Professional Documents
Culture Documents
120936-00 Rev. 2
Published June 2014
Legal Notice
Extreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys Networks,
Inc., reserves the right to make changes in specifications and other information contained in this
document and its website without prior notice. The reader should in all cases consult
representatives of Extreme Networks to determine whether any such changes have been made.
The hardware, firmware, software or any specifications described or referred to in this document
are subject to change without notice.
Trademarks
Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of
Extreme Networks, Inc. in the United States and/or other countries.
All other names (including any product names) mentioned in this document are the property of
their respective owners and may be trademarks or registered trademarks of their respective
companies/owners.
For additional information on Extreme Networks trademarks, please see:
www.extremenetworks.com/company/legal/trademarks/
Support
For product support, including documentation, visit: www.extremenetworks.com/support/
For information, contact:
Extreme Networks, Inc.
145 Rio Robles
San Jose, California 95134
USA
Table of Contents
Preface......................................................................................................................................... 7
Conventions............................................................................................................................................................................. 7
Related Publications............................................................................................................................................................8
Providing Feedback to Us................................................................................................................................................ 9
Navigating the ExtremeXOS User Guide......................................................................................................................... 10
Chapter 1: EAPS......................................................................................................................... 11
EAPS Protocol Overview.................................................................................................................................................. 11
Configuring EAPS...............................................................................................................................................................23
Displaying EAPS Information....................................................................................................................................... 33
Configuration Examples..................................................................................................................................................34
Chapter 2: ERPS....................................................................................................................... 67
ERPS Overview....................................................................................................................................................................67
Supported ERPS Features.............................................................................................................................................68
G.8032 Version 2 ...............................................................................................................................................................69
Configuring ERPS............................................................................................................................................................... 75
Sample Configuration.......................................................................................................................................................77
Debugging ERPS................................................................................................................................................................ 79
ERPS Feature Limitations.............................................................................................................................................. 79
Layer 2 Protocols
Table of Contents
Layer 2 Protocols
Table of Contents
Layer 2 Protocols
Table of Contents
Layer 2 Protocols
Preface
Conventions
This section discusses the conventions used in this guide.
Text Conventions
The following tables list text conventions that are used throughout this guide.
Table 1: Notice Icons
Icon
Notice Type
Note
Caution
Warning
New
Description
This typeface indicates command syntax, or represents information as it appears on
the screen.
When you see the word enter in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says type.
[Key] names
Key names are written with brackets, such as [Return] or [Esc]. If you must press two
or more keys simultaneously, the key names are linked with a plus sign (+). Example:
Press [Ctrl]+[Alt]+[Del]
Italics emphasize a point or denote new terms at the place where they are defined in
the text. Italics are also used when referring to publication titles.
Layer 2 Protocols
Preface
Platform-Dependent Conventions
Unless otherwise noted, all information applies to all platforms supported by ExtremeXOS software,
which are the following:
When a feature or feature implementation applies to specific platforms, the specific platform is noted in
the heading for the section describing that implementation in the ExtremeXOS command
documentation. In many cases, although the command is available on all platforms, each platform uses
specific keywords. These keywords specific to each platform are shown in the Syntax Description and
discussed in the Usage Guidelines.
Terminology
When features, functionality, or operation is specific to a switch family, the family name is used.
Explanations about features and operations that are the same across all product families simply refer to
the product as the switch.
Related Publications
Documentation for Extreme Networks products is available at: www.extremenetworks.com. The
following is a list of related publications currently available:
Some ExtremeXOS software files have been licensed under certain open source licenses. Information is
available at: www.extremenetworks.com/services/osl-exos.aspx
Layer 2 Protocols
Preface
Providing Feedback to Us
We are always striving to improve our documentation and help you work better, so we want to hear
from you! We welcome all feedback but especially want to know about:
Content errors or confusing or conflicting information.
Ideas for improvements to our documentation so you can find the information you need faster.
Broken links or usability issues.
If you would like to provide feedback to the Extreme Networks Information Development team about
this document, please contact us using our short online feedback form. You can also email us directly at
internalinfodev@extremenetworks.com.
Layer 2 Protocols
Layer 2 Protocols
10
1 EAPS
EAPS Protocol Overview
Configuring EAPS
Displaying EAPS Information
Configuration Examples
This chapter provides an overview and discusses various topologies of Extreme's Automatic Protection
Switching (EAPS) feature. The chapter offers configuration and monitoring details, and also provides
configuration examples.
EAPS Benefits
EAPS offers the following benefits:
Layer 2 Protocols
11
EAPS
Fast Recovery time for link or node failuresWhen a link failure or switch failure occurs, EAPS
provides fast recovery times. EAPS provides resiliency for voice, video and data services.
Scalable network segmentation and fault isolationEAPS domains can protect groups of multiple
VLANs, allowing scalable growth and broadcast loop protection. EAPS domains provide logical and
physical segmentation, which means the failures in one EAPS ring do not impact network service for
other rings and VLANs.
Resilient foundation for non-stop IP routing servicesEAPS provides a resilient foundation for
upper level routing protocols such as Open Shortest Path First (OSPF) and Border Gateway
Protocol (BGP), minimizing route-flapping and dropped neighbors within the routed IP network.
Predictable convergence regardless of failure locationEAPS provides consistent and predictable
recovery behavior regardless of where link failures occur. The simple blocking architecture and
predictable performance of EAPS allows for enforceable Service Level Agreements (SLAs). This
allows easier network troubleshooting and failure scenario analysis without lengthy testing or
debugging on live production networks.
EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol (STP),
but EAPS offers the advantage of converging in less than one second when a link in the ring breaks.
An Ethernet ring built using EAPS can have resilience comparable to that provided by SONET rings, at a
lower cost and with fewer restraints (such as ring size). The EAPS technology developed by Extreme
Networks to increase the availability and robustness of Ethernet rings is described in RFC 3619:
Extreme Networks Ethernet Automatic Protection Switching (EAPS) Version 1.
Layer 2 Protocols
12
EAPS
Health-check messages, which are sent from the master node primary port. Transit nodes forward
health-check messages toward the master node secondary port on the control VLAN. When the
master node receives a health check message on the secondary port, the EAPS ring is considered
intact.
Link-down alert messages, which are sent from a transit node to the master node when the transit
node detects a local link failure.
Flush-FDB messages, which are sent by the master node to all transit nodes when ring topology
changes occur. Upon receiving this control frame, the transit node clears its MAC address
forwarding table (FDB) and relearns the ring topology.
Layer 2 Protocols
13
EAPS
When the master node detects a failure, due to an absence of health-check messages or a received
link-down alert, it transitions the EAPS domain to the Failed state and unblocks its secondary port to
allow data connectivity in the protected VLANs.
Layer 2 Protocols
14
EAPS
The following figure shows an example of a multiple ring topology that uses the EAPS common link
feature to provide redundancy for the switches that connect the rings.
Layer 2 Protocols
15
EAPS
With one exception, when a common link fails, each master node detects the failure and unblocks its
secondary port, as shown in the following figure.
Layer 2 Protocols
16
EAPS
When a common link recovers, each master node detects that the ring is complete and immediately
blocks their secondary ports. The controller also detects the recovery and puts its shared port to the
common link into a temporary blocking state called pre-forwarding as shown in the following figure.
Layer 2 Protocols
17
EAPS
Layer 2 Protocols
18
EAPS
ReadyIndicates that the EAPS domains are running, the common-link neighbor can be reached
through segment health-checks, and the common link is up.
BlockingIndicates that the EAPS domains are running, the common-link neighbor can be reached
through segment health-checks, but the common-link is down. Only the controller node (and not
the partner) performs blocking.
PreforwardingIndicates the EAPS domain was in a blocking state, and the common link was
restored. The controller port is temporarily blocked to prevent a loop during state transition from
Blocking to Ready.
IdleIndicates the EAPS common-link neighbor cannot be reached through segment health-check
messages.
The following figure shows a core topology with two access rings. In this topology, there are two EAPS
common links.
Layer 2 Protocols
19
EAPS
In the right-angle topology, there are still two EAPS common links, but the common links are adjacent
to each other.
To configure a right-angle topology, there must be two common links configured on one of the
switches. The following figure shows a right-angle topology.
The following figure shows a combination basic core and right-angle topology.
Layer 2 Protocols
20
EAPS
The following figure shows a single large core ring with multiple access rings hanging off of it.
This is an extension of a basic core configuration.
Layer 2 Protocols
21
EAPS
Fast Convergence
The fast convergence mode allows EAPS to converge more rapidly. In EAPS fast convergence mode,
the link filters on EAPS ring ports are turned off. In this case, an instant notification is sent to the EAPS
process if a ports state transitions from up to down or vice-versa.
You must configure fast convergence for the entire switch, not by EAPS domain.
Layer 2 Protocols
22
EAPS
To support hitless failover, the primary node replicates all EAPS PDUs to the backup, which allows the
backup to be aware of the EAPS domain state. Since both nodes receive EAPS PDUs, each node
maintains equivalent EAPS states.
By knowing the state of the EAPS domain, the EAPS process running on the backup node can quickly
recover after a primary node failover. Although both nodes receive EAPS PDUs, only the primary
transmits EAPS PDUs to neighboring switches and actively participates in EAPS.
Note
For instructions on how to manually initiate hitless failover, see Relinquishing Primary Status.
EAPS Licensing
Different EAPS features are offered at different license levels.
For complete information about software licensing, including how to obtain and upgrade your license
and what licenses are appropriate for these features, see the Feature License Requirements document.
Configuring EAPS
Create an EAPS domain and assign a name to the domain as described in Creating and Deleting an
EAPS Domain on page 24.
Create and add the control VLAN to the domain as described in Adding the EAPS Control VLAN on
page 24.
Create and add the protected VLAN(s) to the domain as described in Adding Protected VLANs on
page 25.
Configure the EAPS mode (master or transit) for the switch in the domain as described in Defining
the Switch Mode (Master or Transit) on page 25.
Configure the EAPS ring ports, including the master primary and secondary ring ports, as described
in Configuring the Ring Ports on page 26.
If desired, configure the polling timers and timeout action as described in Configuring the Polling
Timers and Timeout Action on page 26.*
Enable EAPS for the entire switch as described in Enabling and Disabling EAPS on the Switch on
page 27.
Layer 2 Protocols
23
EAPS
8 If desired, enable Fast Convergence as described in Enabling and Disabling Fast Convergence on
page 28.*
9 Enable EAPS for the specified domain as described in Enabling and Disabling an EAPS Domain on
page 28.
Note
If you configure a VMAN on a switch running EAPS, make sure you configure the VMAN
attributes on all of the switches that participate in the EAPS domain. For more information
about VMANs, see VMAN (PBN) and PBBN.
Creating and Deleting an EAPS Domain
Each EAPS domain is identified by a unique domain name.
To configure EAPS to use a VLAN as the EAPS control VLAN for a domain, use the following
command:
configure eaps name add control {vlan} vlan_name
Note
A control VLAN cannot belong to more than one EAPS domain. If the domain is active,
you cannot delete the domain or modify the configuration of the control VLAN.
The control VLAN must NOT be configured with an IP address. In addition, only ring ports
may be added to this control VLAN. No other ports can be members of this VLAN. Failure
to observe these restrictions can result in a loop in the network.
The ring ports of the control VLAN must be tagged.
By default, EAPS PDUs are automatically assigned to QoS profile QP8. This ensures that the control
VLAN messages reach their intended destinations. You do not need to configure a QoS profile for
the control VLAN.
Layer 2 Protocols
24
EAPS
Configure the EAPS switch mode for a domain using the following command:
configure eaps name mode [master | transit]
One switch on the ring must be configured as the master node for the specified domain; all other
switches on the same ring and domain are configured as transit nodes.
If you configure a switch to be a transit node for an EAPS domain, the default switch configuration
displays the following message and prompts you to confirm the command:
WARNING: Make sure this specific EAPS domain has a Master node in the ring. If
you change this node from EAPS master to EAPS transit, you could cause a loop
in the network. Are you sure you want to change mode to transit? (y/n)
For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.
Layer 2 Protocols
25
EAPS
If you attempt to add an EAPS ring port to a VLAN that is not protected by EAPS, the default switch
configuration prompts you to confirm the command with the following message:
Make sure <vlan_name> is protected by EAPS. Adding EAPS ring ports to a VLAN
could cause a loop in the network. Do you really want to add these ports (y/n)
For information on configuring a VLAN for EAPS, see the following sections:
For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.
Configuring the Polling Timers and Timeout Action
The polling timers provide an alternate way to detect ring breaks. In a ring that uses only Extreme
Networks switches, the master switch learns about a ring break by receiving a link-down PDU. When
the ring uses only Extreme networks switches, the polling timers are not needed and can remain
configured for the default values.
In a ring that contains switches made by other companies, the polling timers provide an alternate way
to detect ring breaks. The master periodically sends hello PDUs at intervals determined by the hello
PDU timer and waits for a reply. If a hello PDU reply is not received before the failtime timer expires, the
switch detects a failure and responds by either sending an alert or opening the secondary port. The
response action is defined by a configuration command.
Set the polling timer values the master node uses for detecting ring failures.
configure eaps name hellotime seconds milliseconds
Layer 2 Protocols
26
EAPS
Note
These commands apply only to the master node. If you configure the polling timers for a
transit node, they are ignored. If you later reconfigure that transit node as the master
node, the polling timer values are used as the current values.
Use the hellotime keyword and its associated parameters to specify the amount of time the
master node waits between transmissions of health check messages on the control VLAN. The
combined value for seconds and milliseconds must be greater than 0. The default value is 1 second.
Use the failtime keyword and its associated parameters to specify the amount of time the master
node waits before the failtimer expires. The combined value for seconds and milliseconds must be
greater than the configured value for hellotime. The default value is 3 seconds.
Note
Increasing the failtime value increases the time it takes to detect a ring break using the
polling timers, but it can also reduce the possibility of incorrectly declaring a failure when
the network is congested.
Use the send-alert parameter to send an alert when the failtimer expires. Instead of going into a
failed state, the master node remains in a Complete or Init state, maintains the secondary port
blocking, and writes a critical error message to syslog warning the user that there is a fault in the
ring. An SNMP trap is also sent.
Use the open-secondary-port parameter to open the secondary port when the failtimer
expires.
Enabling and Disabling EAPS on the Switch
We recommend that you keep the loop protection warning messages enabled. If you have considerable
knowledge and experience with EAPS, you might find the EAPS loop protection warning messages
unnecessary.
To enable the EAPS function for the entire switch, use the following command:
enable eaps
To disable the EAPS function for the entire switch, use the following command:
disable eaps
If you enter the command to disable EAPS, the default switch configuration displays the following
warning message and prompts you to confirm the command:
WARNING: Disabling EAPS on the switch could cause a loop in the network! Are
you sure you want to disable EAPS? (y/n)
Layer 2 Protocols
27
EAPS
For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.
Enabling and Disabling Fast Convergence
You can enable or disable fast convergence for the entire switch to improve EAPS convergence times.
Note
Possible factors affecting EAPS fast convergence time:
The medium type of the link being flapped (Fiber link-down events are detected faster
than copper, causing better convergence).
Number of VLANs protected by the EAPS domain (convergence time increases with the
number of protected VLANs).
Number of FDB entries present during the switch over (convergence time increases with
the number of FDBs learned).
Topology change event (link down or link up) causes the master node to send an FDB
flush to all transits. In the event ofa shared port failure, FDB is flushed twice, causing an
increase in convergence time.
Number of hops between the switch where the link flap happens and the master node
(convergence increases with the number of hops).
To enable or disable fast convergence on the switch, use the following command:
configure eaps fast-convergence[off | on]
If you enter the disable eaps command, the default switch configuration displays the following
warning message and prompts you to confirm the command:
WARNING: Disabling specific EAPS domain could cause a loop in the network! Are
you sure you want to disable this specific EAPS domain? (y/n)
For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.
Layer 2 Protocols
28
EAPS
To unconfigure an EAPS primary or secondary ring port for an EAPS domain, use the following
command:
unconfigure eaps eapsDomain [primary | secondary] port
To prevent loops in the network, the switch displays by default a warning message and prompts
you to unconfigure the specified EAPS primary or secondary ring port.
2 When prompted, do one of the following:
a Enter y to unconfigure the specified port.
b Enter n or press [Return] to cancel this action.
The following command example unconfigures this nodes EAPS primary ring port on the
domain eaps_1:
unconfigure eaps eaps_1 primary port
WARNING: Unconfiguring the Primary port from the EAPS domain could cause a
loop in The network! Are you sure you want to unconfigure the Primary EAPS
Port? (y/n)
3 Enter y to continue and unconfigure the EAPS primary ring port. Enter n to cancel this action.
The switch displays a similar warning message if you unconfigure the secondary EAPS port.
For more information see, Disabling EAPS Loop Protection Warning Messages on page 29.
Disabling EAPS Loop Protection Warning Messages
The switch displays by default loop protection messages when configuring the following EAPS
parameters:
Adding EAPS primary or secondary ring ports to a VLAN
Deleting a protected VLAN
Layer 2 Protocols
29
EAPS
We recommend keeping the loop protection warning messages enabled. If you have considerable
knowledge and experience with EAPS, you might find the EAPS loop protection warning messages
unnecessary. For example, if you use a script to configure your EAPS settings, disabling the warning
messages allows you to configure EAPS without replying to each interactive yes/no question.
Each common link in the EAPS network must have a unique link ID, which is configured at the
shared port at each end of the link.
The shared port mode configured on each side of a common link must be different from the other;
one must be a controller and one must be a partner.
The controller and partner shared ports on either side of a common link must have the same
link ID. The common link is established only when the shared ports at each end of the common link
have the same link ID.
There can be up to two shared ports per switch.
There cannot be more than one controller on a switch.
Valid combinations on any one switch are:
1 controller
1 partner
Layer 2 Protocols
30
EAPS
Create a shared port for the common link as described in Creating and Deleting a Shared Port on
page 31.
2 Configure the shared port as either a controller or a partner as described in Defining the Mode of the
Shared Port on page 31.
3 Configure the link ID on the shared port as described in Configuring the Link ID of the Shared Port
on page 32.
4 If desired, configure the polling timers and timeout action as described in Configuring the Shared
Port Timers and Timeout Action on page 32.
This step can be configured at any time, even after the EAPS domains are running.
5 Configure EAPS on each ring as described in Single Ring Configuration Tasks on page 23.
Creating and Deleting a Shared Port
To configure a common link, you must create a shared port on each switch belonging to the common
link.
Layer 2 Protocols
31
EAPS
The shared port on the other end of the common link must be configured to be the partner. This end
does not participate in any form of blocking. It is responsible for only sending and receiving healthcheck messages.
To configure the mode of the shared port, use the following command:
configure eaps shared-port ports mode controller | partner
To configure the link ID of the shared port, use the following command:
configure eaps shared-port ports link-id id
To configure the time out action for segment timers, use the following command:
configure eaps shared-port port segment-timers expiry-action [segment-down |
send-alert]
Layer 2 Protocols
32
EAPS
To display EAPS status and configuration information, use the following command:
show eaps {eapsDomain} {detail}
Note
You might see a slightly different display, depending on whether you enter the command
on the master node or the transit node.
If you specify a domain with the optional eapsDomain parameter, the command displays status
information for a specific EAPS domain.
The display from the show eaps detail command shows all the information shown in the show
eaps eapsDomain command for all configured EAPS domains.
To display EAPS counter information for one or all domains, use the following command:
show eaps counters [eapsDomain | global]
If you specify the name of an EAPS domain, the switch displays counter information related to only
that domain.
If you specify the global keyword, the switch displays a list of the counter totals for all domains. To
see the counters for a specific domain, you must specify the domain name.
Note
If a PDU is received, processed, and consumed, only the Rx counter increments. If a PDU is
forwarded in slow path, both the Rx counter and Fw counter increment.
Layer 2 Protocols
33
EAPS
If you enter the show eaps shared-port command without an argument or keyword, the
command displays a summary of status information for all configured EAPS shared ports on the
switch.
If you specify a shared port, the command displays information about that specific port.
You can use the detail keyword to display more detailed status information about the segments
and VLANs associated with each shared port.
If you specify the global keyword, the switch displays a list of counters that show the totals for all
shared ports together. To view the counters for a single shared port, enter the command with the
port number.
If you specify a particular EAPS segment port, the switch displays counter information related to
only that segment port for the specified EAPS domain.
Configuration Examples
Layer 2 Protocols
34
EAPS
The first step in the migration process is to create an EAPS Domain and configure the EAPS mode,
then define the primary and secondary ports for the domain. Follow this step for both switches.
Switch2 is configured as EAPS Master to ensure the same port blocking state is maintained as in the
original STP topology.
Switch 1 EAPS domain configuration:
*
*
*
*
SWITCH#1.1
SWITCH#1.2
SWITCH#1.3
SWITCH#1.4
#
#
#
#
SWITCH#2.1
SWITCH#2.2
SWITCH#2.3
SWITCH#2.4
#
#
#
#
SWITCH#1.5
SWITCH#1.6
SWITCH#1.8
SWITCH#1.9
#
#
#
#
SWITCH#2.5
SWITCH#2.6
SWITCH#2.8
SWITCH#2.9
#
#
#
#
Layer 2 Protocols
35
EAPS
2 Confirm that the master node is in Complete state and its secondary port is blocking.
Switch 1 commands to enable EAPS and the domain:
* SWITCH#1.10 # enable eaps
* SWITCH#1.11 # enable eaps new-eaps
Assign an 802.1q tag to the data VLAN, as this might not be required with the previous STP
configuration.
2 Next, the data VLAN is added to the EAPS domain as a protected VLAN.
3 Configure the VLAN port changes at the end to prevent any broadcast loop from forming during
the transition from STP to EAPS protection.
A warning message is displayed on the CLI, but this can be ignored, as it is just a reminder that the
ring ports have not been added to the protected VLAN yet.
4 Change the port membership for the data VLAN from untagged to 802.1q tagged trunk ports.
Switch#2 commands to add EAPS protected VLAN and tagged ports:
* SWITCH#2.13 # configure vlan data tag 1000
* SWITCH#2.14 # configure new-eaps add protect vlan data
WARNING: Primary port [4:1] is not tagged on vlan "data", EAPS="new-eaps"
WARNING: Secondary port [4:2] is not tagged on vlan "data", EAPS="new-eaps"
* SWITCH#2.15 # configure data add port 4:1,4:2 tagged
Layer 2 Protocols
36
EAPS
To ensure there is no potential for a broadcast storm, confirm that EAPS is successfully blocking the
protected VLAN, as shown in the following example:
* SWITCH#2.16 # show new-eaps
Name: new-eaps
State: Complete
Running: Yes
Enabled: Yes Mode: Master
Primary port:
4:1
Port status: Up
Tag status: Tagged
Secondary port: 4:2
Port status: Blocked
Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last valid EAPS update: From Master Id 00:04:96:10:51:50, at Fri Sep 10
13:38:39 2004
EAPS Domains Controller Vlan: control-1 4001
EAPS Domains Protected Vlan(s): data 1000
Number of Protected Vlans: 1
After you verify that EAPS is protecting the data VLAN, you can safely remove the STP configuration.
Verifying the STP Status and Disabling STP
Once you have successfully verified that EAPS has taken over loop prevention for the data VLAN, you
no longer need the STP configuration.
Now, verify whether the data VLAN is removed from the STP domain, and then disable the STP
protocol.
Switch 2 commands to verify STP status and disable STP:
* SWITCH#2.17 # show stp s0
Stpd: s0
Stp: ENABLED
Rapid Root Failover: Disabled
Operational Mode: 802.1D
802.1Q Tag: (none)
Ports: (none)
Participating Vlans: (none)
Auto-bind Vlans: Default
Bridge Priority: 32768
BridgeID:
80:00:00:04:96:10:51:50
Designated root:
80:00:00:04:96:10:51:50
RootPathCost: 0
Root Port: ---MaxAge: 20s
HelloTime: 2s
CfgBrMaxAge: 20s
CfgBrHelloTime: 2s
Topology Change Time: 35s
Topology Change Detected: FALSE
Number of Topology Changes: 4
Time Since Last Topology Change: 1435s
* SWITCH#2.18 # show s0 port
Layer 2 Protocols
Number of Ports: 0
Default Binding Mode: 802.1D
ForwardDelay: 15s
CfgBrForwardDelay: 15s
Hold time: 1s
Topology Change: FALSE
37
EAPS
Layer 2 Protocols
38
EAPS
Layer 2 Protocols
39
EAPS
Layer 2 Protocols
40
EAPS
Create the EAPS domain, configure the switch as a transit node, and define the EAPS primary and
secondary ports as shown in the following example:
*
*
*
*
Edge-Switch#1:1
Edge-Switch#1:2
Edge-Switch#1:3
Edge-Switch#1:4
#
#
#
#
1 Create the EAPS control VLAN and configure its 802.1q tag and ring ports.
2 Configure the control VLAN as part of the EAPS domain. The control VLAN only contains the EAPS
primary and secondary ports configured earlier. The following commands accomplish these tasks:
*
*
*
*
Edge-Switch#1:5
Edge-Switch#1:6
Edge-Switch#1:8
Edge-Switch#1:9
#
#
#
#
1 Create at least one EAPS protected VLAN, and configure its 802.1q tag and ports.
2 Configure the protected VLAN as part of the EAPS domain.
The Protect VLAN contains the EAPS primary and secondary ports as tagged VLAN ports.
Additional VLAN ports connected to client devices such as a PC could be untagged or tagged. The
following commands accomplish these tasks and should be repeated for all additional protected
VLANs:
*
*
*
*
*
Edge-Switch#1:10
Edge-Switch#1:11
Edge-Switch#1:12
Edge-Switch#1:13
Edge-Switch#1:14
#
#
#
#
#
The command in the following example allows you to verify that the EAPS configuration is correct
and that the EAPS state is Links-Up.
Both ring ports must be plugged in to see the Links-Up state.
* Edge-Switch#1:17 # show eaps e1-domain detail
Name: "e1-domain" (instance=0) Priority: High
Layer 2 Protocols
41
EAPS
State: Links-Up
Running: Yes
Enabled: Yes
Mode: Transit
Primary port:
49
Port status: Up
Tag status: Tagged
Secondary port: 50
Port status: Up
Tag status: Tagged
Hello Timer interval: 1 sec 0 millisec
Fail Timer interval: 3 sec
Preforwarding Timer interval: 0 sec
Last valid EAPS update: From Master Id 00:04:96:10:51:50, at Sun Sep 5
23:20:10 2004
EAPS Domain has following Controller Vlan:
Vlan Name
VID
"control-1"
4000
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
"purple-1"
0001
Number of Protected Vlans: 1
Layer 2 Protocols
42
EAPS
In this example, we have a common link with overlapping domains (and protected VLANs), which
includes an EAPS controller and partner configuration. The result is a partial-mesh network design of
EAPS from the access edge to the aggregation layer (see the following figure).
Figure 19: L2 Aggregation
8800
8800
Network Layer
The aggregation switches are configured to act as multi-function EAPS nodes to provide L2
connectivity services. After EAPS and L2 connectivity is configured, additional L3 routing configuration
can be added.
