpd_name>:
Note
If two switches are configured for the same CIST and MSTI region, in order for them to
understand that they are in the same region, both must also belong to the same VLAN which
is added to the STP domain. If they belong to different VLANs, each switch believes that each
belongs to a different region. When an MSTP BPDU is sent, it carries a VID digest created by
VLAN memberships in the CIST domain and the MSTI domain.
Boundary Ports
Boundary ports are bridge ports that are only connected to other MSTP regions or 802.1D or 802.1w
bridges.
The ports that are not at a region boundary are called internal ports. The boundary ports exchange only
CIST BPDUs. A CIST BPDU originated from the CIST root enters a region through the CIST root port and
egresses through boundary ports. This behavior simulates a region similar to an 802.1w bridge, which
receives BPDUs on its root ports and forwards updated BPDUs on designated ports.
The following figure shows an MSTP network that consists of two MSTP regions. Each region has its
own CIST regional root and is connected to the CIST root through master ports. The CIST regional roots
in each region are the MSTP bridges having the lowest CIST external root path cost. The CIST root is the
bridge with the lowest bridge ID and is an 802.1w bridge outside of either MSTP region.
Layer 2 Protocols
129
STP
Figure 44: Sample MSTP Topology with Two MSTP Regions

MSTP Region 1 and MSTP Region 2 are connected to the CIST root through directly connected ports,
identified as master ports. The bridge with ID 100 connects to the CIST root through Region 1, Region 2,
or segment B. For this bridge, either Region 1 or Region 2 can be the designated region or segment B
can be the designated segment. The CIST BPDUs egressing from the boundary ports carry the CIST
regional root as the designated bridge. This positions the entire MSTP region as one virtual bridge.
The CIST controls the port roles and the state of the boundary ports. A master port is always
forwarding for all CIST and MSTI VLANs. If the CIST sets a boundary port to the discarding state, the
CIST blocks traffic for all VLANs mapped to it and the MSTIs within that region. Each MSTI blocks traffic
for their member VLANs and puts their internal ports into the forwarding or blocking state depending
on the MSTI port roles. For more information about port states, see .
MSTP Port Roles
MSTP uses the same port roles as RSTP (Root, Designated, Alternate, and Backup).
In addition to these port roles, MSTP introduces a new port role: Master. A Master port is the port that
connects an MSTI to the CIST root.
MSTP Port States
MSTP uses the same port states as RSTP (Listening, Learning, Forwarding, and Blocking).
In the Extreme Networks MSTP implementation, the listening state is not truly implemented as FDB
learning cannot be done when the port is not in the forwarding state. Ports in the blocking state listen
but do not accept ingress traffic, perform traffic forwarding, or learn MAC source address; however, the
port receives and processes BPDUs.
Layer 2 Protocols
130
STP
For more information about all of the STP port states, see STP States on page 100.
MSTP Link Types
MSTP uses the same link types as STP and RSTP, respectively.
In an MSTP environment, configure the same link types for the CIST and all MSTIs.
For more information about the link types, see Link Types on page 113.
MSTP Edge Safeguard
\
You can configure edge safeguard for loop prevention and detection on an MSTP edge port. For more
information, see Configuring Edge Safeguard on page 114.
Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTIs.
In MSTP, an edge port needs to be added to a CIST before adding it to an MSTI.
MSTP Timers
MSTP uses the same timers as STP and RSTP. For more information, see RSTP Timers on page 115.
MSTP Hop Counts
In an MSTP environment, the hop count has the same purpose as the maxage timer for 802.1D and
802.1w environments. The CIST hop count is used within and outside a region. The MSTI hop count is
used only inside of the region. In addition, if the other end is an 802.1D or 802.1w bridge, the maxage
timer is used for interoperability between the protocols.
The BPDUs use hop counts to age out information and to notify neighbors of a topology change.
To configure the hop count.
configure stpd stpd_name max-hop-count hopcount
By default, the hop count of a BPDU is 20 hops. The range is 6 to 40 hops.

Configuring MSTP on the Switch
To configure and enable MSTP:
1
Create the MSTP region using the following command:

Layer 2 Protocols
131
STP
2 Create and configure the CIST, which forms the CST, using the following commands:
configure stpd stpd_name mode mstp cist
Note
You can configure the default STPD, S0 as the CIST.
No VLAN can be bound to the CIST and no ports can be added to the CIST. Therefore, the
VLAN should be bound to the MSTI and the show MSTI port command will show the
VLAN ports. The ports added to the MSTI are bound automatically to the CIST even
though they are not added to it.
3 Enable the CIST using hte command:
4 Create and configure MSTIs using the commands:

configure stpd stpd_name mode mstp cist instance
5 Add VLANs to the MSTIs using one of the following commands:

a Manually binding ports
configure stpd stpd_name add vlan vlan_name ports [all | port_list] {[dot1d
| emistp | pvst-plus]}
configure vlan vlan_name add ports [all | port_list] {tagged {tag} |
untagged} stpd stpd_name {[dot1d | emistp | pvst-plus]}
b Automatically binding ports to an STPD when ports are added to a member VLAN
6 Enable the MSTIs using the command:.

For a more detailed configuration example, see MSTP Configuration Example on page 143.
MSTP Operation
To further illustrate how MSTP operates and converges, the following figure displays a network with
two MSTP regions. Each region contains three MSTP bridges and one MSTI. The overall network
topology also contains one CIST root bridge (Switch A, which has the lowest bridge ID), one
interconnecting 802.1w bridge (Switch D), and 10 full duplex, point-to-point segments. VLAN Default
spans all of the bridges and segments in the network, VLAN engineering is local to its respective region,
and STPD S0 is configured as the CIST on all bridges.
Layer 2 Protocols
132
STP
Figure 45: MSTP Topology with the CIST Root Bridge Contained within a Region
MSTP Region 1 consists of the following:
Three bridges named Switch A, Switch B, and Switch C
One MSTI STPD named S1 with an MSTI ID of 1
VLAN Engineering mapped to the MSTI STPD, S1
Switch A as the CIST root bridge (this is the CIST root bridge for all regions)
Switch A as the CIST regional root bridge
Switch A as the MSTI regional root bridge
Three boundary ports that connect to MSTP Region 2 and other 802.1D or 802.1w bridges
MSTP Region 2 consists of the following:
Three bridges named Switch E, Switch F, and Switch G

One MSTI STPD named S1 with an MSTI ID of 1
Note
The MSTI ID does not have any significance outside of its region so you can reuse IDs across
regions.
VLAN finance mapped to the MSTI STPD, S1

Switch E as the CIST regional root bridge
Switch F as the MSTI regional root bridge
One master port that connects to the CIST
Three boundary ports that connect to MSTP Region 1 and other 802.1D or 802.1w bridges
The following sequence describes how the MSTP topology convergences:

1
Determining the CIST root bridge, MSTP regions, and region boundaries.
Layer 2 Protocols
133
STP
Each bridge believes that it is the root bridge, so each bridge initially sends root bridge BPDUs
throughout the network. As bridges receive BPDUs and compare vectors, the bridge with the lowest
Bridge ID is elected the CIST root bridge. In our example, Switch A has the lowest Bridge ID and is
the CIST root bridge.
The bridges in the MSTP regions (Switches A, B, C, E, F, and G) advertise their region information
along with their bridge vectors.
Segments 1, 3, and 9 receive BPDUs from other regions and are identified as boundary ports for
Region 1. Similarly, segments 2, 3, and 9 are identified as boundary ports for Region 2.
2 Controlling boundary ports.
The CIST regional root is advertised as the Bridge ID in the BPDUs exiting the region. By sending
CIST BPDUs across regional boundaries, the CIST views the MSTP regions as virtual 802.1w bridges.
The CIST takes control of the boundary ports and only CIST BPDUs enter or exit a region boundary.
Each MSTP region has a CIST regional root bridge that communicates to the CIST root bridge. The
bridge with the lowest path cost becomes the CIST regional root bridge. The port on the CIST
regional root bridge that connects to the CIST root bridge is the CIST root port.
For Region 1, Switch A has the lowest cost (0 in this example) and becomes the CIST regional root.
Since the bridge is both the CIST root bridge and the CIST regional root bridge, there is no CIST root
port on the bridge.
For Region 2, Switch E is the CIST regional root bridge and so a port on that bridge becomes the
CIST root port.
3 Identifying MSTI regional roots.
Each MSTI in a region has an MSTI regional root bridge. MSTI regional roots are selected
independently of the CIST root and CIST regional root. The MSTP BPDUs have M-records for each
MSTI. Bridges belonging to an MSTI compare vectors in their M-records to elect the MSTI regional
root.
4 Converging the CIST.
The CIST views every region as a virtual bridge and calculates the topology using the 802.1w
algorithm. The CIST calculates the topology both inside and outside of a region.
5 Converging MSTIs.
After the CIST identifies the boundary ports, each MSTI in a domain converge their own trees using
802.1w.
At this point, all CIST and MSTIs have assigned port roles (Root, Designated, Alternate, and Backup)
to their respective spanning trees. All root and designated ports transition to the forwarding state
while the remaining ports remain in the discarding state.
Propagating topology change information is similar to that described for RSTP.
For more information see, Propagating Topology Change Information on page 119.
For a configuration example, see MSTP Configuration Example on page 143.
Layer 2 Protocols
134
STP
STP and Network Login

STP and network login can be enabled on the same port. This feature can be used to prevent loops
while providing redundancy and security on aggregated as well as end switches.
Note
You should be aware that an STP topology change will affect the network login clients. See
STP Rules and Restrictions on page 136 for further information.
The following figure shows STP and network login enabled on ports 2 and 3 of Switch 2 and Switch 3
for a typical aggregation scenario.
Figure 46: STP and Network Login Enabled

This relieves the administrator from having to configure network login on all the edge ports. All the
traffic can be monitored and resiliency is provided at the aggregation side.
The following figure shows a typical scenario for protecting loops and monitoring traffic on the edge
side.
Layer 2 Protocols
135
STP
Figure 47: Traffic Monitoring on the Edge Side

In huge networks, it is not easy to control or prevent end users from connecting devices other than
workstations to the edge ports. This feature helps prevent the network loops that occur when end
users connect a switch or hub to the existing edge port in order to increase the number of end user
ports.

This section summarizes the rules and restrictions for configuring STP are:
The carrier VLAN must span all ports of the STPD. (This is not applicable to MSTP.)
The StpdID must be the VLAN ID of the carrier VLAN; the carrier VLAN cannot be partitioned. (This
is not applicable to MSTP.)
A default VLAN cannot be partitioned. If a VLAN traverses multiple STPDs, the VLAN must be
tagged.
An STPD can carry, at most, one VLAN running in PVST+ mode, and its STPD ID must be identical
with that VLAN ID. In addition, the PVST+ VLAN cannot be partitioned.
The default VLAN of a PVST+ port must be identical to the native VLAN on the PVST+ device
connected to that port.
If an STPD contains both PVST+ and non-PVST+ ports, that STPD must be enabled. If that STPD is
disabled, the BPDUs are flooded in the format of the incoming STP port, which may be incompatible
with those of the connected devices.
The 802.1D ports must be untagged and the EMISTP/PVST+ ports must be tagged in the carrier
VLAN.
An STPD with multiple VLANs must contain only VLANs that belong to the same virtual router
instance.
STP and network login operate on the same port as follows:
STP (802.1D), RSTP (802.1w), and MSTP (802.1s) support both network login and STP on the
same port.
At least one VLAN on the intended port should be configured both for STP and network login.
STP and network login operate together only in network login ISP mode.
Layer 2 Protocols
136
STP
When STP blocks a port, network login does not process authentication requests. All network
traffic, except STP BPDUs, is blocked.

When STP places a port in forwarding state, all network traffic is allowed and network login
starts processing authentication requests.
STP cannot be configured on the following ports:
A mirroring target port.
A software-controlled redundant port.
When you are using the older method of enabling STP instead of using EAPSv2 to block the super
loop in a shared-port environment, you can continue to do so. In all other scenarios, it is not
recommended to use both STP and EAPS on the same port.
MSTP and 802.1D STPDs cannot share a physical port.
Only one MSTP region can be configured on a switch.
In an MSTP environment, a VLAN can belong to one of the MSTIs.
A VLAN can belong to only one MSTP domain.
MSTP is not interoperable with PVST+.
No VLAN can be bound to the CIST.
Configure STP on the Switch

To configure basic STP:
1
Create one or more STPDs using the command:

2 Add one or more VLANs to the STPD using the command:

3 Define the carrier VLAN using the command:.

configure stpd stpd_name tag stpd_tag
Note
The carrier VLAN's ID must be identical to the StpdID.
4 Enable STP for one or more STPDs using the command:
Layer 2 Protocols
137
STP
5 After you have created the STPD, you can optionally configure STP parameters for the STPD.
Note
You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.
The following parameters can be configured on each STPD:
Hello time (In an MSTP environment, configure this only on the CIST.)
Forward delay
Max age (In an MSTP environment, configure this only on the CIST.)
Max hop count (MSTP only)
Bridge priority
Domain description
StpdID (STP, RSTP, EMISTP, and PVST+ only)
MSTI ID (MSTP only)
The following parameters can be configured on each port:

Path cost
Port priority
Port mode
Note
The device supports the RFC 1493 Bridge MIB, RSTP-03, and Extreme Networks STP MIB.
Parameters of the s0 default STPD support RFC 1493 and RSTP-03. Parameters of any
other STPD support the Extreme Networks STP MIB.
If an STPD contains at least one port not in 802.1D (dot1D) mode, the STPD must be
configured with an StpdID.
The following section provides more detailed STP configuration examples, including 802.1D, EMISTP,
RSTP, and MSTP.
STP FDB Flush Criteria

When there are more than 1000 VLANs and more than 70 ports participating in STP, the number of
messages exchanged between STP/FDB/HAL modules can consume a lot of system memory when
trying to flush the FDB during a STP topology change. To help avoid this high consumption, you can set
the flush type from the default of vlan-and-port to port-based.
To set the flush type, enter the command:
configure stpd flush-method [vlan-and-port | port-only]
Display STP Settings
To display STPD settings, use the command:

To display more detailed information for one or more STPDs, specify the detail option.
Layer 2 Protocols
138
STP
This command displays the following information:

STPD name
STPD state
STPD mode of operation
Domain description
Rapid Root Failover
Tag
Ports
Active VLANs
Bridge priority
Bridge ID
Designated root
STPD configuration information
If you have MSTP configured on the switch, this command displays additional information:
MSTP Region
Format Identifier
Revision Level
Common and Internal Spanning Tree (CIST)
Total number of MST Instances (MSTI)
To display the state of a port that participates in STP, use the command:
To display more detailed information for one or more ports in the specified STPD, including
participating VLANs, specify the detail option.
This command displays the following information:
STPD port configuration
STPD port mode of operation
STPD path cost
STPD priority
STPD state (root bridge, etc.)
Port role (root designated, alternate, etc.)
STPD port state (forwarding, blocking, etc.)
Configured port link type
Operational port link type
Edge port settings (inconsistent behavior, edge safeguard setting)
MSTP port role (internal or boundary)
If you have MSTP configured and specify the detail option, this command displays additional
information:
MSTP internal path cost

MSTP timers
STPD VLAN Settings
If you have a VLAN that spans multiple STPDs, use the show {vlan} vlan_name stpd command
to display the STP configuration of the ports assigned to that specific VLAN.
Layer 2 Protocols
139
STP
The command displays the following:

STPD port configuration
STPD port mode of operation
STPD path cost
STPD priority
STPD state (root bridge, etc.)
Port role (root designated, alternate, etc.)
STPD port state (forwarding, blocking, etc.)
Configured port link type
Operational port link type
STP Configuration Examples
Basic 802.1D Configuration Example

The following example:
Removes ports from the VLAN Default that will be added to VLAN Engineering.
Creates the VLAN Engineering.
Assigns a VLAN ID to the VLAN Engineering.
Note
If you do not explicitly configure the VLAN ID in your 802.1D deployment, use the show
vlan command to see the internal VLAN ID automatically assigned by the switch.
Adds ports to the VLAN Engineering.

Creates an STPD named Backbone_st.
Configures the default encapsulation mode of dot1d for all ports added to STPD Backbone_st.
Enables autobind to automatically add or remove ports from the STPD.
Assigns the Engineering VLAN to the STPD.
Assigns the carrier VLAN.
Enables STP.
Note
To assign the carrier VLAN, the StpdID must be identical to the VLAN ID of the carrier VLAN.
configure vlan default delete ports 2:5-2:10

create vlan engineering
configure vlan engineering tag 150
configure vlan engineering add ports 2:5-2:10 untagged
create stpd backbone_st
configure stpd backbone_st default-encapsulation dot1d
enable stpd backbone_st auto-bind vlan engineering
configure stpd backbone_st tag 150
enable stpd backbone_st
Layer 2 Protocols
140
STP
By default, the port encapsulation mode for user-defined STPDs is emistp. In this example, you set it to
dot1d.
EMISTP Configuration Example

The following figure is an example of EMISTP.
Figure 48: EMISTP Configuration Example

Note
By default, all ports added to a user-defined STPD are in emistp mode, unless otherwise
specified.
The following commands configure the switch located between S1 and S2:
create vlan red
configure red tag 100
configure red add ports 1:1-1:4 tagged
create vlan green
configure green tag 200
configure green add ports 1:1-1:2 tagged
create vlan yellow
configure yellow tag 300
configure yellow add ports 1:3-1:4 tagged
create stpd s1
configure stpd s1 add green ports all
configure stpd s1 add red ports 1:1-1:2 emistp
enable stpd s1
create stpd s2
configure stpd s2 add yellow ports all
configure stpd s2 add red ports 1:3-1:4 emistp
enable stpd s2
Layer 2 Protocols
141
STP
RSTP 802.1w Configuration Example

The following figure is an example of a network with multiple STPDs that can benefit from RSTP.
For RSTP to work:
1
2
3
4
5
6
7
Create an STPD.
Configure the mode of operation for the STPD.
Create the VLANs and assign the VLAN ID and the VLAN ports.
Assign the carrier VLAN.
Add the protected VLANs to the STPD.
Configure the port link types.
Enable STP.
Figure 49: RSTP Example

In this example, the commands configure Switch A in STPD1 for rapid reconvergence.
Use the same commands to configure each switch and STPD in the network.
create stpd stpd1
configure stpd stpd1 mode dot1w
create vlan sales
create vlan personnel
create vlan marketing
configure vlan sales tag 100
configure vlan personnel tag 200
configure vlan marketing tag 300
configure vlan sales add ports 1:1,2:1 tagged
configure vlan personnel add ports 1:1,2:1 tagged
configure vlan marketing add ports 1:1,2:1 tagged
Layer 2 Protocols
142
STP
configure stpd stpd1

enable stpd stpd1
add vlan sales ports all

add vlan personnel ports all
add vlan marketing ports all
ports link-type point-to-point 1:1,2:1
tag 100
MSTP Configuration Example

The following figure is an example with multiple STPDs that can benefit from MSTP. In this example, we
have two MSTP regions that connect to each other and one external 802.1w bridge.
Figure 50: MSTP Configuration Example

For MSTP to work, complete the following steps on all switches in Region 1 and Region 2:
Remove ports from the VLAN Default that will be added to VLAN Engineering.
Create the VLAN Engineering.
Assign a VLAN ID to the VLAN Engineering.
Note
If you do not explicitly configure the VLAN ID in your MSTP deployment, use the show
vlan command to see the internal VLAN ID automatically assigned by the switch.
Add ports to the VLAN Engineering.
Layer 2 Protocols
143
STP
Create the MSTP region.

Note
You can configure only one MSTP region on the switch at any given time.
Create the STPD to be used as the CIST, and configure the mode of operation for the STPD.
Specify the priority for the CIST.
Enable the CIST.
Create the STPD to be used as an MSTI and configure the mode of operation for the STPD.
Specify the priority for the MSTI.
Assign the VLAN Engineering to the MSTI.
Configure the port link type.
Enable the MSTI.
On the external switch (the switch that is not in a region):
Create an STPD that has the same name as the CIST, and configure the mode of operation for the
STPD.
Specify the priority of the STPD.
Enable the STPD.
Note
In the following sample configurations, any lines marked (Default) represent default settings
and do not need to be explicitly configured. STPD s0 already exists on the switch.
In the following example, the commands configure Switch A in Region 1 for MSTP. Use the same
commands to configure each switch in Region 1:
create vlan engineering
configure vlan engineering tag 2
configure vlan engineering add port 2-3 tagged
create stpd s0 (Default)
disable stpd s0 auto-bind vlan Default
configure stpd s0 mode mstp cist
configure stpd s0 priority 32768 (Default)
enable stpd s0
create stpd s1
configure stpd s1 mode mstp msti 1
enable stpd s1 auto-bind vlan engineering
configure stpd s1 ports link-type point-to-point 2-3
enable stpd s1
In the following example, the commands configure Switch E in Region 2 for MSTP. Use the same
commands to configure each switch in Region 2:
create vlan finance
configure vlan finance tag 2
configure vlan finance add port 2-3 tagged
Layer 2 Protocols
144
STP
create stpd s0 (Default)

disable stpd s0 auto-bind vlan
enable stpd s0
create stpd s1
enable stpd s1 auto-bind vlan finance
enable stpd s1
In the following example, the commands configure switch D, the external switch. Switch D becomes the
CIST root bridge:
create stpd s0
configure stpd
configure stpd
enable stpd s0
configure stpd
enable stpd s0
Layer 2 Protocols
(Default)
s0 mode dot1w
s0 priority 28672
auto-bind vlan Default
s0 ports link-type point-to-point 4-5
145
8 Layer 2 Protocol Commands

clear counters erps
clear counters stp
clear eaps counters
configure eaps add control vlan
configure eaps add protected vlan
configure eaps cfm
configure eaps delete control vlan
configure eaps delete protected vlan
configure eaps failtime expiry-action
configure eaps failtime
configure eaps fast-convergence
configure eaps hello-pdu-egress
configure eaps hellotime
configure eaps mode
configure eaps multicast add-ring-ports
configure eaps multicast send-query
configure eaps multicast send-igmp-query
configure eaps multicast temporary-flooding duration
configure eaps multicast temporary-flooding
configure eaps name
configure eaps port
configure eaps priority
configure eaps shared-port common-path-timers
configure eaps shared-port link-id
configure eaps shared-port mode
configure eaps shared-port segment-timers expiry-action
configure eaps shared-port segment-timers health-interval
configure eaps shared-port segment-timers timeout
configure erps add control vlan
configure erps add protected vlan
configure erps cfm md-level
configure erps cfm port ccm-interval
configure erps cfm port group
configure erps cfm port mepid
configure erps cfm protection group
Layer 2 Protocols
146
Layer 2 Protocol Commands
configure erps delete control vlan

configure erps delete protected vlan
configure erps dynamic-state clear
configure erps name
configure erps neighbor port
configure erps notify-topology-change
configure erps protection-port
configure erps revert
configure erps ring-ports east | west
configure erps subring-mode
configure erps sub-ring
configure erps timer guard
configure erps timer hold-off
configure erps timer periodic
configure erps timer wait-to-block
configure erps timer wait-to-restore
configure erps topology-change
configure forwarding L2-protocol fast-convergence
configure ip-arp fast-convergence
configure mstp format
configure mstp region
configure mstp revision
configure stpd add vlan
configure stpd default-encapsulation
configure stpd delete vlan
configure stpd description
configure stpd flush-method
configure stpd forwarddelay
configure stpd hellotime
configure stpd maxage
configure stpd max-hop-count
configure stpd mode
configure stpd ports active-role disable
configure stpd ports active-role enable
configure stpd ports bpdu-restrict
configure stpd ports cost
configure stpd ports edge-safeguard disable
configure stpd ports edge-safeguard enable
configure stpd ports link-type
configure stpd ports mode
configure stpd ports port-priority
configure stpd ports priority
Layer 2 Protocols
147
configure stpd ports restricted-role disable

configure stpd ports restricted-role enable
configure stpd priority
configure stpd tag
configure vlan add ports stpd
create eaps shared-port
create eaps
create erps ring
create stpd
debug erps show
debug erps
delete eaps shared-port
delete eaps
delete erps
delete stpd
disable eaps
disable erps block-vc-recovery
disable erps topology-change
disable erps
disable stpd auto-bind
disable stpd ports
disable stpd rapid-root-failover
disable stpd
enable eaps
enable erps block-vc-recovery
enable erps topology-change
enable erps
enable stpd auto-bind
enable stpd ports
enable stpd rapid-root-failover
enable stpd
MSTP
RSTP
run erps force-switch | manual-switch
show eaps cfm groups
show eaps counters shared-port
show eaps counters
show eaps shared-port neighbor-info
show eaps shared-port
show eaps
Layer 2 Protocols
148
show erps ring-name

show erps statistics
show erps
show stpd ports
show stpd
show vlan eaps
show vlan stpd
Spanning Tree Domains
STP
unconfigure eaps port
unconfigure eaps shared-port link-id
unconfigure eaps shared-port mode
unconfigure erps cfm
unconfigure erps neighbor-port
unconfigure erps notify-topology-change
unconfigure erps protection-port
unconfigure erps ring-ports west
unconfigure stpd ports link-type
unconfigure stpd
Topic paragraph
clear counters erps

clear counters erps ring-name
Description
Clear statistics on the specified ERPS ring.
Syntax Description
ring-name
Alphanumeric string that identifies the ERPS ring.
Default
N/A.
Usage Guidelines
Use this command to clear statistics on the specified ERPS ring.
Layer 2 Protocols
149
Example
The following command clears statistics on the ERPS ring named ring1:
clear counters erps ring1
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
clear counters stp

clear counters stp {[all | diagnostics | domains | ports]}
Description
Clears, resets all STP statistics and counters.
Syntax Description
all
Specifies all STP domain, port, and diagnostics counters.
diagnostics
Specifies STP diagnostics counters.
domains
Specifies STP domain counters.
ports
Specifies STP port counters.
Default
N/A.
Usage Guidelines
If you do not enter a parameter, the result is the same as specifying the all parameter: the counters for
all domains, ports, and diagnostics are reset.
Enter one of the following parameters to reset the STP counters on the switch:
allSpecifies the counters for all STPDs and ports, and clears all STP counters.
diagnosticsClears the internal diagnostic counters.
domainsClears the domain level counters.
portsClears the counters for all ports and leaves the domain level counters.
Layer 2 Protocols
150
Viewing and maintaining statistics on a regular basis allows you to see how well your network is
performing. If you keep simple daily records, you will see trends emerging and notice problems arising
before they cause major network faults. By clearing the counters, you can see fresh statistics for the
time period that you are monitoring.
Example
The following command clears all of the STP domain, port, and diagnostic counters:
clear counters stp
History
This command is available on all platforms.
clear eaps counters

clear eaps counters
Description
Clears, resets the counters gathered by EAPS for all of the EAPS domains and any EAPS shared ports
configured on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to clear, reset the EAPS counters.
The counters continue to increment until you clear the information. By clearing the counters, you can
see fresh statistics for the time period you are monitoring.
To display information about the EAPS counters, use the following commands:
show eaps counters This command displays summary EAPS counter information.
Layer 2 Protocols
151
show eaps counters shared-port If configured for EAPS shared ports, this command
displays summary EAPS shared port counter information.
Example
The following command clears, resets all of the counters for EAPS:
clear eaps counters
History
configure eaps add control vlan

configure eaps name add control {vlan} vlan_name
Description
Adds the specified control VLAN to the specified EAPS domain.
Syntax Description
name
Specifies the name of an EAPS domain.
vlan_name
Specifies the name of the control VLAN.
Default
N/A.
Usage Guidelines
You must configure one control VLAN for each EAPS domain. The control VLAN is used only to send
and receive EAPS messages.
The control VLAN must be configured as follows:
The VLAN must NOT be assigned an IP address, to avoid loops in the network.
Only ring ports can be added as members of the control VLAN.
The ring ports of the control VLAN must be tagged.
Layer 2 Protocols
152
A control VLAN cannot belong to more than one EAPS domain. When the EAPS domain is active, you
cannot delete or modify the configuration of the control VLAN.
By default, EAPS protocol data units (PDUs) are automatically assigned to QoS profile QP8. This
ensures that the control VLAN messages reach their intended destinations. You do not need to
configure a QoS profile for the control VLAN.
The VLAN must already exist before you can add it as a control VLAN. If you attempt to add a VLAN
that does not exist, the switch displays a message similar to the following:
* Switch.8 # configure eaps megtest add control foo^%% Invalid input detected at
'^' marker.
To create the VLAN, use the create vlan command.
Example
The following command adds the control VLAN keys to the EAPS domain eaps_1.
configure eaps eaps_1 add control vlan keys
History
configure eaps add protected vlan

configure eaps name add protected {vlan} vlan_name
Description
Adds the specified protected VLAN to the specified EAPS domain.
Syntax Description
name
vlan_name
Specifies the name of the protected VLAN.
Default
N/A.
Layer 2 Protocols
153
Usage Guidelines
You must configure one or more protected VLANs for each EAPS domain. The protected VLANs are
the data-carrying VLANs.
A protected VLAN can be added to one or more EAPS domains.
When you configure a protected VLAN, the ring ports of the protected VLAN must be tagged (except
in the case of the default VLAN). As long as the ring is complete, the master node blocks the protected
VLANs on its secondary port.
The VLAN must already exist before you can add it as a protected VLAN. If you attempt to add a VLAN
that does not exist, the switch displays a message similar to the following:
* Switch.5 # configure eaps megtest add protected foo^%% Invalid input detected
at '^' marker.
To create the VLAN, use the create vlan command.
Example
The following command adds the protected VLAN orchid to the EAPS domain eaps_1:
configure eaps eaps_1 add protected vlan orchid
History
configure eaps cfm

configure eaps cfm [add | delete] group group_name
Description
Notifies the CFM that EAPs is interested in notifications for the specified MEP and RMEP pair.
Syntax Description
cfm
Connectivity Fault Management.
add
Add a MEP group.
delete
Delete a MEP group.
group group_name
MEP group to bind.
Layer 2 Protocols
154
Default
N/A.
Usage Guidelines
This command notifies CFM that EAPs is interested in notifications for this MEP and RMEP pair. This
MEP should already be bound to a physical port, so when notification is received, EAPS associates that
notification with a ring-port failure.
Example
The following command deletes the control VLAN keys from the EAPS domain eaps_1:
configure eaps cfm add
History
This command is available on all EXOS platforms; however, not all platforms support hardware-based
CFM. Platforms with no hardware-based CFM support are limited to software-based CFM transmit
intervals of 100ms., or higher. Hardware-based intervals can go as low as 3.3ms.
Currently, only the x460 and E4G platforms support hardware-based CFM.

Description
Disables the loop protection warning messages displayed when configuring specific EAPS parameters.
Syntax Description
Default
By default, loop protection warnings are enabled and displayed when configuring specific EAPS
parameters.
Layer 2 Protocols
155
Usage Guidelines
This is a global EAPS command. You configure the warning message display on a per switch basis, not
per EAPS domain.
When configuring the following EAPS parameters, the switch displays loop protection warning
messages:
unnecessary. For example, if you use a script to configure your EAPS settings, disabling the warning
messages allows you to configure EAPS without replying to each interactive yes/no question.
To confirm the setting on the switch, use the following command:
Example
The following command disables the loop protection warning messages:
History

Description
Enables the loop protection warning messages displayed when configuring specific EAPS parameters.
Layer 2 Protocols
156
Syntax Description
Default
By default, loop protection warnings are enabled and displayed when configuring specific EAPS
parameters.
Usage Guidelines
This is a global EAPS command. You configure the warning message display on a per switch basis, not
per EAPS domain.
When configuring the following EAPS parameters, the switch displays loop protection warning
messages:
We recommend that you keep the loop protection warning messages enabled.
Example
The following command enables the loop protection warning messages:
History
configure eaps delete control vlan

configure eaps name delete control {vlan} vlan_name
Description
Deletes the specified control VLAN from the specified EAPS domain.
Layer 2 Protocols
157
Syntax Description
name
vlan_name
Specifies the name of the control VLAN.
Default
N/A.
Usage Guidelines
None.
Example
The following command deletes the control VLAN keys from the EAPS domain eaps_1:
configure eapseaps_1 delete control vlan keys
History
configure eaps delete protected vlan

configure eaps name delete protected {vlan} vlan_name
Description
Deletes the specified protected VLAN from the specified EAPS domain.
Syntax Description
name
vlan_name
Specifies the name of the protected VLAN.
Default
N/A.
Layer 2 Protocols
158
Usage Guidelines
To prevent loops in the network, you must delete the ring ports (the primary and the secondary ports)
from the protected VLAN before deleting the protected VLAN from the EAPS domain. Failure to do so
can cause a loop in the network.
The switch displays by default a warning message and prompts you to delete the VLAN from the EAPS
domain. When prompted, do one of the following:
Enter y delete the VLAN from the specified EAPS domain.
Enter n or press [Return] to cancel this action.
If you have considerable knowledge and experience with EAPS, you might find the EAPS loop
protection warning messages unnecessary. For more information, see the configure eaps
config-warnings off command.
Useful show Commands

Use the following show commands to display information about your EAPS domain, including
protected VLANs and primary and secondary ports:
show vlan This command displays summary information for all of the VLANs on the device. If
the VLAN is a protected VLAN, the P flag appears in the flag column. To see more detailed
information about the protected VLAN, use the following command: show vlanvlan_name .
show eaps This command displays summary EAPS domain information, including the name of
the domain and the primary and secondary ports. To see more detailed information, including the
name of the protected VLAN and the primary and secondary ports, use the show eapseapsDomain
command.
show vlan eaps This command displays whether the VLAN is a control or partner VLAN for an
EAPS domain. This command also displays if the VLAN is not a member of any EAPS domain.
Example
The following command deletes the protected VLAN orchid from the EAPS domain eaps_1:
configure eapseaps_1delete protected vlan orchid
The switch displays the following warning message and prompts you to confirm this action:
WARNING: Make sure EAPS ring-ports are deleted from the VLAN first.
Otherwise deleting the VLAN from the EAPS domain could cause a loop in
the network! Are you sure you want to remove the VLAN before deleting
EAPS ring-ports.? (y/n)
Enter y to delete the VLAN from the specified EAPS domain. Enter n to cancel this action.
History
The interactive messages were added in ExtremeXOS 11.4.
Layer 2 Protocols
159
configure eaps failtime expiry-action

configure eaps name failtime expiry-action [open-secondary-port | send-alert]
Description
Configures the action taken when the failtimer expires.
Syntax Description
name
open-secondary-port
Specifies to open the secondary port when the failtimer expires.
send-alert
Specifies that a critical message is sent to the syslog when the failtimer
expires.
Default
Default is send-alert.
Usage Guidelines
By default the action is to send an alert if the failtimer expires. Instead of going into a Failed state, the
master node remains in a Complete or Init state, maintains the secondary port blocking, and writes a
critical error message to syslog warning the user that there is a fault in the ring. An SNMP trap is also
sent.
If the EAPS ring contains non-EAPS devices, you must use the open-secondary-port parameter.
Note
Use caution when setting the failtimer expiry action to open-secondary port. Using this
configuration, if the master node loses three consecutive hello PDUs, the failtimer expires
but there might not be a break in the ring. Opening the secondary port in this situation
creates a loop.
Example
The following command configures the failtimer expiry action for EAPS domain eaps_1:
configure eapseaps_1 failtimeexpiry-action open-secondary-port
Layer 2 Protocols
160
History
configure eaps failtime

configure eaps name failtime seconds milliseconds
Description
Configures the period after which the master node declares a failure if no hello PDUs are received.
Syntax Description
name
seconds
Specifies the number of seconds the master node waits before the failtimer expires. Default
is 3 seconds, and the range is 0 to 300 seconds.
milliseconds
Specifies the number of milliseconds to wait before the failtimer expires. The range is 300
to 999 milliseconds.
Default
The default is 3 seconds.
Usage Guidelines
Use the failtime keyword and its associated seconds parameter to specify the amount of time the
master node waits before the failtimer expires. The failtime period (seconds plus milliseconds) must be
set greater than the configured value for hellotime. The default value is three seconds.
Increasing the failtime value reduces the likelihood of false failure detections caused by network
congestion.
Note
You configure the action taken when the failtimer expires by using the configure eaps
failtime expiry-action command.
In ExtremeXOS 11.0, the failtimer range was 2 to 60 seconds.
Layer 2 Protocols
161
Example
The following command configures the failtimer value for the EAPS domain eaps_1 to 15 seconds:
configure eapseaps_1failtime15 0
The following command configures the failtimer value for the EAPS domain eaps_2 to 300
milliseconds:
configure eapseaps_2failtime0 300
History
The range for the failtimer was changed to 2 to 300 seconds in ExtremeXOS 11.1. The default value for
the failtimer remains unchanged.
The milliseconds parameter was added in ExtremeXOS 12.4.2.
configure eaps fast-convergence

configure eaps fast-convergence[off | on]
Description
Enables EAPS to converge more quickly.
Syntax Description
off
Turns fast-convergence off. Default is off.
on
Turns fast-convergence on.
Default
Default is off.
Usage Guidelines
This command acts on the switch, not per domain.
Layer 2 Protocols
162
In certain environments to keep packet loss to a minimum when the ring is broken, configure EAPS with
fast-convergence turned on. If fast convergence is turned on, you can view the configuration with the
show eaps command.
Note
If fast-convergence is turned on, the link filters on all EAPS ring ports are turned off. This can
result problems if the ports hardware encountered a problem and started flapping
between link-up/link-down states.
Example
The following command configures fast convergence for all of the EAPS domains on the switch:
configure eapsfast-convergence on
History
configure eaps hello-pdu-egress

configure eaps name hello-pdu-egress [primary-port | secondary-port]
Description
Configures the port through which a master node sends EAPS hello PDUs.
Syntax Description
name
Default
Default is the primary port.
Layer 2 Protocols
163
Usage Guidelines
This command is provided for special network topologies that use spatial reuse and require that all
EAPS hello PDUs travel in the same direction on the ring.
Note
We recommend the default (primary-port) configuration for this command.
Example
The following command configures the master switch to send EAPS hello packets from the secondary
port:
configure eaps "domain12" hello-pdu-egress secondary-port
History
This command was first available in ExtremeXOS 12.4.2.
configure eaps hellotime

configure eaps name hellotime seconds milliseconds
Description
Configures the period at which the master node sends EAPS hello PDUs to verify ring connectivity.
Syntax Description
name
seconds
Specifies the number of seconds to wait between transmission of hello PDUs on the control
VLAN. The range is 0 to 15 seconds.
millisecond Specifies the number of milliseconds to wait between transmission of hello PDUs on the control
s
VLAN. The range is 0 to 999 milliseconds.
Default
Default is 1 second.
Layer 2 Protocols
164
Usage Guidelines
Use the hellotime keyword and its associated parameters to specify the amount of time the master
node waits between transmissions of hello PDUs on the control VLAN. Increasing the hellotime value
results in a reduced load on the processor and less traffic on the EAPS ring.
Note
The hello PDU timer value must be smaller than the fail timer value to prevent false failure
detection. If you change the hello PDU timer, verify that the fail timer value remains larger.
This command applies only to the master node. If you configure the hello PDU timer for a transit node,
the timer value is ignored. If you later reconfigure that transit node as the master node, the master
node uses the configured hello PDU timer value.
In ExtremeXOS 11.0, the range is 1 to 15 seconds. If you are running ExtremeXOS 11.0 with the hello timer
value greater than 15 seconds and you upgrade to ExtremeXOS 11.1 or later, you must modify the hello
timer to be within the 1 to 15 seconds range.
Example
The following command configures the hellotime value for the EAPS domain eaps_1 to 300
milliseconds:
configure eapseaps_1hellotime0 300
History
The range for the hello timer was changed to 1 to 15 seconds in ExtremeXOS 11.1. The default value for
the hello timer remains unchanged.
Support for a specific number of milliseconds was added in ExtremeXOS 12.4.2.
configure eaps mode

configure eaps name mode [master | transit]
Description
Configures the switch as either the EAPS master node or as an EAPS transit node for the specified
domain.
Layer 2 Protocols
165
Syntax Description
name
master
Specifies that this switch should be the master node for the named EAPS
domain.
transit
Specifies that this switch should be the transit node for the named EAPS
domain.
Default
N/A.
Usage Guidelines
One node (or switch) on the ring must be configured as the master node for the specified domain; all
other nodes (or switches) on the ring are configured as transit nodes for the same domain.
If you configure a switch to be a transit node for an EAPS domain, the switch displays by default
messages to:
Remind you to configure a master node in the EAPS domain.
Notify you that changing a master node to a transit node might cause a loop in the network. If you
have not assigned a new master node before changing the current master node to a transit node,
you might cause a loop in the network.
config-warnings off command.
Example
The following command identifies this switch as the master node for the domain named eaps_1:
configure eapseaps_1mode master
The following command identifies this switch as a transit node for the domain named eaps_1:
configure eapseaps_1mode transit
WARNING: Make sure this specific EAPS domain has a Master node in the
ring. If you change this node from EAPS master to EAPS transit, you could
cause a loop in the network. Are you sure you want to change mode to
transit? (y/n)
Layer 2 Protocols
166
Enter y to identify the switch as a transit node. Enter n to cancel this action.
History

configure eaps multicast add-ring-ports [on | off]
Description
Configures the switch to add previously blocked ring ports to existing multicast groups when an EAPS
topology change occurs.
Syntax Description
on
Enables the multicast add-ring-ports feature.
off
Disables the multicast add-ring-ports feature.
Default
Off.
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, multicast traffic is fastpath
forwarded using the switch hardware during the topology transition. The on setting improves multicast
forwarding performance during the transition.
Note
EAPS multicast flooding must be enabled before this feature will operate. For information on
enabling EAPS multicast flooding, see the configure eaps multicast temporaryflooding command description.
When this feature is set to off and an EAPS topology change occurs, multicast traffic is slowpath
forwarded using the CPU during the topology transition. The off setting reduces multicast forwarding
performance during the transition.
For other methods of supporting multicast traffic during an EAPS topology change, see the
descriptions for the following commands:
Layer 2 Protocols
167

Example
The following command enables the add-ring-ports feature:
configure eaps multicast add-ring-ports on
History
configure eaps multicast send-query

configure eaps multicast send-query [on | off]
Description
Configures the switch to send IGMP and MLD query messages to all protected VLANs when an EAPS
This command replaces the configure eaps multicast send-igmp-query [on | off]
command.
Syntax Description
on
Enables the multicast send-query feature.
off
Disables the multicast send-query feature.
Default
On.
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch sends IGMP and MLD
query messages to all protected VLANs. If the protected VLANs in the node detecting (and generating)
the topology change do not have IP address, a query is generated with the source IP address set to the
querier address in that VLAN.
Layer 2 Protocols
168
In a EAPS ring with many protected VLANs, the many responses can impact switch performance. This
is the default behavior and was the only method for supporting multicast traffic during EAPS topology
changes prior to release 12.1.2.
When this feature is set to off and an EAPS topology change occurs, the switch does not automatically
send IGMP or MLD queries to all protected VLANS during the topology transition. The off setting
improves switch performance during the transition, but you should use one of the following commands
to see that multicast traffic is supported during and after the topology change:
Example
The following command disables the send-query feature:
configure eaps multicast send-query off
History
The current format of the command was first available in ExtremeXOS 15.2.1.
The configure eaps multicast send-igmp-query version of the command applied only for IGMP,
and was first available in ExtremeXOS 12.1.2.

configure eaps multicast send-igmp-query [on | off]
Description
Configures the switch to send IGMP query messages to all protected VLANs when an EAPS topology
change occurs.
Syntax Description
on
Enables the multicast send-igmp-query feature.
off
Disables the multicast send-igmp-query feature.
Default
On.
Layer 2 Protocols
169
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch sends IGMP query
messages to all protected VLANs. If the protected VLANs in the node detecting (and generating) the
topology change do not have IP address, a query is generated with the source IP address set to the
querier address in that VLAN.
In a EAPS ring with many protected VLANs, the many responses can impact switch performance. This
is the default behavior and was the only method for supporting multicast traffic during EAPS topology
changes prior to release 12.1.2.
When this feature is set to off and an EAPS topology change occurs, the switch does not automatically
send IGMP queries to all protected VLANS during the topology transition. The off setting improves
switch performance during the transition, but you should use one of the following commands to see
that multicast traffic is supported during and after the topology change:
Example
The following command disables the send-igmp-query feature:
configure eaps multicast send-igmp-query off
History

configure eaps multicast temporary-flooding duration seconds
Description
Configures the duration for which the switch temporarily enables multicast flooding when an EAPS
Syntax Description
seconds
Layer 2 Protocols
Specifies the period (in seconds) for which the switch enables multicast
flooding.
170
Default
15 seconds.
Usage Guidelines
The flooding duration configuration applies only when the temporary-flooding feature is enabled with
the following command:
Example
The following command configures the temporary-flooding feature duration for 30 seconds:
configure eaps multicast temporary-flooding duration 30
History

configure eaps multicast temporary-flooding [on | off]
Description
Configures the switch to temporarily enable multicast flooding when an EAPS topology change occurs.
Syntax Description
on
Enables the multicast temporary-flooding feature.
off
Disables the multicast temporary-flooding feature.
Default
Off.
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch temporarily enables
multicast flooding to all protected VLANs for the duration specified by the following command:
Layer 2 Protocols
171
If you change the configuration to off, topology changes that occur after this command do not result in
temporary flooding. For example, if you change the configuration to off while flooding is in progress for
a protected VLAN or set of protected VLANs (due to an EAPS topology change), the flooding
continues for the configured duration period. New topology changes on the protected VLANs do not
cause flooding.
When this feature is set to off and an EAPS topology change occurs, the switch does not enable
flooding to all protected VLANS during the topology transition. The default switch response for
multicast traffic during an EAPS topology change is that defined by the following command:
You can also use the following command to configure the switch response for multicast traffic during
an EAPS topology change:
Example
The following command enables the temporary-flooding feature:
configure eaps multicast temporary-flooding on
History
configure eaps name

configure eaps old_name name new_name
Description
Renames an existing EAPS domain.
Syntax Description
old_name
Specifies the current name of an EAPS domain.
new_name
Specifies a new name for the EAPS domain.
Layer 2 Protocols
172
Default
N/A.
Usage Guidelines
If you use the same name across categories (for example, STPD and EAPS names), we recommend that
you specify the identifying keyword as well as the actual name. If you do not use the keyword, the
system might return an error message.
Example
The following command renames EAPS domain eaps-1 to eaps-5:
configure eaps eaps-1 name eaps-5
History
configure eaps port

configure eaps name [primary | secondary] port ports
Description
Configures a node port as the primary or secondary port for the specified EAPS domain.
Syntax Description
name
primary
Specifies that the port is to be configured as the primary port.
secondary
Specifies that the port is to be configured as the secondary port.
ports
Specifies one port or slot and port.
Default
N/A.
Layer 2 Protocols
173
Usage Guidelines
Each node on the ring connects through two ring ports. One port must be configured as the primary
port; the other must be configured as the secondary port.
The primary and secondary ports have significance only on a master node. The health-check messages
are sent out the primary port of the master node, and the master node blocks the protected VLANs on
the secondary port.
The master nodes secondary EAPS port cannot be configured on ports that are already configured as
follows:
Shared-port
MLAG ISC port
There is no distinction between the primary and secondary ports on a transit node.
Beginning with ExtremeXOS 11.1, if you have a primary or secondary port that is a member of a loadshared group, you do not need to disable your EAPS domain and remove that ring port when
modifying the load-shared group. For more information about configuring load sharing on your switch,
see Configuring Slots and Ports on a Switch in the ExtremeXOS Concepts Guide.
For complete information about software licensing, including how to obtain and upgrade your license
and what licenses are appropriate for this feature, see the Feature License Requirements document.
Messages Displayed when Adding EAPS Ring Ports to a VLAN

If you attempt to add EAPS ring ports to a VLAN that is not protected by EAPS, the switch prompts
you by default to confirm this action. For example, if you use the configure vlan vlan_name add
ports port_list command, and the ports that you are attempting to add to the VLAN are currently
used by EAPS as either primary or secondary ring ports, the switch displays the following message:
Make sure <vlan_name> is protected by EAPS. Adding EAPS ring ports to a
VLAN could cause a loop in the network. Do you really want to add these
ports (y/n)
Enter y to add the ports to the VLAN. Enter n or press [Return] to cancel this action.
If you see this message, either configure the VLAN as an EAPS protected VLAN by using the
configure eaps add protected vlan command or add ports that the EAPS domain does not
use as primary or secondary ring ports.
config-warnings off .
Example
The following command adds port 1 of the module installed in slot 8 to the EAPS domain eaps_1 as the
primary port:
configure eapseaps_1primary port8:1
Layer 2 Protocols
174
History
configure eaps priority

configure eaps name priority {high | normal}
Description
Configures an EAPS domain priority.
Syntax Description
name
Default
Normal.
Usage Guidelines
Extreme Networks recommends that no more than 200 protected VLANs be configured as high
priority domains. Priority protection works best when the majority of protected VLANs are configured
for normal priority and a relatively small percentage of the protected VLANs are configured as high
priority domains.
When EAPS domains on two separate physical rings share a common link (shared-port configuration)
and have one or more protected VLANs in common, the domains must be configured with the same
domain priority.
When EAPS domain priority is configured on separate physical rings that are connected to the same
switch, the priorities on each ring are serviced independently. For example, if there is a break on both
Ring A and Ring B, the high priority domains on each ring are serviced before the lower priority
domains. However, the switch does not attempt to process the high priority domains on Ring B before
servicing the normal priority domains on Ring A.
For a high priority domain to get priority over normal priority domains, all switches in the EAPS domain
must support high priority domains. If high priority domains are configured on a switch that is in a ring
with one or more switches that do not support high priority domains (software releases before
ExtremeXOS Release 12.5), the high priority domain operates as a normal priority domain.
Layer 2 Protocols
175
Example
The following command configures the eaps_1 domain as a high priority domain:
configure eapseaps_1 priority high
History
configure eaps shared-port common-path-timers

configure eaps shared-port port common-path-timers {[health-interval | timeout]
seconds}
Description
Configures the common path health interval or timeout value.
Syntax Description
port
Specifies the port number of the common link port.
health-interval
Specifies the interval for health check messages on the common link.
timeout
Specifies the timeout value for the common link.
seconds
Specifies the amount of health interval, in seconds.
Default
N/A.
Usage Guidelines
This command allows you to configure the length of the common path health interval, in seconds, for a
given port. The range is from 1 to 10 seconds.
Example
The following command configures a common-link health interval of 5 seconds on port 1:1.
configure eaps shared-port 1:1 common-path-timers health-interval 5
Layer 2 Protocols
176
The following command configures a segment timeout of 10 seconds on port 1:1.