Using redundant aggregation switches helps protect against a single point of failure at the switch level,
while EAPS domains provide fault isolation and minimize the impact that failures have on the network.
With shared port configurations, the partial-mesh physical design is maintained without broadcast
loops, regardless of where a failure might occur.
To configure the L2 aggregate switches, complete the tasks described in the following sections on all
aggregate switches:
1 Create and configure the EAPS domains.
2 Create and configure the EAPS control VLANs.
Layer 2 Protocols
43
EAPS
3
4
5
6
Create the EAPS domains for each ring (one domain for one edge switch) and configure the EAPS
mode.
Define the primary and secondary ports for each domain. In this example, however, the primary port
is the same as the common link. One aggregation switch has EAPS mode configured as master and
partner, while the other aggregation switch is configured as transit and controller.
EAPS master node configuration:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
Layer 2 Protocols
44
EAPS
Create the EAPS control VLANs (one for each domain) and configure the 802.1q tag and ring ports
for each.
2 Configure the control VLANs as part of their respective EAPS domain.
The control VLAN only contains the EAPS primary and secondary ports configured earlier. The
following commands are entered on both aggregate switches:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH.17
AGG-SWITCH.18
AGG-SWITCH.19
AGG-SWITCH.20
AGG-SWITCH.21
AGG-SWITCH.22
AGG-SWITCH.23
AGG-SWITCH.24
AGG-SWITCH.29
AGG-SWITCH.30
AGG-SWITCH.31
AGG-SWITCH.32
AGG-SWITCH.33
AGG-SWITCH.34
AGG-SWITCH.35
AGG-SWITCH.36
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
tag
tag
tag
tag
add
add
add
add
add
add
add
add
4001
4002
4003
4004
port 2:1,1:1
port 2:1,1:4
port 2:1,3:1
port 2:1,3:2
control vlan
control vlan
control vlan
control vlan
tagged
tagged
tagged
tagged
control-1
control-2
control-3
control-4
Create the EAPS shared ports, which are used to connect a common-link between the aggregate
switches.
On the first switch, define the shared port mode as partner, and define the link ID. Repeat this step
on the other aggregate switch, but configure the shared port mode as controller. The link ID
matches the value configured for the partner.
The following shows an example configuration for the partner:
* AGG-SWITCH#2.37 # create eaps shared-port 2:1
* AGG-SWITCH#2.38 # configure eaps shared-port 2:1 mode partner
* AGG-SWITCH#2.39 # configure eaps shared-port 2:1 link-id 21
Enable the EAPS protocol on the switch, and enable EAPS to run on each domain created.
The following commands are entered on both aggregate switches.
*
*
*
*
*
AGG-SWITCH.40
AGG-SWITCH.41
AGG-SWITCH.42
AGG-SWITCH.43
AGG-SWITCH.44
#
#
#
#
#
enable
enable
enable
enable
enable
eaps
eaps
eaps
eaps
eaps
e1-domain
e2-domain
e3-domain
e4-domain
Layer 2 Protocols
45
EAPS
2 Configure an 802.1q tag and the ports for each protected VLAN.
3 Configure each protected VLAN as part of the EAPS domain.
Depending on the scope of the VLAN, it could be added to multiple EAPS domains. This type of
VLAN is referred to as an overlapping protected VLAN, and requires shared port configurations.
In this example, there is one overlapping protected VLAN, purple-1, while all other VLANs are
isolated to a single EAPS domain (VLANs green-1, orange-1, and red-1). Protected VLAN
configuration, such as 802.1q tagging, must match on the edge switch. The commands in the
following example are entered on both aggregate switches.
This procedure can also be repeated for additional protected VLANs as needed:
* AGG-SWITCH.44
* AGG-SWITCH.45
* AGG-SWITCH.46
* AGG-SWITCH.47
* AGG-SWITCH.48
* AGG-SWITCH.49
* AGG-SWITCH.50
* AGG-SWITCH.51
* AGG-SWITCH.52
* AGG-SWITCH.53
* AGG-SWITCH.54
* AGG-SWITCH.55
* AGG-SWITCH.56
* AGG-SWITCH.57
* AGG-SWITCH.58
* AGG-SWITCH.59
tagged
* AGG-SWITCH.60
* AGG-SWITCH.61
* AGG-SWITCH.62
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
When the configuration is complete, confirm that the EAPS domain and shared port configuration is
correct.
2 Verify whether the EAPS state is Complete and the shared port status is Ready.
Both ring ports must be plugged in to see the Links-Up state. This verification is performed on both
aggregate switches.
EAPS master and partner node status verification example:
* AGG-SWITCH#2.63 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: On
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 4
# EAPS domain configuration :
----------------------------------------------------------------------------
Layer 2 Protocols
46
EAPS
Layer 2 Protocols
47
EAPS
In this example, OSPF is used as the dynamic IP routing protocol to communicate between different
VLANs. To provide redundancy at the router level, VRRP is used to protect against an aggregation
switch failure. VRRP allows one aggregation switch to route IP traffic, and if it fails the other
aggregation switch takes over the IP routing role. Each EAPS protected VLAN provides L3 connectivity
to the clients by configuring IP addressing, OSPF routing, and VRRP on the aggregation switches.
Layer 2 Protocols
48
EAPS
Using redundant aggregation switches with VRRP protects against a single point of failure at the switch
level. Client devices receive non-stop IP routing services in the event of link or aggregation switch
failure without any reconfiguration. OSPF provides fast convergence from any routing failures. EAPS
provides the resilient L2 foundation and minimizes the occurrence of routing interface flaps or dropped
OSPF neighbor adjacencies.
To configure L3 on the aggregation switches, completed the tasks described in the following sections:
1
2
3
4
Client host stations need the IP address configuration to match their protected VLANs. The edge
switches do not require IP addresses, but this could optionally be done for management or
troubleshooting purposes.
The following example shows IP address configuration:
*
*
*
*
*
*
*
*
AGG-SWITCH#1.1
AGG-SWITCH#1.2
AGG-SWITCH#1.3
AGG-SWITCH#1.4
AGG-SWITCH#2.1
AGG-SWITCH#2.2
AGG-SWITCH#2.3
AGG-SWITCH#2.4
#
#
#
#
#
#
#
#
configure
configure
configure
configure
configure
configure
configure
configure
vlan
vlan
vlan
vlan
vlan
vlan
vlan
vlan
Because OSPF broadcast networks are being used, configure the DR and BDR for each VLAN.
Configure the EAPS transit and controller as the DR by using a higher OSPF priority value since it is not
performing L2 blocking. The EAPS master and partner switch is configured as the BDR. In this example,
all edge EAPS protected VLANs are placed in the OSPF backbone area, but another OSPF area could
be created if desired.
Example OSPF DR configuration:
*
*
*
*
*
*
*
*
*
*
*
*
Layer 2 Protocols
49
EAPS
The VRRP virtual router is configured with the virtual IP address of 172.16.x.254 for each VLAN
(example VLAN green-1 = 172.16.1.254). The VRRP virtual router IP address is configured as the default
gateway of each client machine. Since it is not performing L2 blocking, configure the EAPS transit and
controller as VRRP master router by using a higher priority value. The EAPS master and partner switch
is configured as the VRRP backup router.
Example VRRP master router configuration:
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#1.19
AGG-SWITCH#1.20
AGG-SWITCH#1.21
AGG-SWITCH#1.22
AGG-SWITCH#1.23
AGG-SWITCH#1.24
AGG-SWITCH#1.25
AGG-SWITCH#1.26
AGG-SWITCH#1.27
AGG-SWITCH#1.28
AGG-SWITCH#1.29
AGG-SWITCH#1.30
AGG-SWITCH#1.31
AGG-SWITCH#1.32
AGG-SWITCH#1.33
AGG-SWITCH#1.34
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
AGG-SWITCH#2.19
AGG-SWITCH#2.20
AGG-SWITCH#2.21
AGG-SWITCH#2.22
AGG-SWITCH#2.23
Layer 2 Protocols
#
#
#
#
#
50
EAPS
*
*
*
*
*
*
*
*
*
*
*
AGG-SWITCH#2.24
AGG-SWITCH#2.25
AGG-SWITCH#2.26
AGG-SWITCH#2.27
AGG-SWITCH#2.28
AGG-SWITCH#2.29
AGG-SWITCH#2.30
AGG-SWITCH#2.31
AGG-SWITCH#2.32
AGG-SWITCH#2.33
AGG-SWITCH#2.34
#
#
#
#
#
#
#
#
#
#
#
1 Verify the OSPF neighbor adjacencies are established and that the DR and BDR status is correct.
2 Verify that the VRRP virtual router is running and the VRRP master/backup status is correct.
OSPF and VRRP verification example:
* AGG-SWITCH#1.35 # show ospf neighbor
Neighbor ID Pri State Up/Dead Time Address Interface
172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.3.2 orange-1
172.16.1.2 100 FULL /BDR 00:18:01:08/00:00:00:03 172.16.4.2 red-1
172.16.1.2 100 FULL /BDR 00:17:54:17/00:00:00:03 172.16.1.2 green-1
172.16.1.2 100 FULL /BDR 00:17:54:07/00:00:00:03 172.16.2.2 purple-1
* AGG-SWITCH#1.36 # show vrrp
VLAN Name VRID Pri Virtual IP Addr State Master Mac Address TP/TR/TV/P/T
green-1(En) 0001 110 172.16.1.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
purple-(En) 0001 110 172.16.2.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
orange-(En) 0001 110 172.16.3.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
red-1(En) 0001 110 172.16.4.254 MSTR 00:00:5e:00:01:01 0 0 0 Y 1
En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
* AGG-SWITCH#2.35 # show ospf neighbor
Neighbor ID Pri State Up/Dead Time Address Interface
172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.3.1 orange-1
172.16.1.1 110 FULL /DR 00:18:01:08/00:00:00:03 172.16.4.1 red-1
172.16.1.1 110 FULL /DR 00:17:54:17/00:00:00:03 172.16.1.1 green-1
172.16.1.1 110 FULL /DR 00:17:54:07/00:00:00:03 172.16.2.1 purple-1
* AGG-SWITCH#2.36 # show vrrp
VLAN Name VRID Pri Virtual IP Addr State Master Mac Address TP/TR/TV/P/T
green-1(En) 0001 100 172.16.1.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
purple-(En) 0001 100 172.16.2.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
orange-(En) 0001 100 172.16.3.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
red-1(En) 0001 100 172.16.4.254 BKUP 00:00:5e:00:01:01 0 0 0 Y 1
En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs
Layer 2 Protocols
51
EAPS
formed by adding two core L2/L3 switches and connecting them to the two existing aggregation
switches. The core switches also provide routing to the Internet using BGP (see the following figure).
Layer 2 Protocols
52
EAPS
1 Create the backbone EAPS domains and configure the EAPS mode.
2 Define the primary and secondary ports for each domain.
Configure on both core and aggregation switches.
Core-Switch 1 EAPS configuration:
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.3
CORE-SWITCH#1.4
#
#
#
#
CORE-SWITCH#2.1
CORE-SWITCH#2.2
CORE-SWITCH#2.3
CORE-SWITCH#2.4
#
#
#
#
AGG-SWITCH#1.1
AGG-SWITCH#1.2
AGG-SWITCH#1.3
AGG-SWITCH#1.4
#
#
#
#
AGG-SWITCH#2.1
AGG-SWITCH#2.2
AGG-SWITCH#2.3
AGG-SWITCH#2.4
#
#
#
#
1 Create the EAPS control VLAN and configure its 802.1q tag, and ring ports.
2 Configure the control VLANs as part of the backbone EAPS domain. Enable EAPS and the backbone
EAPS domain. Configure on both core and aggregation switches (EAPS is already enabled on
aggregation switches).
Core-Switch#1 control VLAN configuration:
*
*
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.4
CORE-SWITCH#1.5
CORE-SWITCH#1.6
CORE-SWITCH#1.7
#
#
#
#
#
#
Layer 2 Protocols
53
EAPS
*
*
*
*
CORE-SWITCH#2.4
CORE-SWITCH#2.5
CORE-SWITCH#2.6
CORE-SWITCH#2.7
#
#
#
#
AGG-SWITCH#1.1
AGG-SWITCH#1.2
AGG-SWITCH#1.4
AGG-SWITCH#1.5
AGG-SWITCH#1.6
#
#
#
#
#
AGG-SWITCH#2.1
AGG-SWITCH#2.2
AGG-SWITCH#2.4
AGG-SWITCH#2.5
AGG-SWITCH#1.6
#
#
#
#
#
Layer 2 Protocols
54
EAPS
1 Configure an IP address and enable IP forwarding (routing) on the backbone protected VLAN.
2 OSPF is configured and because an OSPF broadcast network is used, configure the designated
router and backup designated router for each VLAN.
Since it is not performing L2 blocking, configure the EAPS transit core switch as the DR by using a
higher OSPF priority value. The EAPS master core switch is configured as the BDR. The aggregation
transit switches need not perform DR/BDR duties for the backbone VLAN, so their OSPF priority is
configured at 0 to force ODR behavior.
Core-Switch#1 OSPF configuration:
*
*
*
*
*
*
CORE-SWITCH#1.12
CORE-SWITCH#1.13
CORE-SWITCH#1.14
CORE-SWITCH#1.15
CORE-SWITCH#1.16
CORE-SWITCH#1.17
#
#
#
#
#
#
CORE-SWITCH#2.12
CORE-SWITCH#2.13
CORE-SWITCH#2.14
CORE-SWITCH#2.15
CORE-SWITCH#2.16
CORE-SWITCH#2.17
#
#
#
#
#
#
AGG-SWITCH#1.11
AGG-SWITCH#1.12
AGG-SWITCH#1.13
AGG-SWITCH#1.14
#
#
#
#
AGG-SWITCH#2.11
AGG-SWITCH#2.12
AGG-SWITCH#2.13
AGG-SWITCH#2.14
#
#
#
#
Verify that the backbone EAPS domain and OSPF configuration is correct.
Layer 2 Protocols
55
EAPS
2 Confirm that the OSPF neighbor adjacencies and DR/BDR/ODR status are correct. Verify this status
on both aggregate switches.
Core-Switch#1 EAPS and OSPF status example:
* CORE-SWITCH#1.18 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: On
EAPS Display Config Warnings: On
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 1
# EAPS domain configuration :
---------------------------------------------------------------------------Domain State Mo En Pri Sec Control-Vlan VID Count
---------------------------------------------------------------------------e5-domain Links-Up T Y 2:1 2:4 control-5 (4005) 1
---------------------------------------------------------------------------* CORE-SWITCH#1.19 # show ospf neighbor
Neighbor ID Pri State Up/Dead Time Address Interface
192.168.1.3 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.3 backbone
192.168.1.4 0 2WAY /DROTHER00:05:23:17/00:00:00:07 192.168.1.4 backbone
192.168.1.2 100 FULL /BDR 00:05:23:17/00:00:00:09 192.168.1.2 backbone
Layer 2 Protocols
56
EAPS
Layer 2 Protocols
57
EAPS
Layer 2 Protocols
58
EAPS
1
2
3
4
5
Create the backbone EAPS domains, configure the EAPS mode, and define the primary and
secondary ports for each domain. Do this configuration on both core and aggregation switches.
Core-Switch#1 EAPS configuration:
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.3
CORE-SWITCH#1.4
#
#
#
#
DC-SWITCH#1.1
DC-SWITCH#1.2
DC-SWITCH#1.3
DC-SWITCH#1.4
#
#
#
#
DC-SWITCH#2.1
DC-SWITCH#2.2
DC-SWITCH#2.3
DC-SWITCH#2.4
#
#
#
#
1 Create the EAPS control VLAN and configure its 802.1q tag, and ring ports.
2 Configure the control VLANs as part of the data center EAPS domain. Enable EAPS and the data
center EAPS domain. You need to do this configuration on the core and data center L2 switches.
Core-Switch#1 control VLAN configuration:
*
*
*
*
*
CORE-SWITCH#1.1
CORE-SWITCH#1.2
CORE-SWITCH#1.4
CORE-SWITCH#1.5
CORE-SWITCH#1.6
#
#
#
#
#
DC-SWITCH#1.1
DC-SWITCH#1.2
DC-SWITCH#1.4
DC-SWITCH#1.5
Layer 2 Protocols
#
#
#
#
59
EAPS
DC-SWITCH#2.1
DC-SWITCH#2.2
DC-SWITCH#2.4
DC-SWITCH#2.5
DC-SWITCH#2.6
DC-SWITCH#2.7
#
#
#
#
#
#
1 Create the EAPS protected VLAN for the data center domain.
2 Configure the 802.1q tag and ports for the protected VLANs.
Because each server is dual-homed to each data center switch, add a VLAN port on each switch for
each server.
3 Configure the protected VLAN as part of the EAPS domain. Do this configuration on the core and
data center switches.
Core-Switch#1 protected VLAN configuration:
*
*
*
*
Configure an IP address and enable IP forwarding (routing) on the data center protected VLAN.
This step is only performed on the core switch. Servers are configured accordingly with the core
switch IP address as their default gateway. Since there are no additional routers on this VLAN,
configure it as an OSPF passive interface. In this example, the data center VLAN is placed on the
backbone OSPF area, but additional OSPF areas can be configured if needed.
Layer 2 Protocols
60
EAPS
1 Verify that the data center EAPS domain and OSPF configuration is correct.
2 Verify whether the data center subnet is advertised to other routers through OSPF.
Core-Switch#2 route verification example:
* CORE-SWITCH#2.1 # show iproute 10.10.10.0/24
Ori Destination
Gateway
Mtr Flags
VLAN
Duration
#oa 10.10.10.0/24
192.168.1.1
6
UG-D---um--f backbone
0d:0h:
25m:5s
Origin(Ori): (b) BlackHole, (be) EBGP, (bg) BGP, (bi) IBGP, (bo) BOOTP
(ct) CBT, (d) Direct, (df) DownIF, (dv) DVMRP, (e1) ISISL1Ext
(e2) ISISL2Ext, (h) Hardcoded, (i) ICMP, (i1) ISISL1 (i2) ISISL2
(is) ISIS, (mb) MBGP, (mbe) MBGPExt, (mbi) MBGPInter, (mp) MPLS Lsp
(mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2
(oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM
(r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown
(*) Preferred unicast route (@) Preferred multicast route
(#) Preferred unicast and multicast route
Flags: (B) BlackHole, (D) Dynamic, (G) Gateway, (H) Host Route
(L) Matching LDP LSP, (l) Calculated LDP LSP, (m) Multicast
(P) LPM-routing, (R) Modified, (S) Static, (s) Static LSP
(T) Matching RSVP-TE LSP, (t) Calculated RSVP-TE LSP, (u) Unicast, (U) Up
(f) Provided to FIB (c) Compressed Route
Mask distribution:
1 routes at length 16 1 routes at length 24
Route Origin distribution:
1 routes from OSPFIntra 1 routes from OSPFExt1
Total number of routes = 2
Total number of compressed routes = 0
Layer 2 Protocols
61
EAPS
e6-domain
Complete
T
Y
4:1
4:2
control-6
(4006) 1
----------------------------------------------------------------------------
Layer 2 Protocols
62
EAPS
down MEP, and as such, each MEP group is tied to a single port. Using the EAPS CLI, you can add the
MEP groups you wish to monitor. For each MEP group added to EAPS, EAPS will receive UP/DOWN
notifications from CFM when CFM detects a MEP state change for that group. Each MEP group
corresponds to an EAPS ring port. Notifications from those MEP groups that are inadvertently added,
that do not correspond to an EAPS ring port, are ignored in EAPS.
The CFM configuration is independent of EAPS, and MEPs and MEP groups may use different VLANs
other than the EAPS control VLAN to monitor links.
When EAPS receives a CFM notification that the link failed, EAPS blocks that port on all of the EAPS
control VLANs. This prevents EAPS control PDUs from being hardware forwarded on the link, in case
the link is still up. Any EAPS PDUs that are received on a CFM failed port are dropped in EAPS.
Configuring EAPS for CFM Support
For additional configuration details for CFM support, refer to Configuring CFM.
Binding to a MEP Group
This command notifies CFM that EAPs is interested in notifications for this MEP and RMEP pair. This
MEP should already be bound to a physical port, so when notification is received, EAPS associates
that notification with a ring-port failure.
Create MPs and the CCM Transmission Interval
Within an MA, you configure the following MPs:
Maintenance end points (MEPs), which are one of the following types:
UP MEPstransmit CCMs and maintain CCM database
DOWN MEPstransmit CCMs and maintain CCM database
Each MEP must have an ID that is unique for that MEP throughout the MA.
To configure UP and DOWN MEPs and its unique MEP ID, use the following command:
configure cfm domain domain_name association association_name [ports
<port_list add [[end-point [up|down] mepid {group group_name}] |
[intermediate-point]]
Layer 2 Protocols
63
EAPS
To configure the transmission interval for the MEP to send CCMs, use the following command:
configure cfm domain domain_name association association_name {ports port_list
end-point [up | down]} transmit-interval [3|10|100|1000|10000|60000|600000]
To unconfigure the transmission interval for the MEP to send CCMs and return it to the default, use
the following command:
unconfigure cfm domain domain_name association association_name {ports
port_list end-point [up | down]} transmit-interval
Display EAPS MEP group bindings with the command: show eaps cfm groups
X480-48t.2 # sh eaps cfm groups
---------------------------------------------------------------------MEP Group Name
Status Port
MEP ID
---------------------------------------------------------------------eapsCfmGrp1
Up
41
11
eapsCfmGrp2
Up
31
12
Layer 2 Protocols
64
EAPS
Configuration Example
Below is a sample configuration of CFM support in EAPS:
switch 1 # sh configuration cfm
#
# Module dot1ag configuration.
#
create cfm domain string "MD1" md-level 6
configure cfm domain "MD1" add association string "MD1v1" vlan "v1"
configure cfm domain "MD1" add association string "MD1v2" vlan "v2"
configure cfm domain "MD1" association "MD1v1" ports 17 add end-point down 6
configure cfm domain "MD1" association "MD1v1" ports 23 add end-point down 5
configure cfm domain "MD1" association "MD1v2" ports 31 add end-point down 13
configure cfm domain "MD1" association "MD1v1" ports 17 end-point down add
group "eapsCfmGrp1"
configure cfm domain "MD1" association "MD1v1" ports 23 end-point down add
group "eapsCfmGrp2"
configure cfm domain "MD1" association "MD1v2" ports 31 end-point down add
group "eapsCfmGrp3"
configure cfm group "eapsCfmGrp1" add rmep 2
configure cfm group "eapsCfmGrp2" add rmep 4
configure cfm group "eapsCfmGrp3" add rmep 12
switch 2 # sh configuration "eaps"s
#
# Module eaps configuration.
#
enable eaps
create eaps d1
configure eaps d1 mode transit
configure eaps d1 primary port 17
configure eaps d1 secondary port 23
enable eaps d1
create eaps d2
configure eaps d2 mode transit
configure eaps d2 primary port 31
configure eaps d2 secondary port 23
enable eaps d2
configure eaps d1 add control vlan v1
configure eaps d1 add protected vlan pv1
configure eaps d2 add control vlan v2
configure eaps d2 add protected vlan pv2
create eaps shared-port 23
configure eaps shared-port 23 mode partner
configure eaps shared-port 23 link-id 100
configure eaps cfm add group eapsCfmGrp1
configure eaps cfm add group eapsCfmGrp2
configure eaps cfm add group eapsCfmGrp3
Limitations
Layer 2 Protocols
65
EAPS
CFM PDU transmit intervals are limited by the supported limits of CFM module. Platforms that do not
support CFM in hardware are limited to a minimum interval of 100 ms.
The maximum number of down MEPs is limited by the CFM module. This is as low as 32 MEPs in some
platforms. See CFM scaling limitations in EXOS_1AG_(CFM)_Functional_Spec.doc
Platforms Supported
All ExtremeXOS platforms support this feature; however, not all platforms support hardware-based
CFM.
Platforms with no hardware-based CFM support are limited to software-based CFM transmit intervals
of 100 ms or higher. Hardware-based intervals can go as low as 3.3 ms.
Currently, only the x460 and E4G platforms support hardware-based CFM.
Layer 2 Protocols
66
2 ERPS
ERPS Overview
Supported ERPS Features
G.8032 Version 2
Configuring ERPS
Sample Configuration
Debugging ERPS
ERPS Feature Limitations
This chapter provides an overview to ERPS, and discusses various ERPS features. The chapter also
offers configuration details, provides configuration examples, and shows you how to debug ERPS.
ERPS Overview
The basic concept of G.8032/ERPS is that traffic may flow on all links of a ring network except on one
link called the Ring Protection Link (RPL).
The RPL owner is the node that blocks the RPL, and the other node of the RPL is called the RPL
neighbor node. All other nodes are called non-RPL nodes. When a link fails, the RPL owner unblocks the
RPL to allow connectivity to the nodes in the ring. The G.8032/ERPS rings utilize a channel (dedicated
path) for carrying their control traffic which is the R-APS messages (Ring Automatic Protection
Switching).
The ring protection architecture relies on the existence of an APS protocol to coordinate ring
protection actions around an Ethernet ring, as shown in the following figure.
Figure 23: Simple Ring with RPL, RPL Owner, RPL Neighbor, and Non-RPL Nodes
More complex topologies include ladder ring networks which are called sub-rings in G.8032
terminology. In these networks, there could exist one or more rings and sub-rings which complete their
connectivity through the interconnected nodes of the ring(s). Multiple ladder networks are supported
only if the following conditions are met:
Layer 2 Protocols
67
ERPS
In the following figure, the ring comprises nodes A, B, C, and D with links AB, BC, CD, and DA while
the control channel for this ring has its own dedicated VLAN. The sub-ring consists of nodes D, F, E, and
C with links DF, FE, and EC. D and C are interconnected nodes. The channel for the sub-ring spans
the links CE, EF, and FD and their nodes while the virtual channel comprises the links D-A, A-B, B-C
and DC and their nodes. This means that the virtual channel for the sub-ring needs to not only exist on
the interconnected nodes, but also on the nodes A and B.
Layer 2 Protocols
68
ERPS
Support for hardware accelerated CFM in specific platforms that have this capability.
G.8032 version 2 with no Virtual Channel support.
Support for attaching to a CFM DOWN-MEP configured external to ERPS.
Multiple failure protection for sub-rings using UP-MEP as per Appendix X.3 of the G.8032 standard.
G.8032 Version 2
The concept of sub-rings is introduced to add multiple rings to the main ring. A sub-ring is an
incomplete ring that completes its path through the main ring or other sub-rings. The control path for
the sub-ring completes either through the implementation of a virtual channel, or by changing the flow
of control packets in the sub-rings. Virtual channels are supported through the use of the sub-rings
control channel being configured as a data VLAN in the main ring.
You can configure the sub-ring in no virtual channel mode, where the control path for the sub-ring is
through all the nodes of the sub-ring (including the RPL owner and neighbor). You must be careful,
however, to avoid using the sub-rings control channel across the main ring because that will cause a
loop. ExtremeXOS supports the use of CFM, in conjunction with Manual Switch (MS), to protect the
sub-rings against multiple failures in the main ring.