configure eaps shared-port 1:1 common-path-timers timeout 10
History
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
configure eaps shared-port link-id

configure eaps shared-port ports link-id id
Description
Configures the link ID of the shared port.
Syntax Description
ports
id
Specifies the link ID of the port. The link ID range is 1 to 65535.
Default
N/A.
Usage Guidelines
Each common link in the EAPS network must have a unique link ID. The controller and partner shared
ports belonging to the same common link must have matching link IDs. No other instance in the
network should have that link ID.
If you have multiple adjacent common links, we recommend that you configure the link IDs in
ascending order of adjacency. For example, if you have an EAPS configuration with three adjacent
common links, moving from left to right of the topology, configure the link IDs from the lowest to the
highest value.
Layer 2 Protocols
177
Example
The following command configures the EAPS shared port 1:1 to have a link ID of 1.
configure eaps shared-port 1:1 link-id 1
History
configure eaps shared-port mode

configure eaps shared-port ports mode controller | partner
Description
Configures the mode of the shared port.
Syntax Description
ports
Specifies the port number of the shared port.
controller
Specifies the controller mode. The controller is the end of the common link
responsible for blocking ports when the common link fails thereby preventing
the superloop.
partner
Specifies partner mode. The partner is responsible only for sending and
receiving health-check messages.
Default
N/A.
Usage Guidelines
The shared port on one end of the common link must be configured to be the controller. This is the end
responsible for blocking ports when the common link fails thereby preventing the superloop.
The shared port on the other end of the common link must be configured to be the partner. This end
does not participate in any form of blocking. It is responsible only for sending and receiving healthcheck messages.
Layer 2 Protocols
178
Example
The following command configures the shared port 1:1 to be the controller.
configure eaps shared-port 1:1 mode controller
History
configure eaps shared-port segment-timers expiry-action

configure eaps shared-port port segment-timers expiry-action [segment-down |
send-alert]
Description
Configures the action taken when the segment timeout timer expires.
Syntax Description
port
segment-down
Marks the segment as DOWN if the segment timer expires. No link-statusquery is sent to verify that links are down.
send-alert
If the segment timer expires, the switch keeps segments up, but sends a
warning message to the log. The segment fail flag is set, an SNMP trap is sent,
and a link-status-query is sent to verify if any links are down.
Default
Default is send-alert.
Usage Guidelines
By default, the action is to send an alert if the segment timeout timer expires. Instead of the segment
going into a failed state and being marked as down, the segment remains in a segment up state with
Layer 2 Protocols
179
the failed flag set. The switch writes a critical error message to the syslog warning the user that there is
a fault in the segment. An SNMP trap is also sent.
Note
Use caution when setting the segment-timeout expiry action to segment-down. Using this
configuration, if the controller or partner node loses three consecutive hello PDUs, the
failtimer expiresbut there might not be a break in the segment. Opening a blocked port in
this situation creates a loop.
The following describes some general recommendations for using this command:
When you configure your Extreme Networks switches as the partner and controller, respectively,
make sure that their segment timer configurations are identical.
For example, if you have a partner switch with the segment-timeout expiry action set to send-alert,
make sure the controller switch has its segment-timeout expiry action set to send-alert.
However, if you have a partner switch with the segment-timeout expiry action set to send-alert, and
the controller switch does not have a segment timer configuration, you must configure the partner
switchs segment-timeout expiry action to segment-down.
If you have a network containing non-Extreme Networks switches or non-EAPS devices, set the
segment-timeout expiry action to segment-down.
The following events can cause a ring segment failure:

There is a hardware failure.
The controller or partner received a Link Down message from the partner or controller, respectively.
The segment timer expires and the expiry action was set to segment-down. This means that either
the controller or partner did not receive health check messages during the defined segment timeout
period.
To view shared-port information, including shared-port segment status, use the following command:
show eaps shared-port {port}{detail}
History
configure eaps shared-port segment-timers health-interval

configure eaps shared-port port segment-timers health-interval seconds
Layer 2 Protocols
180
Description
Configures the shared-port health interval timeout.
Syntax Description
port
seconds
Default
N/A.
Usage Guidelines
This command allows you to configure the length of the shared-port health interval timeout, in
seconds, for a given port.
Example
The following command configures a shared-port health interval timeout of 10 seconds on port 1:1.
configure eaps shared-port 1:1 segment-timers health-interval 10
History
configure eaps shared-port segment-timers timeout

configure eaps shared-port port segment-timers timeout seconds
Description
Configures the shared-port timeout.
Layer 2 Protocols
181
Syntax Description
port
seconds
Default
N/A.
Usage Guidelines
This command allows you to configure the length of the shared-port timeout, in seconds, for a given
port.
Example
The following command configures a shared-port timeout of 10 seconds on port 1:1.
configure eaps shared-port 1:1 segment-timers timeout 10
History
configure erps add control vlan

configure erps ring-name add control {vlan} vlan_name
Description
Add a control VLAN on the ERPS ring.
Syntax Description
ring-name
control
VLAN that carries ERPS control traffic.
vlan_name
Alphanumeric string identifying the VLAN to be used for control traffic.
Layer 2 Protocols
182
Default
N/A.
Usage Guidelines
Use this command to add a control VLAN on the ERPS ring. This is the VLAN that carries ERPS control
traffic.
Note
Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used for control
traffic. A control VLAN cannot be deleted from a ring that has CFM configured.
Example
The following command adds a control VLAN named vlan10 to an ERPS ring named ring1:
configure erps ring1 add control vlan vlan10
History
configure erps add protected vlan

Description
Add a protected VLAN on the ERPS ring. This is a data VLAN that ERPS will protect.
Syntax Description
ring-name
vlan_name
Alphanumeric string identifying the data VLAN to be added that ERPS will
protect. This can be a VLAN, SVLAN, BVLAN or VMAN.
Default
N/A.
Layer 2 Protocols
183
Usage Guidelines
Use this command to add a protected data VLAN on the ERPS ring. This VLAN will be protected by
ERPS, and it can be a VLAN, SVLAN, BVLAN or VMAN.
Note
The SVLAN-BVLAN combination cannot both be added to the same ring or sub-ring.
Example
The following command adds a protected VLAN named vlan10 to an ERPS ring named ring1:
configure erps ring1 add protected vlan vlan10
History
configure erps cfm md-level

configure erps ring-name cfm md-level level
Description
Specify the connectivity fault management (CFM) maintenance domain level for an ERPS ring.
Syntax Description
ring-name
level
Maintenance domain level specified for the ERPS ring.
Default
N/A.
Usage Guidelines
Use this command to specify the CFM maintenance domain level for an ERPS ring.
Layer 2 Protocols
184
Example
The following command sets the CFM maintenance domain level to 6 for an ERPS ring named ring1:
configure erps ring1 cfm md-level 6
History
configure erps cfm port ccm-interval

configure erps ring-name cfm port [east | west] ccm-interval [100 | 1000 | 10000
| 60000 | 600000]
Description
Specify the time interval for transmitting CFM connectivity check messages (CCM) on a port of an
ERPS ring.
ring-name
east
East port.
west
West port.
100
100 milliseconds.
1000
1000 milliseconds.
10000
10000 milliseconds.
60000
60000 milliseconds.
600000
600000 milliseconds.
Default
N/A.
Usage Guidelines
Use this command to specify the time interval at which CCMs are transmitted for a port of an ERPS
ring.
Layer 2 Protocols
185
Example
The following command sets the CCM time interval to 1000 for the east port of an ERPS ring named
ring1:
configure erps ring1 cfm port east ccm-interval 1000
History
configure erps cfm port group

configure erps ring_name cfm port [east | west] [add | delete] group group_name
Description
Associates or disassociates fault monitoring entities on the ERPS ring ports.
Syntax Description
ring_name
east
East port.
west
West port.
add
Associates a CFM Down-MEP entity.
delete
Disassociates a CFM Down-MEP entity.
group
Specifies a CFM Down-MEP group.
group_name
Specifies the name of the Down MEP group.
Default
N/A.
Usage Guidelines
Use this command to associate or disassociate fault monitoring entities on the ERPS ring ports.
Layer 2 Protocols
186
Example
The following command associates fault monitoring on the group "group1":
configure erps ring1 cfm port east add group1
History
This command is available on all platforms running ExtremeXOS.
configure erps cfm port mepid

configure erps ring-name cfm port [east | west] mepid mepid remote-mepid rmepid
Description
Specify the maintenance end point identifier for the connectivity fault management (CFM) on a port of
an ERPS ring.
Syntax Description
ring-name
east
East port.
west
West port.
mepid
Maintenance End Point identifier for the ring ports.
rmepid
Remote Maintenance End Point identifier for the ring ports.
Default
N/A.
Usage Guidelines
Use this command to specify the maintenance end point identifier for CFM on a port of an ERPS ring.
Layer 2 Protocols
187
Example
The following command specifies the maintenance end point identifier for the east port of an ERPS ring
named ring1:
configure erps ring1 cfm port east mepid 1 remote-mepid 3
History
configure erps cfm protection group

configure erps ring_name cfm protection [add delete] group cfm_group
Description
Associates or disassociates a CFM UP MEP group for subring protection across the main ring.
Syntax Description
ring-name
east
East port.
west
West port.
add
Associates a CFM Up-MEP entity.
delete
Disassociates a CFM Up-MEP entity.
group
Specifies a CFM Up-MEP group.
group_name
Specifies the name of the Up MEP group.
Default
N/A.
Usage Guidelines
Use this command to associate or disassociate a CFM UP MEP group for subring protection across the
main ring.
Layer 2 Protocols
188
Example
The following command associates a CFM UP MEP group for subring protection on the group "group1":
configure erps ring1 cfm protection add group1
History
This command is available on all platforms running ExtremeXOS.
configure erps delete control vlan

configure erps ring-name delete control {vlan} vlan_name
Description
Delete a control VLAN on the ERPS ring.
Syntax Description
ring-name
vlan_name
Alphanumeric string identifying the VLAN used for control traffic.
Default
N/A.
Usage Guidelines
Use this command to delete a control VLAN from the ERPS ring. This is the VLAN that carries ERPS
control traffic.
Note
Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used for control
traffic.
A control VLAN cannot be deleted from a ring that has CFM configured.
Layer 2 Protocols
189
Example
The following command deletes a control VLAN named vlan10 from an ERPS ring named ring1:
configure erps ring1 delete control vlan vlan10
History
configure erps delete protected vlan

configure erps ring-name delete protected {vlan} vlan_name
Description
Delete a protected data VLAN from the ERPS ring.
Syntax Description
ring-name
vlan_name
Alphanumeric string identifying the data VLAN to be deleted from the ERPS
ring.
Default
N/A.
Usage Guidelines
Use this command to delete a protected VLAN from the ERPS ring.
Example
The following command deletes a protected VLAN named vlan10 from an ERPS ring named ring1:
configure erps ring1 delete protected vlan vlan10
History
Layer 2 Protocols
190
configure erps dynamic-state clear

configure erps ring-name dynamic-state [force-switch | manual-switch | clear]
port slot:port
Description
Clear force and manual switch triggers to the ERPS ring/sub-ring.
Syntax Description
dynamic-state
Configure force/manual/clear switch on the active ERPS ring.
force-switch
Force switch operation.
manual-switch
Manual switch operation.
clear
Clear.
Default
N/A.
Usage Guidelines
Use this command to clear force and manual switch triggers to the ERPS ring/sub-ring.
Example
The following command clears force and manual switch triggers of an ERPS ring named "ring1":
configure erps ring1 dynamic-state clear
History
configure erps name

configure erps old-ring-name name new-ring-name
Layer 2 Protocols
191
Description
Rename the ERPS ring/sub-ring.
Syntax Description
old-ring-name
new-ring-name
New alphanumeric string identifying the ERPS ring.
Default
N/A.
Usage Guidelines
Use this command to rename the ERPS ring or sub-ring.
Example
The following command an ERPS ring from ring1 to ring2:
configure erps ring1 name ring2
History
configure erps neighbor port

configure erps ring-name neighbor-port port
Description
Add RPL (ring protection link) neighbor configuration for the ERPS ring.
Syntax Description
ring-name
port
The slot:port number for RPL neighbor.
Layer 2 Protocols
192
Default
N/A.
Usage Guidelines
Use this command to add RPL neighbor configuration for the ERPS ring.
Note
This command implicitly makes the node on which it is configured the RPL neighbor.
Example
The following command adds RPL neighbor on port 5 to an ERPS ring named ring1:
configure erps ring1 neighbor-port 5
History
configure erps notify-topology-change

configure {erps} ring-name notify-topology-change {eaps} domain_name
Description
Add an ERPS sub-ring to the EAPS domain.
Syntax Description
ring-name
Alphanumeric string identififying the ERPS sub-ring.
domain_name
Alphanumeric string identifying the EAPS domain.
Default
N/A.
Usage Guidelines
Use this command to add an ERPS sub-ring to the EAPS domain.
Layer 2 Protocols
193
Example
Example output not yet available and will be provided in a future release.
History
configure erps protection-port

configure erps ring-name protection-port port
Description
Add ring protection link (RPL) owner configuration for the ERPS ring.
Syntax Description
ring-name
port
The slot:port number for the ring protection link (RPL) owner.
Default
N/A.
Usage Guidelines
Use this command to add ring protection link (RPL) owner configuration for the ERPS ring.
Note
This command implicitly makes the node on which it is configured the RPL owner.
Example
The following command adds RPL owner configuration on port 5 to an ERPS ring named ring1:
configure erps ring1 protection-port 5
History
Layer 2 Protocols
194
configure erps revert

configure {erps} ring-name revert [ enable | disable ]
Description
Add or delete ERPS revert operation along with the wait-to-restore time interval.
Syntax Description
ring-name
enable
Enable revert mode to ERPS ring.
disable
Disable revert mode from ERPS ring.
Default
The default is the revertive mode (enable).
Usage Guidelines
Use this command to enable/disable a G.8032 ring to revert to the original ring protection link (RPL)
block state.
Example
The following command disables revert mode from an ERPS ring named ring1:
configure erps ring1 revert disable
History
configure erps ring-ports east | west

configure erps ring-name ring-ports [east | west] port
Layer 2 Protocols
195
Description
Add ring ports on the ERPS ring. Ths ring ports connect the switch to the ERPS ring.
Syntax Description
ring-name
east
Add the ring port to the east port of the switch.
west
Add the ring port to the west port of the switch.
port
The slot:port number for the ring port.
Default
N/A.
Usage Guidelines
Use this command to add ring ports on the ERPS ring. The ring ports can be added to the east or west
port of the switch. The ring ports connect the switch to the ERPS ring.
Example
The following command adds port 5 as a ring port on the east port of the switch for an ERPS ring
named ring1:
configure erps ring1 add ring-ports east 5
History
configure erps subring-mode

configure erps ring_name subring-mode [no-virtualChannel | virtualChannel]
Description
Configures sub-ring mode.
Layer 2 Protocols
196
Syntax Description
ring-name
no-virtualChannel
No Virtual Channel required to complete it's control path.
virtualChannel
Virtual Channel required to complete it's control path.
Default
N/A.
Usage Guidelines
Use this command to add or delete ERPS sub-rings.
Example
The following example configures a virtual channel for the control path:
configure erps ring1 subring-mode virtualChannel
History
This command is available on all platforms that are running ExtremeXOS.
configure erps sub-ring

configure {erps} ring-name [add | delete] sub-ring-name sub_ring
Description
Add or delete a sub-ring to the main ring.
Syntax Description
ring-name
add
Add sub-ring.
delete
Delete sub-ring.
sub_ring
Alphanumeric string identifying the ERPS sub-ring.
Layer 2 Protocols
197
Default
N/A.
Usage Guidelines
Use this command to add or delete ERPS sub-rings.
Example
The following example adds sub-ring ring2 to ring1:
configure erps ring1 add sub-ring-name ring2
History
configure erps timer guard

configure {erps} ring-name timer guard [ default | milliseconds ]
Description
Configure a guard timer to control when the node should act on received R-APS (ring automatic
protection switching) messages.
Syntax Description
ring-name
default
The default value, 500 milliseconds.
milliseconds
The interval for the guard timer in milliseconds, with a range of 10 to 2000.
Default
The default is 500 milliseconds.
Usage Guidelines
Use this command to configure a guard timer to control when the node should act on received R-APS
messages.
Layer 2 Protocols
198
Example
The following command sets the guard timer to 1000 milliseconds for an ERPS ring named ring1:
configure erps ring1 timer guard 1000
History
configure erps timer hold-off

configure {erps} ring-name timer hold-off [ default | milliseconds ]
Description
Configure a hold-off timer to control when a signal fault is relayed.
Syntax Description
ring-name
default
milliseconds
The interval for the hold-off time in milliseconds, with a range of 0 to 10000.
Default
Usage Guidelines
Use this command to configure a hold-off timer to control when a signal fault is relayed.
Example
The following command sets the hold-off timer to 1000 milliseconds for an ERPS ring named ring1:
configure erps ring1 timer hold-off 1000
Layer 2 Protocols
199
History
configure erps timer periodic

configure {erps} ring-name timer periodic [ default | milliseconds ]
Description
Configure a periodic timer to control the interval between signal failures.
Syntax Description
ring-name
default
milliseconds
The interval for the periodic time in milliseconds, with a range of 2000 to
7000.
Default
Usage Guidelines
Use this command to configure a periodic timer to control the interval between signal failure.
Example
The following command sets the periodic timer to 6000 milliseconds for an ERPS ring named ring1:
configure erps ring1 timer periodic 6000
History
Layer 2 Protocols
200
configure erps timer wait-to-block

Description
Configure a wait-to-block timer for revertive operations on RPL owner initiated reversion.
Syntax Description
ring-name
default
milliseconds
The time interval to wait before restoring, with a range of 5000 to 7000
milliseconds.
Default
Usage Guidelines
Use this command to configure a wait-to-block timer for revertive operations on RPL owner-initiated
reversion.
Example
The following command sets the wait-to-block timer to 6000 milliseconds for an ERPS ring named
ring1:
configure erps ring1 timer wait-to-block 6000
History
configure erps timer wait-to-restore

configure {erps} ring-name timer wait-to-restore [ default | milliseconds ]
Layer 2 Protocols
201
Description
Configure a time interval to wait before restoring.
Syntax Description
ring-name
default
milliseconds
The time interval to wait before restoring, with a range of 0 to 720000

milliseconds.
Default
Usage Guidelines
Use this command to configure a time interval to wait before restoring.
Example
The following command sets the wait-to-restore timer to 3000 milliseconds for an ERPS ring named
ring1:
configure erps ring1 timer wait-to-restore 3000
History
configure erps topology-change

configure erps ring-name [add | delete] topology-change ring-list
Description
Identify the rings to which topology change events need to be propagated.
Layer 2 Protocols
202
Syntax Description
ring-name
add
Add rings/sub-rings to topology change propagation list.
delete
Delete rings/sub-rings from topology change propagation list.
ring-list
List of ERPS rings/sub-rings to which topology change needs to be

propagated.
Default
N/A.
Usage Guidelines
Use this command to add or delete ERPS rings/sub-rings from the topology change propagation list.
Example
History
configure forwarding L2-protocol fast-convergence

configure forwarding L2-protocol fast-convergence on | off
Description
Configures the switch to flooding the unicast traffic during L2 protocol convergence.
Syntax Description
on
Used to avoid flooding the unicast traffic during L2 protocol convergence.
off
Used to Temporarily flooding unicast traffic during L2 protocol convergence.

(default)
Default
On.
Layer 2 Protocols
203
Usage Guidelines
Use this command to influence the L2-protocol convergence when topology changes in the network to
minimize the congestion.
Example
The following command will influence the L2-Protocol control traffic:
configure forwarding L2-protocol fast-convergence off
History
This command available on all Summit, BD8K, BD-X8 platforms.
configure ip-arp fast-convergence

configure ip-arp fast-convergence [on | off]
Description
This command improves IP convergence for IP traffic.
Syntax Description
on
Fast-convergence on.
off
Fast-convergence off (default).
Default
Off.
Usage Guidelines
Use this command for quick recovery when running IP traffic over an EAPS ring.
Example
The following example shows output from the configure ip-arp fast-convergence on command:
E4G200-1.2 # show iparp
VR
Destination
Layer 2 Protocols
Mac
Age
Static
VLAN
204
VID
Port
VR-Default
10.109.1.2
00:04:96:52:2b:16
0
NO box1-box2
950
3
VR-Default
10.109.1.6
00:04:96:52:2a:f2
0
NO box1-box3
951
1
Dynamic Entries :
2
Static
Entries
:
0
Pending Entries :
0
In Request
:
1
In
Response
:
1
Out Request
:
1
Out
Response
:
1
Failed Requests :
0
Proxy Answered
:
0
Rx Error
:
0
Dup IP
Addr
:
0.0.0.0
Rejected Count
:
Rejected IP
:
Rejected Port
:
Rejected I/F
:
Max ARP entries :
8192
Max ARP pending entries
:
256
ARP address check:
Enabled
ARP refresh
:
Enabled
Timeout
:
20 minutes
ARP Sender-Mac Learning
:
Disabled
Locktime
:
1000 milliseconds
Retransmit Time :
1000 milliseconds
Reachable Time
:
900000 milliseconds (Auto)
Fast Convergence :
Off
E4G200-1.3 #
E4G200-1.4 # show iparp
VR
Destination
Mac
Age Static VLAN
VID
Port
VR-Default
10.109.1.2
00:04:96:52:2b:16
1
NO box1-box2
950
3
VR-Default
10.109.1.6
00:04:96:52:2a:f2
1
NO box1-box3
951
1
Dynamic Entries :
2
Static
Entries
:
0
Pending Entries :
0
In Request
:
1
In
Response
:
1
Out Request
:
1
Out
Response
:
1
Failed Requests :
0
Proxy Answered
:
0
Rx Error
:
0
Dup IP
Addr
:
0.0.0.0
Rejected Count
:
Rejected IP
:
Rejected Port
:
Rejected I/F
:
Max ARP entries :
8192
Max ARP pending entries
:
256
ARP address check:
Enabled
ARP refresh
:
Enabled
Timeout
:
20 minutes
ARP Sender-Mac Learning
:
Disabled
Locktime
:
1000 milliseconds
Retransmit Time :
1000 milliseconds
Reachable Time
:
900000 milliseconds (Auto)
Layer 2 Protocols
205
Fast Convergence :
E4G200-1.5 #
On
History
configure mstp format

configure mstp format format_identifier
Description
Configures the number used to identify the MSTP BPDUs sent in the MSTP region.
Syntax Description
format_identifier
Specifies a number that MSTP uses to identify all BPDUs sent in the MSTP
region. The default is 0. The range is 0 to 255.
Default
The default value used to identify the MSTP BPDU is 0.
Usage Guidelines
For a switch to be part of an MSTP region, you must configure each switch in the region with the same
MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist of the
following:
Region NameThe name of the MSTP region.
Format SelectorThe number used to identify the format of MSTP BPDUs. The default is 0.
default of 3.
The switches contained in a region transmit and receive BPDUs that contain information relevant to
only that MSTP region. By having devices look at the region identifiers, MSTP discovers the logical
boundary of a region.
If you have an active MSTP region, Extreme Networks recommends that you disable all active STPDs in
the region before modifying the value used to identify MSTP BPDUs on all participating switches.
Layer 2 Protocols
206
Example
The following command configures the number 2 to identify the MSTP BPDUs sent within an MSTP
region:
configure mstp format 2
History
configure mstp region

Description
Configures the name of an MSTP region on the switch.
Syntax Description
regionName
Specifies a user-defined name for the MSTP region. May be up to 32

characters.
Default
By default, the switch uses the MAC address of the switch to generate an MSTP region.
Before you configure the MSTP region, it also has the following additional defaults:
MSTP format Identifier0.
MSTP Revision Level3.
Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric characters and
underscores ( _ ) but cannot be any reserved keywords, for example, mstp. Names must start with an
alphabetical character, for example, a, Z.
By default, the switch uses the unique MAC address of the switch to generate an MSTP region. Since
each MAC address is unique, every switch is in its own region by default.
Layer 2 Protocols
207
For multiple switches to be part of an MSTP region, you must configure each switch in the region with
the same MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist
of the following:
default of 3.
The switches inside a region exchange BPDUs that contain information for MSTIs. The switches
connected outside of the region exchange CIST information. By having devices look at the region
identifiers, MSTP discovers the logical boundary of a region.
before renaming the region on all of the participating switches.
Viewing MSTP Information