Another method of creating a DOWN-MEP is by creating the DOWN-MEP with the CFM commands,
and then assigning a group name to it. This group can then be associated to the ERPS ring.
You must choose one of the two methods above for CFM link monitoring. You cannot use both
simultaneously.
Here is an example:
switch # sh cfm
Domain: "erps_6", MD Level: 6
Association: "erps_MA_100", Destination MAC Type:
with 2 cfm ports
Layer 2 Protocols
69
ERPS
Note
You must configure a remote MEP-ID for the local MEPs so that a specific association can be
maintained between the two ends.
Multiple Failure Protection using CFM
You can use CFM UP-MEP support in the sub-ring to provide protection against multiple failures in the
main ring. Configure an UP-MEP on the interconnected nodes, where a segmentation of the main ring
results in the UP-MEP notifying the sub-ring of a failure. This causes the sub-ring to open its RPL and
Layer 2 Protocols
70
ERPS
place the interconnected node in manual switch. This is done to avoid a super-loop during recovery of
the main ring. This implementation is as directed in Appendix X.3 of the G.8032 standard.
Force Switch/Clearing
In the absence of any failure in the ring network, an operator-initiated Force Switch (FS) results in the
RPL getting unblocked, and the node on which the FS has been issued is blocked. This condition is
indicated by the transmission of R-APS FS messages, which are continuous until this condition is
unconfigured. Two or more Forced Switches are allowed in the Ethernet ring, but this may cause the
segmentation of an Ethernet ring. It is the responsibility of the operator to prevent this effect if it is
undesirable.
You can remove a Forced Switch condition by issuing a clear command to the same Ethernet ring node
where the Forced Switch is presented. The clear command removes existing local operator commands
and triggers reversion in case the Ethernet ring is in revertive behavior. The Ethernet ring node where
Layer 2 Protocols
71
ERPS
the Forced Switch was cleared continuously transmits the R-APS (NR) message on both ring ports,
informing that no request is present at the Ethernet ring node.
Manual Switch
Manual Switch is similar to the Force Switch except that only one Manual Switch is allowed for an
Ethernet ring. The processing of which node retains the Manual Switch is based on the priority table
and the node state. However only one Manual Switch is retained at the end for the ring.
Clearing the Manual Switch is done similar to the Force Switch.
Virtual Channel for Sub-rings
While the standard describes how the sub-rings can function with a virtual channel, in this
implementation sub-rings will function only with the presence of virtual channels.
Channel Blocking
The R-APS control channel is blocked, as is traffic on the blocked ports for the control traffic entering
on one ring port and getting forwarded to the other ring port. However, locally generated or delivered
control traffic on the blocked port is supported.
Traffic Blocking
Traffic is always blocked for the protected VLANs on the blocked ports of the ring/sub-ring in a G.8032
network.
Signal Failure and Recovery
In the absence of a higher priority request in the node, the following Signal Failure (SF) actions are
taken.
An Ethernet ring node detecting an SF condition on one of its ring ports blocks the traffic channel
and R-APS channel on the failed ring port.
The Ethernet ring node detecting an SF condition transmits an R-APS message indicating SF on
both ring ports. The R-APS (SF) message informs other Ethernet ring nodes of the SF condition. RAPS (SF) messages are continuously transmitted by the Ethernet ring node detecting the SF
condition while this condition persists. (The Periodic timer determines the interval of sending the SF
after the first three.) For sub-ring interconnection nodes, the R-APS (SF) message is transmitted on
the R-APS channel of the Sub-Ring port.
Assuming the Ethernet ring node was in an idle state before the SF condition occurred, upon
detection of this SF condition the Ethernet ring node triggers a local FDB flush.
An Ethernet ring node accepting an R-APS (SF) message unblocks any blocked ring port that does
not have an SF condition. This action unblocks the traffic channel on the RPL.
An Ethernet ring node accepting an R-APS (SF) message stops transmission of other R-APS
messages.
An Ethernet ring node accepting an R-APS (SF) message without a DNF indication performs a flush
FDB.
An Ethernet ring node that has one or more ring ports in an SF condition (upon detection of clearance
of the SF condition) keeps at least one of these ring ports blocked for the traffic channel and for the RAPS channel, until the RPL is blocked as a result of Ethernet ring protection reversion, or until there is
Layer 2 Protocols
72
ERPS
another higher priority request (for example, an SF condition) in the Ethernet ring. An Ethernet ring
node that has one ring port in an SF condition, and detects clearing of this SF condition, continuously
transmits the R-APS (NR) message with its own Node ID as the priority information over both ring
ports, informing that no request is present at the Ethernet ring node and initiates a guard timer as
described in sub-clause 10.1.5. Another recovered Ethernet ring node (or Nodes) holding the link block
receives the message and compares the Node ID information with its own Node ID. If the received RAPS (NR) message has the higher priority, the Ethernet ring node unblocks its ring ports. Otherwise,
the block remains unchanged. There is only one link with one-end block. The Ethernet ring nodes stop
transmitting R-APS (NR) messages when they accept an R-APS (NR, RB), or when another higher
priority request is received
Timers
This section discusses the various timers associated with ERPS.
Guard Timer
The guard timer is used to prevent Ethernet ring nodes from acting upon outdated R-APS messages,
and to prevent the possibility of forming a closed loop. The guard timer is activated whenever an
Ethernet ring node receives an indication that a local switching request has cleared (i.e., local clear SF,
clear). The guard timer can be configured in 10 ms steps, between 10 ms and two seconds, with a
default value of 500 ms. This timer period should be greater than the maximum expected forwarding
delay in which an R-APS message traverses the entire ring. The longer the period on the guard timer,
the longer an Ethernet ring node is unaware of new or existing relevant requests transmitted from
other Ethernet ring nodes, and is unable to react to them.
A guard timer is used in every Ethernet ring node. Once a guard timer is started, it expires by itself.
While the guard timer is running, any received R-APS Request/State and Status information is blocked
and not forwarded to the Priority Logic. When the guard timer is not running, the R-APS Request/State
and Status information is forwarded unchanged.
Hold-off Timer
W hen a new defect, or more severe defect occurs (new SF), this event is not be reported immediately
to protection switching if the provisioned hold-off timer is a non-zero value. Instead, the hold-off timer
is started. When the hold-off timer expires, the trail that started the timer is checked to see if a defect
still exists. If one does exist, that defect is reported to protection switching. The suggested range of the
hold-off timer is 0 to 10 seconds in steps of 100 ms with an accuracy of 5 ms. The default value for a
hold-off timer is 0 seconds.
Delay Timers
In revertive mode, the wait-to-restore (WTR) timer is used to prevent frequent operation of the
protection switching caused by intermittent signal failure defects. The wait-to-block (WTB) timer is
used when clearing Forced Switch and Manual Switch commands. As multiple Forced Switch
commands are allowed to coexist in an Ethernet ring, the WTB timer ensures that clearing of a single
Forced Switch command does not trigger the re-blocking of the RPL. When clearing a Manual Switch
command, the WTB timer prevents the formation of a closed loop due to a possible timing anomaly
where the RPL owner node receives an outdated remote MS request during the recovery process.
Layer 2 Protocols
73
ERPS
Sample Configuration
Here is a sample configuration of the ERPS feature:
create vlan cv1
config vlan cv1 tag 10
config vlan cv1 add port 5 6 tagged
create
config
config
config
vlan
vlan
vlan
vlan
pv1
pv1 tag 1000
pv1 add port 1
pv1 add port 5 6 tagged
Sub-ring Configuration
First, configure a main ring on the Interconnected node:
create erps main-ring1
configure erps main-ring1 add ring-ports east 5
configure erps main-ring1 add ring-ports west 6
configure erps ring1 add control cv1
Layer 2 Protocols
74
ERPS
Configuring ERPS
To add or delete a control VLAN on the ERPS ring, use the following commands:
configure erps ring-name add control {vlan} vlan_name
configure erps ring-name delete control {vlan} vlan_name
To add or delete a protected VLAN on the ERPS ring, use the following commands:
configure erps ring-name add protected {vlan} vlan_name
configure erps ring-name delete protected {vlan} vlan_name
To add ring ports on the ERPS ring, use the following command:
configure erps ring-name ring-ports [east | west] port
To delete ring ports on the ERPS ring, use the following command:
unconfigure erps ring-name ring-ports west
To add or delete RPL (ring protection link) owner configuration for the ERPS ring, use the following
commands:
configure erps ring-name protection-port port
Layer 2 Protocols
75
ERPS
To add or delete RPL (ring protection link) neighbor configuration for the ERPS ring, use the
following commands:
configure erps ring-name neighbor-port port
unconfigure erps ring-name neighbor-port
To add or delete ERPS revert operation along with the wait-to-restore time interval, use the
following commands:
configure {erps} ring-name revert [ enable | disable ]
To associate and disassociate fault monitoring entities on the ERPS ring ports, use the following
commands:
configure erps ring-name cfm md-level level
configure erps ring-name cfm port [east | west] ccm-interval [100 | 1000 |
10000 | 60000 | 600000]
configure erps ring-name cfm port [east | west] mepid mepid remote-mepid
rmepid
unconfigure {erps} ring-name cfm
Run or clear force and manual switch triggers to the ERPS ring/sub-ring.
configure erps ring-name dynamic-state [force-switch | manual-switch | clear]
port slot:port
To display specific details about an ERPS ring, use the following command:
show erps ring-name
Layer 2 Protocols
76
ERPS
To set the rings to which to propagate topology change events, use the following command:
configure erps ring-name [add | delete] topology-change ring-list
To add or delete a sub-ring to the main ring, use the following command:
configure {erps} ring-name [add | delete] sub-ring-name sub_ring
To add or delete an ERPS sub-ring to the EAPS domain, use the following commands:
configure {erps} ring-name notify-topology-change {eaps} domain_name
unconfigure {erps} ring-name notify-topology-change {eaps} domain_name
To enable or disable the ability of ERPS to allow the topology-change bit to be set (to send out
Flush events), , use the following commands:
enable erps ring-name topology-change
disable erps ring-name topology-change
To enable or disable the ability of ERPS rings to block on virtual channel recovery to avoid
temporary loops. This is done on interconnected nodes for sub-ring configurations, use the
following commands:
enable erps ring-name block-vc-recovery
disable erps ring-name block-vc-recovery
Sample Configuration
The following is a sample ERPS configuration:
create
config
config
create
vlan
vlan
vlan
vlan
Layer 2 Protocols
cv1
cv1 tag 10
cv1 add port 5 6 tagged
pv1
77
ERPS
Sub-ring Configuration
First, configure a main ring on the interconnected node:
create vlan Major_Cvl
configure vlan Major_Cvl tag 300
configure vlan Major_Cvl add ports 1 3 tag
create vlan Major_Pvl
configure vlan Major_Pvl tag 301
configure vlan Major_Pvl add ports 1 3 27 tag
create erps Major
configure erps Major add control Major_Cvl
configure erps Major add protected vlan Major_Pvl
configure erps Major ring-port east 1
configure erps Major ring-port west 3
configure erps Major protection-port 1
configure erps Major cfm md-level 2
configure erps Major cfm port east mepid 1 remote-mepid 3
configure erps Major cfm port west mepid 2 remote-mepid 4
enable erps Major
enable erps
Layer 2 Protocols
78
ERPS
Debugging ERPS
1
Check the output of show erps ring statistics to see if any error/dropped counters are
incrementing.
a If they are, check the state of the ring ports and trace these links to the neighbor node to see the
state of the links.
The output of show log after turning on the filters for ERPS should provide more information
on what is happening on the switch.
2 Check the output of show erps and show erps ring to see if the node state is as expected.
In steady state, the node should be in Idle and the failed state ring should be in Protected state.
Backup MSM Failover and checkpointing for both v1 and v2 are not available in the current release.
In platforms that do not have hardware OAM (operations and management), the optimum CFM
interval recommended is one second for link monitoring, which will give rise to approximately threesecond overhead in convergence times.
Other than the basic EAPS interoperability stated above, all other EAPS related interoperability is
not supported.
There is no interoperability with STP in the current release.
SNMP is not supported in the current release.
Layer 2 Protocols
79
3 Protocol Filters
Both L2PT and protocol filtering allow you to tunnel or filter many protocols on an interface. For this
purpose, EXOS supports creating protocol filters. A protocol filter contains a number of protocols to
which you can apply some action (like tunneling and filtering). Each protocol in a protocol filter is
defined using the following fields:
The destination MAC address of PDUs of the protocol. This field is mandatory for all protocols that
are to be tunneled or filtered.
The protocol id (EtherType, LLC, SNAP). This field is mandatory for all protocols that are to be
tunneled.
User defined field. This is an arbitrary field in the PDU of the protocol that is specified using the
offset of the field from the start of the PDU, the value of the field and a mask.
For example, use the following command to create a protocol filter that includes LACP and EFM OAM:
# Create a protocol filter
create protocol filter my_slow_protocols_filter
# Add LACP to the protocol filter
configure protocol filter my_slow_protocols_filteradd dest-mac
01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF
# Add EFM OAM to the protocol filter
configure protocol filter my_slow_protocols_filteradd dest-mac
01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF
The following validity checks are performed when a protocol is added to a protocol filter:
Ensure that the protocol does not already exist in the protocol filter.
If the protocol filter is used by any L2PT profile:
Ensure that the protocol defines a destination MAC address.
Ensure that the protocol defines a protocol identifier.
For every port that has the protocol filter attached for the purpose of protocol filtering:
Layer 2 Protocols
80
Protocol Filters
Layer 2 Protocols
81
Egress Action
Switch Action
None or Encap/Decap
NA
Process locally
Layer 2 Protocols
82
None
Tunnel
Tunnel
Tx PDU natively
Tunnel
Encap/Decap
Tx PDU encapsulated
The action taken by the switch for encapsulated PDUs for a protocol is as described in the following
table.
Table 4: L2 Encapsulated PDU Actions
Service has at least one I/F with tunnel
action
Ingress Action
No
Yes
None or Tunnel
NA
Yes
Encap/Decap
None
Yes
Encap/Decap
Tunnel
Tx PDU natively
Yes
Encap/Decap
Encap/Decap
Tx PDU encapsulated
Layer 2 Protocols
Egress Action
Switch Action
83
Protocol Tunneling
To make L2PT configuration easier, in EXOS you can create L2PT profiles. An L2PT profile specifies the
tunneling action and other parameters for protocols (specified using protocol filters) that should be
tunneled. You can then apply the profile to the interfaces of the service that are participating in L2PT.
And you can also change the profile when it is already bound to an interface.
The L2PT parameters that can be configured through a profile include the following:
Tunneling Action
Tunneling CoS
The following validity checks are performed when an entry for a protocol filter is created in an L2PT
profile:
Ensure that all protocols in the protocol filter define a destination MAC address.
Ensure that all protocols in the protocol filter define a protocol identifier.
Ensure that all protocols in the protocol filter are unique within the L2PT profile.
If the action for the protocol filter is encapsulate:
Ensure that there are no entries with action as tunnel in the L2PT profile.
Ensure that the service interface is either a tagged VLAN port or a PW.
The following validity checks are performed when a L2PT profile is bound to an interface of a service:
If the profile specifies the action as tunnel for protocol filter:
Ensure that the interface is not a PW.
Layer 2 Protocols
84
Ensure that none of the protocols in the L2PT profile are filtered on the underlying port of the
interface.
Ensure that none of the protocols in the L2PT profile are tunneled on the underlying port of the
interface.
Typically, you will want to configure the tunneling action for all customer facing interfaces of the
service that participate in L2PT as tunnel, and the tunneling action for all network facing interfaces as
encapsulate/decapsulate. Once any interface of the service is configured to tunnel a protocol, the
switch will configure all tagged ports and PWs of the service to encapsulate/decapsulate mode. You
can override this implicit configuration by binding a profile to the service interface that specifies a
different tunneling action.
For example, consider a VMAN service named c1 with customer facing ports 1, 2 and 3 and network
facing ports 4, 5, 6. Ports 4, 5 and 6 are added as tagged to the VMAN and 1, 2 and 3 are added as
untagged to the VMAN. The operator wants to tunnel LACP and EFM OAM on all customer facing ports
at CoS 5. The configurations that he or she must make are as follows:
# Create a protocol filter
create protocol filter my_slow_protocols_filter
# Add LACP to the protocol filter
configure protocol filter my_slow_protocols_filter
add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 01 mask FF
# Add EFM OAM to the protocol filter
configure protocol filter my_slow_protocols_filter
add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14 value 03 mask FF
# Create an L2PT profile for the customer facing ports named c1_l2pt_profile
create l2pt profile c1_l2pt_profile
# Enable CDP tunneling with CoS 5
configure l2pt profile c1_l2pt_profile add protocol filter
my_slow_protocols_filter action tunnel cos 5
# Bind c1_l2pt_profile to all customer facing ports
configure vman c1 ports 1,2,3 l2pt profile c1_l2pt_profile
# Please note that the network facing port 4, 5 and 6 dont have to be
explicitly
# configured to encapsulate/decapsulate mode since the switch implicitly sets
all
# tagged ports to encapsulate/decapsulate mode when an L2PT profile is bound
to
# any port of the service.
The operator also has the option to configure the L2PT destination MAC address (i.e. the DA used by
L2PT encapsulated PDUs). This is may be done using the following CLI command:
configure l2pt encapsulation dest-mac mac_address
The L2PT destination MAC address may only be changed when no L2PT profiles have been bound to
any service interface. The default L2PT DA MAC is 01:00:0C:CD:CD:D0 (selected to be interoperable
with Cisco and Juniper).
Layer 2 Protocols
85
Use the following commands to view the status and statistics of L2PT:
show [vlan | vman] vlan_name {ports port_list} l2pt {detail}
show {l2vpn} [vpls vpls_name | vpws vpws_name] {peer ipaddress} l2pt {detail}
Protocol Filtering
You can enable filtering of PDUs of a protocol on any port. If you enable filtering for a protocol on a
port, the switch discards PDUs of that protocol on that port.
Use the following command to view protocol filter status and statistics:
show ports [port_list | all] protocol filter {detail}
Layer 2 Protocols
86
Else:
An ACL rule is added to copy and drop all packets on the port that match the destination
address of the packet. The rule is also qualified with the EtherType of the protocol if it defines
one.
The protocol filtering data-plane inspects all packets received from ports that have protocol filters
attached, and drops any packet that matches any of the protocols configured in the protocol filter.
Layer 2 Protocols
87
6 L2PT Limitations
L2PT and protocol filtering is implemented in software, so the number of frames that can be filtered
or tunneled is limited.
Both L2PT and protocol filtering can be configured only through CLI. Configuration through
SNMP/XML is not supported for this release.
If L2PT configurations are made on PWs, these configurations are lost on a restart of the MPLS
process unless the L2PT process is also restarted.
If L2PT configurations are made on a VPLS or VPWS service, dot1p tag inclusion must be enabled on
the VPLS/VPWS.
When tunneling protocols are point-to-point in nature, it is your responsibility to ensure that there
are only two tunnel endpoints for the protocol.
If a protocol that is configured to be tunneled on a service interface cannot be uniquely identified by
its destination address and EtherType, then all packets with the same DA and EtherType of the
protocol being tunneled (but that are not really PDUs of the protocol) will be slow path forwarded.
Tagged protocol PDUs cannot be tunneled over VLANs. Tagged protocol PDUs can only be
tunneled over VMANs (the VMAN can be the service VMAN for a VPLS/VPWS service, or a
standalone VMAN). Untagged protocol PDUs can be tunneled over both VLANs and VMANs (the
VLAN/VMAN can be standalone, or be the service VMAN for a VPLS/VPWS service).
Untagged protocol PDUs cannot be bypassed if the ingress port is an untagged VMAN port with a
default CVID. Untagged protocol PDUs can be bypassed if the ingress port is an untagged VMAN
port without a default CVID.
In VPLS, only full-mesh configuration is supported for L2PT.
L2PT is not supported on VLAN ports that have a port specific tag.
L2PT is not supported over VPLS/VPWS in ExtremeXOS 15.5.1.
Layer 2 Protocols
88
7 STP
Spanning Tree Protocol Overview
Span Tree Domains
STP Configurations
Per VLAN Spanning Tree
Rapid Spanning Tree Protocol
Multiple Spanning Tree Protocol
STP and Network Login
STP Rules and Restrictions
Configure STP on the Switch
Display STP Settings
STP Configuration Examples
Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more fault
tolerant. This chapter explains more about STP and the STP features supported by ExtremeXOS.
Note
STP is a part of the 802.1D bridge specification defined by the IEEE Computer Society. To
explain STP in terms used by the IEEE 802.1D specification, the switch will be referred to as a
bridge.
ExtremeXOS version 12.0 and later supports the new edition of the IEEE 802.1D standard (known as
IEEE 802.1D-2004 ) for STP, which incorporates enhancements from the IEEE 802.1t-2001, IEEE 802.1W,
and IEEE 802.1y standards. The IEEE 802.1D-2004 standard is backward compatible with the IEEE
802.1D-1998 standard. For more information, see Compatibility Between IEEE 802.1D-1998 and IEEE
802.1D-2004 STP Bridges on page 90.
Layer 2 Protocols
89
STP
Layer 2 Protocols
90
STP
If you use the default port path costs, bridge D blocks its port to bridge E, and all traffic between
bridges D and E must traverse all of bridges in the network. Bridge D blocks its port to bridge E
because the path cost to the root bridge is less by going across bridges B and C (with a combined root
cost of 38) compared with going across bridge E (with a root cost of 200,000). In fact, if there were
100 bridges between bridges B, C, and D running the old 802.1D-1998 standard with the default port
path costs, bridge D would still use that path because the path cost is still higher going across bridge E.
As a workaround and to prevent this situation, configure the port path cost to make links with the same
speed use the same path host value. In the example described above, configure the port path cost for
the 802.1D-2004 compliant bridges (bridges A, D, E, and F) to 19.
Note
You cannot configure the port path cost on bridges B and C to 200,000 because the path
cost range setting for 802.1D-1998 compliant bridges is 1 to 65,535.
To configure the port path cost, use the following command:
configure stpd stpd_name ports cost [auto | cost] port_list
Bridge Priority
By configuring the STPD bridge priority, you make the bridge more or less likely to become the root
bridge.
Unlike the 802.1D-1998 standard, the 802.1D-2004 standard restricts the bridge priority to a 16-bit
number that must be a multiple of 4,096. The new priority range is 0 to 61,440 and is subject to the
multiple of 4,096 restriction. The old priority range was 0 to 65,535 and was not subject to the multiple
of 4,096 restriction (except for MSTP configurations). The default bridge priority remains the same at
32,768.
If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP bridge priority
that is not a multiple of 4,096, the switch rejects the entry and the bridge priority returns to the default
value while loading the structure. The MSTP implementation in ExtremeXOS already uses multiples of
4,096 to determine the bridge priority.
To configure the bridge priority, use the following command:
configure stpd stpd_name priority priority
For example, to lower the numerical value of the priority (which gives the priority a higher precedence),
you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672. If you modify the priority by a
value other than 4,096, the switch automatically changes the priority to the lower priority value. For
example, if you configure a priority of 31,000, the switch automatically changes the priority to 28,672.
Port Priority
The port priority value is always paired with the port number to make up the 16-bit port identifier,
which is used in various STP operations and the STP state machines.
Unlike the 802.1D-1998 standard, the 802.1D-2004 standard uses only the four most significant bits for
the port priority and it must be a multiple of 16. The new priority range available is 0 to 240 and is
Layer 2 Protocols
91
STP
subject to the multiple of 16 restriction. The 802.1D-1998 standard uses the eight most significant bits
for the port priority. The old priority range was 0 to 31 and was not subject to the multiple of 16
restriction.
To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existing
configure stpd ports priority command is available. If you have an ExtremeXOS 11.5 or
earlier configuration, the switch interprets the port priority based on the 802.1D-1998 standard. If the
switch reads a value that is not supported in ExtremeXOS 11.6 or later, the switch rejects the entry.
When you save the port priority value, the switch saves it as the command configure stpd ports
port-priority with the corresponding change in value.
For example, if the switch reads the configure stpd ports priority 16 command from an
ExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command configure stpd
ports priority 8 entered through CLI), the switch saves the value as configure stpd ports
port-priority 128.
Edge Port Behavior
In ExtremeXOS 11.5 or earlier, Extreme Networks had two edge port implementations: edge port and
edge port with safeguard.
The 802.1D-2004 standard has a bridge detection state machine, which introduced a third
implementation of edge port behavior. The following list describes the behaviors of the different edge
port implementations:
Edge port with safeguard prevents accidental or deliberate misconfigurations (loops) by having edge
ports enter the blocking state upon receiving a BPDU. The 802.1D-2004 standard implements a bridge
detection mechanism that causes an edge port to transition to a non-edge port upon receiving a BPDU;
however, if the former edge port does not receive any subsequent BPDUs during a pre-determined
interval, the port attempts to become an edge port.
Layer 2 Protocols
92
STP
If an 802.1D-2004 compliant safeguard port (edge port) connects to an 802.1D-1998 compliant edge
port with safeguard configured, the old safeguard port enters the blocking state. Although the new
safeguard port becomes a designated port, the link is not complete (and thus no loop is formed)
because one side of the link is blocked.
Restricted Role
In a large metro environment, to prevent external bridges from influencing the spanning tree active
topology, the following commands have been introduced for Rapid Spanning Tree Protocol (RSTP) and
Multiple Spanning Tree Protocol (MSTP).
This command enables restricted role on a specified port in the core network to prevent external
bridges from influencing the spanning tree active topology.
Restricted role should not be enabled with edge mode.
stpd_nameSpecifies an STPD name on the switch.
port_listSpecifies one or more ports or slots and ports.
Enabling restricted role causes a port to not be selected as a root port, even if it has the best
spanning tree priority vector. Such a port is selected as an alternate port after the root port is
selected. The restricted role is disabled by default. If set, it can cause a lack of spanning tree
connectivity.
A network administrator enables restricted role to prevent external bridges from influencing the
spanning tree active topology.
This command disables restricted role on a specified port in the core network.
stpd_nameSpecifies an STPD name on the switch.
port_listSpecifies one or more ports or slots and ports.
Restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. A
network administrator enables restricted role to prevent external bridges from influencing the
spanning tree active topology.
Layer 2 Protocols
93
STP
configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdurestrict} {recovery-timeout {seconds}}
configure stpd stpd_name ports link-type [[auto | broadcast | point-topoint] port_list | edge port_list {edge-safeguard [enable | disable] {bpdurestrict} {recovery-timeout seconds}}]
Layer 2 Protocols
94
STP
To include BPDU restrict functionality when configuring link types or edge safeguard, see Configuring
Link Types on page 114 and Configuring Edge Safeguard on page 114.
The example below shows a BPDU restrict configuration:
* switch # configure s1 ports edge-safeguard enable 9 bpdu-restrict recoverytimeout 400.
The following is sample output from the show s1 ports command resulting from the configuration:
switch # show s1 ports
Port
Mode
State
Cost Flags
Priority Port ID Designated Bridge
9
EMISTP FORWARDING 20000 eDee-w-G-- 128
8009
80:00:00:04:96:26:5f:4e
Total Ports: 1
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d = 802.1d, w = 802.1w, m = mstp
7:
i = edgeport inconsistency
8:
S = edgeport safe guard active
s = edgeport safe guard configured but inactive
8:
G = edgeport safe guard bpdu restrict active in 802.1w and
mstp
g = edgeport safe guard bpdu restrict active in 802.1d
9:
B = Boundary, I = Internal
10:
r = Restricted Role
switch # show configuration stp
#
# Module stp configuration.
#
configure mstp region 000496265f4e
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
create stpd s1
configure stpd s1 mode dot1w
enable stpd s0 auto-bind vlan Default
configure stpd s1 add vlan v1 ports 9 emistp
configure stpd s1 ports mode emistp 9
configure stpd s1 ports cost auto 9
configure stpd s1 ports port-priority 128 9
configure stpd s1 ports link-type edge 9
configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400
configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400
enable stpd s1 ports 9
configure stpd s1 tag 10
enable stpd s1
Layer 2 Protocols
95
STP
The following is sample output for STP operation mode dot1d from the show configuration stp
command:
switch # show configuration stp
#
# Module stp configuration.
#
configure mstp region region2
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
create stpd s1
enable stpd s0 auto-bind vlan Default
configure stpd s1 add vlan v1 ports 9 emistp
configure stpd s1 ports mode emistp 9
configure stpd s1 ports cost auto 9
configure stpd s1 ports priority 16 9
configure stpd s1 ports link-type edge 9
configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400
configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400
enable stpd s1 ports 9
configure stpd s1 tag 10
enable stpd s1
Layer 2 Protocols
96
STP
Member VLANs
When you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types of
member VLANs in an STPD are:
Carrier
Protected
Carrier VLAN
A carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belong
to the STPD and if configured, the 802.1Q tag used to transport Extreme Multiple Instance Spanning
Tree Protocol (EMISTP) or Per VLAN Spanning Tree (PVST+) encapsulated bridge protocol data units
(BPDUs).
See Encapsulation Modes on page 99 for more information about encapsulating STP BPDUs.
Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside the control
of any STPD at the same time.
If you configure EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrier VLAN in
that STPD. See Specifying the Carrier VLAN on page 98 for an example.
If you have an 802.1D configuration, we recommend that you configure the StpdID to be identical to the
VLAN ID of the carrier VLAN in that STPD. See Basic 802.1D Configuration Example on page 140 for an
example.
If you configure Multiple Spanning Tree (MSTPIEEE 802.1Q-2003, formerly IEEE 802.1s), you do not
need carrier VLANs for MSTP operation. With MSTP, you configure a Common and Internal Spanning
Tree (CIST) that controls the connectivity of interconnecting MSTP regions and sends BPDUs across the
regions to communicate the status of MSTP regions. All VLANs participating in the MSTP region have
the same privileges. For more information about MSTP, see Multiple Spanning Tree Protocol on page
123.
Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD.
These VLANs piggyback on the carrier VLAN. Protected VLANs do not transmit or receive STP
BPDUs, but they are affected by STP state changes and inherit the state of the carrier VLAN. Protected
VLANs can participate in multiple STPDs, but any particular port in the VLAN can belong to only one
STPD. Also known as non-carrier VLANs.
If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs do
not transmit or receive STP BPDUs, but they are affected by STP state changes communicated by the
CIST to the MSTP regions. Multiple spanning tree instances (MSTIs) cannot share the same protected
VLAN; however, any port in a protected VLAN can belong to multiple MSTIs. For more information
about MSTP, see Multiple Spanning Tree Protocol on page 123.
Layer 2 Protocols
97
STP
create vlan v5
configure vlan
configure vlan
create stpd s8
configure stpd
configure stpd
enable stpd s8
v5 tag 100
v5 add ports 1:1-1:20 tagged
s8 add vlan v5 ports all emistp
s8 tag 100
Notice how the tag number for the VLAN v5 (100) is identical to the tag for STPD s8. By using identical
tags, you have selected the carrier VLAN. The carrier VLAN's ID is now identical to the STPD's ID.
STPD Modes
An STPD has three modes of operation:
802.1D mode
Use this mode for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1D. When configured in this mode, all rapid
configuration mechanisms are disabled.
802.1w mode
Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode, all
rapid configuration mechanisms are enabled. The benefit of this mode is available on point-to-point
links only and when the peer is likewise configured in 802.1w mode. If you do not select point-topoint links and the peer is not configured for 802.1w mode, the STPD fails back to 802.1D mode.
You can enable or disable RSTP on a per STPD basis only; you cannot enable RSTP on a per port
basis.
For more information about RSTP and RSTP features, see Rapid Spanning Tree Protocol on page
112.
MSTP mode
Use this mode for compatibility with MSTP. MSTP is an extension of RSTP and offers the benefit of
better scaling with fast convergence. When configured in this mode, all rapid configuration
mechanisms are enabled. The benefit of MSTP is available only on point-to-point links and when you
configure the peer in MSTP or 802.1w mode. If you do not select point-to-point links and the peer is
not configured in 802.1w mode, the STPD fails back to 802.1D mode.
Layer 2 Protocols
98
STP
You must first configure a CIST before configuring any MSTIs in the region. You cannot delete or
disable a CIST if any of the MSTIs are active in the system.
You can create only one MSTP region on the switch, and all switches that participate in the region
must have the same regional configurations. You can enable or disable an MSTP on a per STPD basis
only; you cannot enable MSTP on a per port basis.
If configured in MSTP mode, an STPD uses the 802.1D BPDU encapsulation mode by default. To
ensure correct operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation
mode for MSTP STPDs.
For more information about MSTP and MSTP features, see Multiple Spanning Tree Protocol on page
123.
By default:
Encapsulation Modes
You can configure ports within an STPD to accept specific BPDU encapsulations.
This STP port encapsulation is separate from the STP mode of operation. For example, you can
configure a port to accept the PVST+ BPDU encapsulation while running in 802.1D mode.
An STP port has three possible encapsulation modes:
802.1D mode
Use this mode for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. Because
of this, any given physical interface can have only one STPD running in 802.1D mode.
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode
EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physical
port to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significant
flexibility to STP network design. BPDUs are sent with an 802.1Q tag having an STPD instance
Identifier (STPD ID) in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
Per VLAN Spanning Tree (PVST+) mode
Layer 2 Protocols
99
STP
This mode implements PVST+ in compatibility with third-party switches running this version of STP.
The STPDs running in this mode have a one-to-one relationship with VLANs and send and process
packets in PVST+ format.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs to
multiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run in
different modes for different domains to which it belongs.
If configured in MSTP mode, an STPD uses the 802.1D BPDU encapsulation mode by default. To ensure
correct operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for
MSTP STPDs.
To configure the BPDU encapsulation mode for one or more STP ports, use the command:
To configure the default BPDU encapsulation mode on a per STPD basis, use the command:
STP States
Each port that belongs to a member VLAN participating in STP exists in one of the following states:
Layer 2 Protocols
100
STP
Blocking
A port in the blocking state does not accept ingress traffic, perform traffic forwarding, or learn MAC
source addresses. The port receives STP BPDUs. During STP initialization, the switch always enters
the blocking state.
Listening
A port in the listening state does not accept ingress traffic, perform traffic forwarding, or learn MAC
source addresses. The port receives STP BPDUs. This is the first transitional state a port enters after
being in the blocking state. The bridge listens for BPDUs from neighboring bridge(s) to determine
whether the port should or should not be blocked.
Learning
A port in the learning state does not accept ingress traffic or perform traffic forwarding, but it begins
to learn MAC source addresses. The port also receives and processes STP BPDUs. This is the second
transitional state after listening. From learning, the port will change to either blocking or forwarding.
Forwarding A port in the forwarding state accepts ingress traffic, learns new MAC source addresses, forwards
traffic, and receives and processes STP BPDUs.
Disabled
A port in the disabled state does not participate in STP; however, it will forward traffic and learn new
MAC source addresses.
Binding Ports
There are two ways to bind (add) ports to an STPD: manually and automatically. By default, ports are
manually added to an STPD.
Note
The default VLAN and STPD S0 are already on the switch.
Manually Binding Ports
The first command adds all ports or a list of ports within the specified VLAN to an STPD. For EMISTP
and PVST+, the carrier VLAN must already exist on the same set of ports. The second command
adds all ports or a list of ports to the specified VLAN and STPD at the same time. If the ports are
added to the VLAN but not to the STPD, the ports remain in the VLAN.
For EMISTP and PVST+, if the specified VLAN is not the carrier VLAN and the specified ports are not
bound to the carrier VLAN, the system displays an error message. If you configure MSTP on your
switch, MSTP does not need carrier VLANs.
Note
The carrier VLAN's ID must be identical to the ID of the STP domain.
If you add a protected VLAN or port, that addition inherits the carrier VLANs encapsulation mode,
unless you specify the encapsulation mode when you execute the configure stpd add vlan
or configure vlan add ports stpd commands. If you specify an encapsulation mode
(dot1d, emistp, or pvst-plus), the STP port mode is changed to match; otherwise, the STP port
inherits either the carrier VLANs encapsulation mode on that port or the STPDs default
encapsulation mode.
Layer 2 Protocols
101
STP
For MSTP, you do not need carrier a VLAN. A CIST controls the connectivity of interconnecting
MSTP regions and sends BPDUs across the regions to communicate region status. You must use the
dot1d encapsulation mode in an MSTP environment. For more information about MSTP, see the
section Multiple Spanning Tree Protocol on page 123.
To remove ports, use the command:
configure stpd stpd_name delete vlan vlan_name ports [all | port_list]
If you manually delete a protected VLAN or port, only that VLAN or port is removed. If you manually
delete a carrier VLAN or port, all VLANs on that port (both carrier and protected) are deleted from
that STPD.
To learn more about member VLANs, see Member VLANs on page 97. For more detailed information
about these command line interface (CLI) commands, see the ExtremeXOS Command Reference Guide.
Automatically Binding Ports
To automatically bind ports to an STPD when the ports are added to a VLAN, use the command:
enable stpd stpd_name auto-bind vlan vlan_name
The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the
default VLAN that participates in the default STPD S0.
For EMISTP or PVST+, when you issue this command, any port or list of ports that you add to the
carrier VLAN are automatically added to the STPD with autobind enabled. In addition, any port or
list of ports that you remove from a carrier VLAN are automatically removed from the STPD. This
feature allows the STPD to increase or decrease its span as ports are added to or removed from a
carrier VLAN.
Note
The carrier VLAN's ID must be identical to the ID of the STP domain.
Enabling autobind on a protected VLAN does not expand the boundary of the STPD.
If the same set of ports are members of the protected VLAN and the carrier VLAN, protected
VLANs are aware of STP state changes. For example, assume you have the following scenario:
Since v1 contains ports 3:1-3:2, v2 is aware only of the STP changes for ports 3:1 and 3:2, respectively.
Ports 3:3 and 3:4 are not part of the STPD, which is why v2 is not aware of any STP changes for
those ports.
In addition, enabling autobind on a protected VLAN causes ports to be automatically added or
removed as the carrier VLAN changes.
For MSTP, when you issue this command, any port or list of ports that gets automatically added to
an MSTI are automatically inherited by the CIST. In addition, any port or list of ports that you remove
from an MSTI protected VLAN are automatically removed from the CIST. For more information, see
Automatically Inheriting Ports--MSTP Only on page 103.
Layer 2 Protocols
102
STP
If you manually delete a port from the STPD on a VLAN that has been added by autobind,
ExtremeXOS records the deletion so that the port does not get automatically added to the STPD
after a system restart.
To learn more about the member VLANs, see Member VLANs on page 97. For more detailed
information about these CLI commands, see the ExtremeXOS Command Reference Guide.
Automatically Inheriting Ports--MSTP Only
In an MSTP environment, whether you manually or automatically bind a port to an MSTI in an MSTP
region, the switch automatically binds that port to the CIST.
The CIST handles BPDU processing for itself and all of the MSTIs; therefore, the CIST must inherit ports
from the MSTIs in order to transmit and receive BPDUs. You can only delete ports from the CIST if it is
no longer a member of an MSTI.
For more information about MSTP, see Multiple Spanning Tree Protocol on page 123.
Layer 2 Protocols
103
STP
maintains the state of STP. STP supports hitless failover. You do not explicitly configure hitless failover
support; rather, if you have two nodes installed, hitless failover is available.
Note
Not all platforms support hitless failover in the same software release. To verify if the
software version you are running supports hitless failover, see the following table in
Managing the Switch. For more information about protocol, platform, and MSM/MM support
for hitless failover, see Understanding Hitless Failover Support.
To support hitless failover, the primary node replicates STP BPDUs to the backup, which allows the
nodes to run STP in parallel. Although both primary and backup node receive STP BPDUs, only the
primary transmits STP BPDUs to neighboring switches and participates in STP.
Note
Before initiating failover, review the section Synchronizing Nodes--Modular Switches and
SummitStack Only to confirm that both primary and backup nodes are running software that
supports the synchronize command.
To initiate hitless failover on a network that uses STP:
1
Confirm that the nodes are synchronized and have identical software and switch configurations
using the command:
show switch {detail}
The output displays the status of the primary and backup nodes, with the primary node showing
MASTER and the backup node showing BACKUP (InSync).
If the primary and backup nodes are not synchronized and both nodes are running a version of
ExtremeXOS that supports synchronization, proceed to 2 on page 104.
If the primary and backup nodes are synchronized, proceed to 3 on page 104.
2 If the primary and backup nodes are not synchronized, use the synchronize command to
replicate all saved images and configurations from the primary to the backup.
After you confirm the nodes are synchronized, proceed to 3 on page 104.
3 If the nodes are synchronized, use the run failover (formerly run msm-failover) command
to initiate failover.
For more detailed information about verifying the status of the primary and backup nodes, and system
redundancy, see Understanding System Redundancy. For more information about hitless failover, see
Understanding Hitless Failover Support.
STP Configurations
When you assign VLANs to an STPD, pay careful attention to the STP configuration and its effect on
the forwarding of VLAN traffic.
This section describes three types of STP configurations:
Basic STP
Multiple STPDs on a single port (which uses EMISTP)
Layer 2 Protocols
104
STP
Layer 2 Protocols
105
STP
Layer 2 Protocols
106
STP
STP can block traffic between switch 1 and switch 3 by disabling the trunk ports for that connection on
each switch.
Switch 2 has no ports assigned to VLAN Marketing. Therefore, if the trunk for VLAN Marketing on
switches 1 and 3 is blocked, the traffic for VLAN Marketing will not be able to traverse the switches.
Note
If an STPD contains multiple VLANs, all VLANs should be configured on all ports in that
domain, except for ports that connect to hosts (edge ports).
Layer 2 Protocols
107
STP
Layer 2 Protocols
108
STP
In this case, it is desirable to have multiple STP domains operating in a single VLAN, one for each
looped area.
The justifications include the following:
The complexity of the STP algorithm increases, and performance drops, with the size and
complexity of the network. The 802.1D standard specifies a maximum network diameter of seven
hops. By segregating a big VLAN into multiple STPDs, you reduce complexity and enhance
performance.
Local to each site, there may be other smaller VLANs that share the same redundant looped area
with the large VLAN. Some STPDs must be created to protect those VLANs. The ability to partition
VLANs allows the large VLAN to be "piggybacked" in those STPDs in a site-specific fashion.
The following figure has five domains. VLANs green, blue, brown, and yellow are local to each domain.
VLAN red spans all of the four domains. Using a VLAN that spans multiple STPDS, you do not have to
create a separate domain for VLAN red. Instead, VLAN red is piggybacked onto those domains local
to other VLANs.
Each site can be administered by a different organization or department within the enterprise.
Having a site-specific STP implementation makes the administration more flexible and convenient.
Between the sites the connections usually traverse distribution switches in ways that are known
beforehand to be safe with STP. In other words, the looped areas are already well defined.
Although a physical port can belong to multiple STPDs, any VLAN on that port can be in only one
domain. Put another way, a VLAN cannot belong to two STPDs on the same physical port.
Although a VLAN can span multiple domains, any LAN segment in that VLAN must be in the same
STPD. VLANs traverse STPDs only inside switches, not across links. On a single switch, however,
Layer 2 Protocols
109
STP
bridge ports for the same VLAN can be assigned to different STPDs. This scenario is illustrated in
the following figure.
The VLAN partition feature is deployed under the premise that the overall inter-domain topology
for that VLAN is loop-free. Consider the case in the following figure, VLAN red (the only VLAN in the
figure) spans STPDs 1, 2, and 3. Inside each domain, STP produces a loop-free topology. However,
VLAN red is still looped, because the three domains form a ring among themselves.
Layer 2 Protocols
110
STP
A necessary (but not sufficient) condition for a loop-free inter-domain topology is that every two
domains only meet at a single crossing point.
Note
You can use MSTP to overcome the EMISTP constraints described in this section.
Layer 2 Protocols
111
STP
This fact does not exclude other non-PVST+ protected VLANs from being grouped into the same STPD.
A protected PVST+ VLAN can be joined by multiple non-PVST+ protected VLANs to be in the same
STPD.
Note
When PVST+ is used to interoperate with other networking devices, each VLAN participating
in PVST+ must be in a separate STP domain.
Native VLAN
In PVST+, the native VLAN must be peered with the default VLAN on Extreme Networks devices, as
both are the only VLANs allowed to send and receive untagged packets on the physical port.
Third-party PVST+ devices send VLAN 1 packets in a special manner. ExtremeXOS does not support
PVST+ for VLAN 1. Therefore, when the switch receives a packet for VLAN 1, the packet is dropped.
When a PVST+ instance is disabled, the fact that PVST+ uses a different packet format raises an issue. If
the STPD also contains ports not in PVST+ mode, the flooded packet has an incompatible format with
those ports. The packet is not recognized by the devices connected to those ports.
RSTP Concepts
Port Roles
RSTP uses information from BPDUs to assign port roles for each LAN segment. Port roles are not userconfigurable. Port role assignments are determined based on the following criteria:
Layer 2 Protocols
112
STP
RSTP assigns one of the following port roles to bridge ports in the network, as described in the
following table.
Table 5: RSTP Port Roles
Port Role
Description
Root
Provides the shortest (lowest) path cost to the root bridge. Each bridge has only one root port;
the root bridge does not have a root port. If a bridge has two or more ports with the same path
cost, the port with the best port identifier (lowest MAC address) becomes the root port.
Designated
Provides the shortest path connection to the root bridge for the attached LAN segment. To
prevent loops in the network, there is only one designated port on each LAN segment. To select
the designated port, all bridges that are connected to a particular segment listen to each others
BPDUs and agree on the bridge sending the best BPDU. The corresponding port on that bridge
becomes the designated port. If there are two or more ports connected to the LAN, the port with
the best port identifier becomes the designated port.
Alternate
Provides an alternate path to the root bridge and the root port.
Backup
Supports the designated port on the same attached LAN segment. Backup ports exist only when
the bridge is connected as a self-loop or to a shared-media segment.
Disabled
A port in the disabled state does not participate in RSTP; however, it will forward traffic and learn
new MAC source addresses.
All root ports and designated ports are in the forwarding state.
All alternate ports and backup ports are in the blocking state.
RSTP makes the distinction between the alternate and backup port roles to describe the rapid
transition of the alternate port to the forwarding state if the root port fails.
To prevent a port from becoming an alternate or backup port, use the command:
configure stpd stpd_name ports active-role enable port .
To revert to the default that allows a port to be elected to any STP port role, use the command:
configure stpd stpd_name ports active-role disable port
To view the active-role status, use teh command: show stpd ports
Link Types
With RSTP, you can configure the link type of a port in an STPD.
RSTP tries to rapidly move designated point-to-point links into the forwarding state when a network
topology change or failure occurs. For rapid convergence to occur, the port must be configured as a
point-to-point link.
The following table describes the link types.
Layer 2 Protocols
113
STP
Description
Auto
Specifies the switch to automatically determine the port link type. An auto link behaves like a
point-to-point link if the link is in full-duplex mode or if link aggregation is enabled on the port.
Otherwise, the link behaves like a broadcast link used for 802.1w configurations.
Edge
Specifies a port that does not have a bridge attached. An edge port is held in the STP
forwarding state unless a BPDU is received by the port. In that case, the port behaves as a
normal RSTP port. The port is no longer considered an edge port. If the port does not receive
subsequent BPDUs during a pre-determined time, the port attempts to become an edge port.
ExtremeXOS 11.5 or earlierAn edge port is placed and held in the STP forwarding state unless
a BPDU is received by the port. In that case, an edge port enters and remains in the blocking
state until it stops receiving BPDUs and the message age timer expires.
Broadcast
Specifies a port attached to a LAN segment with more than two bridges. A port with a
broadcast link type cannot participate in rapid reconfiguration using RSTP or MSTP. By default,
all ports are broadcast links.
Point-to-point
Specifies a port attached to a LAN segment with only two bridges. A port with point-to-point
link type can participate in rapid reconfiguration. Used for 802.1w and MSTP configurations.
To display detailed information about the ports in an STPD, enter the command:
show {stpd} stpd_name ports {[detail | port_list {detail}]}
Loop prevention and detection on an edge port configured for RSTP is called edge safeguard. You can
configure edge safeguard on RSTP edge ports to prevent accidental or deliberate misconfigurations
(loops) resulting from connecting two edge ports together or by connecting a hub or other non-STP
switch to an edge port. Edge safeguard also limits the impact of broadcast storms that might occur on
edge ports. This advanced loop prevention mechanism improves network resiliency but does not
interfere with the rapid convergence of edge ports.
Layer 2 Protocols
114
STP
An edge port configured with edge safeguard immediately enters the forwarding state and transmits
BPDUs. If a loop is detected, STP blocks the port. By default, an edge port without edge safeguard
configured immediately enters the forwarding state but does not transmit BPDUs unless a BPDU is
received by that edge port.
You can also configure edge safeguard for loop prevention and detection on an MSTP edge port.
To configure an edge port and enable edge safeguard on that port, use the command:
configure stpd stpd_name ports link-type [[auto | broadcast | point-to-point]
port_list | edge port_list {edge-safeguard [enable | disable] {bpdu-restrict}
{recovery-timeout seconds}}]
If you have already configured a port as an edge port and you want to enable edge safeguard on
the port, use the following command:
configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdurestrict} {recovery-timeout {seconds}}
In ExtremeXOS 11.5 and earlier, ports that connect to non-STP devices are edge ports. Edge ports do
not participate in RSTP, and their role is not confirmed. Edge ports immediately enter the forwarding
state unless the port receives a BPDU. In that case, edge ports enter the blocking state. The edge port
remains in the blocking state until it stops receiving BPDUs and the message age timer expires.
ExtremeXOS 11.6 and later support an enhanced bridge detection method, which is part of the
802.1D-2004 standard. Ports that connect to non-STP devices are still considered edge ports. However,
if you have an 802.1D-2004 compliant edge port, the bridge detection mechanism causes the edge
port to transition to a non-edge port upon receiving a BPDU. If the former edge port does not receive a
subsequent BPDU during a pre-determined interval, the port attempts to become an edge port.
In ExtremeXOS 12.0.3 and 12.1.4 onwards, STP edge safeguard disables a port when a remote loop is
detected. ExtremeXOS versions prior to 12.0.3 and 12.1.4 place the port in blocking mode. The change
was made because BPDUs are still processed when a port is in a blocking state. A remote loop causes
BPDUs to be exponentially duplicated which caused high CPU utilization on the switch even though the
port was transitioned to a blocked state.
RSTP Timers
For RSTP to rapidly recover network connectivity, RSTP requires timer expiration. RSTP derives many
of the timer values from the existing configured STP timers to meet its rapid recovery requirements
rather than relying on additional timer configurations.
Table 7: User-Configurable Timers on page 116 describes the user-configurable timers, and the Table 8:
Derived Timers on page 116 describes the timers that are derived from other timers and are not user
configurable.
Layer 2 Protocols
115
STP
Description
Hello
The root bridge uses the hello timer to send out configuration BPDUs through all of
its forwarding ports at a predetermined, regular time interval. The default value is 2
seconds. The range is 1 to 10 seconds.
Forward delay
A port moving from the blocking state to the forwarding state uses the forward
delay timer to transition through the listening and learning states. In RSTP, this timer
complements the rapid configuration behavior. If none of the rapid rules are in effect,
the port uses legacy STP rules to move to the forwarding state. The default is 15
seconds. The range is 4 to 30 seconds.
Description
TCN
The root port uses the topology change notification (TCN) timer when it detects a
change in the network topology. The TCN timer stops when the topology change
timer expires or upon receipt of a topology change acknowledgement. The default
value is the same as the value for the bridge hello timer.
Topology change
The topology change timer determines the total time it takes the forwarding ports to
send configuration BPDUs. The default value for the topology change timer depends
upon the mode of the port:
802.1D modeThe sum of the forward delay timer value (default value is 15 seconds;
range of 4 to 30 seconds) and the maximum age timer value (default value is 20
seconds; range of 6 to 40 seconds).
802.1w modeDouble the hello timer value (default value is 4 seconds).
Message age
A port uses the message age timer to time out receiving BPDUs. When a port
receives a superior or equal BPDU, the timer restarts. When the timer expires, the
port becomes a designated port and a configuration update occurs. If the bridge
operates in 1w mode and receives an inferior BPDU, the timer expires early. The
default value is the same as the STPD bridge max age parameter.
Hold
A port uses the hold timer to restrict the rate that successive BPDUs can be sent. The
default value is the same as the value for the bridge hello timer.
Recent backup
The timer starts when a port leaves the backup role. When this timer is running, the
port cannot become a root port. The default value is double the hello time (4
seconds).
Recent root
The timer starts when a port leaves the root port role. When this timer is running,
another port cannot become a root port unless the associated port is put into the
blocking state. The default value is the same as the forward delay time.
The protocol migration timer is neither user-configurable nor derived; it has a set value of 3 seconds.
The timer starts when a port transitions from STP (802.1D) mode to RSTP (802.1w) mode and viceversa. This timer must expire before further mode transitions can occur.
RSTP Operation
In an RSTP environment, a point-to-point link LAN segment has two bridges.
Layer 2 Protocols
116
STP
A switch that considers itself the unique, designated bridge for the attached LAN segment sends a
propose message to the other bridge to request a confirmation of its role. The other bridge on that
LAN segment replies with an agree message if it agrees with the proposal. The receiving bridge
immediately moves its designated port into the forwarding state.
Before a bridge replies with an agree message, it reverts all of its designated ports into the blocking
state. This introduces a temporary partition into the network. The bridge then sends another propose
message on all of its designated ports for further confirmation. Because all of the connections are
blocked, the bridge immediately sends an agree message to unblock the proposing port without
having to wait for further confirmations to come back or without the worry of temporary loops.
Beginning with the root bridge, each bridge in the network engages in the exchange of propose and
agree messages until they reach the edge ports. Edge ports connect to non-STP devices and do not
participate in RSTP. Their role does not need to be confirmed. If you have an 802.1D-2004 compliant
edge port, the bridge detection mechanism causes the edge port to transition to a non-edge port upon
receiving a BPDU. If the former edge port does not receive a subsequent BPDU during a predetermined interval, the port attempts to become an edge port.