To view the MSTP configuration on the switch, use the show stpd command. Output from this
command contains global MSTP settings, including the name of the MSTP region, the number or tag
that identifies all of the BPDUs sent in the MSTP region, and the reserved MSTP revision level. If
configured, the output also displays the name of the Common and Internal Spanning Tree (CIST), and
the number of Multiple Spanning Tree Instances (MSTIs).
Example
The following command creates an MSTP region named purple:
configure mstp region purple
History
configure mstp revision

configure mstp revision revision
Description
Configures the revision number of the MSTP region.
Layer 2 Protocols
208
Syntax Description
revision
This parameter is reserved for future use.
Default
The default value of the revision level is 3.
Usage Guidelines
Although this command is displayed in the CLI, it is reserved for future use. Please do not use this
command.
If you accidentally configure this command, remember that each switch in the region must have the
same MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist of
the following:
default of 3.
Example
The following command returns the MSTP revision number to 3, the default revision number:
configure mstp revision 3
History
configure stpd add vlan

Description
Adds all ports or a list of ports within a VLAN to a specified STPD.
Layer 2 Protocols
209
Syntax Description
stpd_name
Specifies an STPD name on the switch.
vlan_name
Specifies a VLAN name.
all
Specifies all of the ports in the VLAN to be included in the STPD.
port_list
Specifies the port or ports to be included in the STPD.
dot1d
Specifies the STP encapsulation mode of operation to be 802.1D.
emistp
Specifies the STP encapsulation mode of operation to be EMISTP.
pvst-plus
Specifies the STP encapsulation mode of operation to be PVST+.
Default
Ports in the default STPD (s0) are in dot1.d mode.
Ports in user-created STPDs are in emistp mode.
Usage Guidelines
To create an STP domain, use the create stpd command. To create a VLAN, use the create vlan
command.
In an EMISTP or PVST+ environment, this command adds a list of ports within a VLAN to a specified
STPD provided the carrier VLAN already exists on the same set of ports. You can also specify the
encapsulation mode for those ports.
In an MSTP environment, you do not need a carrier VLAN. A CIST controls the connectivity of
interconnecting MSTP regions and sends BPDUs across the regions to communicate region status. You
must use the dot1d encapsulation mode in an MSTP environment.
You cannot configure STP on the following ports:
Mirroring target ports.
Software-controlled redundant ports.
If you see an error similar to the following:

Error: Cannot add VLAN default port 3:5 to STP domain
You might be attempting to add:

A carrier VLAN port to a different STP domain than the carrier VLAN belongs.
A VLAN/port for which the carrier VLAN does not yet belong.
Note
This restriction is enforced only in an active STP domain and when you enable STP to
make sure you have a legal STP configuration.
Care must be taken to ensure that ports in overlapping domains do not interfere with the orderly
working of each domains protocol.
Layer 2 Protocols
210
By default, when the switch boots for the first time, it automatically creates a VLAN named default with
a tag value of 1 and STPD s0. The switch associates VLAN default to STPD s0. All ports that belong to
this VLAN and STPD are in 802.1D encapsulation mode with autobind enabled. If you disable autobind
on the VLAN default, that configuration is saved across a reboot.
Naming Conventions
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keywords stpd and vlan are optional.
STP Encapsulations Modes

You can specify the following STP encapsulation modes:
dot1dThis mode is reserved for backward compatibility with previous STP versions. BPDUs are
sent untagged in 802.1D mode. Because of this, any given physical interface can have only one STPD
running in 802.1D mode.
MSTP.
emistpThis mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN ID field.
pvst-plusThis mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, and
send and process packets in PVST+ format.
different modes for different domains for which it belongs.
MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.
STPD Identifier
An StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD and that VLAN cannot
belong to another STPD.
ID of 0 identifies the Common and Internal Spanning Tree (CIST). The switch assigns this ID
automatically when you configure the CIST STPD. A multiple spanning tree instance identifier identifies
each STP domain that is part of an MSTP region. You assign the MSTI ID when configuring the STPD
that participates in the MSTP region. In an MSTP region, MSTI IDs only have local significance. You can
reuse MSTI IDs across MSTP regions.
Layer 2 Protocols
211

region, the switch automatically binds that port to the CIST. The CIST handles BPDU processing for
itself and all of the MSTIs; therefore, the CIST must inherit ports from the MSTIs in order to transmit and
receive BPDUs.
Example
Create a VLAN named marketing and an STPD named STPD1 as follows:
create vlan marketing
create stpd stpd1
The following command adds the VLAN named marketing to the STPD STPD1, and includes all the ports
of the VLAN in STPD1:
configure stpd stpd1 add vlan marketing ports all
History
configure stpd default-encapsulation

configure stpd stpd_name default-encapsulation [dot1d | emistp | pvst-plus]
Description
Configures the default encapsulation mode for all ports added to the specified STPD.
Syntax Description
stpd_name
dot1d
Specifies the STP encapsulation mode of operation to be 802.1d.
emistp
pvst-plus
Default
Ports in the default STPD (s0) are dot1d mode.
Layer 2 Protocols
212
Usage Guidelines
Care must be taken to ensure that ports in overlapping domains do not interfere with the orderly
working of each domains protocol.
By default, when the switch boots for the first time, it automatically creates a VLAN named default with
a tag value of 1 and STPD s0. The switch associates VLAN default to STPD s0. All ports that belong to
this VLAN and STPD are in 802.1d encapsulation mode with autobind enabled. If you disable autobind
on the VLAN default, that configuration is saved across a reboot.
Naming Conventions
the keyword stpd is optional. For name creation guidelines and a list of reserved names, see Object
Names in the .
STP Encapsulation Modes

MSTP.
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs and
Note
These encapsulation modes are for STP ports, not for physical ports. When a physical port
belongs to multiple STPDs, it is associated with multiple STP ports. It is possible for the
physical port to run in different modes for different domains for which it belongs.
STPD Identifier
An StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STP domain, and that VLAN
cannot belong to another STPD.
Layer 2 Protocols
213
ID of 0 identifies the Common and Internal Spanning Tree (CIST). The switch assigns this ID
automatically when you configure the CIST STPD. A multiple spanning tree instance identifier identifies
each STP domain that is part of an MSTP region. You assign the MSTI ID when configuring the STPD
that participates in the MSTP region. In an MSTP region, MSTI IDs only have local significance. You can
reuse MSTI IDs across MSTP regions.
Example
The following command specifies that all ports subsequently added to the STPD STPD1 be in PVST+
encapsulation mode unless otherwise specified or manually changed:
configure stpd stpd1 default-encapsulation pvst-plus
History
configure stpd delete vlan

Description
Deletes one or more ports in the specified VLAN from an STPD.
Syntax Description
stpd_name
vlan_name
all
Specifies that all of the ports in the VLAN are to be removed from the STPD.
port_list
Specifies the port or ports to be removed from the STPD.
Default
N/A.
Layer 2 Protocols
214
Usage Guidelines
the keywords stpd and vlan are optional.
In EMISTP and PVST+ environments, if the specified VLAN is the carrier VLAN, all protected VLANs on
the same set of ports are also removed from the STPD.
You also use this command to remove autobind ports from a VLAN. ExtremeXOS records the deleted
ports so that the ports are not automatically added to the STPD after a system restart.
When a port is deleted on the MSTI, it is automatically deleted on the CIST as well.
Example
The following command removes all ports of a VLAN named Marketing from the STPD STPD1:
configure stpd stpd1 delete vlan marketing ports all
History
configure stpd description

configure {stpd} stpd_name description [stpd-description | none}
Description
Adds or overwrites the STP domain description field.
Syntax Description
stpd_name
stpd-description
Specifies an STPD description.
none
Clears the STPD string.
Default
The STP domain description string is empty.
Layer 2 Protocols
215
Usage Guidelines
Use this command to add or overwrite the STP domain description field.
The maximum STP domain description length is 180 characters.
The stpd-description must be in quotes if the string contains any spaces.
To display the description, use the show stpd stpd_name command. When no STP domain
description is configured, Description is not displayed in the output.
To clear the STP domain description string, either specify the keyword none in this command or use the
unconfigure stpd {stpd_name} command.
Example
The following command adds the description this is s0 domain to the STPD named s0:
configure stpd s0 description this is s0 domain
History
configure stpd flush-method

configure stpd flush-method [vlan-and-port | port-only]
Description
Configures the method used by STP to flush the FDB during a topology change.
Syntax Description
vlan-and-port
Specifies a VLAN and port combination flush method.
port-only
Specifies a port flush method.
Default
The default flush method is vlan-and-port.
Layer 2 Protocols
216
Usage Guidelines
For scaled up configurations where there are more than 1000 VLANs and more than 70 ports
participating in STP, the number of messages exchanged between STP/FDB/HAL modules can
consume a lot of system memory during an STP topology change using the default configuration for
flush method. In such situations, setting the flush method to port-only can help reduce the system
memory consumption.
Example
The following command sets the flush method to port-only:
configure stpd flush-method port-only
History
This command was available in ExtremeXOS 12.4.5.
configure stpd forwarddelay

configure stpd stpd_name forwarddelay seconds
Description
Specifies the time (in seconds) that the ports in this STPD spend in the listening and learning states
when the switch is the root bridge.
Syntax Description
stpd_name
seconds
Specifies the forward delay time in seconds. The default is 15 seconds, and the
range is 4 to 30 seconds.
Default
The default forward delay time is 15 seconds.
Usage Guidelines
the keyword stpd is optional.
Layer 2 Protocols
217
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
The range for the seconds parameter is 4 through 30 seconds.
Example
The following command sets the forward delay from STPD1 to 20 seconds:
configure stpd stpd1 forwarddelay 20
History
configure stpd hellotime

configure stpd stpd_name hellotime seconds
Description
Specifies the time delay (in seconds) between the transmission of BPDUs from this STPD when it is the
root bridge.
Syntax Description
stpd_name
seconds
Specifies the hello time in seconds. The default is 2 seconds, and the range is 1
to 10 seconds.
Default
The default hello time is 2 seconds.
Usage Guidelines
In an MSTP environment, configure the hello timer only on the CIST, not on the MSTIs.
Layer 2 Protocols
218
Example
The following command sets the time delay from STPD1 to 10 seconds:
configure stpd stpd1 hellotime 10
History
configure stpd maxage

configure stpd stpd_name maxage seconds
Description
Specifies the maximum age of a BPDU in the specified STPD.
Syntax Description
stpd_name
seconds
Specifies the maxage time in seconds. The default is 20 seconds, and the
range is 6 to 40 seconds.
Default
The default maximum age of a BPDU is 20 seconds.
Usage Guidelines
Layer 2 Protocols
219
In an MSTP environment, configure the maximum age of a BPDU only on the CIST, not on the MSTIs.
Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 *
(Forward Delay 1).
Example
The following command sets the maximum age of STPD1 to 30 seconds:
configure stpd stpd1 maxage 30
History
configure stpd max-hop-count

configure stpd stpd_name max-hop-count hopcount
Description
Specifies the maximum hop count of a BPDU until the BPDU is discarded in the specified MSTP STP
domain.
Syntax Description
stpd_name
hopcount
Specifies the number of hops required to age out information and notify
changes in the topology. The default is 20 hops, and the range is 6 to 40
hops.
Default
The default hop count of a BPDU is 20 hops.
Usage Guidelines
This command is applicable only in an MSTP environment.
Layer 2 Protocols
220
If your STPD has the same name as another component, for example a VLAN, Extreme Networks
recommends that you specify the identifying keyword as well as the name. If your STPD has a name
unique only to that STPD, the keyword stpd is optional.
The range for the hopcount parameter is 6 through 40 hops.
In an MSTP environment, the hop count has the same purpose as the maxage timer for 802.1D and
802.1w environments.
The main responsibility of the CIST is to exchange or propagate BPDUs across regions. The switch
assigns the CIST an instance ID of 0, which allows the CIST to send BPDUs for itself in addition to all of
the MSTIs within an MSTP region. Inside a region, the BPDUs contain CIST records and piggybacked Mrecords. The CIST records contain information about the CIST, and the M-records contain information
about the MSTIs. Boundary ports only exchange CIST record BPDUs.
On boundary ports, only CIST record BPDUs are exchanged. In addition, if the other end is an 802.1D or
802.1w bridge, the maxage timer is used for interoperability between the protocols.
Example
The following command sets the hop of the MSTP STPD, STPD2, to 30 hops:
configure stpd stpd2 max-hop-count 30
History
configure stpd mode

Description
Configures the operational mode for the specified STP domain.
Syntax Description
stpd_name
dot1d
Specifies the STPD mode of operation to be 802.1D.
Layer 2 Protocols
221
dot1w
Specifies the STPD mode of operation to be 802.1w, and rapid configuration is

enabled.
mstp
Specifies the STPD mode of operation to be 802.1s, and rapid configuration is

enabled.
cist
Configures the specified STPD as the common instance spanning tree for the
MSTP region.
msti
Configures the specified STPD as a multiple spanning tree instance for the
MSTP region.
instance
Specifies the Id of the multiple spanning tree instance. The range is 1 to 4,094.
Default
The STPD operates in 802.1D mode.
Usage Guidelines
If you configure the STP domain in 802.1D mode, the rapid reconfiguration mechanism is disabled.
If you configure the STP domain in 802.1w mode, the rapid reconfiguration mechanism is enabled. You
enable or disable RSTP on a per STPD basis only. You do not enable RSTP on a per port basis.
If you configure the STP domain in MSTP mode, the rapid reconfiguration mechanism is enabled. You
enable or disable MSTP on a per STPD basis only. You do not enable MSTP on a per port basis. MSTP
STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your MSTP
STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.
You must first configure a Common and Internal Spanning Tree (CIST) before configuring any multiple
spanning tree instances (MSTIs) in the region. You cannot delete or disable a CIST if any of the MSTIs
are active in the system.
Example
The following command configures STPD s1 to enable the rapid reconfiguration mechanism and
operate in 802.1w mode:
configure stpd s1 mode dot1w
The following command configures STPD s2 to operate as an MSTI in an MSTP domain:

Layer 2 Protocols
222
History
The mstp parameter was added in ExtremeXOS 11.4.
configure stpd ports active-role disable

configure stpd stpd_name ports active-role disable port
Description
Allows a port to be selected as an alternate or backup port.
Syntax Description
stpd_name
port
Specifies a port.
Default
The default is disabled.
Usage Guidelines
Use this command to revert to the default that allows a specified port to be elected to any STP port
role.
Example
The following command disables an active role on STDP s1, port 6:3:
configure stpd s1 ports active-role disable 6:3
History
Layer 2 Protocols
223
configure stpd ports active-role enable

configure stpd stpd_name ports active-role enable port
Description
Prevents a port from becoming an alternate or backup port.
Syntax Description
stpd_name
port
Specifies a port.
Default
Usage Guidelines
Use this command to keep a port in an active role. It prevents a specified port from being elected to an
alternate or backup role which puts the port in a blocking state.
The following describes the port role and state when RSTP stabilizes.
STP Port Role
Port State
Alternate (inactive)
Blocking
Backup (inactive
Blocking
Root (active)
Forwarding
Designated (active)
Forwarding
This feature can be enabled on only one STP port in the STP domain.
The restricted port role cannot be combined with this feature.
An active port role (root or designated) cannot be enabled with an edge port.
To disable this command, use the configure stpd ports active-role disable command.
To view the status of the active role, use the show stpd ports command.
Example
The following command enables an active role on STDP s1, port 6:3:
configure stpd s1 ports active-role enable 6:3
Layer 2 Protocols
224
History
configure stpd ports bpdu-restrict

configure {stpd} stpd_name ports bpdu-restrict [enable | disable] port_list
Description
Configures BPDU Restrict.
Syntax Description
stpd_name
port_list
Specifies one or more ports or slots and ports.
bpdu-restrict
Disables port as soon as a BPDU is received.
recovery-timeout
Time after which the port will be re-enabled.
seconds
Specifies the time in seconds. The range is 60 to 600. The default is 300.
Default
Usage Guidelines
Before using this command, the port(s) should be configured for edge-safeguard.
Example
The following command enables bpdu-restrict on port 2 of STPD s1:
configure stpd s1 ports bpdu-restrict enable 2
History
Layer 2 Protocols
225
configure stpd ports cost

configure stpd stpd_name ports cost [auto | cost] port_list
Description
Specifies the path cost of the port in the specified STPD.
Syntax Description
stpd_name
auto
Specifies the switch to remove any user-defined port cost value(s) and use
the appropriate default port cost value(s).
cost
Specifies a numerical port cost value. The range is 1 through 200,000,000.
port_list
Default
The switch automatically assigns a default path cost based on the speed of the port, as follows:
10 Mbps portthe default cost is 2,000,000.
100 Mbps portthe default cost is 200,000.
1000 Mbps portthe default cost is 20,000.
10000 Mbps portsthe default cost is 2,000.
The default port cost for trunked ports is dynamically calculated based on the available bandwidth.
Usage Guidelines
The 802.1D-2004 standard modified the default port path cost value to allow for higher link speeds. If
you have a network with both 802.1D-2004 and 802.1D-1998 compliant bridges, a higher link speed can
create a situation whereby an 802.1D-1998 compliant bridge could become the most favorable transit
path and possibly cause the traffic to span more bridges. To prevent this situation, configure the port
path cost to make links with the same speed use the same path host value. For example, if you have
Layer 2 Protocols
226
100 Mbps links on all bridges, configure the port path cost for the 802.1D-2004 compliant bridges to 19
instead of using the default 200,000.
Note
You cannot configure the port path cost on 802.1D-1998 compliant bridges to 200,000
because the path cost range setting is 1 to 65,535.
The range for the cost parameter is 1 through 200,000,000. If you configure the port cost, a setting of 1
indicates the highest priority.
If you configured a port cost value and specify the auto option, the switch removes the user-defined
port cost value and returns to the default, automatically assigned, port cost value.
The auto port cost of a trunk port is calculated based on number member ports in the trunk port. Link
up and down of the member port does not affect the trunk port cost, thus it does not trigger topology
change. Only adding or removing a member port to/from the trunk port causes auto trunk port cost to
change. Also, by so configuring a static trunk port cost, the value is frozen regardless of the number of
member ports in the trunk port.
ExtremeXOS 11.5 and Earlier

If you have switches running ExtremeXOS 11.5 and earlier, the default costs are different than switches
running ExtremeXOS 11.6 and later.
The range for the cost parameter is 1 through 65,535.
The switch automatically assigns a default path cost based on the speed of the port, as follows:
10 Mbps portthe default cost is 100.
10000 Mbps portsthe default cost is 2.
Example
The following command configures a cost of 100 to slot 2, ports 1 through 5 in STPD s0:
configure stpd s0 ports cost 100 2:1-2:5
History
The auto option was added in ExtremeXOS 11.0.
The default costs were updated based on support for the 802.1D-2004 standard in ExtremeXOS 11.6.
Layer 2 Protocols
227
configure stpd ports edge-safeguard disable

configure {stpd} stpd_name ports edge-safeguard disable port_list {bpdu-restrict}
Description
Disables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.
Syntax Description
stpd_name
port_list
Specifies one or more edge ports.
bpdu-restrict
recovery-timeout
seconds
Default
By default, this feature is disabled.
Usage Guidelines
This command applies only to ports that have already been configured as edge ports.
Loop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.
BPDUs.
If you disable this feature, the edge port enters the forwarding state but no longer transmits BPDUs
unless a BPDU is received by that edge port. This is the default behavior.
Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is specified, the port
is permanently disabled.
BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-restrict
disableport_list command.
If edge safeguard is disabled, BPDU restrict is also disabled.
To view the status of the edge safeguard feature use the show {stpd} stpd_name ports {[detail
|port_list {detail}]} command. You can also use the show stpd {stpd_name | detail}
Layer 2 Protocols
228
command to display the STPD configuration on the switch, including the enable/disable state for edge
safeguard.
Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.
To enable or re-enable edge safeguard, use one of the following commands:
configure {stpd} stpd_name ports edge-safeguard enableport_list {bpdurestrict} {recovery-timeout {seconds}}

configure stpd stpd_name ports link-type [[auto | broadcast | point-topoint]port_list | edgeport_list {edge-safeguard [enable | disable] {bpdurestrict} {recovery-timeoutseconds}}]
Example
The following command disables edge safeguard on RSTP edge port 4 in STPD s1 on a stand-alone
switch:
configure stpd s1 ports edge-safeguard disable 4
The following command disables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1 on
a modular switch:
configure stpd s1 ports edge-safeguard disable 2:3
History
The BPDU Restrict function was added in ExtremeXOS 12.4.
configure stpd ports edge-safeguard enable

configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdu-restrict}
Description
Enables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.
Layer 2 Protocols
229
Syntax Description
stpd_name
port_list
Specifies one or more edge ports.
bpdu-restrict
recovery-timeout
seconds
Default
By default, this feature is disabled.
Usage Guidelines
This command applies only to ports that have already been configured as edge ports.
You configure edge safeguard on RSTP or MSTP edge ports to prevent accidental or deliberate
misconfigurations (loops) resulting from connecting two edge ports together or by connecting a hub or
other non-STP switch to an edge port. Edge safeguard also limits the impact of broadcast storms that
might occur on edge ports.
BPDUs. This advanced loop prevention mechanism improves network resiliency but does not interfere
with the rapid convergence of edge ports.
BPDU restrict can be disabled using the configure {stpd} stpd_name ports bpdu-restrict
[enable | disable]port_list {recovery-timeout {seconds}} command and selecting
disable.
To view the status of the edge safeguard feature use the show {stpd} stpd_name ports {[detail
|port_list {detail}]} command. You can also use the show stpd {stpd_name | detail}
command to display the STPD configuration on the switch, including the enable/disable state for edge
safeguard.
Note
To disable edge safeguard, use one of the following commands:
configure {stpd} stpd_name ports edge-safeguard disableport_list {bpdurestrict} {recovery-timeout {seconds}}

configure stpd stpd_name ports link-type [[auto | broadcast | point-topoint]port_list | edgeport_list {edge-safeguard [enable | disable] {bpdurestrict} {recovery-timeoutseconds}}]
Layer 2 Protocols
230
Example
The following command enables edge safeguard on RSTP edge port 4 in STPD s1 on a stand-alone
switch:
configure stpd s1 ports edge-safeguard enable 4
The following command enables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1 on
a modular switch:
configure stpd s1 ports edge-safeguard enable 2:3
History
configure stpd ports link-type

Description
Configures the ports in the specified STPD as auto, broadcast, edge, or point-to-point link types.
Syntax Description
stpd_name
auto
Specifies the switch to automatically determine the port link type. An auto
link behaves like a point-to-point link if the link is in full-duplex mode or if link
aggregation is enabled on the port. Used for 802.1w configurations.
broadcast
Specifies a port attached to a LAN segment with more than two bridges.
Used for 802.1D configurations. A port with broadcast link type cannot
participate in rapid reconfiguration using RSTP or MSTP. By default, all STP.1D
ports are broadcast links.
point-to-point
Specifies a port attached to a LAN segment with only two bridges. A port
with point-to-point link type can participate in rapid reconfiguration. Used for
802.1w and MSTP configurations. By default, all 802.1w and MSTP ports are
point-to-point link types.
Layer 2 Protocols
231
port_list
edge
Specifies a port that does not have a bridge attached. An edge port is placed
and held in the STP forwarding state unless a BPDU is received by the port.
Used for 802.1w and MSTP configurations.
edge-safeguard
Specifies that the edge port be configured with edge safeguard, a loop
prevention and detection mechanism. Used for 802.1w and MSTP
configurations.
enable
Specifies that edge safeguard be enabled on the edge port(s).
disable
Specifies that edge safeguard be disabled on the edge port(s).
bpdu-restrict
recovery-timeout
seconds
Default
STP.1D ports are broadcast link types 802.1w and MSTP ports are point-to-point link types.
Usage Guidelines
The default, broadcast links, supports legacy STP (802.1D) configurations. If the switch operates in
802.1D mode, any configured port link type will behave the same as the broadcast link type.
RSTP rapidly moves the designated ports of a point-to-point link type into the forwarding state. This
behavior is supported by RSTP and MSTP only.
Auto Link Type

An auto link behaves like a point-to-point link if the link is in full duplex mode or if link aggregation is
enabled on the port; otherwise, an auto link behaves like a broadcast link. If a non-STP switch exists
between several switches operating in 802.1w mode with auto links, the non-STP switch may negotiate
full-duplex even though the broadcast domain extends over several STP devices.
Edge Link Type