RSTP attempts to transition root ports and designated ports to the forwarding state and alternate ports
and backup ports to the blocking state as rapidly as possible.
A port transitions to the forwarding state if any of the port:
Has been in either a root or designated port role long enough that the spanning tree information
supporting this role assignment has reached all of the bridges in the network;
Note
RSTP is backward-compatible with STP, so if a port does not move to the forwarding
state with any of the RSTP rapid transition rules, a forward delay timer starts and STP
behavior takes over.
Is now a root port and no other ports have a recent role assignment that contradicts with its root
port role;
Is a designated port and attaches to another bridge by a point-to-point link and receives an agree
message from the other bridge port; or
Is an edge port. An edge port is a port connected to a non-STP device and is in the forwarding state.
Layer 2 Protocols
117
STP
Becomes the root bridge and sends a BPDU to the LAN that is received by both ports on the old
bridge.
Layer 2 Protocols
118
STP
agrees with the proposal, the port can erroneously enter the forwarding state after receiving a single
agree message.
Receiving Bridge Behavior
The receiving bridge must decide whether or not to accept a proposal from a port.
Upon receiving a proposal for a root port, the receiving bridge:
If the receiving bridge receives a proposal for a designated port, the bridge replies with its own BPDU.
If the proposal is for an alternate or backup port, the bridge keeps silent.
Propagating Topology Change Information
When a change occurs in the topology of the network, such events are communicated through the
network.
In an RSTP environment, only non-edge ports entering the forwarding state cause a topology change.
A loss of network connectivity is not considered a topology change; however, a gain in network
connectivity must be communicated. When an RSTP bridge detects a topology change, that bridge
starts the topology change timer, sets the topology change flag on its BPDUs, floods all of the
forwarding ports in the network (including the root ports), and flushes the learned MAC address
entries.
Rapid Reconvergence
This section describes the RSTP rapid behavior following a topology change.
In this example, the bridge priorities are assigned based on the order of their alphabetical letters; bridge
A has a higher priority than bridge F.
Suppose you have a network, as shown in the following figure, with six bridges (bridge A through
bridge F) where the following is true:
Layer 2 Protocols
119
STP
Bridge E believes that bridge A is the root bridge. When bridge E receives the BPDU on its root port
from bridge F, bridge E:
Determines that it received an inferior BPDU.
Immediately begins the max age timer on its root port.
Performs a configuration update.
Layer 2 Protocols
120
STP
Layer 2 Protocols
121
STP
Layer 2 Protocols
122
STP
Layer 2 Protocols
123
STP
MSTP logically divides a Layer 2 network into regions. Each region has a unique identifier and contains
multiple spanning tree instances (MSTIs). An MSTI is a spanning tree domain that operates within and is
bounded by a region. MSTIs control the topology inside the regions. The Common and Internal
Spanning Tree (CIST) is a single spanning tree domain that interconnects MSTP regions. The CIST is
responsible for creating a loop-free topology by exchanging and propagating BPDUs across regions to
form a Common Spanning Tree (CST).
MSTP uses RSTP as its converging algorithm and is interoperable with the legacy STP protocols: STP
(802.1D) and RSTP (802.1w).
MSTP has three major advantages over 802.1D, 802.1w, and other proprietary implementations:
To save control path bandwidth and provide improved scalability, MSTP uses regions to localize
BPDU traffic. BPDUs containing information about MSTIs contained within an MSTP region do not
cross that regions boundary.
A single BPDU transmitted from a port can contain information for up to 64 STPDs. MSTP BPDU
processing utilizes less resources compared to 802.1D or 802.1w where one BPDU corresponds to
one STPD.
In a typical network, a group of VLANs usually share the same physical topology. Dedicating a
spanning tree per VLAN like PVST+ is CPU intensive and does not scale very well. MSTP makes it
possible for a single STPD to handle multiple VLANs.
MSTP Concepts
MSTP Regions
An MSTP network consists of either individual MSTP regions connected to the rest of the network with
802.1D and 802.1w bridges or as individual MSTP regions connected to each other.
An MSTP region defines the logical boundary of the network. With MSTP, you can divide a large
network into smaller areas similar to an OSPF area or a BGP Autonomous System, which contain a
group of switches under a single administration. Each MSTP region has a unique identifier and is bound
together by one CIST that spans the entire network. A bridge participates in only one MSTP region at a
time.
An MSTP region can hide its internal STPDs and present itself as a virtual 802.1w bridge to other
interconnected regions or 802.1w bridges because the port roles are encoded in 802.1w and MSTP
BPDUs.
By default, the switch uses the MAC address of the switch to generate an MSTP region. Since each MAC
address is unique, every switch is in its own region by default. For multiple switches to be part of an
MSTP region, you must configure each switch in the region with the same MSTP region identifiers. See
Configuring MSTP Region Identifiers on page 125 for information.
In the following figure, all bridges inside MSTP regions 1 and 2 are MSTP bridges; bridges outside of the
regions are either 802.1D or 802.1w bridges.
Layer 2 Protocols
124
STP
For multiple switches to be part of an MSTP region, you must configure each switch in the region with
the same MSTP configuration attributes, also known as MSTP region identifiers. The following list
describes the MSTP region identifiers:
Region NameThis indicates the name of the MSTP region. In the Extreme Networks
implementation, the maximum length of the name is 32 characters and can be a combination of
alphanumeric characters and underscores ( _ ).
Format SelectorThis indicates a number to identify the format of MSTP BPDUs. The default is 0.
Revision LevelThis identifier is reserved for future use; however, the switch uses and displays a
default of 3.
The switches inside a region exchange BPDUs that contain information for MSTIs.
The switches connected outside of the region exchange CIST information. By having devices look at the
region identifiers, MSTP discovers the logical boundary of a region:
The maximum length of the region name is 32 characters and can be a combination of alphanumeric
characters and underscores ( _ ). You can configure only one MSTP region on the switch at any
given time.
If you have an active MSTP region, we recommend that you disable all active STPDs in the region
before renaming the region on all of the participating switches.
To configure the number used to identify MSTP BPDUs, use the command:
configure mstp format format_identifier
Layer 2 Protocols
125
STP
By default, the value used to identify the MSTP BPDUs is 0. The range is 0 to 255.
If you have an active MSTP region, we recommend that you disable all active STPDs in the region
before modifying the value used to identify MSTP BPDUs on all participating switches.
To configure the MSTP revision level, use the command:
configure mstp revision revision
Although this command is available on the CLI, this command is reserved for future use.
Unconfiguring an MSTP Region
Before you unconfigure an MSTP region, we recommend that you disable all active STPDs in the region.
To unconfigure the MSTP region on the switch, use the command:
unconfigure mstp region
After you issue this command, all of the MSTP settings return to their default values. See Configuring
MSTP Region Identifiers on page 125 for information about the default settings.
Common and Internal Spanning Tree
MSTP logically divides a Layer 2 network into regions. The Common and Internal Spanning Tree (CIST)
is a single spanning tree domain that interconnects MSTP regions. The CIST is responsible for creating a
loop-free topology by exchanging and propagating BPDUs across regions to form a Common Spanning
Tree (CST).
In essence, the CIST is similar to having a large spanning tree across the entire network. The CIST has its
own root bridge that is common to all MSTP regions, and each MSTP region elects a CIST regional root
that connects that region to the CIST, thereby forming a CST.
The switch assigns the CIST an instance ID of 0, which allows the CIST to send BPDUs for itself in
addition to all of the MSTIs within an MSTP region. Inside a region, the BPDUs contain CIST records and
piggybacked M-records. The CIST records contain information about the CIST, and the M-records
contain information about the MSTIs. Boundary ports exchange only CIST record BPDUs.
All MSTP configurations require a CIST domain. You must first configure the CIST domain before
configuring any MSTIs. By default, all MSTI ports in the region are inherited by the CIST. You cannot
delete or disable a CIST if any of the MSTIs are active in the system.
Configuring the CIST
Configure an STPD as the CIST, specifying the mstp cist keywords in the following command:
configure stpd stpd_name mode [dot1d | dot1w | mstp [cist | msti instance]]
You can enable MSTP on a per STPD basis only. By specifying the mstp cist keywords, you can
configure the mode of operation for the STPD as MSTP and identify the STPD to be the CIST.
CIST Root Bridge
In a Layer 2 network, the bridge with the lowest bridge ID becomes the CIST root bridge. The
parameters (vectors) that define the root bridge include the following:
Layer 2 Protocols
126
STP
The CIST root bridge can be either inside or outside an MSTP region. The CIST root bridge is unique for
all regions and non-MSTP bridges, regardless of its location.
For more information about configuring the bridge ID, see the configure stpd priority
command.
CIST Regional Root Bridge
Within an MSTP region, the bridge with the lowest path cost to the CIST root bridge is the CIST regional
root bridge.
The path cost, also known as the CIST external path cost, is a function of the link speed and number of
hops. If there is more than one bridge with the same path cost, the bridge with the lowest bridge ID
becomes the CIST regional root. If the CIST root is inside an MSTP region, the same bridge is the CIST
regional root for that region because it has the lowest path cost to the CIST root. If the CIST root is
outside an MSTP region, all regions connect to the CIST root via their CIST regional roots.
The total path cost to the CIST root bridge from any bridge in an MSTP region consists of the CIST
internal path cost (the path cost of the bridge to the CIST regional root bridge) and the CIST external
path cost. To build a loop-free topology within a region, the CIST uses the external and internal path
costs, and the MSTI uses only the internal path cost.
Looking at MSTP region 1 in the following figure, the total path cost for the bridge with ID 60 consists of
an external path cost of A and an internal path cost of E.
The port on the CIST regional root bridge that connects to the CIST root bridge is the CIST root port
(also known as the master port for MSTIs).
Layer 2 Protocols
127
STP
The CIST root port is the master port for all MSTIs in that region, and it is the only port that connects
the entire region to the CIST root.
If a bridge is both the CIST root bridge and the CIST regional root bridge, there is no CIST root port on
that bridge.
Enabling the CIST
To enable the CIST, use the following command and specify the CIST domain as the stpd_name:
enable stpd {stpd_name}
MSTP uses the MSTI ID, not an Stpd ID, to identify the spanning tree contained within the region. As
previously described, the MSTI ID only has significance within its local region, so you can re-use IDs
across regions.
To configure the MSTI that is inside an MSTP region and its associated MSTI ID, use the following
command and specify the mstp [msti instance] parameters:
configure stpd stpd_name mode [dot1d | dot1w | mstp [cist | msti instance]]
Each MSTI independently chooses its own root bridge. For example, if two MSTIs are bounded to a
region, there is a maximum of two MSTI regional roots and one CIST regional root.
The bridge with the lowest bridge ID becomes the MSTI regional root bridge. The parameters that
define the root bridge include the following:
Layer 2 Protocols
128
STP
MAC address
Within an MSTP region, the cost from a bridge to the MSTI regional root bridge is known as the MSTI
internal path cost. Looking at MSTP region 1 in Figure 43: Closeup of MSTP Region 1 on page 127, the
bridge with ID 60 has a path cost of F to the MSTI regional root bridge.
The MSTI regional root bridge can be the same as or different from the CIST regional root bridge of that
region. You achieve this by assigning different priorities to the STP instances configured as the MSTIs
and the CIST. For more information about configuring the bridge ID, see the configure stpd
priority command in the ExtremeXOS Command Reference Guide.
MSTI Root Port
The port on the bridge that has the lowest path cost to the MSTI regional root bridge is the MSTI root
port.
If a bridge has two or more ports with the same path cost, the port with the best port identifier
becomes the root port.
Enabling the MSTI
To enable the MSTI, use the following command and specify the MSTI domain as the <stpd_name>:
enable stpd {stpd_name}
Note
If two switches are configured for the same CIST and MSTI region, in order for them to
understand that they are in the same region, both must also belong to the same VLAN which
is added to the STP domain. If they belong to different VLANs, each switch believes that each
belongs to a different region. When an MSTP BPDU is sent, it carries a VID digest created by
VLAN memberships in the CIST domain and the MSTI domain.
Boundary Ports
Boundary ports are bridge ports that are only connected to other MSTP regions or 802.1D or 802.1w
bridges.
The ports that are not at a region boundary are called internal ports. The boundary ports exchange only
CIST BPDUs. A CIST BPDU originated from the CIST root enters a region through the CIST root port and
egresses through boundary ports. This behavior simulates a region similar to an 802.1w bridge, which
receives BPDUs on its root ports and forwards updated BPDUs on designated ports.
The following figure shows an MSTP network that consists of two MSTP regions. Each region has its
own CIST regional root and is connected to the CIST root through master ports. The CIST regional roots
in each region are the MSTP bridges having the lowest CIST external root path cost. The CIST root is the
bridge with the lowest bridge ID and is an 802.1w bridge outside of either MSTP region.
Layer 2 Protocols
129
STP
Layer 2 Protocols
130
STP
For more information about all of the STP port states, see STP States on page 100.
MSTP Link Types
MSTP uses the same link types as STP and RSTP, respectively.
In an MSTP environment, configure the same link types for the CIST and all MSTIs.
For more information about the link types, see Link Types on page 113.
MSTP Edge Safeguard
\
You can configure edge safeguard for loop prevention and detection on an MSTP edge port. For more
information, see Configuring Edge Safeguard on page 114.
Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTIs.
In MSTP, an edge port needs to be added to a CIST before adding it to an MSTI.
MSTP Timers
MSTP uses the same timers as STP and RSTP. For more information, see RSTP Timers on page 115.
MSTP Hop Counts
In an MSTP environment, the hop count has the same purpose as the maxage timer for 802.1D and
802.1w environments. The CIST hop count is used within and outside a region. The MSTI hop count is
used only inside of the region. In addition, if the other end is an 802.1D or 802.1w bridge, the maxage
timer is used for interoperability between the protocols.
The BPDUs use hop counts to age out information and to notify neighbors of a topology change.
To configure the hop count.
configure stpd stpd_name max-hop-count hopcount
Layer 2 Protocols
131
STP
2 Create and configure the CIST, which forms the CST, using the following commands:
create stpd stpd_name {description stpd-description}
configure stpd stpd_name mode mstp cist
Note
You can configure the default STPD, S0 as the CIST.
No VLAN can be bound to the CIST and no ports can be added to the CIST. Therefore, the
VLAN should be bound to the MSTI and the show MSTI port command will show the
VLAN ports. The ports added to the MSTI are bound automatically to the CIST even
though they are not added to it.
3 Enable the CIST using hte command:
enable stpd {stpd_name}
b Automatically binding ports to an STPD when ports are added to a member VLAN
enable stpd stpd_name auto-bind vlan vlan_name
For a more detailed configuration example, see MSTP Configuration Example on page 143.
MSTP Operation
To further illustrate how MSTP operates and converges, the following figure displays a network with
two MSTP regions. Each region contains three MSTP bridges and one MSTI. The overall network
topology also contains one CIST root bridge (Switch A, which has the lowest bridge ID), one
interconnecting 802.1w bridge (Switch D), and 10 full duplex, point-to-point segments. VLAN Default
spans all of the bridges and segments in the network, VLAN engineering is local to its respective region,
and STPD S0 is configured as the CIST on all bridges.
Layer 2 Protocols
132
STP
Figure 45: MSTP Topology with the CIST Root Bridge Contained within a Region
MSTP Region 1 consists of the following:
Three bridges named Switch A, Switch B, and Switch C
One MSTI STPD named S1 with an MSTI ID of 1
VLAN Engineering mapped to the MSTI STPD, S1
Switch A as the CIST root bridge (this is the CIST root bridge for all regions)
Switch A as the CIST regional root bridge
Switch A as the MSTI regional root bridge
Three boundary ports that connect to MSTP Region 2 and other 802.1D or 802.1w bridges
MSTP Region 2 consists of the following:
Determining the CIST root bridge, MSTP regions, and region boundaries.
Layer 2 Protocols
133
STP
Each bridge believes that it is the root bridge, so each bridge initially sends root bridge BPDUs
throughout the network. As bridges receive BPDUs and compare vectors, the bridge with the lowest
Bridge ID is elected the CIST root bridge. In our example, Switch A has the lowest Bridge ID and is
the CIST root bridge.
The bridges in the MSTP regions (Switches A, B, C, E, F, and G) advertise their region information
along with their bridge vectors.
Segments 1, 3, and 9 receive BPDUs from other regions and are identified as boundary ports for
Region 1. Similarly, segments 2, 3, and 9 are identified as boundary ports for Region 2.
2 Controlling boundary ports.
The CIST regional root is advertised as the Bridge ID in the BPDUs exiting the region. By sending
CIST BPDUs across regional boundaries, the CIST views the MSTP regions as virtual 802.1w bridges.
The CIST takes control of the boundary ports and only CIST BPDUs enter or exit a region boundary.
Each MSTP region has a CIST regional root bridge that communicates to the CIST root bridge. The
bridge with the lowest path cost becomes the CIST regional root bridge. The port on the CIST
regional root bridge that connects to the CIST root bridge is the CIST root port.
For Region 1, Switch A has the lowest cost (0 in this example) and becomes the CIST regional root.
Since the bridge is both the CIST root bridge and the CIST regional root bridge, there is no CIST root
port on the bridge.
For Region 2, Switch E is the CIST regional root bridge and so a port on that bridge becomes the
CIST root port.
3 Identifying MSTI regional roots.
Each MSTI in a region has an MSTI regional root bridge. MSTI regional roots are selected
independently of the CIST root and CIST regional root. The MSTP BPDUs have M-records for each
MSTI. Bridges belonging to an MSTI compare vectors in their M-records to elect the MSTI regional
root.
4 Converging the CIST.
The CIST views every region as a virtual bridge and calculates the topology using the 802.1w
algorithm. The CIST calculates the topology both inside and outside of a region.
5 Converging MSTIs.
After the CIST identifies the boundary ports, each MSTI in a domain converge their own trees using
802.1w.
At this point, all CIST and MSTIs have assigned port roles (Root, Designated, Alternate, and Backup)
to their respective spanning trees. All root and designated ports transition to the forwarding state
while the remaining ports remain in the discarding state.
Propagating topology change information is similar to that described for RSTP.
For more information see, Propagating Topology Change Information on page 119.
For a configuration example, see MSTP Configuration Example on page 143.
Layer 2 Protocols
134
STP
Layer 2 Protocols
135
STP
The carrier VLAN must span all ports of the STPD. (This is not applicable to MSTP.)
The StpdID must be the VLAN ID of the carrier VLAN; the carrier VLAN cannot be partitioned. (This
is not applicable to MSTP.)
A default VLAN cannot be partitioned. If a VLAN traverses multiple STPDs, the VLAN must be
tagged.
An STPD can carry, at most, one VLAN running in PVST+ mode, and its STPD ID must be identical
with that VLAN ID. In addition, the PVST+ VLAN cannot be partitioned.
The default VLAN of a PVST+ port must be identical to the native VLAN on the PVST+ device
connected to that port.
If an STPD contains both PVST+ and non-PVST+ ports, that STPD must be enabled. If that STPD is
disabled, the BPDUs are flooded in the format of the incoming STP port, which may be incompatible
with those of the connected devices.
The 802.1D ports must be untagged and the EMISTP/PVST+ ports must be tagged in the carrier
VLAN.
An STPD with multiple VLANs must contain only VLANs that belong to the same virtual router
instance.
STP and network login operate on the same port as follows:
STP (802.1D), RSTP (802.1w), and MSTP (802.1s) support both network login and STP on the
same port.
At least one VLAN on the intended port should be configured both for STP and network login.
STP and network login operate together only in network login ISP mode.
Layer 2 Protocols
136
STP
When STP blocks a port, network login does not process authentication requests. All network
Note
The carrier VLAN's ID must be identical to the StpdID.
4 Enable STP for one or more STPDs using the command:
enable stpd {stpd_name}
Layer 2 Protocols
137
STP
5 After you have created the STPD, you can optionally configure STP parameters for the STPD.
Note
You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.
The following parameters can be configured on each STPD:
Hello time (In an MSTP environment, configure this only on the CIST.)
Forward delay
Max age (In an MSTP environment, configure this only on the CIST.)
Max hop count (MSTP only)
Bridge priority
Domain description
StpdID (STP, RSTP, EMISTP, and PVST+ only)
MSTI ID (MSTP only)
Port mode
Note
The device supports the RFC 1493 Bridge MIB, RSTP-03, and Extreme Networks STP MIB.
Parameters of the s0 default STPD support RFC 1493 and RSTP-03. Parameters of any
other STPD support the Extreme Networks STP MIB.
If an STPD contains at least one port not in 802.1D (dot1D) mode, the STPD must be
configured with an StpdID.
The following section provides more detailed STP configuration examples, including 802.1D, EMISTP,
RSTP, and MSTP.
To display more detailed information for one or more STPDs, specify the detail option.
Layer 2 Protocols
138
STP
If you have MSTP configured on the switch, this command displays additional information:
MSTP Region
Format Identifier
Revision Level
Common and Internal Spanning Tree (CIST)
Total number of MST Instances (MSTI)
To display the state of a port that participates in STP, use the command:
show {stpd} stpd_name ports {[detail | port_list {detail}]}
To display more detailed information for one or more ports in the specified STPD, including
participating VLANs, specify the detail option.
This command displays the following information:
STPD port configuration
STPD port mode of operation
STPD path cost
STPD priority
STPD state (root bridge, etc.)
Port role (root designated, alternate, etc.)
STPD port state (forwarding, blocking, etc.)
Configured port link type
Operational port link type
Edge port settings (inconsistent behavior, edge safeguard setting)
MSTP port role (internal or boundary)
If you have MSTP configured and specify the detail option, this command displays additional
information:
If you have a VLAN that spans multiple STPDs, use the show {vlan} vlan_name stpd command
to display the STP configuration of the ports assigned to that specific VLAN.
Layer 2 Protocols
139
STP
Removes ports from the VLAN Default that will be added to VLAN Engineering.
Creates the VLAN Engineering.
Assigns a VLAN ID to the VLAN Engineering.
Note
If you do not explicitly configure the VLAN ID in your 802.1D deployment, use the show
vlan command to see the internal VLAN ID automatically assigned by the switch.
Layer 2 Protocols
140
STP
By default, the port encapsulation mode for user-defined STPDs is emistp. In this example, you set it to
dot1d.
Layer 2 Protocols
141
STP
Create an STPD.
Configure the mode of operation for the STPD.
Create the VLANs and assign the VLAN ID and the VLAN ports.
Assign the carrier VLAN.
Add the protected VLANs to the STPD.
Configure the port link types.
Enable STP.
Layer 2 Protocols
142
STP
Remove ports from the VLAN Default that will be added to VLAN Engineering.
Create the VLAN Engineering.
Assign a VLAN ID to the VLAN Engineering.
Note
If you do not explicitly configure the VLAN ID in your MSTP deployment, use the show
vlan command to see the internal VLAN ID automatically assigned by the switch.
Layer 2 Protocols
143
STP
Create the STPD to be used as the CIST, and configure the mode of operation for the STPD.
Specify the priority for the CIST.
Enable the CIST.
Create the STPD to be used as an MSTI and configure the mode of operation for the STPD.
Specify the priority for the MSTI.
Assign the VLAN Engineering to the MSTI.
Configure the port link type.
Enable the MSTI.
Create an STPD that has the same name as the CIST, and configure the mode of operation for the
STPD.
Specify the priority of the STPD.
Enable the STPD.
Note
In the following sample configurations, any lines marked (Default) represent default settings
and do not need to be explicitly configured. STPD s0 already exists on the switch.
In the following example, the commands configure Switch A in Region 1 for MSTP. Use the same
commands to configure each switch in Region 1:
create vlan engineering
configure vlan engineering tag 2
configure vlan engineering add port 2-3 tagged
configure mstp region region1
create stpd s0 (Default)
disable stpd s0 auto-bind vlan Default
configure stpd s0 mode mstp cist
configure stpd s0 priority 32768 (Default)
enable stpd s0
create stpd s1
configure stpd s1 mode mstp msti 1
configure stpd s1 priority 32768 (Default)
enable stpd s1 auto-bind vlan engineering
configure stpd s1 ports link-type point-to-point 2-3
enable stpd s1
In the following example, the commands configure Switch E in Region 2 for MSTP. Use the same
commands to configure each switch in Region 2:
create vlan finance
configure vlan finance tag 2
configure vlan finance add port 2-3 tagged
configure mstp region region2
Layer 2 Protocols
144
STP
In the following example, the commands configure switch D, the external switch. Switch D becomes the
CIST root bridge:
create stpd s0
configure stpd
configure stpd
enable stpd s0
configure stpd
enable stpd s0
Layer 2 Protocols
(Default)
s0 mode dot1w
s0 priority 28672
auto-bind vlan Default
s0 ports link-type point-to-point 4-5
145
Layer 2 Protocols
146
Layer 2 Protocols
147
Layer 2 Protocols
148
Description
Clear statistics on the specified ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to clear statistics on the specified ERPS ring.
Layer 2 Protocols
149
Example
The following command clears statistics on the ERPS ring named ring1:
clear counters erps ring1
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Clears, resets all STP statistics and counters.
Syntax Description
all
diagnostics
domains
ports
Default
N/A.
Usage Guidelines
If you do not enter a parameter, the result is the same as specifying the all parameter: the counters for
all domains, ports, and diagnostics are reset.
Enter one of the following parameters to reset the STP counters on the switch:
allSpecifies the counters for all STPDs and ports, and clears all STP counters.
diagnosticsClears the internal diagnostic counters.
domainsClears the domain level counters.
portsClears the counters for all ports and leaves the domain level counters.
Layer 2 Protocols
150
Viewing and maintaining statistics on a regular basis allows you to see how well your network is
performing. If you keep simple daily records, you will see trends emerging and notice problems arising
before they cause major network faults. By clearing the counters, you can see fresh statistics for the
time period that you are monitoring.
Example
The following command clears all of the STP domain, port, and diagnostic counters:
clear counters stp
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Clears, resets the counters gathered by EAPS for all of the EAPS domains and any EAPS shared ports
configured on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to clear, reset the EAPS counters.
The counters continue to increment until you clear the information. By clearing the counters, you can
see fresh statistics for the time period you are monitoring.
To display information about the EAPS counters, use the following commands:
show eaps counters This command displays summary EAPS counter information.
Layer 2 Protocols
151
show eaps counters shared-port If configured for EAPS shared ports, this command
displays summary EAPS shared port counter information.
Example
The following command clears, resets all of the counters for EAPS:
clear eaps counters
History
This command was first available in ExtremeXOS 11.6.
Platform Availability
This command is available on all platforms.
Description
Adds the specified control VLAN to the specified EAPS domain.
Syntax Description
name
vlan_name
Default
N/A.
Usage Guidelines
You must configure one control VLAN for each EAPS domain. The control VLAN is used only to send
and receive EAPS messages.
The control VLAN must be configured as follows:
The VLAN must NOT be assigned an IP address, to avoid loops in the network.
Only ring ports can be added as members of the control VLAN.
The ring ports of the control VLAN must be tagged.
Layer 2 Protocols
152
A control VLAN cannot belong to more than one EAPS domain. When the EAPS domain is active, you
cannot delete or modify the configuration of the control VLAN.
By default, EAPS protocol data units (PDUs) are automatically assigned to QoS profile QP8. This
ensures that the control VLAN messages reach their intended destinations. You do not need to
configure a QoS profile for the control VLAN.
The VLAN must already exist before you can add it as a control VLAN. If you attempt to add a VLAN
that does not exist, the switch displays a message similar to the following:
* Switch.8 # configure eaps megtest add control foo^%% Invalid input detected at
'^' marker.
Example
The following command adds the control VLAN keys to the EAPS domain eaps_1.
configure eaps eaps_1 add control vlan keys
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Adds the specified protected VLAN to the specified EAPS domain.
Syntax Description
name
vlan_name
Default
N/A.
Layer 2 Protocols
153
Usage Guidelines
You must configure one or more protected VLANs for each EAPS domain. The protected VLANs are
the data-carrying VLANs.
A protected VLAN can be added to one or more EAPS domains.
When you configure a protected VLAN, the ring ports of the protected VLAN must be tagged (except
in the case of the default VLAN). As long as the ring is complete, the master node blocks the protected
VLANs on its secondary port.
The VLAN must already exist before you can add it as a protected VLAN. If you attempt to add a VLAN
that does not exist, the switch displays a message similar to the following:
* Switch.5 # configure eaps megtest add protected foo^%% Invalid input detected
at '^' marker.
Example
The following command adds the protected VLAN orchid to the EAPS domain eaps_1:
configure eaps eaps_1 add protected vlan orchid
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Notifies the CFM that EAPs is interested in notifications for the specified MEP and RMEP pair.
Syntax Description
cfm
add
delete
group group_name
Layer 2 Protocols
154
Default
N/A.
Usage Guidelines
This command notifies CFM that EAPs is interested in notifications for this MEP and RMEP pair. This
MEP should already be bound to a physical port, so when notification is received, EAPS associates that
notification with a ring-port failure.
Example
The following command deletes the control VLAN keys from the EAPS domain eaps_1:
configure eaps cfm add
History
This command was first available in ExtremeXOS 15.2.
Platform Availability
This command is available on all EXOS platforms; however, not all platforms support hardware-based
CFM. Platforms with no hardware-based CFM support are limited to software-based CFM transmit
intervals of 100ms., or higher. Hardware-based intervals can go as low as 3.3ms.
Currently, only the x460 and E4G platforms support hardware-based CFM.
Description
Disables the loop protection warning messages displayed when configuring specific EAPS parameters.
Syntax Description
This command has no arguments or variables.
Default
By default, loop protection warnings are enabled and displayed when configuring specific EAPS
parameters.
Layer 2 Protocols
155
Usage Guidelines
This is a global EAPS command. You configure the warning message display on a per switch basis, not
per EAPS domain.
When configuring the following EAPS parameters, the switch displays loop protection warning
messages:
Adding EAPS primary or secondary ring ports to a VLAN
Deleting a protected VLAN
Disabling the global EAPS setting on the switch
Disabling an EAPS domain
Configuring an EAPS domain as a transit node
Unconfiguring EAPS primary or secondary ring ports from an EAPS domain
We recommend that you keep the loop protection warning messages enabled. If you have considerable
knowledge and experience with EAPS, you might find the EAPS loop protection warning messages
unnecessary. For example, if you use a script to configure your EAPS settings, disabling the warning
messages allows you to configure EAPS without replying to each interactive yes/no question.
To confirm the setting on the switch, use the following command:
show eaps {eapsDomain} {detail}
Example
The following command disables the loop protection warning messages:
configure eaps config-warnings off
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Enables the loop protection warning messages displayed when configuring specific EAPS parameters.
Layer 2 Protocols
156
Syntax Description
This command has no arguments or variables.
Default
By default, loop protection warnings are enabled and displayed when configuring specific EAPS
parameters.
Usage Guidelines
This is a global EAPS command. You configure the warning message display on a per switch basis, not
per EAPS domain.
When configuring the following EAPS parameters, the switch displays loop protection warning
messages:
Adding EAPS primary or secondary ring ports to a VLAN
Deleting a protected VLAN
Disabling the global EAPS setting on the switch
Disabling an EAPS domain
Configuring an EAPS domain as a transit node
Unconfiguring EAPS primary or secondary ring ports from an EAPS domain
We recommend that you keep the loop protection warning messages enabled.
Example
The following command enables the loop protection warning messages:
configure eaps config-warnings on
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Deletes the specified control VLAN from the specified EAPS domain.
Layer 2 Protocols
157
Syntax Description
name
vlan_name
Default
N/A.
Usage Guidelines
None.
Example
The following command deletes the control VLAN keys from the EAPS domain eaps_1:
configure eapseaps_1 delete control vlan keys
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Deletes the specified protected VLAN from the specified EAPS domain.
Syntax Description
name
vlan_name
Default
N/A.
Layer 2 Protocols
158
Usage Guidelines
To prevent loops in the network, you must delete the ring ports (the primary and the secondary ports)
from the protected VLAN before deleting the protected VLAN from the EAPS domain. Failure to do so
can cause a loop in the network.
The switch displays by default a warning message and prompts you to delete the VLAN from the EAPS
domain. When prompted, do one of the following:
Enter y delete the VLAN from the specified EAPS domain.
Enter n or press [Return] to cancel this action.
If you have considerable knowledge and experience with EAPS, you might find the EAPS loop
protection warning messages unnecessary. For more information, see the configure eaps
config-warnings off command.
show eaps This command displays summary EAPS domain information, including the name of
the domain and the primary and secondary ports. To see more detailed information, including the
name of the protected VLAN and the primary and secondary ports, use the show eapseapsDomain
command.
show vlan eaps This command displays whether the VLAN is a control or partner VLAN for an
EAPS domain. This command also displays if the VLAN is not a member of any EAPS domain.
Example
The following command deletes the protected VLAN orchid from the EAPS domain eaps_1:
configure eapseaps_1delete protected vlan orchid
The switch displays the following warning message and prompts you to confirm this action:
WARNING: Make sure EAPS ring-ports are deleted from the VLAN first.
Otherwise deleting the VLAN from the EAPS domain could cause a loop in
the network! Are you sure you want to remove the VLAN before deleting
EAPS ring-ports.? (y/n)
Enter y to delete the VLAN from the specified EAPS domain. Enter n to cancel this action.
History
This command was first available in ExtremeXOS 11.0.
The interactive messages were added in ExtremeXOS 11.4.
Layer 2 Protocols
159
Platform Availability
This command is available on all platforms.
Description
Configures the action taken when the failtimer expires.
Syntax Description
name
open-secondary-port
send-alert
Specifies that a critical message is sent to the syslog when the failtimer
expires.
Default
Default is send-alert.
Usage Guidelines
By default the action is to send an alert if the failtimer expires. Instead of going into a Failed state, the
master node remains in a Complete or Init state, maintains the secondary port blocking, and writes a
critical error message to syslog warning the user that there is a fault in the ring. An SNMP trap is also
sent.
If the EAPS ring contains non-EAPS devices, you must use the open-secondary-port parameter.
Note
Use caution when setting the failtimer expiry action to open-secondary port. Using this
configuration, if the master node loses three consecutive hello PDUs, the failtimer expires
but there might not be a break in the ring. Opening the secondary port in this situation
creates a loop.
Example
The following command configures the failtimer expiry action for EAPS domain eaps_1:
configure eapseaps_1 failtimeexpiry-action open-secondary-port
Layer 2 Protocols
160
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Configures the period after which the master node declares a failure if no hello PDUs are received.
Syntax Description
name
seconds
Specifies the number of seconds the master node waits before the failtimer expires. Default
is 3 seconds, and the range is 0 to 300 seconds.
milliseconds
Specifies the number of milliseconds to wait before the failtimer expires. The range is 300
to 999 milliseconds.
Default
The default is 3 seconds.
Usage Guidelines
Use the failtime keyword and its associated seconds parameter to specify the amount of time the
master node waits before the failtimer expires. The failtime period (seconds plus milliseconds) must be
set greater than the configured value for hellotime. The default value is three seconds.
Increasing the failtime value reduces the likelihood of false failure detections caused by network
congestion.
Note
You configure the action taken when the failtimer expires by using the configure eaps
failtime expiry-action command.
In ExtremeXOS 11.0, the failtimer range was 2 to 60 seconds.
Layer 2 Protocols
161
Example
The following command configures the failtimer value for the EAPS domain eaps_1 to 15 seconds:
configure eapseaps_1failtime15 0
The following command configures the failtimer value for the EAPS domain eaps_2 to 300
milliseconds:
configure eapseaps_2failtime0 300
History
This command was first available in ExtremeXOS 11.0.
The range for the failtimer was changed to 2 to 300 seconds in ExtremeXOS 11.1. The default value for
the failtimer remains unchanged.
The milliseconds parameter was added in ExtremeXOS 12.4.2.
Platform Availability
This command is available on all platforms.
Description
Enables EAPS to converge more quickly.
Syntax Description
off
on
Default
Default is off.
Usage Guidelines
This command acts on the switch, not per domain.
Layer 2 Protocols
162
In certain environments to keep packet loss to a minimum when the ring is broken, configure EAPS with
fast-convergence turned on. If fast convergence is turned on, you can view the configuration with the
show eaps command.
Note
If fast-convergence is turned on, the link filters on all EAPS ring ports are turned off. This can
result problems if the ports hardware encountered a problem and started flapping
between link-up/link-down states.
Example
The following command configures fast convergence for all of the EAPS domains on the switch:
configure eapsfast-convergence on
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Configures the port through which a master node sends EAPS hello PDUs.
Syntax Description
name
Default
Default is the primary port.
Layer 2 Protocols
163
Usage Guidelines
This command is provided for special network topologies that use spatial reuse and require that all
EAPS hello PDUs travel in the same direction on the ring.
Note
We recommend the default (primary-port) configuration for this command.
Example
The following command configures the master switch to send EAPS hello packets from the secondary
port:
configure eaps "domain12" hello-pdu-egress secondary-port
History
This command was first available in ExtremeXOS 12.4.2.
Platform Availability
This command is available on all platforms.
Description
Configures the period at which the master node sends EAPS hello PDUs to verify ring connectivity.
Syntax Description
name
seconds
Specifies the number of seconds to wait between transmission of hello PDUs on the control
VLAN. The range is 0 to 15 seconds.
millisecond Specifies the number of milliseconds to wait between transmission of hello PDUs on the control
s
VLAN. The range is 0 to 999 milliseconds.
Default
Default is 1 second.
Layer 2 Protocols
164
Usage Guidelines
Use the hellotime keyword and its associated parameters to specify the amount of time the master
node waits between transmissions of hello PDUs on the control VLAN. Increasing the hellotime value
results in a reduced load on the processor and less traffic on the EAPS ring.
Note
The hello PDU timer value must be smaller than the fail timer value to prevent false failure
detection. If you change the hello PDU timer, verify that the fail timer value remains larger.
This command applies only to the master node. If you configure the hello PDU timer for a transit node,
the timer value is ignored. If you later reconfigure that transit node as the master node, the master
node uses the configured hello PDU timer value.
In ExtremeXOS 11.0, the range is 1 to 15 seconds. If you are running ExtremeXOS 11.0 with the hello timer
value greater than 15 seconds and you upgrade to ExtremeXOS 11.1 or later, you must modify the hello
timer to be within the 1 to 15 seconds range.
Example
The following command configures the hellotime value for the EAPS domain eaps_1 to 300
milliseconds:
configure eapseaps_1hellotime0 300
History
This command was first available in ExtremeXOS 11.0.
The range for the hello timer was changed to 1 to 15 seconds in ExtremeXOS 11.1. The default value for
the hello timer remains unchanged.
Support for a specific number of milliseconds was added in ExtremeXOS 12.4.2.
Platform Availability
This command is available on all platforms.
Description
Configures the switch as either the EAPS master node or as an EAPS transit node for the specified
domain.
Layer 2 Protocols
165
Syntax Description
name
master
Specifies that this switch should be the master node for the named EAPS
domain.
transit
Specifies that this switch should be the transit node for the named EAPS
domain.
Default
N/A.
Usage Guidelines
One node (or switch) on the ring must be configured as the master node for the specified domain; all
other nodes (or switches) on the ring are configured as transit nodes for the same domain.
If you configure a switch to be a transit node for an EAPS domain, the switch displays by default
messages to:
Remind you to configure a master node in the EAPS domain.
Notify you that changing a master node to a transit node might cause a loop in the network. If you
have not assigned a new master node before changing the current master node to a transit node,
you might cause a loop in the network.
When prompted, do one of the following:
Enter y to identify the switch as a transit node.
Enter n or press [Return] to cancel this action.
If you have considerable knowledge and experience with EAPS, you might find the EAPS loop
protection warning messages unnecessary. For more information, see the configure eaps
config-warnings off command.
Example
The following command identifies this switch as the master node for the domain named eaps_1:
configure eapseaps_1mode master
The following command identifies this switch as a transit node for the domain named eaps_1:
configure eapseaps_1mode transit
The switch displays the following warning message and prompts you to confirm this action:
WARNING: Make sure this specific EAPS domain has a Master node in the
ring. If you change this node from EAPS master to EAPS transit, you could
cause a loop in the network. Are you sure you want to change mode to
transit? (y/n)
Layer 2 Protocols
166
Enter y to identify the switch as a transit node. Enter n to cancel this action.
History
This command was first available in ExtremeXOS 11.0.
The interactive messages were added in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Configures the switch to add previously blocked ring ports to existing multicast groups when an EAPS
topology change occurs.
Syntax Description
on
off
Default
Off.
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, multicast traffic is fastpath
forwarded using the switch hardware during the topology transition. The on setting improves multicast
forwarding performance during the transition.
Note
EAPS multicast flooding must be enabled before this feature will operate. For information on
enabling EAPS multicast flooding, see the configure eaps multicast temporaryflooding command description.
When this feature is set to off and an EAPS topology change occurs, multicast traffic is slowpath
forwarded using the CPU during the topology transition. The off setting reduces multicast forwarding
performance during the transition.
For other methods of supporting multicast traffic during an EAPS topology change, see the
descriptions for the following commands:
Layer 2 Protocols
167
Example
The following command enables the add-ring-ports feature:
configure eaps multicast add-ring-ports on
History
This command was first available in ExtremeXOS 12.1.2.
Platform Availability
This command is available on all platforms.
Description
Configures the switch to send IGMP and MLD query messages to all protected VLANs when an EAPS
topology change occurs.
This command replaces the configure eaps multicast send-igmp-query [on | off]
command.
Syntax Description
on
off
Default
On.
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch sends IGMP and MLD
query messages to all protected VLANs. If the protected VLANs in the node detecting (and generating)
the topology change do not have IP address, a query is generated with the source IP address set to the
querier address in that VLAN.
Layer 2 Protocols
168
In a EAPS ring with many protected VLANs, the many responses can impact switch performance. This
is the default behavior and was the only method for supporting multicast traffic during EAPS topology
changes prior to release 12.1.2.
When this feature is set to off and an EAPS topology change occurs, the switch does not automatically
send IGMP or MLD queries to all protected VLANS during the topology transition. The off setting
improves switch performance during the transition, but you should use one of the following commands
to see that multicast traffic is supported during and after the topology change:
configure eaps multicast add-ring-ports
Example
The following command disables the send-query feature:
configure eaps multicast send-query off
History
The current format of the command was first available in ExtremeXOS 15.2.1.
The configure eaps multicast send-igmp-query version of the command applied only for IGMP,
and was first available in ExtremeXOS 12.1.2.
Platform Availability
This command is available on all platforms.
Description
Configures the switch to send IGMP query messages to all protected VLANs when an EAPS topology
change occurs.
Syntax Description
on
off
Default
On.
Layer 2 Protocols
169
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch sends IGMP query
messages to all protected VLANs. If the protected VLANs in the node detecting (and generating) the
topology change do not have IP address, a query is generated with the source IP address set to the
querier address in that VLAN.
In a EAPS ring with many protected VLANs, the many responses can impact switch performance. This
is the default behavior and was the only method for supporting multicast traffic during EAPS topology
changes prior to release 12.1.2.
When this feature is set to off and an EAPS topology change occurs, the switch does not automatically
send IGMP queries to all protected VLANS during the topology transition. The off setting improves
switch performance during the transition, but you should use one of the following commands to see
that multicast traffic is supported during and after the topology change:
configure eaps multicast add-ring-ports
Example
The following command disables the send-igmp-query feature:
configure eaps multicast send-igmp-query off
History
This command was first available in ExtremeXOS 12.1.2.
Platform Availability
This command is available on all platforms.
Description
Configures the duration for which the switch temporarily enables multicast flooding when an EAPS
topology change occurs.
Syntax Description
seconds
Layer 2 Protocols
Specifies the period (in seconds) for which the switch enables multicast
flooding.
170
Default
15 seconds.
Usage Guidelines
The flooding duration configuration applies only when the temporary-flooding feature is enabled with
the following command:
configure eaps multicast temporary-flooding
Example
The following command configures the temporary-flooding feature duration for 30 seconds:
configure eaps multicast temporary-flooding duration 30
History
This command was first available in ExtremeXOS 12.1.2.
Platform Availability
This command is available on all platforms.
Description
Configures the switch to temporarily enable multicast flooding when an EAPS topology change occurs.
Syntax Description
on
off
Default
Off.
Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch temporarily enables
multicast flooding to all protected VLANs for the duration specified by the following command:
Layer 2 Protocols
171
If you change the configuration to off, topology changes that occur after this command do not result in
temporary flooding. For example, if you change the configuration to off while flooding is in progress for
a protected VLAN or set of protected VLANs (due to an EAPS topology change), the flooding
continues for the configured duration period. New topology changes on the protected VLANs do not
cause flooding.
When this feature is set to off and an EAPS topology change occurs, the switch does not enable
flooding to all protected VLANS during the topology transition. The default switch response for
multicast traffic during an EAPS topology change is that defined by the following command:
configure eaps multicast send-igmp-query
You can also use the following command to configure the switch response for multicast traffic during
an EAPS topology change:
configure eaps multicast add-ring-ports
Example
The following command enables the temporary-flooding feature:
configure eaps multicast temporary-flooding on
History
This command was first available in ExtremeXOS 12.1.2.
Platform Availability
This command is available on all platforms.
Description
Renames an existing EAPS domain.
Syntax Description
old_name
new_name
Layer 2 Protocols
172
Default
N/A.
Usage Guidelines
If you use the same name across categories (for example, STPD and EAPS names), we recommend that
you specify the identifying keyword as well as the actual name. If you do not use the keyword, the
system might return an error message.
Example
The following command renames EAPS domain eaps-1 to eaps-5:
configure eaps eaps-1 name eaps-5
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Configures a node port as the primary or secondary port for the specified EAPS domain.
Syntax Description
name
primary
secondary
ports
Default
N/A.
Layer 2 Protocols
173
Usage Guidelines
Each node on the ring connects through two ring ports. One port must be configured as the primary
port; the other must be configured as the secondary port.
The primary and secondary ports have significance only on a master node. The health-check messages
are sent out the primary port of the master node, and the master node blocks the protected VLANs on
the secondary port.
The master nodes secondary EAPS port cannot be configured on ports that are already configured as
follows:
Shared-port
MLAG ISC port
There is no distinction between the primary and secondary ports on a transit node.
Beginning with ExtremeXOS 11.1, if you have a primary or secondary port that is a member of a loadshared group, you do not need to disable your EAPS domain and remove that ring port when
modifying the load-shared group. For more information about configuring load sharing on your switch,
see Configuring Slots and Ports on a Switch in the ExtremeXOS Concepts Guide.
For complete information about software licensing, including how to obtain and upgrade your license
and what licenses are appropriate for this feature, see the Feature License Requirements document.
Example
The following command adds port 1 of the module installed in slot 8 to the EAPS domain eaps_1 as the
primary port:
configure eapseaps_1primary port8:1
Layer 2 Protocols
174
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Configures an EAPS domain priority.
Syntax Description
name
Default
Normal.
Usage Guidelines
Extreme Networks recommends that no more than 200 protected VLANs be configured as high
priority domains. Priority protection works best when the majority of protected VLANs are configured
for normal priority and a relatively small percentage of the protected VLANs are configured as high
priority domains.
When EAPS domains on two separate physical rings share a common link (shared-port configuration)
and have one or more protected VLANs in common, the domains must be configured with the same
domain priority.
When EAPS domain priority is configured on separate physical rings that are connected to the same
switch, the priorities on each ring are serviced independently. For example, if there is a break on both
Ring A and Ring B, the high priority domains on each ring are serviced before the lower priority
domains. However, the switch does not attempt to process the high priority domains on Ring B before
servicing the normal priority domains on Ring A.
For a high priority domain to get priority over normal priority domains, all switches in the EAPS domain
must support high priority domains. If high priority domains are configured on a switch that is in a ring
with one or more switches that do not support high priority domains (software releases before
ExtremeXOS Release 12.5), the high priority domain operates as a normal priority domain.
Layer 2 Protocols
175
Example
The following command configures the eaps_1 domain as a high priority domain:
configure eapseaps_1 priority high
History
This command was first available in ExtremeXOS 12.5.
Platform Availability
This command is available on all platforms.
Description
Configures the common path health interval or timeout value.
Syntax Description
port
health-interval
Specifies the interval for health check messages on the common link.
timeout
seconds
Default
N/A.
Usage Guidelines
This command allows you to configure the length of the common path health interval, in seconds, for a
given port. The range is from 1 to 10 seconds.
Example
The following command configures a common-link health interval of 5 seconds on port 1:1.
configure eaps shared-port 1:1 common-path-timers health-interval 5
Layer 2 Protocols
176
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Configures the link ID of the shared port.
Syntax Description
ports
id
Default
N/A.
Usage Guidelines
Each common link in the EAPS network must have a unique link ID. The controller and partner shared
ports belonging to the same common link must have matching link IDs. No other instance in the
network should have that link ID.
If you have multiple adjacent common links, we recommend that you configure the link IDs in
ascending order of adjacency. For example, if you have an EAPS configuration with three adjacent
common links, moving from left to right of the topology, configure the link IDs from the lowest to the
highest value.
Layer 2 Protocols
177
Example
The following command configures the EAPS shared port 1:1 to have a link ID of 1.
configure eaps shared-port 1:1 link-id 1
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Configures the mode of the shared port.
Syntax Description
ports
controller
Specifies the controller mode. The controller is the end of the common link
responsible for blocking ports when the common link fails thereby preventing
the superloop.
partner
Specifies partner mode. The partner is responsible only for sending and
receiving health-check messages.
Default
N/A.
Usage Guidelines
The shared port on one end of the common link must be configured to be the controller. This is the end
responsible for blocking ports when the common link fails thereby preventing the superloop.
The shared port on the other end of the common link must be configured to be the partner. This end
does not participate in any form of blocking. It is responsible only for sending and receiving healthcheck messages.
Layer 2 Protocols
178
Example
The following command configures the shared port 1:1 to be the controller.
configure eaps shared-port 1:1 mode controller
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Configures the action taken when the segment timeout timer expires.
Syntax Description
port
segment-down
Marks the segment as DOWN if the segment timer expires. No link-statusquery is sent to verify that links are down.
send-alert
If the segment timer expires, the switch keeps segments up, but sends a
warning message to the log. The segment fail flag is set, an SNMP trap is sent,
and a link-status-query is sent to verify if any links are down.
Default
Default is send-alert.
Usage Guidelines
By default, the action is to send an alert if the segment timeout timer expires. Instead of the segment
going into a failed state and being marked as down, the segment remains in a segment up state with
Layer 2 Protocols
179
the failed flag set. The switch writes a critical error message to the syslog warning the user that there is
a fault in the segment. An SNMP trap is also sent.
Note
Use caution when setting the segment-timeout expiry action to segment-down. Using this
configuration, if the controller or partner node loses three consecutive hello PDUs, the
failtimer expiresbut there might not be a break in the segment. Opening a blocked port in
this situation creates a loop.
The following describes some general recommendations for using this command:
When you configure your Extreme Networks switches as the partner and controller, respectively,
make sure that their segment timer configurations are identical.
For example, if you have a partner switch with the segment-timeout expiry action set to send-alert,
make sure the controller switch has its segment-timeout expiry action set to send-alert.
However, if you have a partner switch with the segment-timeout expiry action set to send-alert, and
the controller switch does not have a segment timer configuration, you must configure the partner
switchs segment-timeout expiry action to segment-down.
If you have a network containing non-Extreme Networks switches or non-EAPS devices, set the
segment-timeout expiry action to segment-down.
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Layer 2 Protocols
180
Description
Configures the shared-port health interval timeout.
Syntax Description
port
seconds
Default
N/A.
Usage Guidelines
This command allows you to configure the length of the shared-port health interval timeout, in
seconds, for a given port.
Example
The following command configures a shared-port health interval timeout of 10 seconds on port 1:1.
configure eaps shared-port 1:1 segment-timers health-interval 10
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Configures the shared-port timeout.
Layer 2 Protocols
181
Syntax Description
port
seconds
Default
N/A.
Usage Guidelines
This command allows you to configure the length of the shared-port timeout, in seconds, for a given
port.
Example
The following command configures a shared-port timeout of 10 seconds on port 1:1.
configure eaps shared-port 1:1 segment-timers timeout 10
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Add a control VLAN on the ERPS ring.
Syntax Description
ring-name
control
vlan_name
Layer 2 Protocols
182
Default
N/A.
Usage Guidelines
Use this command to add a control VLAN on the ERPS ring. This is the VLAN that carries ERPS control
traffic.
Note
Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used for control
traffic. A control VLAN cannot be deleted from a ring that has CFM configured.
Example
The following command adds a control VLAN named vlan10 to an ERPS ring named ring1:
configure erps ring1 add control vlan vlan10
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Add a protected VLAN on the ERPS ring. This is a data VLAN that ERPS will protect.
Syntax Description
ring-name
vlan_name
Alphanumeric string identifying the data VLAN to be added that ERPS will
protect. This can be a VLAN, SVLAN, BVLAN or VMAN.
Default
N/A.
Layer 2 Protocols
183
Usage Guidelines
Use this command to add a protected data VLAN on the ERPS ring. This VLAN will be protected by
ERPS, and it can be a VLAN, SVLAN, BVLAN or VMAN.
Note
The SVLAN-BVLAN combination cannot both be added to the same ring or sub-ring.
Example
The following command adds a protected VLAN named vlan10 to an ERPS ring named ring1:
configure erps ring1 add protected vlan vlan10
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Specify the connectivity fault management (CFM) maintenance domain level for an ERPS ring.
Syntax Description
ring-name
level
Default
N/A.
Usage Guidelines
Use this command to specify the CFM maintenance domain level for an ERPS ring.
Layer 2 Protocols
184
Example
The following command sets the CFM maintenance domain level to 6 for an ERPS ring named ring1:
configure erps ring1 cfm md-level 6
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Specify the time interval for transmitting CFM connectivity check messages (CCM) on a port of an
ERPS ring.
ring-name
east
East port.
west
West port.