RSTP does not send any BPDUs from an edge port nor does it generate topology change events when
an edge port changes its state.
If you configure a port to be an edge port, the port immediately enters the forwarding state. Edge ports
remain in the forwarding state unless the port receives a BPDU. In that case, edge ports enter the
blocking state. The edge port remains in the blocking state until it stops receiving BPDUs and the
message age timer expires.
Layer 2 Protocols
232
Edge Safeguard
You configure edge safeguard on RSTP or MSTP edge ports to prevent accidental or deliberate
misconfigurations (loops) resulting from connecting two edge ports together or by connecting a hub or
other non-STP switch to an edge port. Edge safeguard also limits the impact of broadcast storms that
might occur on edge ports.
BPDUs. This advanced loop prevention mechanism improves network resiliency but does not interfere
with the rapid convergence of edge ports.
BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-restrict
disableport_list command.
To configure a port as an edge port and enable edge safeguard on that port, use the configure stpd
stpd_name ports link-type edgeport_list edge-safeguard command and specify enable.
To disable edge safeguard on the edge port, use the configure stpd stpd_name ports linktype edgeport_list edge-safeguard command and specify disable.
Two other commands are also available to enable and disable edge safeguard:
configure stpd ports edge-safeguard enable configure stpd ports edge-safeguard
disable
Example
The following command configures slot 2, ports 1 through 4 to be point-to-point links in STPD s1:
configure stpd s1 ports link-type point-to-point 2:1-2:4
The following command enables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1
configured for RSTP:
configure stpd s1 ports link-type edge 2:3 edge-safeguard enable
History
Layer 2 Protocols
233
configure stpd ports mode

configure stpd stpd_name ports mode [dot1d | emistp | pvst-plus] port_list
Description
Configures the encapsulation mode for the specified port list.
Syntax Description
stpd_name
dot1d
emistp
pvst-plus
port_list
Default
Ports in the default STPD (s0) are dot1d mode.
Usage Guidelines
MSTP.
Layer 2 Protocols
234
Example
The following command configures STPD s1 with PVST+ packet formatting for slot 2, port 1:
configure stpd s1 ports mode pvst-plus 2:1
History
configure stpd ports port-priority

configure stpd stpd_name ports port-priority priority port_list
Description
Specifies the port priority of the port in the specified STPD.
Syntax Description
stpd_name
priority
Specifies a numerical port priority value. The range is 0 through 240 and is
subject to the multiple of 16 restriction.
port_list
Default
The default is 128.
Usage Guidelines
Layer 2 Protocols
235
By changing the priority of the port, you can make it more or less likely to become the root port or a
designated port.
configure stpd ports priority command is available in ExtremeXOS 11.6. If you have an
ExtremeXOS 11.5 or earlier configuration, the switch interprets the port priority based on the
802.1D-1998 standard. If the switch reads a value that is not supported in ExtremeXOS 11.6, the switch
rejects the entry. For example, if the switch reads the configure stpd ports priority 16 command from an
ExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command configure stpd ports
priority 8 entered through CLI), the switch saves the value in the new ExtremeXOS 11.6 configuration as
configure stpd ports port-priority 128.
A setting of 0 indicates the highest priority.
The range for the priority parameter is 0 through 240 and is subject to the multiple of 16 restriction.
Example
The following command assigns a priority of 32 to slot 2, ports 1 through 5 in STPD s0:
configure stpd s0 ports port-priority 32 2:1-2:5
History
configure stpd ports priority

configure stpd stpd_name ports priority priority port_list
Description
Specifies the port priority of the port in the specified STPD.
Layer 2 Protocols
236
Syntax Description
stpd_name
priority
Specifies a numerical port priority value. The range is 0 through 31 for STP
and 0 through 15 for MSTP and RSTP.
port_list
Default
The default is 128.
Usage Guidelines
By changing the priority of the port, you can make it more or less likely to become the root port or a
designated port.
configure stpd ports priority command is available in ExtremeXOS 11.6. If you have an
ExtremeXOS 11.5 or earlier configuration, the switch interprets the port priority based on the
802.1D-1998 standard. If the switch reads a value that is not supported in ExtremeXOS 11.6, the switch
rejects the entry.
A setting of 0 indicates the highest priority.
The range for the priority parameter is 0 through 31 for STP and 0 through 15 for MSTP and RSTP.
ExtremeXOS 11.6 introduces support for a new ports priority command: configure stpd ports
port-priority. When you save the port priority value in an ExtremeXOS 11.6 configuration, the switch
saves it as the new command configure stpd ports port-priority with the corresponding
change in priority values. The priority range of this command is 0 through 240 and is subject to the
multiple of 16 restriction. For more information see configure stpd ports port-priority.

If you have switches running ExtremeXOS 11.5 and earlier, the default value for the priority range are
different than switches running ExtremeXOS 11.6.
The range for the priority parameter is 0 through 31.
The default is 16.
Layer 2 Protocols
237
Example
The following command assigns a priority of 1 to slot 2, ports 1 through 5 in STPD s0:
configure stpd s0 ports priority 1 2:1-2:5
History
The priority range and behavior was updated based on support for the 802.1D-2004 standard in
ExtremeXOS 11.6.
configure stpd ports restricted-role disable

configure stpd stpd_name ports restricted-role disable port_list
Description
Disables restricted role on the specified port inside the core network.
Syntax Description
stpd_name
port_list
Default
N/A.
Usage Guidelines
The restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. A
network administrator enables the restricted role to prevent bridges external to a core region of the
network from influencing the spanning tree active topology, possibly because those bridges are not
under the full control of the administrator.
Note
Disabling Restricted Role at CIST is inherited by all MSTI.
Layer 2 Protocols
238
Example
The following command disables restricted role for s1 on port 6:3:
configure stpd s1 ports restricted-role disable 6:3
History
This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.
configure stpd ports restricted-role enable

configure stpd stpd_name ports restricted-role enable port_list
Description
Enables restricted role on the specified port inside the core network.
Syntax Description
stpd_name
port_list
Default
N/A.
Usage Guidelines
Enabling restricted role causes the port not to be selected as a root port even if it has the best spanning
tree priority vector. Such a port is selected as an alternate port after the root port has been selected.
The restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. A
network administrator enables the restricted role to prevent bridges external to a core region of the
network from influencing the spanning tree active topology, possibly because those bridges are not
under the full control of the administrator.
Note
Restricted role should not be enabled with edge mode.
Enabling Restricted Role at CIST is inherited by all MSTI.
Layer 2 Protocols
239
Example
The following command enables restricted role on port 6:3:
configure stpd s1 ports restricted-role enable 6:3
History
This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.
configure stpd priority

configure stpd stpd_name priority priority
Description
Specifies the bridge priority of the STPD.
Syntax Description
stpd_name
priority
Specifies the bridge priority of the STPD. The range is 0 through 61,440 and is
subject to the multiple of 4,096 restriction.
Default
The default priority is 32,768.
Usage Guidelines
By changing the bridge priority of the STPD, you can make it more or less likely to become the root
bridge.
Layer 2 Protocols
240
The range for the priority parameter is 0 through 61,440 and is subject to the multiple of 4,096
restriction. A setting of 0 indicates the highest priority.
If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP bridge priority
that is not a multiple of 4,096, the switch rejects the entry and the bridge priority returns to the default
value. The MSTP implementation already uses multiples of 4,096 to determine the bridge priority.
For example, to lower the numerical value of the priority (which gives the priority a higher precedence),
you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672. If you modify the priority by a
value other than 4,096, the switch rejects the entry.

If you have switches running ExtremeXOS 11.5 and earlier, the priority range is different than switches
running ExtremeXOS 11.6 and later.
The range for the priority parameter is 0 through 65,535. A setting of 0 indicates the highest priority.
Example
The following command sets the bridge priority of STPD1 to 16,384:
configure stpd stpd1 priority 16384
History
The priority range and behavior was updated based on support for the 802.1D-2004 standard in
ExtremeXOS 11.6.
configure stpd tag

configure stpd stpd_name tag stpd_tag
Description
Assigns an StpdID to an STPD.
Syntax Description
stpd_name
stpd_tag
Specifies the VLAN ID of the carrier VLAN that is owned by the STPD.
Layer 2 Protocols
241
Default
N/A.
Usage Guidelines
An STPD ID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STP domain, and that VLAN
cannot belong to another STPD. Unless all ports are running in 802.1D mode, an STPD with ports
running in either EMISTP mode or PVST+ mode must be configured with an STPD ID.
You must create and configure the VLAN, along with the tag, before you can configure the STPD tag.
To create a VLAN, use the create vlan command. To configure the VLAN, use the configure vlan
commands.
MSTP Only
MSTPuses two different methods to identify the STPDs that are part of the MSTP network. An instance
ID of 0 identifies the CIST. The switch assigns this ID automatically when you configure the CIST STPD.
To configure the CIST STPD, use the configure stpd stpd_name mode [dot1d | dot1w | mstp
[cist | mstiinstance]] command.
An MSTI identifier (MSTI ID) identifies each STP domain that is part of an MSTP region. You assign the
MSTI ID when configuring the STPD that participates in the MSTP region. Each STPD that participates in
a particular MSTP region must have the same MSTI ID. To configure the MSTI ID, use the configure
stpd stpd_name mode [dot1d | dot1w | mstp [cist | mstiinstance]] command.
Example
The following example assigns an StpdID to the purple_st STPD:
configure stpd purple_st tag 200
History
Layer 2 Protocols
242
configure vlan add ports stpd

configure vlan vlan_name add ports [all | port_list] {tagged {tag} | untagged}
stpd stpd_name {[dot1d | emistp | pvst-plus]}
Description
Adds one or more ports in a VLAN to a specified STPD.
Syntax Description
vlan_name
all
Specifies all of the ports to be included in the STPD.
port_list
Specifies the port or ports to be included in the STPD.
tagged
Specifies the ports should be configured as tagged.
tag
Specifies the port-specific VLAN tag. When there are multiple ports
specified in the port_list, the same tag is used for all of them. When
unspecified port tag is equal to the VLAN tag.
untagged
Specifies the ports should be configured as untagged.
stpd_name
dot1d
emistp
pvst-plus
Default
Ports in the default STPD (s0) are in dot1.d mode.
Usage Guidelines
To create a VLAN, use the create vlan command. To create an STP domain, use the create stpd
command.
In an EMISTP or PVST+ environment, this command adds a list of ports to a VLAN and a specified STPD
at the same time provided the carrier VLAN already exists on the same set of ports. You can also
specify the encapsulation mode for those ports.
In an MSTP environment, you do not need a carrier VLAN. A CIST controls the connectivity of
interconnecting MSTP regions and sends BPDUs across the regions to communicate region status. You
must use the dot1d encapsulation mode in an MSTP environment.
You cannot configure STP on the following ports:
Mirroring target ports.
Layer 2 Protocols
243
Software-controlled redundant ports.
If you see an error similar to the following:

Error: Cannot add VLAN default port 3:5 to STP domain
You might be attempting to add:

A carrier VLAN port to a different STP domain than the carrier VLAN belongs.
A VLAN/port for which the carrier VLAN does not yet belong.
Note
This restriction is only enforced in an active STP domain and when you enable STP to
ensure you have a legal STP configuration.
Naming Conventions
If your VLAN has the same name as another component, for example an STPD, we recommend that
you specify the identifying keyword as well as the name. If your VLAN has a name unique only to that
VLAN, the keywords vlan and stpd are optional.
STP Encapsulation Modes

MSTP.
These encapsulation modes are for STP ports, not for physical ports. When a physical ports belongs to
different modes for different domains for which it belongs.
MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from configuring
EMISTP or PVST+ encapsulation mode for MSTP STPDs.
Specify the port tag when you need to put multiple vlans into a broadcast domain.
Layer 2 Protocols
244

receive BPDUs.
Example
The following command adds slot 1, port 2 and slot 2, port 3, members of a VLAN named Marketing, to
the STPD named STPD1, and specifies that they be in EMISTP mode:
configure vlan marketing add ports 1:2, 2:3 tagged stpd stpd1 emistp
The following examples illustrate the tag variable in ExtremeXOS 15.4.

The following example configures vlan with tag 100 and port tag of 10 and 11 on two different ports:
create vlan exchange tag 100
config vlan exchange add ports 3 tagged 10
The following example configures a VLAN with tag 100, and port tag of 10 and 11 on the same ports:
The following example configures VLAN with tag 100, and port tag of 10 on two ports and 11 on a
different port:
config vlan exchange add ports 2:3,2:4 tagged 10
config vlan exchange add ports 2:5 tagged 11
History
The nobroadcast keyword was removed in ExtremeXOS 11.4.
The tag variable was added in ExtremeXOS 15.4.
create eaps shared-port

create eaps shared-port ports
Layer 2 Protocols
245
Description
Creates an EAPS shared port on the switch.
Syntax Description
ports
Default
N/A.
Usage Guidelines
To configure a common link, you must create a shared port on each switch on either end of the
common link.
Example
The following command creates a shared port on the EAPS domain.
create eaps shared-port 1:2
History
create eaps
create eaps name
Description
Creates an EAPS domain with the specified name.
Syntax Description
name
Layer 2 Protocols
Specifies the name of an EAPS domain to be created. Can be up to 32

characters in length.
246
Default
N/A.
Usage Guidelines
An EAPS domain name must begin with an alphabetical character and may contain alphanumeric
characters and underscores (_), but it cannot contain spaces. The maximum allowed length for a name
is 32 characters. For name creation guidelines and a list of reserved names, see Object Names in the
ExtremeXOS Concepts Guide.
Example
The following command creates EAPS domain eaps_1:
create eaps eaps_1
History
create erps ring

create erps ring-name
Description
Creates an ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to create an ERPS ring.
Layer 2 Protocols
247
Example
The following command creates an ERPS ring named ring1:
create erps ring1
History
create stpd
Description
Creates a user-defined STPD.
Syntax Description
stpd_name
Specifies a user-defined STPD name to be created. May be up to 32

characters in length.
stpd-description
Specifies an STP domain description string.
Default
The default device configuration contains a single STPD called s0.
When an STPD is created, the STPD has the following default parameters:
Statedisabled.
StpdIDnone.
Assigned VLANsnone.
Bridge priority32,768.
Maximum BPDU age20 seconds.
Hello time2 seconds.
Forward delay15 seconds.
Operational mode802.1D.
Rapid Root Failoverdisabled.
Default Binding Mode (encapsulation mode)Ports in the default STPD (s0) are in 802.1d mode.
Layer 2 Protocols
248
Maximum hop count (when configured for MSTP)20 hops.

STP domain description stringempty.
Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric characters and
underscores ( _ ) but cannot be any reserved keywords, for example, stp or stpd. Names must start
with an alphabetical character, for example, a, Z. For name creation guidelines and a list of reserved
names, see Object Names in the .
Each STPD name must be unique and cannot duplicate any other named STPDs on the switch. If you
are uncertain about the STPD names on the switch, use the show stpd command to view the STPD
names.
You can, however, re-use names across multiple categories of switch configuration. For example, you
can use the name Test for an STPD and a VLAN. If you use the same name, we recommend that you
specify the appropriate keyword when configuring the STPD. If you do not specify the appropriate
keyword, the switch displays a message similar to the following:
%% Ambiguous command: "configure Test"
To view the names of the STPDs on the switch, enter configure and press [Tab]. Scroll to the end of the
output to view the names.
The maximum length for an STPD description is 180 characters. The description must be in quotes if the
string contains any spaces. To display the description, use the show stpd stpd_name command.
Each STPD has its own Root Bridge and active path. After the STPD is created, one or more VLANs can
be assigned to it.
Example
The following example creates an STPD named purple_st:
create stpd purple_st
History
The STPD description option was added in ExtremeXOS 12.4.4.
Layer 2 Protocols
249
debug erps show

debug erps show ring-name
Description
Debugs ERPS ring by checking "show" output.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
To debug this feature, check the output of "show erps" and "show erps ring" to see if the node state is
as expected. In steady state, the node should be in "Idle" or "Protected" state.
Check the output of "show erps ring statistics" to see if any error/dropped counters are incrementing. If
they are check the state of the ring ports and trace these links to the neighbor node to see the state of
the links. The output of "show log" after turning on the filters for ERPS should provide more information
on what is happening on the switch.
Example
History
debug erps
Description
Debugs an ERPS ring.
Layer 2 Protocols
250
Syntax Description
options
Different options to enable looking at debug information.
Default
N/A.
Usage Guidelines
Use this command to debug an ERPS ring.
Example
The following command debugs an ERPS ring:
History
delete eaps shared-port

Description
Deletes an EAPS shared port on a switch.
Syntax Description
ports
Specifies the port number of the Common Link port.
Default
N/A.
Usage Guidelines
None.
Layer 2 Protocols
251
Example
The following command deletes shared port 1:1.
delete eaps shared-port 1:1
History
delete eaps
delete eaps name
Description
Deletes the EAPS domain with the specified name.
Syntax Description
name
Specifies the name of an EAPS domain to be deleted.
Default
N/A.
Usage Guidelines
None.
Example
The following command deletes EAPS domain eaps_1:
delete eaps eaps_1
History
Layer 2 Protocols
252
delete erps
delete erps ring-name
Description
Deletes an ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to delete an ERPS ring.
Example
The following command deletes an ERPS ring named ring1:
delete erps ring1
History
delete stpd
delete stpd stpd_name
Description
Removes a user-defined STPD from the switch.
Layer 2 Protocols
253
Syntax Description
stpd_name
Specifies a user-defined STPD name on the switch.
Default
N/A.
Usage Guidelines
specify the identifying keyword as well as the name. If you do not specify the stpd keyword, an error
message similar to the following is displayed:
%% Ambiguous command: "delete Test"
In this example, to delete the STPD Test, enter delete stpd Test.
If you created an STPD with a name unique only to that STPD, the keyword stpd is optional.
The default STPD, s0, cannot be deleted.
In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are active in the
system.
Example
The following command deletes an STPD named purple_st:
delete stpd purple_st
History
disable eaps
disable eaps {name}
Description
Disables the EAPS function for a named domain or for an entire switch.
Layer 2 Protocols
254
Syntax Description
name
Default
Disabled for the entire switch.
Usage Guidelines
To prevent loops in the network, the switch displays by default a warning message and prompts you to
disable EAPS for a specific domain or the entire switch. When prompted, do one of the following:
Enter y to disable EAPS for a specific domain or the entire switch.
Example
The following command disables the EAPS function for entire switch:
disable eaps
WARNING: Disabling EAPS on the switch could cause a loop in the network!
Are you sure you want to disable EAPS? (y/n) Enter y to disable EAPS on the switch. Enter n to cancel
this action.
The following command disables the EAPS function for the domain eaps-1:
disable eaps eaps-1
WARNING: Disabling specific EAPS domain could cause a loop in the
network!
Are you sure you want to disable this specific EAPS domain? (y/n)
Enter y to disable the EAPS function for the specified domain. Enter n to cancel this action.
History
Layer 2 Protocols
255
disable erps block-vc-recovery

disable erps ring-name block-vc-recovery
Description
Disables the ability on ERPS rings to block virtual channel recovery to avoid temporary loops .
Syntax Description
ring-name
block-vc-recovery
Block on Virtual channel recovery.
Default
N/A.
Usage Guidelines
Use this command to disable the ability on ERPS rings to block on virtual channel recovery to avoid
temporary loops. This is done on interconnected nodes for sub-ring configurations.
Example
The following example disables a virtual channel recovery block on ring1:
diable erps ring1 block-vc-recovery
History

Layer 2 Protocols
256
Description
Disable an existing ERPS ring/sub-ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to disable an existing ERPS ring/sub-ring.
Example
The following example disables an existing ERPS ring identified as ring1:
disable erps ring1
History
disable erps topology-change

disable erps ring-name topology-change
Description
Disable the ability of ERPS to set the topology-change bit to send out Flush events.
Syntax Description
ring-name
Alphanumeric string that identifies the ERPS sub-ring.
topology-change
Topology change propagation control.
Layer 2 Protocols
257
Default
N/A.
Usage Guidelines
Use this command to disable the ability of ERPS to set the topology-change bit to send out Flush
events.
Example
The following example disables the ability to set the topology-change bit for an existing ERPS sub-ring
identified as ring1:
disable erps ring1 topology-change
History
disable erps
disable erps
Description
Disable ERPS (Ethernet Ring Protection Switching/ITU-T G.8032 standard).
Syntax Description
N/A.
Default
N/A.
Usage Guidelines
Use this command to disable ERPS.
Layer 2 Protocols
258
Example
The following command disables ERPS:
disable erps
History
disable stpd auto-bind

Disables the ability to automatically add ports to an STPD when they are added to a member VLAN.
disable stpd stpd_name auto-bind vlan vlan_name
Syntax Description
stpd_name
vlan_name
Specifies the name of a member VLAN with autobind enabled.
Default
The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the default
VLAN that participates in the default STPD S0.
Usage Guidelines
Note
Ports already in the STPD remain in that domain (as if they were added manually).
If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are optional.
Ports added to the STPD automatically when autobind is enabled are not removed when autobind is
disabled. The ports are present after a switch reboot.
To view STP configuration status of the ports in a VLAN, use the following command:
show {vlan} vlan_name stpd
Layer 2 Protocols
259
Example
The following example disables autobind on an STPD named s8:
disable stpd s8 auto-bind v5
History
disable stpd ports

Disables STP on one or more ports for a given STPD.
disable stpd stpd_name ports [all | port_list]
Syntax Description
stpd_name
all
Specifies all ports for a given STPD.
port_list
Default
Enabled.
Usage Guidelines
If you create the STPD with a unique name, the keyword stpd is optional.
Disabling STP on one or more ports puts those ports in the forwarding state; all BPDUs received on
those ports are disregarded and dropped.
Use the all keyword to specify that all ports of a given STPD are disabled.
Use the port_list parameter to specify a list of ports of a given STPD are disabled.
If you do not use the default STPD, you must create one or more STPDs and configure and enable the
STPD before you can use the disable stpd ports command.
Layer 2 Protocols
260
Example
The following command disables slot 2, port 4 on an STPD named Backbone_st:
disable stpd backbone_st ports 2:4
History
disable stpd rapid-root-failover

disable stpd stpd_name rapid-root-failover
Description
Disables rapid root failover for STP recovery times.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
This command is applicable for STPDs operating in 802.1D.
After you have created the STPD with a unique name, the keyword stpd is optional.
To view the status of rapid root failover on the switch, use the show stpd command. The show stpd
command displays information about the STPD configuration on the switch including the enable/
disable state for rapid root failover.
Example
The following command disables rapid root fail over on STPD Backbone_st:
disable stpd backbone_st rapid-root-failover
Layer 2 Protocols
261
History
disable stpd
disable stpd {stpd_name}
Description
Disables the STP protocol on a particular STPD or for all STPDs.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
After you have created the STPD with a unique name, the keyword stpd is optional.
If you want to disable the STP protocol for all STPDs, do not specify an STPD name.
In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are active in the
system.
Example
The following command disables an STPD named purple_st:
disable stpd purple_st
The following command disables the STP protocol for all STPDs on the switch:
disable stpd
History
Layer 2 Protocols
262
enable eaps
enable eaps {name}
Description
Enables the EAPS function for a named domain or for an entire switch.
Syntax Description
name
Default
Disabled.
Default command enables EAPS for the entire switch.
Usage Guidelines
Note
If you use the same name across categories (for example, STPD and EAPS names), you must
specify the identifying keyword as well as the actual name.
To configure and enable an EAPS, complete the following steps:
1
2
3
4
5
6
7
8
9
10
11
12
Create EAPS domain and assign the name.