100
100 milliseconds.
1000
1000 milliseconds.
10000
10000 milliseconds.
60000
60000 milliseconds.
600000
600000 milliseconds.
Default
N/A.
Usage Guidelines
Use this command to specify the time interval at which CCMs are transmitted for a port of an ERPS
ring.
Layer 2 Protocols
185
Example
The following command sets the CCM time interval to 1000 for the east port of an ERPS ring named
ring1:
configure erps ring1 cfm port east ccm-interval 1000
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Associates or disassociates fault monitoring entities on the ERPS ring ports.
Syntax Description
ring_name
east
East port.
west
West port.
add
delete
group
group_name
Default
N/A.
Usage Guidelines
Use this command to associate or disassociate fault monitoring entities on the ERPS ring ports.
Layer 2 Protocols
186
Example
The following command associates fault monitoring on the group "group1":
configure erps ring1 cfm port east add group1
History
This command was first available in ExtremeXOS 15.3.
Platform Availability
This command is available on all platforms running ExtremeXOS.
Description
Specify the maintenance end point identifier for the connectivity fault management (CFM) on a port of
an ERPS ring.
Syntax Description
ring-name
east
East port.
west
West port.
mepid
rmepid
Default
N/A.
Usage Guidelines
Use this command to specify the maintenance end point identifier for CFM on a port of an ERPS ring.
Layer 2 Protocols
187
Example
The following command specifies the maintenance end point identifier for the east port of an ERPS ring
named ring1:
configure erps ring1 cfm port east mepid 1 remote-mepid 3
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Associates or disassociates a CFM UP MEP group for subring protection across the main ring.
Syntax Description
ring-name
east
East port.
west
West port.
add
delete
group
group_name
Default
N/A.
Usage Guidelines
Use this command to associate or disassociate a CFM UP MEP group for subring protection across the
main ring.
Layer 2 Protocols
188
Example
The following command associates a CFM UP MEP group for subring protection on the group "group1":
configure erps ring1 cfm protection add group1
History
This command was first available in ExtremeXOS 15.3.
Platform Availability
This command is available on all platforms running ExtremeXOS.
Description
Delete a control VLAN on the ERPS ring.
Syntax Description
ring-name
vlan_name
Default
N/A.
Usage Guidelines
Use this command to delete a control VLAN from the ERPS ring. This is the VLAN that carries ERPS
control traffic.
Note
Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used for control
traffic.
A control VLAN cannot be deleted from a ring that has CFM configured.
Layer 2 Protocols
189
Example
The following command deletes a control VLAN named vlan10 from an ERPS ring named ring1:
configure erps ring1 delete control vlan vlan10
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Delete a protected data VLAN from the ERPS ring.
Syntax Description
ring-name
vlan_name
Alphanumeric string identifying the data VLAN to be deleted from the ERPS
ring.
Default
N/A.
Usage Guidelines
Use this command to delete a protected VLAN from the ERPS ring.
Example
The following command deletes a protected VLAN named vlan10 from an ERPS ring named ring1:
configure erps ring1 delete protected vlan vlan10
History
This command was first available in ExtremeXOS 15.1.
Layer 2 Protocols
190
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Clear force and manual switch triggers to the ERPS ring/sub-ring.
Syntax Description
dynamic-state
force-switch
manual-switch
clear
Clear.
Default
N/A.
Usage Guidelines
Use this command to clear force and manual switch triggers to the ERPS ring/sub-ring.
Example
The following command clears force and manual switch triggers of an ERPS ring named "ring1":
configure erps ring1 dynamic-state clear
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Layer 2 Protocols
191
Description
Rename the ERPS ring/sub-ring.
Syntax Description
old-ring-name
new-ring-name
Default
N/A.
Usage Guidelines
Use this command to rename the ERPS ring or sub-ring.
Example
The following command an ERPS ring from ring1 to ring2:
configure erps ring1 name ring2
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Add RPL (ring protection link) neighbor configuration for the ERPS ring.
Syntax Description
ring-name
port
Layer 2 Protocols
192
Default
N/A.
Usage Guidelines
Use this command to add RPL neighbor configuration for the ERPS ring.
Note
This command implicitly makes the node on which it is configured the RPL neighbor.
Example
The following command adds RPL neighbor on port 5 to an ERPS ring named ring1:
configure erps ring1 neighbor-port 5
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Add an ERPS sub-ring to the EAPS domain.
Syntax Description
ring-name
domain_name
Default
N/A.
Usage Guidelines
Use this command to add an ERPS sub-ring to the EAPS domain.
Layer 2 Protocols
193
Example
Example output not yet available and will be provided in a future release.
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Add ring protection link (RPL) owner configuration for the ERPS ring.
Syntax Description
ring-name
port
The slot:port number for the ring protection link (RPL) owner.
Default
N/A.
Usage Guidelines
Use this command to add ring protection link (RPL) owner configuration for the ERPS ring.
Note
This command implicitly makes the node on which it is configured the RPL owner.
Example
The following command adds RPL owner configuration on port 5 to an ERPS ring named ring1:
configure erps ring1 protection-port 5
History
This command was first available in ExtremeXOS 15.1.
Layer 2 Protocols
194
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Add or delete ERPS revert operation along with the wait-to-restore time interval.
Syntax Description
ring-name
enable
disable
Default
The default is the revertive mode (enable).
Usage Guidelines
Use this command to enable/disable a G.8032 ring to revert to the original ring protection link (RPL)
block state.
Example
The following command disables revert mode from an ERPS ring named ring1:
configure erps ring1 revert disable
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Layer 2 Protocols
195
Description
Add ring ports on the ERPS ring. Ths ring ports connect the switch to the ERPS ring.
Syntax Description
ring-name
east
west
port
Default
N/A.
Usage Guidelines
Use this command to add ring ports on the ERPS ring. The ring ports can be added to the east or west
port of the switch. The ring ports connect the switch to the ERPS ring.
Example
The following command adds port 5 as a ring port on the east port of the switch for an ERPS ring
named ring1:
configure erps ring1 add ring-ports east 5
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Configures sub-ring mode.
Layer 2 Protocols
196
Syntax Description
ring-name
no-virtualChannel
virtualChannel
Default
N/A.
Usage Guidelines
Use this command to add or delete ERPS sub-rings.
Example
The following example configures a virtual channel for the control path:
configure erps ring1 subring-mode virtualChannel
History
This command was first available in ExtremeXOS 15.3.
Platform Availability
This command is available on all platforms that are running ExtremeXOS.
Description
Add or delete a sub-ring to the main ring.
Syntax Description
ring-name
add
Add sub-ring.
delete
Delete sub-ring.
sub_ring
Layer 2 Protocols
197
Default
N/A.
Usage Guidelines
Use this command to add or delete ERPS sub-rings.
Example
The following example adds sub-ring ring2 to ring1:
configure erps ring1 add sub-ring-name ring2
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Configure a guard timer to control when the node should act on received R-APS (ring automatic
protection switching) messages.
Syntax Description
ring-name
default
milliseconds
The interval for the guard timer in milliseconds, with a range of 10 to 2000.
Default
The default is 500 milliseconds.
Usage Guidelines
Use this command to configure a guard timer to control when the node should act on received R-APS
messages.
Layer 2 Protocols
198
Example
The following command sets the guard timer to 1000 milliseconds for an ERPS ring named ring1:
configure erps ring1 timer guard 1000
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Configure a hold-off timer to control when a signal fault is relayed.
Syntax Description
ring-name
default
milliseconds
The interval for the hold-off time in milliseconds, with a range of 0 to 10000.
Default
The default is 0 milliseconds.
Usage Guidelines
Use this command to configure a hold-off timer to control when a signal fault is relayed.
Example
The following command sets the hold-off timer to 1000 milliseconds for an ERPS ring named ring1:
configure erps ring1 timer hold-off 1000
Layer 2 Protocols
199
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Configure a periodic timer to control the interval between signal failures.
Syntax Description
ring-name
default
milliseconds
The interval for the periodic time in milliseconds, with a range of 2000 to
7000.
Default
The default is 5000 milliseconds.
Usage Guidelines
Use this command to configure a periodic timer to control the interval between signal failure.
Example
The following command sets the periodic timer to 6000 milliseconds for an ERPS ring named ring1:
configure erps ring1 timer periodic 6000
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Layer 2 Protocols
200
Description
Configure a wait-to-block timer for revertive operations on RPL owner initiated reversion.
Syntax Description
ring-name
default
milliseconds
The time interval to wait before restoring, with a range of 5000 to 7000
milliseconds.
Default
The default is 5000 milliseconds.
Usage Guidelines
Use this command to configure a wait-to-block timer for revertive operations on RPL owner-initiated
reversion.
Example
The following command sets the wait-to-block timer to 6000 milliseconds for an ERPS ring named
ring1:
configure erps ring1 timer wait-to-block 6000
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Layer 2 Protocols
201
Description
Configure a time interval to wait before restoring.
Syntax Description
ring-name
default
milliseconds
Default
The default is 1000 milliseconds.
Usage Guidelines
Use this command to configure a time interval to wait before restoring.
Example
The following command sets the wait-to-restore timer to 3000 milliseconds for an ERPS ring named
ring1:
configure erps ring1 timer wait-to-restore 3000
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Identify the rings to which topology change events need to be propagated.
Layer 2 Protocols
202
Syntax Description
ring-name
add
delete
ring-list
Default
N/A.
Usage Guidelines
Use this command to add or delete ERPS rings/sub-rings from the topology change propagation list.
Example
Example output not yet available and will be provided in a future release.
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Configures the switch to flooding the unicast traffic during L2 protocol convergence.
Syntax Description
on
off
Default
On.
Layer 2 Protocols
203
Usage Guidelines
Use this command to influence the L2-protocol convergence when topology changes in the network to
minimize the congestion.
Example
The following command will influence the L2-Protocol control traffic:
configure forwarding L2-protocol fast-convergence off
History
This command was first available in ExtremeXOS 15.1.3.
Platform Availability
This command available on all Summit, BD8K, BD-X8 platforms.
Description
This command improves IP convergence for IP traffic.
Syntax Description
on
Fast-convergence on.
off
Default
Off.
Usage Guidelines
Use this command for quick recovery when running IP traffic over an EAPS ring.
Example
The following example shows output from the configure ip-arp fast-convergence on command:
E4G200-1.2 # show iparp
VR
Destination
Layer 2 Protocols
Mac
Age
Static
VLAN
204
VID
Port
VR-Default
10.109.1.2
00:04:96:52:2b:16
0
NO box1-box2
950
3
VR-Default
10.109.1.6
00:04:96:52:2a:f2
0
NO box1-box3
951
1
Dynamic Entries :
2
Static
Entries
:
0
Pending Entries :
0
In Request
:
1
In
Response
:
1
Out Request
:
1
Out
Response
:
1
Failed Requests :
0
Proxy Answered
:
0
Rx Error
:
0
Dup IP
Addr
:
0.0.0.0
Rejected Count
:
Rejected IP
:
Rejected Port
:
Rejected I/F
:
Max ARP entries :
8192
Max ARP pending entries
:
256
ARP address check:
Enabled
ARP refresh
:
Enabled
Timeout
:
20 minutes
ARP Sender-Mac Learning
:
Disabled
Locktime
:
1000 milliseconds
Retransmit Time :
1000 milliseconds
Reachable Time
:
900000 milliseconds (Auto)
Fast Convergence :
Off
E4G200-1.3 #
E4G200-1.4 # show iparp
VR
Destination
Mac
Age Static VLAN
VID
Port
VR-Default
10.109.1.2
00:04:96:52:2b:16
1
NO box1-box2
950
3
VR-Default
10.109.1.6
00:04:96:52:2a:f2
1
NO box1-box3
951
1
Dynamic Entries :
2
Static
Entries
:
0
Pending Entries :
0
In Request
:
1
In
Response
:
1
Out Request
:
1
Out
Response
:
1
Failed Requests :
0
Proxy Answered
:
0
Rx Error
:
0
Dup IP
Addr
:
0.0.0.0
Rejected Count
:
Rejected IP
:
Rejected Port
:
Rejected I/F
:
Max ARP entries :
8192
Max ARP pending entries
:
256
ARP address check:
Enabled
ARP refresh
:
Enabled
Timeout
:
20 minutes
ARP Sender-Mac Learning
:
Disabled
Locktime
:
1000 milliseconds
Retransmit Time :
1000 milliseconds
Reachable Time
:
900000 milliseconds (Auto)
Layer 2 Protocols
205
Fast Convergence :
E4G200-1.5 #
On
History
This command was first available in ExtremeXOS 15.2.
Platform Availability
This command is available on all platforms.
Description
Configures the number used to identify the MSTP BPDUs sent in the MSTP region.
Syntax Description
format_identifier
Specifies a number that MSTP uses to identify all BPDUs sent in the MSTP
region. The default is 0. The range is 0 to 255.
Default
The default value used to identify the MSTP BPDU is 0.
Usage Guidelines
For a switch to be part of an MSTP region, you must configure each switch in the region with the same
MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist of the
following:
Region NameThe name of the MSTP region.
Format SelectorThe number used to identify the format of MSTP BPDUs. The default is 0.
Revision LevelThis identifier is reserved for future use; however, the switch uses and displays a
default of 3.
You can configure only one MSTP region on the switch at any given time.
The switches contained in a region transmit and receive BPDUs that contain information relevant to
only that MSTP region. By having devices look at the region identifiers, MSTP discovers the logical
boundary of a region.
If you have an active MSTP region, Extreme Networks recommends that you disable all active STPDs in
the region before modifying the value used to identify MSTP BPDUs on all participating switches.
Layer 2 Protocols
206
Example
The following command configures the number 2 to identify the MSTP BPDUs sent within an MSTP
region:
configure mstp format 2
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Configures the name of an MSTP region on the switch.
Syntax Description
regionName
Default
By default, the switch uses the MAC address of the switch to generate an MSTP region.
Before you configure the MSTP region, it also has the following additional defaults:
MSTP format Identifier0.
MSTP Revision Level3.
Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric characters and
underscores ( _ ) but cannot be any reserved keywords, for example, mstp. Names must start with an
alphabetical character, for example, a, Z.
By default, the switch uses the unique MAC address of the switch to generate an MSTP region. Since
each MAC address is unique, every switch is in its own region by default.
Layer 2 Protocols
207
For multiple switches to be part of an MSTP region, you must configure each switch in the region with
the same MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist
of the following:
Region NameThe name of the MSTP region.
Format SelectorThe number used to identify the format of MSTP BPDUs. The default is 0.
Revision LevelThis identifier is reserved for future use; however, the switch uses and displays a
default of 3.
You can configure only one MSTP region on the switch at any given time.
The switches inside a region exchange BPDUs that contain information for MSTIs. The switches
connected outside of the region exchange CIST information. By having devices look at the region
identifiers, MSTP discovers the logical boundary of a region.
If you have an active MSTP region, we recommend that you disable all active STPDs in the region
before renaming the region on all of the participating switches.
Example
The following command creates an MSTP region named purple:
configure mstp region purple
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Configures the revision number of the MSTP region.
Layer 2 Protocols
208
Syntax Description
revision
Default
The default value of the revision level is 3.
Usage Guidelines
Although this command is displayed in the CLI, it is reserved for future use. Please do not use this
command.
If you accidentally configure this command, remember that each switch in the region must have the
same MSTP configuration attributes, also known as MSTP region identifiers. These identifiers consist of
the following:
Region NameThe name of the MSTP region.
Format SelectorThe number used to identify the format of MSTP BPDUs. The default is 0.
Revision LevelThis identifier is reserved for future use; however, the switch uses and displays a
default of 3.
Example
The following command returns the MSTP revision number to 3, the default revision number:
configure mstp revision 3
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Adds all ports or a list of ports within a VLAN to a specified STPD.
Layer 2 Protocols
209
Syntax Description
stpd_name
vlan_name
all
port_list
dot1d
emistp
pvst-plus
Default
Ports in the default STPD (s0) are in dot1.d mode.
Ports in user-created STPDs are in emistp mode.
Usage Guidelines
To create an STP domain, use the create stpd command. To create a VLAN, use the create vlan
command.
In an EMISTP or PVST+ environment, this command adds a list of ports within a VLAN to a specified
STPD provided the carrier VLAN already exists on the same set of ports. You can also specify the
encapsulation mode for those ports.
In an MSTP environment, you do not need a carrier VLAN. A CIST controls the connectivity of
interconnecting MSTP regions and sends BPDUs across the regions to communicate region status. You
must use the dot1d encapsulation mode in an MSTP environment.
You cannot configure STP on the following ports:
Mirroring target ports.
Software-controlled redundant ports.
Layer 2 Protocols
210
By default, when the switch boots for the first time, it automatically creates a VLAN named default with
a tag value of 1 and STPD s0. The switch associates VLAN default to STPD s0. All ports that belong to
this VLAN and STPD are in 802.1D encapsulation mode with autobind enabled. If you disable autobind
on the VLAN default, that configuration is saved across a reboot.
Naming Conventions
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keywords stpd and vlan are optional.
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
emistpThis mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
pvst-plusThis mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, and
send and process packets in PVST+ format.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs to
multiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run in
different modes for different domains for which it belongs.
MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your
MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.
STPD Identifier
An StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD and that VLAN cannot
belong to another STPD.
MSTP uses two different methods to identify the STPDs that are part of the MSTP network. An instance
ID of 0 identifies the Common and Internal Spanning Tree (CIST). The switch assigns this ID
automatically when you configure the CIST STPD. A multiple spanning tree instance identifier identifies
each STP domain that is part of an MSTP region. You assign the MSTI ID when configuring the STPD
that participates in the MSTP region. In an MSTP region, MSTI IDs only have local significance. You can
reuse MSTI IDs across MSTP regions.
Layer 2 Protocols
211
Example
Create a VLAN named marketing and an STPD named STPD1 as follows:
create vlan marketing
create stpd stpd1
The following command adds the VLAN named marketing to the STPD STPD1, and includes all the ports
of the VLAN in STPD1:
configure stpd stpd1 add vlan marketing ports all
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Configures the default encapsulation mode for all ports added to the specified STPD.
Syntax Description
stpd_name
dot1d
emistp
pvst-plus
Default
Ports in the default STPD (s0) are dot1d mode.
Ports in user-created STPDs are in emistp mode.
Layer 2 Protocols
212
Usage Guidelines
Care must be taken to ensure that ports in overlapping domains do not interfere with the orderly
working of each domains protocol.
By default, when the switch boots for the first time, it automatically creates a VLAN named default with
a tag value of 1 and STPD s0. The switch associates VLAN default to STPD s0. All ports that belong to
this VLAN and STPD are in 802.1d encapsulation mode with autobind enabled. If you disable autobind
on the VLAN default, that configuration is saved across a reboot.
MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your
MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.
Naming Conventions
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional. For name creation guidelines and a list of reserved names, see Object
Names in the .
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
emistpThis mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
pvst-plusThis mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs and
send and process packets in PVST+ format.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
Note
These encapsulation modes are for STP ports, not for physical ports. When a physical port
belongs to multiple STPDs, it is associated with multiple STP ports. It is possible for the
physical port to run in different modes for different domains for which it belongs.
STPD Identifier
An StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STP domain, and that VLAN
cannot belong to another STPD.
Layer 2 Protocols
213
MSTP uses two different methods to identify the STPDs that are part of the MSTP network. An instance
ID of 0 identifies the Common and Internal Spanning Tree (CIST). The switch assigns this ID
automatically when you configure the CIST STPD. A multiple spanning tree instance identifier identifies
each STP domain that is part of an MSTP region. You assign the MSTI ID when configuring the STPD
that participates in the MSTP region. In an MSTP region, MSTI IDs only have local significance. You can
reuse MSTI IDs across MSTP regions.
Example
The following command specifies that all ports subsequently added to the STPD STPD1 be in PVST+
encapsulation mode unless otherwise specified or manually changed:
configure stpd stpd1 default-encapsulation pvst-plus
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Deletes one or more ports in the specified VLAN from an STPD.
Syntax Description
stpd_name
vlan_name
all
Specifies that all of the ports in the VLAN are to be removed from the STPD.
port_list
Default
N/A.
Layer 2 Protocols
214
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keywords stpd and vlan are optional.
In EMISTP and PVST+ environments, if the specified VLAN is the carrier VLAN, all protected VLANs on
the same set of ports are also removed from the STPD.
You also use this command to remove autobind ports from a VLAN. ExtremeXOS records the deleted
ports so that the ports are not automatically added to the STPD after a system restart.
When a port is deleted on the MSTI, it is automatically deleted on the CIST as well.
Example
The following command removes all ports of a VLAN named Marketing from the STPD STPD1:
configure stpd stpd1 delete vlan marketing ports all
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Adds or overwrites the STP domain description field.
Syntax Description
stpd_name
stpd-description
none
Default
The STP domain description string is empty.
Layer 2 Protocols
215
Usage Guidelines
Use this command to add or overwrite the STP domain description field.
The maximum STP domain description length is 180 characters.
The stpd-description must be in quotes if the string contains any spaces.
To display the description, use the show stpd stpd_name command. When no STP domain
description is configured, Description is not displayed in the output.
To clear the STP domain description string, either specify the keyword none in this command or use the
unconfigure stpd {stpd_name} command.
Example
The following command adds the description this is s0 domain to the STPD named s0:
configure stpd s0 description this is s0 domain
History
This command was first available in ExtremeXOS 12.4.4.
Platform Availability
This command is available on all platforms.
Description
Configures the method used by STP to flush the FDB during a topology change.
Syntax Description
vlan-and-port
port-only
Default
The default flush method is vlan-and-port.
Layer 2 Protocols
216
Usage Guidelines
For scaled up configurations where there are more than 1000 VLANs and more than 70 ports
participating in STP, the number of messages exchanged between STP/FDB/HAL modules can
consume a lot of system memory during an STP topology change using the default configuration for
flush method. In such situations, setting the flush method to port-only can help reduce the system
memory consumption.
Example
The following command sets the flush method to port-only:
configure stpd flush-method port-only
History
This command was available in ExtremeXOS 12.4.5.
Platform Availability
This command is available on all platforms.
Description
Specifies the time (in seconds) that the ports in this STPD spend in the listening and learning states
when the switch is the root bridge.
Syntax Description
stpd_name
seconds
Specifies the forward delay time in seconds. The default is 15 seconds, and the
range is 4 to 30 seconds.
Default
The default forward delay time is 15 seconds.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
Layer 2 Protocols
217
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
The range for the seconds parameter is 4 through 30 seconds.
Example
The following command sets the forward delay from STPD1 to 20 seconds:
configure stpd stpd1 forwarddelay 20
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Specifies the time delay (in seconds) between the transmission of BPDUs from this STPD when it is the
root bridge.
Syntax Description
stpd_name
seconds
Specifies the hello time in seconds. The default is 2 seconds, and the range is 1
to 10 seconds.
Default
The default hello time is 2 seconds.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
In an MSTP environment, configure the hello timer only on the CIST, not on the MSTIs.
Layer 2 Protocols
218
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
The range for the seconds parameter is 1 through 10 seconds.
Example
The following command sets the time delay from STPD1 to 10 seconds:
configure stpd stpd1 hellotime 10
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Specifies the maximum age of a BPDU in the specified STPD.
Syntax Description
stpd_name
seconds
Specifies the maxage time in seconds. The default is 20 seconds, and the
range is 6 to 40 seconds.
Default
The default maximum age of a BPDU is 20 seconds.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
Layer 2 Protocols
219
In an MSTP environment, configure the maximum age of a BPDU only on the CIST, not on the MSTIs.
The range for the seconds parameter is 6 through 40 seconds.
Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 *
(Forward Delay 1).
Example
The following command sets the maximum age of STPD1 to 30 seconds:
configure stpd stpd1 maxage 30
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Specifies the maximum hop count of a BPDU until the BPDU is discarded in the specified MSTP STP
domain.
Syntax Description
stpd_name
hopcount
Specifies the number of hops required to age out information and notify
changes in the topology. The default is 20 hops, and the range is 6 to 40
hops.
Default
The default hop count of a BPDU is 20 hops.
Usage Guidelines
This command is applicable only in an MSTP environment.
Layer 2 Protocols
220
If your STPD has the same name as another component, for example a VLAN, Extreme Networks
recommends that you specify the identifying keyword as well as the name. If your STPD has a name
unique only to that STPD, the keyword stpd is optional.
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
The range for the hopcount parameter is 6 through 40 hops.
In an MSTP environment, the hop count has the same purpose as the maxage timer for 802.1D and
802.1w environments.
The main responsibility of the CIST is to exchange or propagate BPDUs across regions. The switch
assigns the CIST an instance ID of 0, which allows the CIST to send BPDUs for itself in addition to all of
the MSTIs within an MSTP region. Inside a region, the BPDUs contain CIST records and piggybacked Mrecords. The CIST records contain information about the CIST, and the M-records contain information
about the MSTIs. Boundary ports only exchange CIST record BPDUs.
On boundary ports, only CIST record BPDUs are exchanged. In addition, if the other end is an 802.1D or
802.1w bridge, the maxage timer is used for interoperability between the protocols.
Example
The following command sets the hop of the MSTP STPD, STPD2, to 30 hops:
configure stpd stpd2 max-hop-count 30
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Configures the operational mode for the specified STP domain.
Syntax Description
stpd_name
dot1d
Layer 2 Protocols
221
dot1w
mstp
cist
Configures the specified STPD as the common instance spanning tree for the
MSTP region.
msti
Configures the specified STPD as a multiple spanning tree instance for the
MSTP region.
instance
Specifies the Id of the multiple spanning tree instance. The range is 1 to 4,094.
Default
The STPD operates in 802.1D mode.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
If you configure the STP domain in 802.1D mode, the rapid reconfiguration mechanism is disabled.
If you configure the STP domain in 802.1w mode, the rapid reconfiguration mechanism is enabled. You
enable or disable RSTP on a per STPD basis only. You do not enable RSTP on a per port basis.
If you configure the STP domain in MSTP mode, the rapid reconfiguration mechanism is enabled. You
enable or disable MSTP on a per STPD basis only. You do not enable MSTP on a per port basis. MSTP
STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your MSTP
STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.
You must first configure a Common and Internal Spanning Tree (CIST) before configuring any multiple
spanning tree instances (MSTIs) in the region. You cannot delete or disable a CIST if any of the MSTIs
are active in the system.
Example
The following command configures STPD s1 to enable the rapid reconfiguration mechanism and
operate in 802.1w mode:
configure stpd s1 mode dot1w
Layer 2 Protocols
222
History
This command was first available in ExtremeXOS 10.1.
The mstp parameter was added in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Allows a port to be selected as an alternate or backup port.
Syntax Description
stpd_name
port
Specifies a port.
Default
The default is disabled.
Usage Guidelines
Use this command to revert to the default that allows a specified port to be elected to any STP port
role.
Example
The following command disables an active role on STDP s1, port 6:3:
configure stpd s1 ports active-role disable 6:3
History
This command was first available in ExtremeXOS 12.5.
Platform Availability
This command is available on all platforms.