Configure the control VLAN.
Configure the protected VLAN(s).
Add the control VLAN to EAPS domain.
Add the protected VLAN(s) to EAPS domain.
Configure EAPS mode, master or transit.
Configure EAPS port, secondary and primary.
If desired, configure timeout and action for failtimer expiration*.
If desired, configure the hello time for the health-check packets*.
Enable EAPS for the entire switch.
If desired, enable Fast Convergence*.
Enable EAPS for the specified domain.
Although you can enable EAPS prior to configuring these steps, the EAPS domain(s) does not run until
you configure these parameters.
* These steps can be configured at any time, even after the EAPS domains are running.
Layer 2 Protocols
263
You must enable EAPS globally and specifically for each named EAPS domain.
Example
The following command enables the EAPS function for entire switch:
enable eaps
The following command enables the EAPS function for the domain eaps-1:
enable eaps eaps-1
History
enable erps block-vc-recovery

enable erps ring-name block-vc-recovery
Description
Enable ability on ERPS rings to block virtual channel recovery to avoid temporary loops .
Syntax Description
ring-name
block-vc-recovery
Block on Virtual channel recovery.
Default
N/A.
Usage Guidelines
Use this command to enable ability on ERPS rings to block on virtual channel recovery to avoid
temporary loops. This is done on interconnected nodes for sub-ring configurations.
Layer 2 Protocols
264
Example
The following example enables a virtual channel recovery block on ring1:
enable erps ring1 block-vc-recovery
History

Description
Enable an existing ERPS ring/sub-ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to enable an existing ERPS ring/sub-ring.
Example
The following example enables an existing ERPS ring identified as ring1:
enable erps ring1
History
Layer 2 Protocols
265
enable erps topology-change

enable erps ring-name topology-change
Description
Enable the ability of ERPS to set the topology-change bit to send out Flush events.
Syntax Description
ring-name
Alphanumeric string that identifies the ERPS sub-ring.
topology-change
Topology change propagation control.
Default
N/A.
Usage Guidelines
Use this command to enable the ability of ERPS to set the topology-change bit to send out Flush
events.
Example
The following example enables the ability to set the topology-change bit for an existing ERPS sub-ring
identified as ring1:
enable erps ring1 topology-change
History
enable erps
enable erps
Layer 2 Protocols
266
Description
Enable ERPS (Ethernet Ring Protection Switching/ITU-T G.8032 standard).
Syntax Description
N/A.
Default
N/A.
Usage Guidelines
Use this command to enable ERPS.
Example
enable erps
History
enable stpd auto-bind

Description
Automatically adds ports to an STPD when ports are added to a member VLAN.
Syntax Description
stpd_name
vlan_name
Specifies the name of the VLAN to have autobind enabled.
Default
The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the default
VLAN that participates in the default STPD S0.
Layer 2 Protocols
267
If you enable autobind and add ports to a member VLAN, those ports are automatically added to the
STPD.
Usage Guidelines
If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are optional.
You cannot configure the autobind feature on a network login VLAN.
In an EMISTP or PVST+ environment, when you issue this command, any port or list of ports that you
add to the carrier VLAN are automatically added to the STPD with autobind enabled. In addition, any
port or list of ports that you remove from a carrier VLAN are automatically removed from the STPD.
This allows the STPD to increase or decrease its span as you add ports to or remove ports from a
carrier VLAN.
For MSTP, when you issue this command, any port or list of ports that gets automatically added to an
MSTI are automatically inherited by the CIST. In addition, any port or list of ports that you remove from
an MSTI protected VLAN are automatically removed from the CIST. For more information see the
section. For more information, see Automatically Inheriting Ports--MSTP Only on page 269.
Carrier VLAN
to the STPD and the 802.1Q tag used to transport STP BPDUs in the encapsulation mode is EMISTP or
PVST+. Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside the
control of any STPD at the same time.
Note
The STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD.
If you configure MSTP, you do not need a carrier VLAN. With MSTP, you configure a CIST that controls
the connectivity of interconnecting MSTP regions and sends BPDUs across the regions to communicate
the status of MSTP regions. All VLANs participating in the MSTP region have the same privileges.
Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD. These VLANs piggyback on the
carrier VLAN. Protected VLANs do not transmit or receive STP BPDUs, but they are affected by STP
state changes and inherit the state of the carrier VLAN. Protected VLANs can participate in multiple
STPDs, but any particular port in the VLAN can belong to only one STPD.
Enabling autobind on a protected VLAN does not expand the boundary of the STPD. However, the
VLAN and port combinations are added to or removed from the STPD subject to the boundaries of the
carrier VLAN.
CIST to the MSTP regions. MSTIs cannot share the same protected VLAN; however, any port in a
protected VLAN can belong to multiple MSTIs.
Layer 2 Protocols
268

receive BPDUs.
Displaying STP Information

To view STP configuration status of the ports on a VLAN, use the following command:
Example
The examples in this section assume that you have already removed the ports from the Default VLAN.
To automatically add ports to an STPD running 802.1D, EMISTP, or PVST+ and to expand the boundary
of the STPD, you must complete the following tasks:
Create the carrier VLAN.
Assign a VLAN ID to the carrier VLAN.
Add ports to the carrier VLAN.
Create an STPD (or use the default, S0).
Enable autobind on the STPDs carrier VLAN.
Configure the STPD tag (the STPD ID must be identical to the VLAN ID of the carrier VLAN in the
STP domain).
Enable STP.
The following example enables autobind on an STPD named s8 after creating a carrier VLAN named v5:
create vlan v5
configure vlan
configure vlan
create stpd s8
enable stpd s8
configure stpd
enable stpd s8
v5 tag 100
v5 add ports 1:1-1:20 tagged
auto-bind v5
s8 tag 100
To automatically add ports to the CIST STPD and to expand the boundary of the STPD, you must
complete the following tasks:
Create a VLAN or use the Default VLAN. (In this example, the Default VLAN is used.)
Create the MSTP region.
Create the STPD to be used as the CIST, and configure the mode of operation for the STPD.
Specify the priority for the CIST.
Enable the CIST.
The following example enables autobind on the VLAN Default for the CIST STPD named s1:
configure mstp region 1
create stpd s1
Layer 2 Protocols
269
configure stpd s1 priority 32768

enable stpd s1
The following example enables autobind on the VLAN math for the MSTI STPD named s2:
create vlan math
configure vlan math tag 2
configure vlan math add ports 2-3
configure mstp region 1
create stpd s2
configure stpd s2 priority 32768
enable stpd s2 auto-bind vlan math
enable stpd s2
History
enable stpd ports

enable stpd stpd_name ports [all | port_list]
Description
Enables the STP protocol on one or more ports.
Syntax Description
stpd_name
Specifies an STPD on the switch.
all
Specifies all ports for a given STPD.
port_list
Default
Enabled.
Usage Guidelines
If you create an STPD with a unique name, the keyword stpd is optional.
If STP is enabled for a port, BPDUs are generated and processed on that port if STP is enabled for the
associated STPD.
Layer 2 Protocols
270
You must configure one or more STPDs before you can use the enable stpd ports command. To
create an STPD, use the create stpd stpd_name {descriptionstpd-description} command. If
you have considerable knowledge and experience with STP, you can configure the STPD using the
configure stpd commands. However, the default STP parameters are adequate for most networks.
Example
The following command enables slot 2, port 4 on an STPD named Backbone_st:
enable stpd backbone_st ports 2:4
History
enable stpd rapid-root-failover

enable stpd stpd_name rapid-root-failover
Description
Enables rapid root failover for faster STP recovery times.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
This command is applicable for STPDs operating in 802.1D.
To view the status of rapid root failover on the switch, use the show stpd command. The show stpd
command displays information about the STPD configuration on the switch including the enable/
disable state for rapid root failover.
Layer 2 Protocols
271
Example
The following command enables rapid root fail over on STPD Backbone_st:
enable stpd backbone_st rapid-root-failover
History
enable stpd
Description
Enables the STP protocol for one or all STPDs.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
If you want to enable the STP protocol for all STPDs, do not specify an STPD name.
Example
The following command enables an STPD named Backbone_st:
enable stpd backbone_st
History
Layer 2 Protocols
272
MSTP
MSTP logically divides a Layer 2 network into regions.
Each region has a unique identifier and contains multiple spanning tree instances (MSTIs). An MSTI is a
spanning tree domain that operates within and is bounded by a region. MSTIs control the topology
inside the regions. The Common and Internal Spanning Tree (CIST) is a single spanning tree domain
that interconnects MSTP regions. The CIST is responsible for creating a loop-free topology by
exchanging and propagating BPDUs across regions to form a Common Spanning Tree (CST).
MSTP uses RSTP as its converging algorithm and is interoperable with the legacy STP protocols: STP
(802.1D) and RSTP (802.1w).
RSTP
The Rapid Spanning Tree Protocol (RSTP) IEEE 802.1w provides an enhanced spanning tree algorithm
that improves the convergence speed of bridged networks.
RSTP takes advantage of point-to-point links in the network and actively confirms that a port can safely
transition to the forwarding state without relying on any timer configurations. If a network topology
change or failure occurs, RSTP rapidly recovers network connectivity by confirming the change locally
before propagating that change to other devices across the network. For broadcast links, there is no
difference in convergence time between STP and RSTP.
RSTP supersedes legacy STP protocols, supports the existing STP parameters and configurations, and
allows for seamless interoperability with legacy STP.
run erps force-switch | manual-switch

run erps ring-name [force-switch | manual-switch] {port} port
Description
Set up force and manual switch triggers to the ERPS ring/sub-ring.
Syntax Description
ring-name
force-switch
Force switch operation.
manual-switch
Manual switch operation.
port
The slot:port number for the ring port.
Layer 2 Protocols
273
Default
N/A.
Usage Guidelines
Use this command to set up force and manual switch triggers to the ERPS ring/sub-ring.
Example
The following command sets up force switch operation on port 6 of an ERPS ring named ring1:
run erps ring1 force-switch port 6
History

Description
Displays summary EAPS CFM groups information.
Syntax Description
There are no keywords or variables for this command.
Default
N/A.
Usage Guidelines
The following command displays EAPS CFM group information:
X480-48t.2 # sh eaps cfm groups
------------------------------------------------------------------------------MEP Group Name
Status Port
MEP ID
Layer 2 Protocols
274
------------------------------------------------------------------------------eapsCfmGrp1
Up
41
11
eapsCfmGrp2
Up
31
12
History
show eaps counters shared-port

show eaps counters shared-port [global | port {segment-port segport
{eapsDomain}}]
Description
Displays summary EAPS shared port counter information.
Syntax Description
global
Displays general counter information for all configured EAPS shared port instances. The output
displayed is calculated for all configured EAPS shared ports; not just one specific shared port
instance.
port
Identifies the port number of the specified common link port.
segport
Identifies the segment port. The segment port is the other ring port of an EAPS domain that is
not the shared-port.
eapsDomain
Specifies the name of the EAPS domain. If no EAPS domain is specified, all counters for all EAPS
domains on the specified segment port are displayed.
Default
N/A.
Usage Guidelines
If the switch is configured for EAPS shared ports, use this command to display an array of counters
associated with the EAPS shared port functionality.
If you specify the global keyword, the switch displays general counter information for all configured
EAPS shared port instances. The output displayed is calculated for all configured EAPS shared ports;
not just one specific shared port instance.
Layer 2 Protocols
275
If you specify a particular EAPS shared port, the switch displays counter information related to only
that shared port.
If you specify a particular EAPS segment port, the switch displays counter information related to only
that segment port for the specified EAPS domain.
before they cause major network faults.
Clearing the Counters

see fresh statistics for the time period you are monitoring. To clear, reset the EAPS counters, including
the shared port counters, use one of the following commands:
clear counters
clear eaps counters
Understanding the Output

The following table describes the significant fields and values in the display output of the show eaps
counters shared-port global command:
Field
Description
Rx-Invalid-Instance
Displays the number of dropped EAPS shared-port PDUs because there is not a valid
EAPS shared port instance for the incoming port.
Rx-Unknown
Displays the number of unknown EAPS PDUs dropped by the shared port instances.
Fw-Invalid-Instance
Displays the number of EAPS shared-port PDUs that could not be forwarded in slow
path because the shared port instances could not find a valid EAPS shared port
instance for the outgoing port.
counters shared-port portsegment-port segport eapsDomain command:
Field
Description
Rx-Seg-Health
Indicates the shared port instance received EAPS shared ports Segment-HealthCheck PDUs.
Rx-Path-Detect
Indicates the shared port instance received EAPS shared ports Path-Detect PDUs.
Rx-Flush-Notify
Indicates the shared port instance received EAPS shared ports Flush-Notify PDUs
and flushed the FDB.
If this PDU reaches a port of the shared ports pair that initiated the PDU, the
shared port instance might terminate the PDU. Otherwise, the shared port
instance forwards the PDU.
Rx-Unknown
Displays the number of unknown EAPS PDUs dropped by the shared port
instance.
Layer 2 Protocols
276
Field
Description
Rx-Seg-Health-Dropped
Displays the number of EAPS shared ports Segment-Health-Check PDUs dropped

by the shared port instance.
This counter increments if the Segment-Health-Check PDU returns to the sending
switch. If that occurs, the switch drops the Segment-Health-Check PDU.
Rx-Path-Detect-Dropped
Displays the number of EAPS shared ports Path-Detect PDUs dropped by the
shared port instance.
This counter increments in the following situations:
If the packets Fwd-id matches the EAPS shared ports Link-Id, the port is not in
the blocking state, and the incoming port is a segment port.If the packets Link-Id
matches the EAPS shared ports Link-Id, the port is not in the blocking state, and
the incoming port is a segment port.
Rx-Flush-Notify-Dropped
Displays the number of EAPS shared ports Flush-Notify-Dropped PDUs dropped

by the shared port instance.
This counter increments in the following situations:
If the Flush-Notify-Dropped PDU returns to the sending switch.If the packets
Fwd-Id matches the EAPS shared ports Link-Id and the port is not in the blocking
state.
Rx-Dropped-Invalid-Port
Displays the number of EAPS shared ports PDUs dropped by the shared port
instance because it does not exist.
Tx-Seg-Health
Indicates the shared port instance sent EAPS shared ports Segment-Health-Check
PDUs.
Tx-Path-Detect
Indicates the shared port instance sent EAPS shared ports Path-Detect PDUs.
NOTE: This counter appears under Common Link Port Stats and should always be
0.
Tx-Flush-Notify
Indicates the shared port instance sent EAPS shared ports Flush-Notify PDUs to
flush the FDB.
0.
Tx-Flush-Fdb
Indicates the shared port instance sent EAPS Flush-Fdb PDUs because the FDB
needs to be flushed.
0.
Tx-Unknown
Indicates the number of unknown EAPS PDUs sent by the shared port instance.
NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does not
track in the sending routine.
Tx-Transmit-Err
Indicates the number of EAPS PDUs the shared port instance was unable to send
because of an error.
Fw-Seg-Health
Indicates the number of EAPS shared ports Segment-Health-Check PDUs received

by the shared port instance and forwarded in slow path.
Fw-Path-Detect
Indicates the number of EAPS shared ports Path-Detect PDUs received by the
shared port instance and forwarded in slow path.
Fw-Flush-Notify
Indicates the number of EAPS Flush-Notify PDUs received by the shared port
instance and forwarded in slow path to flush the FDB.
Fw-Flush-Fdb
Indicates the number of EAPS Flush-Fdb PDUs received by the shared port
instance and forwarded in slow path.
Layer 2 Protocols
277
Field
Description
Fw-Unknown
Indicates the number of unknown EAPS PDUs forwarded in slow path.

track in the forwarding routine.
Fw-Transmit-Err
Indicates the number of EAPS PDUs the shared port instance was unable to
forward in slow path because of an error.
Example
The following command displays global, high-level counter information for EAPS shared port:
show eaps counters shared-port global
The following is sample output from this command:

Global counters for
Rx Dropped
Rx-Invalid-Instance
Rx-Unknown
Fw Dropped
Fw-Invalid-Instance
EAPS Shared-Ports:
: 0
: 0
: 0
The following example assumes that port 17 is configured as an EAPS shared port. The following
command displays counter information the specified EAPS shared port:
show eaps counters shared-port 17

Counters for EAPS Shared-Port 17:
Common Link Port Stats
Rx Stats
Rx-Seg-Health
: 0
Rx-Path-Detect
: 0
Rx-Flush-Notify
: 0
Rx Dropped
: 0
: 0
Rx-Flush-Notify-Dropped : 0
Rx-Dropped-Invalid-Port : 0
Tx Stats
Tx-Seg-Health
: 0
Tx-Path-Detect
: 0
Tx-Flush-Notify
: 0
Tx-Flush-Fdb
: 0
Tx Dropped
Tx-Unknown
: 0
Tx-Transmit-Err
: 0
Fw Stats
Layer 2 Protocols
278
Fw-Seg-Health
Fw-Path-Detect
Fw-Flush-Notify
Fw Dropped
Fw-Unknown
Fw-Transmit-Err
:
:
:
0
0
0
:
:
0
0
The following example assumes that port 1:2 is configured as an EAPS shared port and port 1:1 is a
segment port. The following command displays counter information the specified EAPS shared port,
segment port, and EAPS domain:
show eaps counters shared-port 1:2 segment-port 1:1 eaps1

Counters for EAPS Shared-Port 1:2, Segment Port: 1:1, EAPS Domain: eaps1
Rx Stats
Rx-Seg-Health
: 0
Rx-Path-Detect
: 0
Rx-Flush-Notify
: 0
: 0
: 0
Rx-Flush-Notify-Dropped : 0
Rx-Dropped-Invalid-Port : 0
Tx Stats
Tx-Seg-Health
: 2275
Tx-Path-Detect
: 0
Tx-Flush-Notify
: 0
Tx-Flush-Fdb
: 0
Tx-Transmit-Err
: 0
Tx-Unknown
: 0
Fw Stats
Fw-Seg-Health
: 0
Fw-Path-Detect
: 0
Fw-Flush-Notify
: 0
Fw-Transmit-Err
: 0
Fw-Unknown
: 0
History
Layer 2 Protocols
279
show eaps counters

show eaps counters [eapsDomain | global]
Description
Displays summary EAPS counter information.
Syntax Description
eapsDomain
Specifies the name of an EAPS domain. The switch displays counter information for only
that domain.
global
Displays EAPS counter information when the events counted are not applicable to any
specific EAPS domain.
Default
N/A.
Usage Guidelines
If you specify the name of an EAPS domain, the switch displays counter information related to only that
domain. If you specify the global keyword, the switch displays EAPS counter information when the
events counted are not applicable to any specific EAPS domain. The output displayed is for all
configured EAPS domains, not just one specific EAPS domain.
before they cause major network faults.
Clearing the Counters

see fresh statistics for the time period you are monitoring. To clear, reset the EAPS counters, use one of
the following commands:
clear counters
clear eaps counters
Understanding the Output

counters eapsDomain command:
Layer 2 Protocols
280
Field
Description
Rx-Health
Indicates the EAPS domain received EAPS Health PDUs.
Rx-RingUp-FlushFdb
Indicates the EAPS ring is up, and the EAPS domain received EAPS RingUpFlushFdb PDUs to flush the FDB.
Rx-RingDown-FlushFdb
Indicates the EAPS ring is down, and the EAPS domain received EAPS RingDownFlushFdb PDUs to flush the FDB.
Rx-Link-Down
Indicates the EAPS domain received EAPS Link-Down PDUs and took down the
link.
Rx-Flush-Fdb
Indicates the EAPS domain received EAPS Flush-Fdb PDUs and flushed the FDB.
Rx-Suspend-Prefwd-Timer
Indicates the EAPS domain received EAPS Suspend-Preforward-Timer PDUs.

NOTE: Switches running ExtremeWare send this PDU during an MSM/MM failover.
Switches running ExtremeXOS 10.1 or later do not send or receive this PDU.
Rx-Query-Link-Status
Indicates the EAPS domain received EAPS Query-Link-Status PDUs.
Rx-Link-Up
Indicates the EAPS domain received EAPS Link-Up PDUs and brought the link
back up.
Rx-Unknown
Indicates the EAPS domain dropped unknown EAPS PDUs.
Rx-Another-Master
Indicates the EAPS domain dropped EAPS PDUs because there is another Master
switch in the same EAPS domain.
Rx-Unconfigured-Port
Indicates the EAPS domain dropped EAPS PDUs because the ingress port is not
configured to be a ring port for the EAPS domain and the corresponding control
VLAN.
Rx-Health-Pdu-Pri-Port
Indicates the EAPS domain dropped EAPS Health PDUs because the primary port
received them instead of the secondary port.
NOTE: The secondary port of the Master switch must receive EAPS Health PDUs,
not the primary port.
Tx-Health
Indicates the EAPS domain sent EAPS Health PDUs.
Tx-RingUp-FlushFdb
Indicates the EAPS ring is up, and the EAPS domain sent EAPS RingUp-FlushFdb
PDUs to flush the FDB.
Tx-RingDown-FlushFdb
Indicates the EAPS ring is down, and the EAPS domain sent EAPS RingDownFlushFdb PDUs to flush the FDB.
Tx-Link-Down
Indicates the EAPS domain sent EAPS Link-Down PDUs because the link went
down.
Tx-Flush-Fdb
Indicates the EAPS domain sent EAPS Flush-Fdb PDUs because the FDB needs to
be flushed.
Tx-Suspend-Prefwd-Timer
Indicates the EAPS domain sent EAPS Suspend-Preforward-Timer PDUs.

NOTE: Switches running ExtremeWare send this PDU during an MSM/MM failover.
Switches running ExtremeXOS 10.1 or later do not send or receive this PDU. This
counter should remain at 0.
Tx-Query-Link-Status
Indicates the EAPS domain sent EAPS Query-Link-Status PDUs.
Tx-Link-Up
Indicates the EAPS domain sent EAPS Link-Up PDUs and the link is up.
Tx-Unknown
Indicates the number of unknown EAPS PDUs sent by the EAPS domain.
track in the sending routine.
Tx-Transmit-Err
Indicates the number of EAPS PDUs the EAPS domain was unable to send
because of an error.
Layer 2 Protocols
281
Field
Description
Fw-Link-Down
Indicates the number of EAPS Link-Down PDUs received by the EAPS domain and
forwarded in slow path.
Fw-Flush-Fdb
Indicates the number of EAPS Flush-Fdb PDUs received by the EAPS domain and
forwarded in slow path.
FW-Query-Link-Status
Indicates the number of EAPS Query-Link-Status PDUs received by the EAPS

domain and forwarded in slow path.
Fw-Unknown
Indicates the number of unknown EAPS PDUs forwarded in slow path.

track in the forwarding routine.
Fw-Transmit-Er
Indicates the number of EAPS PDUs the EAPS domain was unable to forward in
slow path because of an error.
Note
Rx and Fw countersIf a PDU is received, processed, and consumed, only the Rx counter
increments. If a PDU is forwarded in slow path, both the Rx counter and Fw counter
increment.
counters global command:
Field
Description
Rx-Failed
Indicates an error occurred when receiving packets from the Layer 2

forwarding engine.
Rx-Invalid-Vlan-Intf
Indicates that the VLAN interface for the incoming VLAN cannot be
found.
Rx-Undersize-Pkt
Indicates the length of the packet is less than the length of the header.
Rx-Invalid-8021Q-Tag
Indicates the VlanTypeLength field in the Ethernet header does not

match the default Ethernet value for the 802.1Q tag.
Rx-Invalid-SNAP-Type
Indicates an invalid Subnetwork Access Protocol (SNAP) value in the

Ethernet header.
Rx-Invalid-OUI
Indicates the Organizational Unique Identifier (OUI) value in the

Ethernet header does not match 00:E0:2B.
Rx-EEP-Unsupported-Version
Indicates an unsupported Extreme Encapsulation Protocol (EEP)

version. The EEP version should be 1.
Rx-EEP-Invalid-Length
Indicates the length of the EEP header is greater than the length of the
packet.
Rx-EEP-Checksum-Invalid
Indicates the EEP checksum is invalid.
Rx-Domain-Invalid
Indicates the control VLANs incoming PDU is not associated with an

EAPS domain.
Rx-Lif-Invalid
Indicates that EAPS is unable to determine the logical interface (LIF)

for the ingress port.
Layer 2 Protocols
282
Field
Description
Rx-Lif-Down
Indicates the LIF for the ingress port is in the Down state.
Tx-Failed
Indicates an error occurred when sending packets to the Layer 2

forwarding engine.
Example
The following command displays the counters for a specific EAPS domain named eaps1:
show eaps counters eaps1

Counters for EAPS domain:
Rx Stats
Rx-Health
Rx-Ringup-Flushfdb
Rx-Ringdown-Flushfdb
Rx-Link-Down
Rx-Flush-Fdb
Rx-Suspend-Prefwd-Timer
Rx-Query-Link-Status
Rx-Link-Up
Rx Dropped
Rx-Unknown
Rx-Another-Master
Rx-Unconfigured-Port
Rx-Health-Pdu-Pri-Port
Tx Stats
Tx-Health
Tx-Ringup-Flushfdb
Tx-Ringdown-Flushfdb
Tx-Link-Down
Tx-Flush-Fdb
Tx-Suspend-Prefwd-Timer
Tx-Query-Link-Status
Tx-Link-Up
Tx Dropped
Tx-Unknown
Tx-Transmit-Err
Fw Stats
Fw-Link-Down
Fw-Flush-Fdb
Fw-Query-Link-Status
Fw Dropped
Fw-Unknown
Fw-Transmit-Err
eaps1
:
:
:
:
:
:
:
:
0
0
0
0
0
0
0
0
:
:
:
:
0
0
0
0
:
:
:
:
:
:
:
:
5011
0
0
0
0
0
3342
0
:
:
0
0
:
:
:
0
0
0
:
:
0
0
The following command displays the global EAPS counters:

show eaps counters global
Layer 2 Protocols
283

Global counters for EAPS:
Rx-Failed : 0
Rx-Invalid-Vlan-Intf : 0
Rx-Undersize-Pkt : 0
Rx-Invalid-SNAP-Type : 0
Rx-Invalid-OUI : 0
Rx-EEP-Unsupported-Version : 0
Rx-EEP-Invalid-Length : 0
Rx-EEP-Checksum-Invalid : 0
Rx-Domain-Invalid : 0
Rx-Failed : 0
Rx-Lif-Invalid : 0
Rx-Lif-Down : 0
Tx-Failed : 0
History
show eaps shared-port neighbor-info

show eaps shared-port {port} neighbor-info {detail}
Description
Displays shared-port information from neighboring shared links for one or more EAPS domains.
Syntax Description
port
Specifies a shared-port.
detail
Specifies to display the status of all segments and VLANs.
Default
N/A.
Usage Guidelines
If you enter the command without the detail keyword, the command displays a summary of status
information for all configured EAPS shared ports from neighboring shared links. If you specify an EAPS
shared-port, the command displays information about that specific port. Otherwise, the command
displays information about all of the shared-ports configured on the switch.
Layer 2 Protocols
284
You can use the detail keyword to display more detailed status information about the segments and
VLANs associated with each shared port. For full details of the significant fields and values in the
display output of the command, see the relevant tables in the show eaps shared port {port}
{detail} command description.
History

show eaps shared-port {port} {detail}
Description
Displays shared-port information for one or more EAPS domains.
Syntax Description
port
Specifies a shared-port.
detail
Specifies to display the status of all segments and VLANs.
Default
N/A.
Usage Guidelines
If you enter the show eaps shared-port command without the detail keyword, the command
displays a summary of status information for all configured EAPS shared ports.
If you specify an EAPS shared-port, the command displays information about that specific port and the
related segment ports. The segment ports are sorted in ascending order based on their port number.
You can use this order and your knowledge of the EAPS topology to determine which segment port
becomes the active-open port if the common link fails. For more information, see Common Link Fault
Detection and Response in the ExtremeXOS Concepts Guide.
You can use the detail keyword to display more detailed status information about the segments and
VLANs associated with each shared port.
shared-port {port {detail} commands:
Layer 2 Protocols
285
Field
Description
Shared Port
Displays the port number of the shared port.
Mode
Indicates whether the switch on either end of the common link is a controller
or partner. The mode is configured by the user.
Link ID
The link ID is the unique common link identifier configured by the user.
Up
Displays one of the following:

YesIndicates that the link ID and the mode are configured.NoIndicates
that the link ID or the mode is not configured.
State
Displays one of the following states:

IdleShared-port instance is not running.ReadyThe EAPS shared-port
instance is running, the neighbor can be reached, and the common link is
up.BlockingThe EAPS shared-port instance is running, the neighbor cannot
be reached, or the common link is down.PreforwardingThe EAPS sharedport instance is in a blocking state, and the common link came up. To prevent
a superloop, a temporary blocking state is created before going into Ready
state.
Domain Count
Indicates the number of EAPS domains sharing the common link.
VLAN Count
Indicates the total number of VLANs that are protected under the EAPS
domains sharing this common link.
Nbr
YesIndicates that the EAPS instance on the other end of the common link is
configured with matching link ID and opposite modes. For example, if one
end of the common link is configured as a controller, the other end must be
configured as a partner.ErrIndicates that the EAPS instance on the other
end of the common link is configured with a matching link ID, but the modes
are configured the same. For example, both modes are configured as
controller, or both modes are configured as partner.NoThe neighbor on the
other end of the common link cannot be reached. Indicates one or more of
the following:- The switch on the other end of the common link is not
running.- The shared port has not been created.- The link IDs on each side of
the common link do not match.- The common link, and any other segment,
between the controller and partner are not fully connected.
RB ID
The ID of the root blocker. If the value is none, there are not two or more
common-link failures.
RB State
NoneThis EAPS shared-port is not the root blocker.ActiveThis EAPS

shared-port is the root blocker and is currently active.InactiveThis EAPS
shared-port is the root blocker but is currently inactive.
Active Open (available with the

detail keyword)
NoneIndicates that there is no Active-Open port on the VLAN.Port #

Indicates the port that is Active-Open and is in a forwarding state.
Segment Timer expiry action
Segment downSpecifies that if the controller or partner switch detects a

down segment, that segment stays down and a query is not sent through the
ring. The switch marks the segment status as Down.Send alertSpecifies that
if the controller or partner switch detects a down segment, that switch keeps
the segment up and sends a warning message to the log (default). The switch
sends a trap alert and sets the failed flag [F].
Segment Port (available with the

detail keyword or by specifying a
shared port)
Identifies the segment port of an EAPS ring that shares the common link.
Layer 2 Protocols
286
Field
Description
Status (available with the detail

keyword or by specifying a
shared port)
UpConnectivity is established between the segment and the EAPS sharedport on the common link neighbor.DownThere is a break in the path
between the segment and the EAPS shared-port on the common link
neighbor. Blocking-UpThe path is Up, but due to the root blocker being in
the Active state, this port is blocked to prevent a loop.Blocking-DownThe
root blocker is in the Active state; however, the path is Down. Because the
path is Down, there is no need to block the root blocker port to prevent a
loop.[F]The segment timer has expired but has not received an explicit linkdown notification. The segment port remains in the Up state, with the timer
expired flag set to True.
EAPS Domain (available with the

detail keyword or by specifying a
shared port)
The EAPS domain assigned to the segment port.
Vlan-port count (available with

the detail keyword or by
specifying a shared port)
The total number of VLANs being protected on this segment port.
Adjacent Blocking Id (available

with the detail keyword or by
NoneThe neighbor on this port is not reporting a Controller in the Blocking

state.Link-IdThe neighbor on this port is a controller in the Blocking state
with a link ID of Link-Id.
Segment RB Id (available with the NoneThe neighbor on this port is not aware of a root blocker in the
detail keyword or by specifying a network.RB-IdThe neighbor on this port has determined that there is a
shared port)
root blocker in the network with a link ID of RB-Id.
Vlan (available with the detail
keyword or by specifying a
shared port)
Displays a list of VLANs protected by the segment port.
Virtual-port Status (available with This information appears for the Controller, when it is in either the Blocking or
the detail keyword or by
Preforwarding state.
Active-OpenThis VLAN or port is in the Forwarding state and has
connectivity to the neighboring EAPS shared port via this port. OpenThis
VLAN or port is in the Forwarding state but does not have connectivity to the
neighboring EAPS shared port via this port.BlockedThis VLAN or port is in
the Blocking state to prevent a loop in the network. DownThis ports link is
down. ActiveAt this moment, this VLAN or port is not being handled by
EAPS shared port. Rather, this VLAN or port is being handled by the regular
EAPS protocol.
Bvlan
When a common link connects an access VLAN (CVLAN or SVLAN) to a core

VLAN (BVLAN), this field displays the BVLAN name. For more information,
see Common Link Fault Detection and Response in the .
Example
The following command displays shared-port information for all EAPS shared ports on a switch:
------------------------------------------------------------------------------Link
Domain Vlan
RB
RB
Shared-port Mode
Id
Up State
count count Nbr State
Id
------------------------------------------------------------------------------
Layer 2 Protocols
287
-10:1
Controller 1
Y Ready
2
1
Yes None
None
Segment Timer expiry action: Send alert
-------------------------------------------------------------------------------
The following command displays detailed information for all EAPS shared ports:
show eaps shared-port detail
------------------------------------------------------------------------------Link
Domain Vlan
RB
RB
Shared-port Mode
Id
Up State
Id
------------------------------------------------------------------------------4:1
Controller 10
Y Blocking
2
1
Yes Active
10
Segment Timer expiry action: Send alert
Segment Port: 5:7, Status: Blocking-Up
EAPS Domain:
d1
Vlan-port count:
1
Adjacent Blocking Id:
None
Segment RB Id:
None
Vlan
Virtual-port Status
p_1
Blocked
Segment Port: 2:11,
Status: Down
EAPS Domain:
d2
Vlan-port count:
1
20
Segment RB Id:
None
Vlan
Virtual-port Status
p_1
Open
Vlan: p_1,
Vlan-port count: 2,
Active Open: None
Segment Port
Virtual-port Status
5:7
Blocked
2:11
Open
The following command displays detailed information for an EAPS shared port that is in the Blocking
state:
* Switch.2 # show eaps shared-port 1:24
------------------------------------------------------------------------------Link
Domain Vlan
RB
RB
Shared-port Mode
Id
Up State
Id
------------------------------------------------------------------------------1:24
Controller 10
Y Blocking
3
5
Yes None
None
Segment Health Check interval:
1 sec
Segment Timeout:
3 sec
Segment Fail Timer expiry action:
Send alert
Common Path Health Check interval:
1 sec
Common Path Timeout:
3 sec
Segment Port: 3:35 Status: Up
EAPS Domain:
d3
Layer 2 Protocols
288
Vlan-port count:
3
None
Segment RB Id:
None
EAPS Domain:
d2
Vlan-port count:
3
None
Segment RB Id:
None
EAPS Domain:
d1
Vlan-port count:
5
None
Segment RB Id:
None
Vlan: data1,
Vlan-port count: 3,
Active Open: 3:38 Bvlan: metro1
Vlan: data2,
Vlan-port count: 3,
Vlan: data3,
Vlan-port count: 3,
Vlan: metro1,
Vlan-port count: 1,
Active Open: 3:38
Vlan: metro2,
Vlan-port count: 1,
Active Open: 3:38
-------------------------------------------------------------------------------
Note
The BVLAN information in the previous example appears only when a BVLAN configuration is
present.
History
show eaps
Description
Displays EAPS status information.
Syntax Description
eapsDomain
detail
Specifies all available detail for each domain.
Layer 2 Protocols
289
Default
N/A.
Usage Guidelines
If you enter the show eaps command without a keyword, the command displays less than with the
detail keyword.
Use the optional eapsDomain parameter to display status information for a specific EAPS domain.
Some state values are different on a transit node than on a master node.
When you enter the show eaps command without a domain name, the switch displays the following
fields:
EAPS Enabled:
Current state of EAPS on this switch:

YesEAPS is enabled on the switch.NoEAPS is not enabled.
EAPS Fast Convergence:
Displays only when Fast Convergence is on.
EAPS Display Config Warnings:
Displays the setting for loop protection messages:

OnLoop protection messages are displayed (this is the default behavior).Off
Loop protection messages are not displayed.
EAPS Multicast Add Ring Ports:
Displays the configuration of the multicast add-ring-ports feature as

configured with the configure eaps multicast add-ringports command.
EAPS Multicast Send IGMP Query: Displays the configuration of the multicast send-igmp-query feature as
configured with the configure eaps multicast send-igmpquery command.
EAPS Multicast Temporary
Flooding:
Displays the configuration of the multicast temporary-flooding feature as

configured with the configure eaps multicast temporaryflooding command.
EAPS Multicast Temporary

Flooding Duration:
Displays the duration configuration for the multicast temporary-flooding

feature as configured with the configure eaps multicast
temporary-flooding duration command.
Number of EAPS instances:
Number of EAPS domains created. The maximum number of EAPS domains

per switch is 128.
Domain:
Entries in this column identify the name of an EAPS domain.
Layer 2 Protocols
290
State:
On a transit node, the command displays one of the following states:

IdleThe EAPS domain has been enabled, but the configuration is not
complete.Links-UpThis EAPS domain is running, and both its ports are up
and in the FORWARDING state.Links-DownThis EAPS domain is running,
but one or both of its ports are down.PreforwardingThis EAPS domain is
running, and both of its ports are up, but one of them is in a temporary
BLOCKED state.
On a master node, the command displays one of the following states:
complete.InitThe EAPS domain has started but has not yet determined the
status of the ring. The secondary port is in a BLOCKED state.CompleteThe
ring is in the COMPLETE state for this EAPS domain.FailedThere is a break
in the ring for this EAPS domain.Pre-InitThe EAPS domain has started
operation for Init state and has sent a request to lower hardware layers to
block the secondary port. It is in transient state waiting for acknowledgement
from hardware layer indicating the operation is completed.Pre-Complete
The EAPS domain has started operation for Complete state and has sent a
request to lower hardware layers to block the secondary port. It is in transient
state waiting for acknowledgement from the hardware layer indicating the
operation is completed.[Failtimer Expired]When the failtimer expires and
its action is set to send-alert, this flag is set. This flag indicates there is a
misconfiguration or hardware problem in the EAPS ring. The EAPS master
node continues to remain in COMPLETE or INIT state with its secondary port
blocking.
Mo:
The configured EAPS mode for this switch: transit (T) or master (M).
Primary/Secondary port:
The port numbers assigned as the EAPS primary and secondary ports. On the
master node, the port distinction indicates which port is blocked to avoid a
loop.
Prio
The EAPS domain priority, which is H for high priority or N for normal priority.
When you enter the show eaps command with a domain name or the detail keyword, the switch
displays the following fields:
Name:
Identifies the EAPS domain displayed.
Priority
The EAPS domain priority, which is either High or Normal.
Layer 2 Protocols
291
State:
On a transit node, the command displays one of the following states:

complete.Links-UpThis EAPS domain is running, and both its ports are up
and in the FORWARDING state.Links-DownThis EAPS domain is running,
but one or both of its ports are down.PreforwardingThis EAPS domain is
running, and both of its ports are up, but one of them is in a temporary
BLOCKED state.
On a master node, the command displays one of the following states:
complete.InitThe EAPS domain has started but has not yet determined the
status of the ring. The secondary port is in a BLOCKED state. CompleteThe
ring is in the COMPLETE state for this EAPS domain.FailedThere is a break
in the ring for this EAPS domain. Pre-InitThe EAPS domain has started
operation for Init state and has sent a request to lower hardware layers to
block the secondary port. It is in transient state waiting for acknowledgement
from hardware layer indicating the operation is completed. Pre-Complete
The EAPS domain has started operation for Complete state and has sent a
request to lower hardware layers to block the secondary port. It is in transient
state waiting for acknowledgement from the hardware layer indicating the
operation is completed. [Failtimer Expired]When the failtimer expires and
its action is set to send-alert, this flag is set. This flag indicates there is a
misconfiguration or hardware problem in the EAPS ring. The EAPS master
node continues to remain in COMPLETE or INIT state with its secondary port
blocking.
[Running: ]
YesThis EAPS domain is running. NoThis EAPS domain is not running.
Enabled:
Indicates whether EAPS is enabled on this domain.

YEAPS is enabled on this domain. NEAPS is not enabled.
Mode:
The configured EAPS mode for this switch: transit (T) or master (M).
Primary/Secondary port:
The port numbers assigned as the EAPS primary and secondary ports. On the
master node, the port distinction indicates which port is blocked to avoid a
loop.
Port status:
UnknownThis EAPS domain is not running, so the port status has not yet
been determined. UpThe port is up and is forwarding data.DownThe port
is down.BlockedThe port is up, but data is blocked from being forwarded.
Tagstatus:
Tagged status of the control VLAN:

TaggedThe control VLAN has this port assigned to it, and the port is tagged
in the VLAN.UntaggedThe control VLAN has this port assigned to it, but the
port is untagged in the control VLAN.UndeterminedEither a VLAN has not
been added as the control VLAN to this EAPS domain or this port has not
been added to the control VLAN.
Hello timer interval:
The configured value of the timer in seconds and milliseconds, specifying the
time that the master node waits between transmissions of health check
packets.
Fail timer interval:
The configured value of the timer in seconds, specifying the time that the
master node waits before the failtimer expires.
Failtimer expiry action:
Displays the action taken when the failtimer expires:

Send-alertSends a critical message to the syslog when the failtimer
expires.Open-secondary-portOpens the secondary port when the failtimer
expires.
Displays only for master nodes.
Layer 2 Protocols
292
Preforwarding Timer interval: 1
The configured value of the timer. This value is set internally by the EAPS
software. The set value is 15 seconds.
Note: If two links in an EAPS domain go down at the same time and one link
comes back up, it takes 15 seconds for the reconnected link to start receiving
traffic again.
Displays only for transit nodes.
Last valid EAPS update:
Indicates the last time a hello packet was received.
EAPS Domain Controller Vlan:
Lists the assigned name and ID of the control VLAN.
EAPS Domain Protected Vlan(s):
Lists the assigned names and VLAN IDs of all the protected VLANs
configured on this EAPS domain.
Number of Protected Vlans:
The count of protected VLANs configured on this EAPS domain.
Example
The following command displays information for all EAPS domains:
Switch.5 # show eaps
EAPS Enabled: Yes
------------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
Prio
------------------------------------------------------------------------------d1
Idle
T
N
1
2
cv1
(101 ) 0
H
d2
Links-Up
T
Y
3:8
3:16 c2
(1001) 100
H
-------------------------------------------------------------------------------
The following command displays information for EAPS domain d1:

Switch.7 # show eaps d1
Name: d1
Priority: High
State: Idle
Running: No
Enabled: No
Mode: Transit
Primary port:
1
Port status: Unknown
Tag status: Undetermined
Secondary port: 2
Port status: Unknown
Tag status: Undetermined
Fail timer interval: 3 sec 0 millisec
Last valid EAPS update: From Master Id 00:01:30:f9:9c:b0, at Wed Jun 9
09:09:35 2004
1
These fields apply only to transit nodes; they are not displayed for a master node.
Layer 2 Protocols
293
EAPS
Vlan
c1
EAPS
Vlan
p_1
p_2
p_3
p_4
p_5
p_6
p_7
p_8
p_9
p_10
p_11
p_12
p_13
p_14
p_15
p_16
p_17
p_18
p_19
p_20
p_21
p_22
p_23
p_24
p_25
p_26
p_27
p_28
p_29
p_30
Domain has following Controller Vlan:

Name
VID
1000
Domain has following Protected Vlan(s):
Name
VID
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
The following command displays information on EAPS domain domain12, which is configured to send
hello packets on the secondary port:
Switch.9 # show eaps "domain12"
Name: domain12
Priority: High
State: Complete
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
17
Port status: Up Tag status: Tagged
Secondary port: 27
Port status: Blocked
Tag status: Tagged
Hello Egress Port: Secondary
Fail timer interval: 0 sec 300 millisec
Last update: From Master Id 00:04:96:34:e3:43, at Tue May 11 15:39:29 2010
EAPS Domain has following Controller Vlan:
Vlan Name
VID
vlanc12
1002
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
pvlan11
204
pvlan12
205
Layer 2 Protocols
294
pvlan13
206
Note
You might see a slightly different display, depending on whether you display the master node
or the transit node.
The display from the show eaps detail command shows all the information shown in the show eaps
eapsDomain command, but displays information for all configured EAPS domains.
For the CFM support in EAPS, t he existing show eaps output places a ! next to a CFM monitored ring
port if the CFM indicates the MEP group for that port is down.
X480-48t.1 # sh eaps
EAPS Enabled: Yes
EAPS Display Config Warnings: Off
--------------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
Prio
--------------------------------------------------------------------------------d2
Failed
M
Y
!41
31
v2
(101 )
1
N
--------------------------------------------------------------------------------Flags : (!) CFM Down
History
show erps ring-name

show erps ring-name
Description
Display specific details for an ERPS ring.
Layer 2 Protocols
295
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to display specific details for an ERPS ring.
Example
The following example displays details for an ERPS ring named "R1":
# show erps "R1"
Name: R1
Operational State: Protection enabled
Configured State : Enabled
East Ring Port : 21
West Ring Port : +20
MepId: 1
MepId: 2
Node Type: RPL Owner,
Remote MepId: 3
Remote MepId: 4
Periodic timer interval:

Hold-off timer interval:
Guard timer interval
:
WTB timer interval
:
WTR timer interval
:
5000
0
500
5500
1000
Ring MD Level
CCM Interval East
CCM Interval West
Notify Topology Change
Subring Mode
1
1000 millisec
1000 millisec
------Virtual Channel
:
:
:
:
:
millisec
millisec
millisec
millisec
millisec
Revertive
Status: Blocked
Status: Blocked
(Enabled)
(Enabled)
(Enabled)
(Enabled)
(Enabled)
ERPS Control Vlan: cvl

VID:1000
Topology Change Propogation List: None
Topology Change Propogation : Disabled
ERPS Ring's Sub-Ring(s): None
ERPS Ring has following Protected Vlan(s):
Vlan Name
VID
pvl
1001
(+) RPL Protection Port, (^) RPL Neighbor Port
(f) Force Switch Port, (m) Manual Switch Port
History
Layer 2 Protocols
296
show erps statistics

show erps ring-name statistics
Description
Display control packet and event statistics for an ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to display control packet and event statistics for an ERPS ring.
Example
The following example displays statistics for an ERPS ring named "R1":
# show erps "R1" statistics
port
Sent
Received Dropped
Blocked Un-blocked SF
SF-clear
R-APS R-APS
R-APS
events
events
----------------------------------------------------------------2:1
2309
3400
4
5
0
0
0
1:20
100
45
0
0
10
2000
100
-----------------------------------------------------------------
History
Layer 2 Protocols
297
show erps
show erps
Description
Display global information for ERPS.
Syntax Description
N/A.
Default
N/A.
Usage Guidelines
Use this command to display global information for ERPS.
Example
# show erps
ERPS Enabled: Yes
ERPS Display Config Warnings: On
ERPS Multicast Add Ring Ports: Off
ERPS Multicast Send IGMP Query: On
ERPS Multicast Temporary Flooding: Off
ERPS Multicast Temporary Flooding Duration: 15 sec
Number of ERPS instances: 1
# ERPS ring configuration :
------------------------------------------------------------------------------Ring
State
Type
East
West
Control-Vlan
VID
------------------------------------------------------------------------------R1
Protection
R r
21
+20
cvl
(1000)
------------------------------------------------------------------------------where State: Init/Idle/Protection/Manual-Switch/Force-Switch/Pending
Type: (I) Interconnected node, (N) RPL Neighbor,
R) RPL Owner, (X) Ring node
Flags: (n) Non-revertive, (r) Revertive,
(+) RPL Protection Port, (^) RPL Neighbor Port
(f) Force Switch Port, (m) Manual Switch Port
Layer 2 Protocols
298
History
show stpd ports

Description
Displays the STP state of a port.
Syntax Description
stpd_name
Specifies an STPD name.
port_list
detail
Specifies more detailed information about one or more ports of the STPD.
Default
N/A.
Usage Guidelines
This command displays the following:
STPD port configuration.
STPD port encapsulation mode.
STPD path cost.
STPD priority.
STPD state (root bridge, and so on).
Port role (root designated, alternate and so on).
STPD port state (forwarding, blocking, and so on).
Configured port link type.
Operational port link type.
Edge port settings (inconsistent behavior, edge safeguard setting).
Restricted role (enabled, disabled).
MSTP port role (internal or boundary).
Active port role.
To display more detailed information for one or more ports in the specified STPD, including
participating VLANs, specify the detail option.
Layer 2 Protocols
299
If you have MSTP configured and specify the detail option, this command displays additional
information:
MSTP internal path cost.
MSTP timers.
If your STPD has the same name as another component, for example a VLAN, Extreme Networks
recommends that you specify the identifying keyword as well as the name. If you do not specify the
stpd keyword, an error message similar to the following is displayed:
%% Ambiguous command: "show Test ports"
In this example, to view all of the port settings of STPD Test, enter show stpd Test ports.
If your STPD has a name unique only to that STPD, the keyword stpd is optional.
Example
The following command displays the state of ports 1, 2, and 4 on an STPD named s1:
show stpd s1 ports

Port
Mode
State
Cost Flags
1
EMISTP DISABLED
200000 e?pp-w---t 128
8001
00:00:00:00:00:00:00:00
2
EMISTP DISABLED
200000 e?pp-w---- 128
8002
00:00:00:00:00:00:00:00
4
EMISTP DISABLED
200000 e?pp-w---- 128
8004
00:00:00:00:00:00:00:00
Total Ports: 3
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
4: (Oper. type)
5:
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
8:
s = edgeport safe guard configured but inactive
8:
G = edgeport safe guard bpdu restrict active in 802.1w and
mstp
g = edgeport safe guard bpdu restrict active in 802.1d
9:
10:
r = Restricted Role, t = active Role
The following command displays the detailed information for the ports in STPD s1:
show stpd s1 ports 1 detail
Layer 2 Protocols
300

Stpd: s1
Port: 1 PortId: 8001
Stp: ENABLED
Path Cost: 20000
Port Mode: EMISTP
Port State: DISABLED
Topology Change Ack: FALSE
Port Priority: 128
Designated Root:
00:00:00:00:00:00:00:00
Designated Cost: 0
Designated Bridge: 00:00:00:00:00:00:00:00
Designated Port Id: 0
Partner STP version: Dot1w
Restricted Role: Disabled
Active Role: Enabled
Edge Port Safe Guard: Disabled
Bpdu Restrict: Disabled
Participating Vlans: v1
The following command displays the detailed information for the ports in STPD s1 configured for MSTP:
show stpd s1 ports detail

Stpd: s1
Stp: ENABLED
Path Cost: 4
Port Mode: 802.1D
Port State: FORWARDING
Port Priority: 16
Designated Root:
80:00:00:04:96:1f:a8:44
Designated Cost: 0, IntCost: 0
Designated Bridge: 80:00:00:04:96:1f:a8:44
Partner STP version: MSTP
Restricted Role: Disabled
Active Role: Disabled
maxAge: 20
msgAge: 0
fwdDelay: 15
helloTime: 2
maxHops: 20
Stpd: s1
Stp: ENABLED
Path Cost: 4
Port Mode: 802.1D
Port State: BLOCKING
Port Priority: 16
Designated Root:
80:00:00:04:96:1f:a8:44
Designated Cost: 0, IntCost: 0
Designated Bridge: 80:00:00:04:96:1f:a8:44
Partner STP version: Dot1d
Restricted Role: Enabled
Active Role: Disabled
maxAge: 20
msgAge: 0
fwdDelay: 15
helloTime: 2
maxHops: 20

Port
Mode
State
Cost Flags
9
EMISTP FORWARDING 20000 eDeepw-G-- 128
8009
80:00:00:04:96:1f:a8:48
Total Ports: 1
------------------------- Flags: ----------------------------
Layer 2 Protocols
301
1:
2: (Port role)
3: (Config type)
4: (Oper. type)
5:
6: (partner mode)
7:
8:
s = edgeport safe
G = edgeport safe
g = edgeport safe
9:
10:
e=Enable, d=Disable
b=broadcast, p=point-to-point, e=edge, a=auto
d = 802.1d, w = 802.1w, m = mstp
guard configured but inactive
guard bpdu restrict active
guard bpdu restrict configured but inactive only dot1w, mstp
r = Restricted Role, t = active role
History
Information about MSTP was added in ExtremeXOS 11.4.
Information about BPDU Restrict was added in ExtremeXOS 12.4.
Information about active role was added in ExtremeXOS 12.5.
show stpd
Description
Displays STPD settings on the switch.
Syntax Description
stpd_name
Specifies an STPD on the switch.
detail
Specifies that STPD settings should be shown for each STPD.
Default
N/A.
Usage Guidelines
If you specify the command without any options, the following STPD information appears:
Layer 2 Protocols
302
NameThe name of the STPD.

TagThe StpdID of the domain, if configured.
FlagsThe following flags communicate information about the current state of the STPD:
(C) Topology ChangeA network topology change has occurred in the network.
(D) DisableThe STPD is disabled.
(E) EnableThe STPD is enabled.
(R) Rapid Root FailoverThe STPD has been configured for rapid root failover.
(T) Topology Change DetectedThe STPD has detected a change in the network topology.
(M) MSTP CISTThe STPD has been configured for MSTP, and the STPD is the common and
internal spanning tree.
(I) MSTP MSTIThe STPD has been configured for MSTP, and the STPD is a multiple instance
spanning tree.
PortsThe number of ports that are part of the STPD.
Bridge IDThe MAC addresses of the switch.
Designated RootThe MAC address of the switch that is the designated root bridge.
Rt PortThe root port.
Rt CostThe path cost to the root port.
Total Number of STPDsThe total number of STPDs configured on the switch.
STP Flush MethodThe method used to flush the FDB during a topology change.
If you have an MSTP region and associated spanning trees configured on the switch, the command also
displays the following global MSTP information:
MSTP RegionThe name of the MSTP region configured on the switch.
Format IdentifierThe number used by BPDUs to communicate within an MSTP region.
Revision LevelThis number is reserved for future use.
Common and Internal Spanning Tree (CIST)The name of the CIST that controls the connectivity of
interconnecting MSTP regions.
Total
number of MST Instances (MSTI)The number of MSTIs running in the MSTP region.
If you use the show stpd command and specify the name of an STPD, in addition to the data previously
described, the command displays more detailed information about the STPD. If you specify the detail
option, the switch displays the same type of information for all of the STPDs configured on the switch.
The additional output includes the following:
STPD mode of operation.
Autobind mode.
Active VLANs.
Timer information.
Topology change information.
If you have MSTP configured, the command also displays the following information:
Bridge role.
CIST root.
CIST regional root.
MSTI instances.
Master port (Displayed only on MSTI STPDs).
Layer 2 Protocols
303
specify the identifying keyword as well as the name. If you do not specify the stpd keyword, an error
message similar to the following is displayed:
%% Ambiguous command: "show Test"
In this example, to view the settings of the STPD Test, enter show stpd Test.
If your STPD has a name unique only to that STPD, the keyword stpd is optional.
Example
The following command displays the STPD settings on a switch that has MSTP configured:
show stpd

MSTP Global Configuration:
MSTP Region Name
: 00304841ed97
MSTP format Identifier
: 0
MSTP Revision Level
: 3
Common and Internal Spanning Tree (CIST) : ---Total Number of MST Instances (MSTI) : 0
Name Tag Flags Ports Bridge ID
Designated Root Rt Port Rt Cost
s0
0000 D----0 8000001030f99dc0 0000000000000000 ------0
Total number of STPDs:
1
STP Flush Method:
Port only
Flags: (C) Topology Change, (D) Disable, (E) Enable, (R) Rapid Root
Failover
(T) Topology Change Detected, (M) MSTP CIST ,
(I) MSTP
MSTI
The following command displays STPD settings on an STPD named Backbone_st:

show stpd backbone_st

Stpd: backbone_st Stp: ENABLED
Number of Ports: 51
Description: this is backbone_st domain
Operational Mode: 802.1W Default Binding Mode: 802.1D
802.1Q Tag: (none)
Ports: 1:1,1:2,2:1,2:2,3:1,3:2,4:1,4:2,5:1,5:2,
5:3,5:4,5:5,5:6,5:7,5:8,5:9,5:10,5:11,5:12,
5:13,5:14,5:15,5:16,5:17,5:18,5:19,5:20,5:21,5:22,
5:23,5:24,5:25,5:26,5:27,5:28,5:29,5:30,5:31,5:32,
5:33,5:34,5:35,5:36,5:37,5:38,5:39,5:40,5:41,5:42,
5:43
Layer 2 Protocols
304
Participating Vlans: Default

Bridge Priority: 5000
BridgeID: 13:88:00:01:30:f4:06:80
Designated root:
0a:be:00:01:30:28:b7:00
RootPathCost: 19
Root Port: 28
MaxAge: 20s
HelloTime: 2s
ForwardDelay: 15s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s Hold time: 1s
Topology Change Detected: FALSE Topology Change: FALSE
The following is sample output for an STPD configured as the CIST (the output is similar for an STPD
configured as an MSTI):
Stpd: s0 Stp: DISABLED
Number of Ports: 0
Description: this is s0 domain
Rapid Root Failover:
Disabled
Operational Mode:
MSTP Default Binding Mode: 802.1d
MSTP Instance :CIST CIST : s0
802.1Q Tag:
(none)
Ports:
(none)
Participating Vlan Count: 1
Auto-bind Vlans Count: 1
Bridge Priority:
32768
BridgeID:
80:00:00:10:30:f9:9d:c0Bridge
Role : CIST Regional Root
CIST Root 80:00:00:10:30:f9:9d:c0CIST
Regional Root: 80:00:00:10:30:f9:9d:c0
Designated root: 00:00:00:00:00:00:00:00
RootPathCost: 0 External RootPathCost: 0 Root Port:
---MaxAge:0sHelloTime:
0sForwardDelay:0s
CfgBrMaxAge:20sCfgBrHelloTime:
2sCfgBrForwardDelay: 15s MaxHopCount: 20 CfgBrMaxHopCount :
20
Hold time:
1s
Topology Change Detected: FALSE Topology Change:
FALSE
Number of Topology Changes:
0
Time Since Last Topology
Change: 0s
Participating Vlans
:
(none)
Auto-bind Vlans :
Default
History
Information about MSTP was added in ExtremeXOS 11.4.
Description was added in ExtremeXOS 12.4.4.
Layer 2 Protocols
305
show vlan eaps

show {vlan} vlan_name eaps
Description
Displays the EAPS configuration (control, partner, or not added to an EAPS domain) of a specific VLAN.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
Use this command to see if the specified VLAN is associated with an EAPS domain.
The output of this command displays whether the VLAN is a control or partner VLAN for an EAPS
domain. This command also displays if the VLAN is not a member of any EAPS domain.
If a VLAN is a partner VLAN for more than one EAPS domain, all of the EAPS domains that the VLAN is
a partner of appears in the output.
Example
The following command displays the EAPS configuration for the control VLAN orange in EAPS domain
eaps1:
show vlan orange eaps

Vlan is Control in following EAPS domain:
eaps1
The following command displays the EAPS configuration for the protected VLAN purple in EAPS
domain eaps1:
show vlan purple eaps
Layer 2 Protocols
306

Vlan is Protected in following EAPS domain(s):
eaps1
The following command displays information about the VLAN default not participating in EAPS:
show vlan default eaps

Vlan has not been added to any EAPS domain
History
show vlan stpd

Description
Displays the STP configuration of the ports assigned to a specific VLAN.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
If you have a VLAN that spans multiple STPDs, use this command to display the STP configuration of
the ports assigned to that specific VLAN.
This command displays the following:
Layer 2 Protocols
307
STPD port configuration.

STPD port mode of operation.
STPD path cost.
STPD priority.
STPD state (root bridge, and so on).
Port role (root designated, alternate and so on).
STPD port state (forwarding, blocking, and so on).
Configured port link type.
Operational port link type.
If your VLAN has the same name as another component, for example an STPD, Extreme Networks
recommends that you specify the identifying keyword as well as the name. If you do not specify the
vlan keyword, the switch displays an error message similar to the following:
%% Ambiguous command: "show Test stpd"
In this example, to view the STPD state of VLAN Test, enter show vlan Test stpd.
If you enter a VLAN name that is not associated with an STPD or does not exist, the switch displays an
error message similar to the following:
Failed to find vlan 'vlan1' or it has no STP domains configured on it
If this happens, check to make sure you typed the correct name of the VLAN and that the VLAN is
associated with an STPD.
If your VLAN has a name unique only to that VLAN, the keyword vlan is optional.
Example
The following command displays the spanning tree configurations for the VLAN Default:
show vlan default stpd

s0(enabled) Tag: (none)
Port
Mode
State
1:1
802.1D LEARNING
80:00:00:01:30:94:79:00
1:2
802.1D DISABLED
00:00:00:00:00:00:00:00
1:3
802.1D DISABLED
00:00:00:00:00:00:00:00
1:4
802.1D LEARNING
80:00:00:01:30:94:79:00
1:5
802.1D LEARNING
80:00:00:01:30:94:79:00
1:6
802.1D DISABLED
00:00:00:00:00:00:00:00
1:7
802.1D DISABLED
Layer 2 Protocols
Ports: 8 Root/P/C: 80:00:00:01:30:94:79:00/-----/0

Cost
Flags
19
eDbb-d- 16
8001
4
e------ 16
8002
e------ 16
8003
eDbb-d- 16
8004
eDbb-d- 16
8005
e------ 16
8006
e------ 16
8007
308
00:00:00:00:00:00:00:00
1:8
802.1D DISABLED
4
e------ 16
8008
00:00:00:00:00:00:00:00
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master,
Y=Boundary
4: (Oper. type)
5:
6: (partner mode) d=802.1d, w=802.1w, m=mstp
7:
i=edgeport inconsistency
8:
History
Spanning Tree Domains

The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent
spanning tree instance. Each spanning tree instance is called a Spanning Tree Domain (STPD). Each
STPD has its own root bridge and active path. After an STPD is created, one or more VLANs can be
assigned to it.
A port can belong to multiple STPDs. In addition, a VLAN can span multiple STPDs.
The key points to remember when configuring VLANs and STP are:
Each VLAN forms an independent broadcast domain.
STP blocks paths to create a loop-free environment.
Within any given STPD, all VLANs belonging to it use the same spanning tree.
Member VLANs
When you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types of
member VLANs in an STPD are:
Carrier.
Protected.
Carrier VLAN
to the STPD and if configured, the 802.1Q tag used to transport Extreme Multiple Instance Spanning
Tree Protocol (EMISTP) or Per VLAN Spanning Tree (PVST+) encapsulated Bridge Protocol Data Units
Layer 2 Protocols
309
(BPDUs). Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside
the control of any STPD at the same time.
Note
If you use EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrier
VLAN in that STPD.
If you have an 802.1D configuration, we recommend that you configure the StpdID to be identical to the
VLAN ID of the carrier VLAN in that STPD.
If you configure MSTP, you do not need carrier VLANs for MSTP operation. With MSTP, you configure a
CIST that controls the connectivity of interconnecting MSTP regions and sends BPDUs across the
regions to communicate the status of MSTP regions. All VLANs participating in the MSTP region have
the same privileges.
Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD. These VLANs piggyback on the
carrier VLAN. Protected VLANs do not transmit or receive STP BPDUs, but they are affected by STP
state changes and inherit the state of the carrier VLAN. Protected VLANs can participate in multiple
STPD, but any particular port in the VLAN can belong to only one STPD. Also known as non-carrier
VLANs.
CIST to the MSTP regions. MSTIs cannot share the same protected VLAN; however, any port in a
protected VLAN can belong to multiple MSTIs.
STPD Modes
An STPD has three modes of operation:
802.1D mode
third-party switches using IEEE standard 802.1D. When configured in this mode, all rapid
configuration mechanisms are disabled.
802.1w mode
Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode, all
rapid configuration mechanisms are enabled. The benefit of this mode is available on point-to-point
and edge ports only.
You enable or disable RSTP on a per STPD basis only. You do not enable RSTP on a per port basis.
MSTP mode
Use this mode for compatibility with Multiple Spanning Tree (MSTP, 802.1s). MSTP is an extension of
RSTP and offers the benefit of better scaling with fast convergence. When configured in this mode,
all rapid configuration mechanisms are enabled. The benefit of MSTP is available only on point-topoint links and when you configure the peer in MSTP or 802.1w mode. If you do not select point-topoint links and the peer is not configured in 802.1w mode, the STPD fails back to 802.1D mode.
Layer 2 Protocols
310
You can create only one MSTP region on the switch, and all switches that participate in the region
must have the same regional configurations. You enable or disable an MSTP on a per STPD basis
only. You do not enable MSTP on a per port basis.
By default, the:
STPD operates in 802.1D mode.
Default device configuration contains a single STPD called s0.
Default VLAN is a member of STPD s0 with autobind enabled.
All STP parameters default to the IEEE 802.1D values, as appropriate.
Encapsulation Modes
You can configure ports within an STPD to accept and transmit specific BPDU encapsulations. This STP
port encapsulation is separate from the STP mode of operation. For example, you can configure a port
to accept the PVST+ BPDU encapsulation while running in 802.1D mode.
An STP port has three possible encapsulation modes:
802.1D mode
This mode is used for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. Because
of this, any given physical interface can have only one STPD running in 802.1D mode.
MSTP.
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode
EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physical
port to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significant
flexibility to STP network design. BPDUs are sent with an 802.1Q tag having an STPD instance
Identifier (STPD ID) in the VLAN ID field.
Per VLAN Spanning Tree (PVST+) mode
This mode implements PVST+ in compatibility with third-party switches running this version of STP.
The STPDs running in this mode have a one-to-one relationship with VLANs, and send and process
packets in PVST+ format.
different modes for different domains to which it belongs.
MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from configuring
EMISTP or PVST+ encapsulation mode for MSTP STPDs.
Layer 2 Protocols
311

This section summarizes the rules and restrictions for configuring STP as follows:
The carrier VLAN must span all ports of the STPD. (This is not applicable to MSTP.)
The STPD ID must be the VLAN ID of the carrier VLAN; the carrier VLAN cannot be partitioned. (This
is not applicable to MSTP.)
A default VLAN cannot be partitioned. If a VLAN traverses multiple STPDs, the VLAN must be
tagged.
An STPD can carry, at most, one VLAN running in PVST+ mode, and its STPD ID must be identical
with that VLAN ID. In addition, the PVST+ VLAN cannot be partitioned.
The default VLAN of a PVST+ port must be identical with the native VLAN on the PVST+ device
connected to that port.
If an STPD contains both PVST+ and non-PVST+ ports, that STPD must be enabled. If that STPD is
disabled, the BPDUs are flooded in the format of the incoming STP port, which may be incompatible
with those of the connected devices.
The 802.1D ports must be untagged; and the EMISTP/PVST+ ports must be tagged in the carrier
VLAN.
An STPD with multiple VLANs must contain only VLANs that belong to the same virtual router
instance.
STP and network login operate on the same port as follows:
STP (802.1D), RSTP (802.1W), and MSTP (802.1S) support both network login and STP on the
same port.
At least one VLAN on the intended port should be configured both for STP and network login.
When STP blocks a port, network login does not process authentication requests and BPDUs are
the only traffic in and out of the port. All user data forwarding stops.
When STP places a port in forwarding state, network login operates and BPDUs and user data
flow in and out of the port. The forwarding state is the only STP state that allows network login
and user data forwarding.
When RSTP is used with network login campus mode, autobind must be enabled on all VLANs
that support RSTP and network login campus mode.
When RSTP is used with network login campus mode on a port, dynamic VLANs cannot be
supported.
STP cannot be configured on the following ports:
A mirroring target port.
A software-controlled redundant port.
MSTP and 802.1D STPDs cannot share a physical port.
Only one MSTP region can be configured on a switch.
In an MSTP environment, A VLAN can belong to either a CIST or one of the MSTIs.
A VLAN can belong to only one MSTP domain.
MSTP is not interoperable with PVST+.
The CIST can operate without any member VLANs.
Layer 2 Protocols
312
STP
STP is a bridge-based mechanism for providing fault tolerance on networks. STP is a part of the 802.1D
bridge specification defined by the IEEE Computer Society. To explain STP in terms used by the 802.1D
specification, the switch is referred to as a bridge.
STP allows you to implement parallel paths for network traffic and ensure that redundant paths are:
Disabled when the main paths are operational.
Enabled if the main path fails.
Note
STP and Extreme Standby Router Protocol (ESRP) cannot be configured on the same
Virtual LAN (VLAN) simultaneously.
unconfigure eaps port

unconfigure eaps eapsDomain [primary | secondary] port
Description
Sets the specified ports internal configuration state to INVALID.
Syntax Description
eapsDomain
primary
Specifies that the primary port should be unconfigured.
secondary
Specifies that the secondary port should be unconfigured.
Default
N/A.
Usage Guidelines
Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to
appear in the Idle state with a port status of Unknown when you use the show eaps detail command to
display the status information about the port.
To prevent loops in the network, the switch displays by default a warning message and prompts you to
unconfigure the specified EAPS primary or secondary ring port. When prompted, do one of the
following:
Enter y to unconfigure the specified port.
Layer 2 Protocols
313
Example
The following command unconfigures this nodes EAPS primary ring port on the domain eaps_1:
unconfigureeapseaps_1primary port
WARNING: Unconfiguring the Primary port from the EAPS domain could cause
a loop in the network! Are you sure you want to unconfigure the Primary
EAPS Port? (y/n)
Enter y to continue and unconfigure the EAPS primary ring port. Enter n to cancel this action.
The switch displays a similar warning message if you unconfigure the secondary EAPS port.
History
unconfigure eaps shared-port link-id

unconfigure eaps shared-port ports link-id
Description
Unconfigures an EAPS link ID on a shared port on the switch.
Syntax Description
ports
Default
N/A.
Layer 2 Protocols
314
Usage Guidelines
None.
Example
The following command unconfigures the link ID on shared port 1:1.
unconfigure eaps shared-port 1:1 link-id
History
unconfigure eaps shared-port mode

unconfigure eaps shared-port ports mode
Description
Unconfigures the EAPS shared port mode.
Syntax Description
ports
Default
N/A.
Usage Guidelines
None.
Example
The following command unconfigures the shared port mode on port 1:1:
unconfigure eaps shared-port 1:1 mode
Layer 2 Protocols
315
History
unconfigure erps cfm

unconfigure {erps} ring-name cfm
Description
Unconfigure the CFM maintenance association for the ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to unconfigure connectivity fault management (CFM) for the ERPS ring.
Example
The following command unconfigures connectivity fault management on an ERPS ring named ring1:
unconfigure erps ring1 cfm
History
Layer 2 Protocols
316
unconfigure erps neighbor-port

unconfigure erps ring-name neighbor-port
Description
Delete the ring protection link (RPL) neighbor configuration for the ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
See Description.
Example
The following command deletes RPL neighbor configuration for the ERPS ring named ring1:
unconfigure erps ring1 neighbor-port
History
unconfigure erps notify-topology-change

unconfigure {erps} ring-name notify-topology-change {eaps} domain_name
Description
Delete an ERPS sub-ring from the EAPS domain.
Layer 2 Protocols
317
Syntax Description
ring-name
Alphanumeric string identififying the ERPS sub-ring.
domain_name
Alphanumeric string identifying the EAPS domain.
Default
N/A.
Usage Guidelines
Use this command to delete an ERPS sub-ring from the EAPS domain.
Example
History
unconfigure erps protection-port

unconfigure erps ring-name protection-port
Description
Delete ring protection link (RPL) owner configuration for the ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to delete ring protection link (RPL) owner configuration for the ERPS ring.
Layer 2 Protocols
318
Example
The following command deletes RPL owner configuration on an ERPS ring named ring1:
unconfigure erps ring1 protection-port
History
unconfigure erps ring-ports west

unconfigure erps ring-name ring-ports west
Description
Delete ring ports on the ERPS ring.
Syntax Description
ring-name
west
Delete the ring port on the west port of the switch.
Default
N/A.
Usage Guidelines
Use this command to delete ring ports on the ERPS ring. Ring ports are the ports of the switch that
connect it to the ERPS ring. This command deletes the ring port on the west port of the switch.
Note
On unconfiguring the west port, the node is treated as an interconnected node.
Layer 2 Protocols
319
Example
The following command deletes the ring ports on the west port of the switch for an ERPS ring named
ring1:
unconfigure erps ring1 ring-ports west
History

Description
Unconfigures the MSTP region on the switch and returns all MSTP settings to their default values.
Syntax Description
Default
N/A.
Usage Guidelines
Before you unconfigure an MSTP region, we recommend that you disable all active STPDs in the region.
This includes the CIST and any active MSTIs.
After you issue this command, all of the MSTP settings return to their default values, as described
below:
Region NameThis indicates the name of the MSTP region. In the Extreme Networks
implementation, the maximum length of the name is 32 characters and can be a combination of
alphanumeric characters and underscores ( _ ).
Format SelectorThis indicates a number to identify the format of MSTP BPDUs. The default is 0.
default of 3.
Layer 2 Protocols
320
Example
The following command unconfigures the MSTP region on the switch:
History
unconfigure stpd ports link-type

unconfigure stpd stpd_name ports link-type port_list
Description
Returns the specified port to the factory default setting of broadcast link.
Syntax Description
stpd_name
port_list
Default
All ports are broadcast link types.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, you must enter the stpd
keyword to specify the STPD. If your STPD has a name unique only to that STPD, the keyword stpd is
optional.
If the switch operates in 802.1D mode, any configured port link type will behave the same as the
broadcast link type.
Layer 2 Protocols
321
Example
The following command configures slot 2, ports 1 through 4 to return to the factory default of
broadcast links in STPD s1:
unconfigure stpd s1 ports link-type 2:1-2:4
History
unconfigure stpd
unconfigure stpd {stpd_name}
Description
Restores default STP values to a particular STPD or all STPDs.
Syntax Description
stpd_name
Default
N/A.
Usage Guidelines
Use this command to restore default STP values to a particular STPD. If you want to restore default STP
values on all STPDs, do not specify a spanning tree name.
Example
The following command restores default values to an STPD named Backbone_st:
unconfigure stpd backbone_st
Layer 2 Protocols
322
History
Layer 2 Protocols
323

Layer 2 Protocols PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Layer 2 Protocols PDF

Uploaded by

Copyright:

Available Formats

Layer 2 Protocols

ExtremeXOS 15.5 User Guide

Copyright 20112014 All rights reserved.

Chapter 3: Protocol Filters.....................................................................................................80

Chapter 6: L2PT Limitations...................................................................................................88

Chapter 8: Layer 2 Protocol Commands............................................................................ 146

configure eaps config-warnings off.........................................................................................................................155

configure ip-arp fast-convergence........................................................................................................................ 204

enable erps block-vc-recovery.................................................................................................................................264

Alerts you to...

Important features or instructions.

Risk of personal injury, system damage, or loss of data.

Risk of severe personal injury.

This command or section is new for this release.

Table 2: Text Conventions

The words enter and

Words in italicized type

BlackDiamond X8 series switch

ExtremeXOS User Guide

BlackDiamond 8800 Series Switches Hardware Installation Guide

Ridgeline Installation and Upgrade Guide

SDN OpenFlow Implementation Guide

Navigating the ExtremeXOS User Guide

EAPS Protocol Overview

Figure 1: Gigabit Ethernet Fiber EAPS MAN Ring

EAPS Single Ring Topology

Figure 2: EAPS Operation

EAPS Multiple Ring Topology

Figure 3: Two Rings Interconnected by One Switch

Multiple Rings Sharing an EAPS Common Link

Figure 4: Multiple Rings Sharing a Common Link

Figure 5: Master Node Operation in a Multiple Ring Topology

Figure 6: Segment Health-Check Messages

Figure 7: Common Link Failure

Figure 8: Common Link in Pre-Forwarding State

Figure 9: Common-Link Restored

EAPS controller and partner nodes can be in the following states:

Spatial Reuse with an EAPS Common Link

Figure 10: EAPS Common Link Topology with Spatial Reuse

Figure 11: Basic Core Topology

Figure 12: Right-Angle Topology

Figure 13: Basic Core and Right Angle Topology

Figure 14: Advanced Basic Core and Right Angle Topology

Figure 15: Large Core and Access Ring Topology

EAPS and Hitless Failover--Modular Switches and SummitStack Only

Single Ring Configuration Tasks

To create an EAPS domain, use the following command:

To delete an EAPS domain, use the following command:

Adding the EAPS Control VLAN

Adding Protected VLANs

To configure a VLAN as an EAPS protected VLAN, use the following command:

Configuring the EAPS Domain Priority

To configure the EAPS domain priority, use the following command:

Defining the Switch Mode (Master or Transit)

2 When prompted, do one of the following:

Enter y to identify the switch as a transit node.

Configuring the Ring Ports

To configure a node port as primary or secondary, use the following command:

2 When prompted, do one of the following:

Enter y to identify the switch as a transit node.

Adding the EAPS Control VLAN on page 24

configure eaps name failtime seconds milliseconds