Layer 2 Protocols
223
Description
Prevents a port from becoming an alternate or backup port.
Syntax Description
stpd_name
port
Specifies a port.
Default
The default is disabled.
Usage Guidelines
Use this command to keep a port in an active role. It prevents a specified port from being elected to an
alternate or backup role which puts the port in a blocking state.
The following describes the port role and state when RSTP stabilizes.
STP Port Role
Port State
Alternate (inactive)
Blocking
Backup (inactive
Blocking
Root (active)
Forwarding
Designated (active)
Forwarding
This feature can be enabled on only one STP port in the STP domain.
The restricted port role cannot be combined with this feature.
An active port role (root or designated) cannot be enabled with an edge port.
To disable this command, use the configure stpd ports active-role disable command.
To view the status of the active role, use the show stpd ports command.
Example
The following command enables an active role on STDP s1, port 6:3:
configure stpd s1 ports active-role enable 6:3
Layer 2 Protocols
224
History
This command was first available in ExtremeXOS 12.5.
Platform Availability
This command is available on all platforms.
Description
Configures BPDU Restrict.
Syntax Description
stpd_name
port_list
bpdu-restrict
recovery-timeout
seconds
Specifies the time in seconds. The range is 60 to 600. The default is 300.
Default
The default is disabled.
Usage Guidelines
Before using this command, the port(s) should be configured for edge-safeguard.
Example
The following command enables bpdu-restrict on port 2 of STPD s1:
configure stpd s1 ports bpdu-restrict enable 2
History
This command was first available in ExtremeXOS 12.4.
Layer 2 Protocols
225
Platform Availability
This command is available on all platforms.
Description
Specifies the path cost of the port in the specified STPD.
Syntax Description
stpd_name
auto
Specifies the switch to remove any user-defined port cost value(s) and use
the appropriate default port cost value(s).
cost
port_list
Default
The switch automatically assigns a default path cost based on the speed of the port, as follows:
10 Mbps portthe default cost is 2,000,000.
100 Mbps portthe default cost is 200,000.
1000 Mbps portthe default cost is 20,000.
10000 Mbps portsthe default cost is 2,000.
The default port cost for trunked ports is dynamically calculated based on the available bandwidth.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
The 802.1D-2004 standard modified the default port path cost value to allow for higher link speeds. If
you have a network with both 802.1D-2004 and 802.1D-1998 compliant bridges, a higher link speed can
create a situation whereby an 802.1D-1998 compliant bridge could become the most favorable transit
path and possibly cause the traffic to span more bridges. To prevent this situation, configure the port
path cost to make links with the same speed use the same path host value. For example, if you have
Layer 2 Protocols
226
100 Mbps links on all bridges, configure the port path cost for the 802.1D-2004 compliant bridges to 19
instead of using the default 200,000.
Note
You cannot configure the port path cost on 802.1D-1998 compliant bridges to 200,000
because the path cost range setting is 1 to 65,535.
The range for the cost parameter is 1 through 200,000,000. If you configure the port cost, a setting of 1
indicates the highest priority.
If you configured a port cost value and specify the auto option, the switch removes the user-defined
port cost value and returns to the default, automatically assigned, port cost value.
The auto port cost of a trunk port is calculated based on number member ports in the trunk port. Link
up and down of the member port does not affect the trunk port cost, thus it does not trigger topology
change. Only adding or removing a member port to/from the trunk port causes auto trunk port cost to
change. Also, by so configuring a static trunk port cost, the value is frozen regardless of the number of
member ports in the trunk port.
Example
The following command configures a cost of 100 to slot 2, ports 1 through 5 in STPD s0:
configure stpd s0 ports cost 100 2:1-2:5
History
This command was first available in ExtremeXOS 10.1.
The auto option was added in ExtremeXOS 11.0.
The default costs were updated based on support for the 802.1D-2004 standard in ExtremeXOS 11.6.
Layer 2 Protocols
227
Platform Availability
This command is available on all platforms.
Description
Disables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.
Syntax Description
stpd_name
port_list
bpdu-restrict
recovery-timeout
seconds
Specifies the time in seconds. The range is 60 to 600. The default is 300.
Default
By default, this feature is disabled.
Usage Guidelines
This command applies only to ports that have already been configured as edge ports.
Loop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.
An edge port configured with edge safeguard immediately enters the forwarding state and transmits
BPDUs.
If you disable this feature, the edge port enters the forwarding state but no longer transmits BPDUs
unless a BPDU is received by that edge port. This is the default behavior.
Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is specified, the port
is permanently disabled.
BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-restrict
disableport_list command.
If edge safeguard is disabled, BPDU restrict is also disabled.
To view the status of the edge safeguard feature use the show {stpd} stpd_name ports {[detail
|port_list {detail}]} command. You can also use the show stpd {stpd_name | detail}
Layer 2 Protocols
228
command to display the STPD configuration on the switch, including the enable/disable state for edge
safeguard.
Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.
To enable or re-enable edge safeguard, use one of the following commands:
Example
The following command disables edge safeguard on RSTP edge port 4 in STPD s1 on a stand-alone
switch:
configure stpd s1 ports edge-safeguard disable 4
The following command disables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1 on
a modular switch:
configure stpd s1 ports edge-safeguard disable 2:3
History
This command was first available in ExtremeXOS 11.4.
The BPDU Restrict function was added in ExtremeXOS 12.4.
Platform Availability
This command is available on all platforms.
Description
Enables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.
Layer 2 Protocols
229
Syntax Description
stpd_name
port_list
bpdu-restrict
recovery-timeout
seconds
Specifies the time in seconds. The range is 60 to 600. The default is 300.
Default
By default, this feature is disabled.
Usage Guidelines
This command applies only to ports that have already been configured as edge ports.
Loop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.
You configure edge safeguard on RSTP or MSTP edge ports to prevent accidental or deliberate
misconfigurations (loops) resulting from connecting two edge ports together or by connecting a hub or
other non-STP switch to an edge port. Edge safeguard also limits the impact of broadcast storms that
might occur on edge ports.
An edge port configured with edge safeguard immediately enters the forwarding state and transmits
BPDUs. This advanced loop prevention mechanism improves network resiliency but does not interfere
with the rapid convergence of edge ports.
Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is specified, the port
is permanently disabled.
BPDU restrict can be disabled using the configure {stpd} stpd_name ports bpdu-restrict
[enable | disable]port_list {recovery-timeout {seconds}} command and selecting
disable.
If edge safeguard is disabled, BPDU restrict is also disabled.
To view the status of the edge safeguard feature use the show {stpd} stpd_name ports {[detail
|port_list {detail}]} command. You can also use the show stpd {stpd_name | detail}
command to display the STPD configuration on the switch, including the enable/disable state for edge
safeguard.
Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.
To disable edge safeguard, use one of the following commands:
Layer 2 Protocols
230
Example
The following command enables edge safeguard on RSTP edge port 4 in STPD s1 on a stand-alone
switch:
configure stpd s1 ports edge-safeguard enable 4
The following command enables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1 on
a modular switch:
configure stpd s1 ports edge-safeguard enable 2:3
History
This command was first available in ExtremeXOS 11.4.
The BPDU Restrict function was added in ExtremeXOS 12.4.
Platform Availability
This command is available on all platforms.
Description
Configures the ports in the specified STPD as auto, broadcast, edge, or point-to-point link types.
Syntax Description
stpd_name
auto
Specifies the switch to automatically determine the port link type. An auto
link behaves like a point-to-point link if the link is in full-duplex mode or if link
aggregation is enabled on the port. Used for 802.1w configurations.
broadcast
Specifies a port attached to a LAN segment with more than two bridges.
Used for 802.1D configurations. A port with broadcast link type cannot
participate in rapid reconfiguration using RSTP or MSTP. By default, all STP.1D
ports are broadcast links.
point-to-point
Specifies a port attached to a LAN segment with only two bridges. A port
with point-to-point link type can participate in rapid reconfiguration. Used for
802.1w and MSTP configurations. By default, all 802.1w and MSTP ports are
point-to-point link types.
Layer 2 Protocols
231
port_list
edge
Specifies a port that does not have a bridge attached. An edge port is placed
and held in the STP forwarding state unless a BPDU is received by the port.
Used for 802.1w and MSTP configurations.
edge-safeguard
Specifies that the edge port be configured with edge safeguard, a loop
prevention and detection mechanism. Used for 802.1w and MSTP
configurations.
enable
disable
bpdu-restrict
recovery-timeout
seconds
Specifies the time in seconds. The range is 60 to 600. The default is 300.
Default
STP.1D ports are broadcast link types 802.1w and MSTP ports are point-to-point link types.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
The default, broadcast links, supports legacy STP (802.1D) configurations. If the switch operates in
802.1D mode, any configured port link type will behave the same as the broadcast link type.
RSTP rapidly moves the designated ports of a point-to-point link type into the forwarding state. This
behavior is supported by RSTP and MSTP only.
In an MSTP environment, configure the same link types for the CIST and all MSTIs.
Layer 2 Protocols
232
Edge Safeguard
Loop prevention and detection on an edge port configured for RSTP or MSTP is called edge safeguard.
You configure edge safeguard on RSTP or MSTP edge ports to prevent accidental or deliberate
misconfigurations (loops) resulting from connecting two edge ports together or by connecting a hub or
other non-STP switch to an edge port. Edge safeguard also limits the impact of broadcast storms that
might occur on edge ports.
An edge port configured with edge safeguard immediately enters the forwarding state and transmits
BPDUs. This advanced loop prevention mechanism improves network resiliency but does not interfere
with the rapid convergence of edge ports.
Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is specified, the port
is permanently disabled.
BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-restrict
disableport_list command.
If edge safeguard is disabled, BPDU restrict is also disabled.
To configure a port as an edge port and enable edge safeguard on that port, use the configure stpd
stpd_name ports link-type edgeport_list edge-safeguard command and specify enable.
To disable edge safeguard on the edge port, use the configure stpd stpd_name ports linktype edgeport_list edge-safeguard command and specify disable.
Two other commands are also available to enable and disable edge safeguard:
configure stpd ports edge-safeguard enable configure stpd ports edge-safeguard
disable
Example
The following command configures slot 2, ports 1 through 4 to be point-to-point links in STPD s1:
configure stpd s1 ports link-type point-to-point 2:1-2:4
The following command enables edge safeguard on the RSTP edge port on slot 2, port 3 in STPD s1
configured for RSTP:
configure stpd s1 ports link-type edge 2:3 edge-safeguard enable
History
This command was first available in ExtremeXOS 10.1.
The BPDU Restrict function was added in ExtremeXOS 12.4.
Layer 2 Protocols
233
Platform Availability
This command is available on all platforms.
Description
Configures the encapsulation mode for the specified port list.
Syntax Description
stpd_name
dot1d
emistp
pvst-plus
port_list
Default
Ports in the default STPD (s0) are dot1d mode.
Ports in user-created STPDs are in emistp mode.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct operation of your
MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode for MSTP STPDs.
You can specify the following STP encapsulation modes:
dot1dThis mode is reserved for backward compatibility with previous STP versions. BPDUs are
sent untagged in 802.1D mode. Because of this, any given physical interface can have only one STPD
running in 802.1D mode.
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
emistpThis mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
Layer 2 Protocols
234
pvst-plusThis mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, and
send and process packets in PVST+ format.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
Example
The following command configures STPD s1 with PVST+ packet formatting for slot 2, port 1:
configure stpd s1 ports mode pvst-plus 2:1
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Specifies the port priority of the port in the specified STPD.
Syntax Description
stpd_name
priority
Specifies a numerical port priority value. The range is 0 through 240 and is
subject to the multiple of 16 restriction.
port_list
Default
The default is 128.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
Layer 2 Protocols
235
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
By changing the priority of the port, you can make it more or less likely to become the root port or a
designated port.
To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existing
configure stpd ports priority command is available in ExtremeXOS 11.6. If you have an
ExtremeXOS 11.5 or earlier configuration, the switch interprets the port priority based on the
802.1D-1998 standard. If the switch reads a value that is not supported in ExtremeXOS 11.6, the switch
rejects the entry. For example, if the switch reads the configure stpd ports priority 16 command from an
ExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command configure stpd ports
priority 8 entered through CLI), the switch saves the value in the new ExtremeXOS 11.6 configuration as
configure stpd ports port-priority 128.
A setting of 0 indicates the highest priority.
The range for the priority parameter is 0 through 240 and is subject to the multiple of 16 restriction.
Example
The following command assigns a priority of 32 to slot 2, ports 1 through 5 in STPD s0:
configure stpd s0 ports port-priority 32 2:1-2:5
History
This command was first available in ExtremeXOS 11.6.
Platform Availability
This command is available on all platforms.
Description
Specifies the port priority of the port in the specified STPD.
Layer 2 Protocols
236
Syntax Description
stpd_name
priority
Specifies a numerical port priority value. The range is 0 through 31 for STP
and 0 through 15 for MSTP and RSTP.
port_list
Default
The default is 128.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
By changing the priority of the port, you can make it more or less likely to become the root port or a
designated port.
To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier configurations, the existing
configure stpd ports priority command is available in ExtremeXOS 11.6. If you have an
ExtremeXOS 11.5 or earlier configuration, the switch interprets the port priority based on the
802.1D-1998 standard. If the switch reads a value that is not supported in ExtremeXOS 11.6, the switch
rejects the entry.
A setting of 0 indicates the highest priority.
The range for the priority parameter is 0 through 31 for STP and 0 through 15 for MSTP and RSTP.
ExtremeXOS 11.6 introduces support for a new ports priority command: configure stpd ports
port-priority. When you save the port priority value in an ExtremeXOS 11.6 configuration, the switch
saves it as the new command configure stpd ports port-priority with the corresponding
change in priority values. The priority range of this command is 0 through 240 and is subject to the
multiple of 16 restriction. For more information see configure stpd ports port-priority.
Layer 2 Protocols
237
Example
The following command assigns a priority of 1 to slot 2, ports 1 through 5 in STPD s0:
configure stpd s0 ports priority 1 2:1-2:5
History
This command was first available in ExtremeXOS 10.1.
The priority range and behavior was updated based on support for the 802.1D-2004 standard in
ExtremeXOS 11.6.
Platform Availability
This command is available on all platforms.
Description
Disables restricted role on the specified port inside the core network.
Syntax Description
stpd_name
port_list
Default
N/A.
Usage Guidelines
The restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. A
network administrator enables the restricted role to prevent bridges external to a core region of the
network from influencing the spanning tree active topology, possibly because those bridges are not
under the full control of the administrator.
Note
Disabling Restricted Role at CIST is inherited by all MSTI.
Layer 2 Protocols
238
Example
The following command disables restricted role for s1 on port 6:3:
configure stpd s1 ports restricted-role disable 6:3
History
This command was first available in ExtremeXOS 12.1.
This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.
Platform Availability
This command is available on all platforms.
Description
Enables restricted role on the specified port inside the core network.
Syntax Description
stpd_name
port_list
Default
N/A.
Usage Guidelines
Enabling restricted role causes the port not to be selected as a root port even if it has the best spanning
tree priority vector. Such a port is selected as an alternate port after the root port has been selected.
The restricted role is disabled by default. If set, it can cause a lack of spanning tree connectivity. A
network administrator enables the restricted role to prevent bridges external to a core region of the
network from influencing the spanning tree active topology, possibly because those bridges are not
under the full control of the administrator.
Note
Restricted role should not be enabled with edge mode.
Enabling Restricted Role at CIST is inherited by all MSTI.
Layer 2 Protocols
239
Example
The following command enables restricted role on port 6:3:
configure stpd s1 ports restricted-role enable 6:3
History
This command was first available in ExtremeXOS 12.1.
This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.
Platform Availability
This command is available on all platforms.
Description
Specifies the bridge priority of the STPD.
Syntax Description
stpd_name
priority
Specifies the bridge priority of the STPD. The range is 0 through 61,440 and is
subject to the multiple of 4,096 restriction.
Default
The default priority is 32,768.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
By changing the bridge priority of the STPD, you can make it more or less likely to become the root
bridge.
Layer 2 Protocols
240
The range for the priority parameter is 0 through 61,440 and is subject to the multiple of 4,096
restriction. A setting of 0 indicates the highest priority.
If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP bridge priority
that is not a multiple of 4,096, the switch rejects the entry and the bridge priority returns to the default
value. The MSTP implementation already uses multiples of 4,096 to determine the bridge priority.
For example, to lower the numerical value of the priority (which gives the priority a higher precedence),
you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672. If you modify the priority by a
value other than 4,096, the switch rejects the entry.
Example
The following command sets the bridge priority of STPD1 to 16,384:
configure stpd stpd1 priority 16384
History
This command was first available in ExtremeXOS 10.1.
The priority range and behavior was updated based on support for the 802.1D-2004 standard in
ExtremeXOS 11.6.
Platform Availability
This command is available on all platforms.
Description
Assigns an StpdID to an STPD.
Syntax Description
stpd_name
stpd_tag
Specifies the VLAN ID of the carrier VLAN that is owned by the STPD.
Layer 2 Protocols
241
Default
N/A.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If your STPD has a name unique only to that STPD,
the keyword stpd is optional.
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
An STPD ID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An STPD ID must be identical to the VLAN ID of the carrier VLAN in that STP domain, and that VLAN
cannot belong to another STPD. Unless all ports are running in 802.1D mode, an STPD with ports
running in either EMISTP mode or PVST+ mode must be configured with an STPD ID.
You must create and configure the VLAN, along with the tag, before you can configure the STPD tag.
To create a VLAN, use the create vlan command. To configure the VLAN, use the configure vlan
commands.
MSTP Only
MSTPuses two different methods to identify the STPDs that are part of the MSTP network. An instance
ID of 0 identifies the CIST. The switch assigns this ID automatically when you configure the CIST STPD.
To configure the CIST STPD, use the configure stpd stpd_name mode [dot1d | dot1w | mstp
[cist | mstiinstance]] command.
An MSTI identifier (MSTI ID) identifies each STP domain that is part of an MSTP region. You assign the
MSTI ID when configuring the STPD that participates in the MSTP region. Each STPD that participates in
a particular MSTP region must have the same MSTI ID. To configure the MSTI ID, use the configure
stpd stpd_name mode [dot1d | dot1w | mstp [cist | mstiinstance]] command.
Example
The following example assigns an StpdID to the purple_st STPD:
configure stpd purple_st tag 200
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Layer 2 Protocols
242
Description
Adds one or more ports in a VLAN to a specified STPD.
Syntax Description
vlan_name
all
port_list
tagged
tag
Specifies the port-specific VLAN tag. When there are multiple ports
specified in the port_list, the same tag is used for all of them. When
unspecified port tag is equal to the VLAN tag.
untagged
stpd_name
dot1d
emistp
pvst-plus
Default
Ports in the default STPD (s0) are in dot1.d mode.
Ports in user-created STPDs are in emistp mode.
Usage Guidelines
To create a VLAN, use the create vlan command. To create an STP domain, use the create stpd
command.
In an EMISTP or PVST+ environment, this command adds a list of ports to a VLAN and a specified STPD
at the same time provided the carrier VLAN already exists on the same set of ports. You can also
specify the encapsulation mode for those ports.
In an MSTP environment, you do not need a carrier VLAN. A CIST controls the connectivity of
interconnecting MSTP regions and sends BPDUs across the regions to communicate region status. You
must use the dot1d encapsulation mode in an MSTP environment.
You cannot configure STP on the following ports:
Mirroring target ports.
Layer 2 Protocols
243
Naming Conventions
If your VLAN has the same name as another component, for example an STPD, we recommend that
you specify the identifying keyword as well as the name. If your VLAN has a name unique only to that
VLAN, the keywords vlan and stpd are optional.
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
emistpThis mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
pvst-plusThis mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, and
send and process packets in PVST+ format.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
These encapsulation modes are for STP ports, not for physical ports. When a physical ports belongs to
multiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run in
different modes for different domains for which it belongs.
MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from configuring
EMISTP or PVST+ encapsulation mode for MSTP STPDs.
Specify the port tag when you need to put multiple vlans into a broadcast domain.
Layer 2 Protocols
244
Example
The following command adds slot 1, port 2 and slot 2, port 3, members of a VLAN named Marketing, to
the STPD named STPD1, and specifies that they be in EMISTP mode:
configure vlan marketing add ports 1:2, 2:3 tagged stpd stpd1 emistp
The following example configures a VLAN with tag 100, and port tag of 10 and 11 on the same ports:
create vlan exchange tag 100
config vlan exchange add ports 3 tagged 10
config vlan exchange add ports 3 tagged 11
The following example configures VLAN with tag 100, and port tag of 10 on two ports and 11 on a
different port:
create vlan exchange tag 100
config vlan exchange add ports 2:3,2:4 tagged 10
config vlan exchange add ports 2:5 tagged 11
History
This command was first available in ExtremeXOS 10.1.
The nobroadcast keyword was removed in ExtremeXOS 11.4.
The tag variable was added in ExtremeXOS 15.4.
Platform Availability
This command is available on all platforms.
Layer 2 Protocols
245
Description
Creates an EAPS shared port on the switch.
Syntax Description
ports
Default
N/A.
Usage Guidelines
To configure a common link, you must create a shared port on each switch on either end of the
common link.
Example
The following command creates a shared port on the EAPS domain.
create eaps shared-port 1:2
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
create eaps
create eaps name
Description
Creates an EAPS domain with the specified name.
Syntax Description
name
Layer 2 Protocols
246
Default
N/A.
Usage Guidelines
An EAPS domain name must begin with an alphabetical character and may contain alphanumeric
characters and underscores (_), but it cannot contain spaces. The maximum allowed length for a name
is 32 characters. For name creation guidelines and a list of reserved names, see Object Names in the
ExtremeXOS Concepts Guide.
Example
The following command creates EAPS domain eaps_1:
create eaps eaps_1
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Creates an ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to create an ERPS ring.
Layer 2 Protocols
247
Example
The following command creates an ERPS ring named ring1:
create erps ring1
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
create stpd
create stpd stpd_name {description stpd-description}
Description
Creates a user-defined STPD.
Syntax Description
stpd_name
stpd-description
Default
The default device configuration contains a single STPD called s0.
When an STPD is created, the STPD has the following default parameters:
Statedisabled.
StpdIDnone.
Assigned VLANsnone.
Bridge priority32,768.
Maximum BPDU age20 seconds.
Hello time2 seconds.
Forward delay15 seconds.
Operational mode802.1D.
Rapid Root Failoverdisabled.
Default Binding Mode (encapsulation mode)Ports in the default STPD (s0) are in 802.1d mode.
Ports in user-created STPDs are in emistp mode.
Layer 2 Protocols
248
Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric characters and
underscores ( _ ) but cannot be any reserved keywords, for example, stp or stpd. Names must start
with an alphabetical character, for example, a, Z. For name creation guidelines and a list of reserved
names, see Object Names in the .
Each STPD name must be unique and cannot duplicate any other named STPDs on the switch. If you
are uncertain about the STPD names on the switch, use the show stpd command to view the STPD
names.
You can, however, re-use names across multiple categories of switch configuration. For example, you
can use the name Test for an STPD and a VLAN. If you use the same name, we recommend that you
specify the appropriate keyword when configuring the STPD. If you do not specify the appropriate
keyword, the switch displays a message similar to the following:
%% Ambiguous command: "configure Test"
To view the names of the STPDs on the switch, enter configure and press [Tab]. Scroll to the end of the
output to view the names.
The maximum length for an STPD description is 180 characters. The description must be in quotes if the
string contains any spaces. To display the description, use the show stpd stpd_name command.
Each STPD has its own Root Bridge and active path. After the STPD is created, one or more VLANs can
be assigned to it.
Example
The following example creates an STPD named purple_st:
create stpd purple_st
History
This command was first available in ExtremeXOS 10.1.
The STPD description option was added in ExtremeXOS 12.4.4.
Platform Availability
This command is available on all platforms.
Layer 2 Protocols
249
Description
Debugs ERPS ring by checking "show" output.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
To debug this feature, check the output of "show erps" and "show erps ring" to see if the node state is
as expected. In steady state, the node should be in "Idle" or "Protected" state.
Check the output of "show erps ring statistics" to see if any error/dropped counters are incrementing. If
they are check the state of the ring ports and trace these links to the neighbor node to see the state of
the links. The output of "show log" after turning on the filters for ERPS should provide more information
on what is happening on the switch.
Example
Example output not yet available and will be provided in a future release.
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
debug erps
debug erps [options]
Description
Debugs an ERPS ring.
Layer 2 Protocols
250
Syntax Description
options
Default
N/A.
Usage Guidelines
Use this command to debug an ERPS ring.
Example
The following command debugs an ERPS ring:
debug erps [options]
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Deletes an EAPS shared port on a switch.
Syntax Description
ports
Default
N/A.
Usage Guidelines
None.
Layer 2 Protocols
251
Example
The following command deletes shared port 1:1.
delete eaps shared-port 1:1
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
delete eaps
delete eaps name
Description
Deletes the EAPS domain with the specified name.
Syntax Description
name
Default
N/A.
Usage Guidelines
None.
Example
The following command deletes EAPS domain eaps_1:
delete eaps eaps_1
History
This command was first available in ExtremeXOS 11.0.
Layer 2 Protocols
252
Platform Availability
This command is available on all platforms.
delete erps
delete erps ring-name
Description
Deletes an ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to delete an ERPS ring.
Example
The following command deletes an ERPS ring named ring1:
delete erps ring1
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
delete stpd
delete stpd stpd_name
Description
Removes a user-defined STPD from the switch.
Layer 2 Protocols
253
Syntax Description
stpd_name
Default
N/A.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If you do not specify the stpd keyword, an error
message similar to the following is displayed:
%% Ambiguous command: "delete Test"
In this example, to delete the STPD Test, enter delete stpd Test.
If you created an STPD with a name unique only to that STPD, the keyword stpd is optional.
The default STPD, s0, cannot be deleted.
In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are active in the
system.
Example
The following command deletes an STPD named purple_st:
delete stpd purple_st
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
disable eaps
disable eaps {name}
Description
Disables the EAPS function for a named domain or for an entire switch.
Layer 2 Protocols
254
Syntax Description
name
Default
Disabled for the entire switch.
Usage Guidelines
To prevent loops in the network, the switch displays by default a warning message and prompts you to
disable EAPS for a specific domain or the entire switch. When prompted, do one of the following:
Enter y to disable EAPS for a specific domain or the entire switch.
Enter n or press [Return] to cancel this action.
If you have considerable knowledge and experience with EAPS, you might find the EAPS loop
protection warning messages unnecessary. For more information, see the configure eaps
config-warnings off .
Example
The following command disables the EAPS function for entire switch:
disable eaps
The switch displays the following warning message and prompts you to confirm this action:
WARNING: Disabling EAPS on the switch could cause a loop in the network!
Are you sure you want to disable EAPS? (y/n) Enter y to disable EAPS on the switch. Enter n to cancel
this action.
The following command disables the EAPS function for the domain eaps-1:
disable eaps eaps-1
The switch displays the following warning message and prompts you to confirm this action:
WARNING: Disabling specific EAPS domain could cause a loop in the
network!
Are you sure you want to disable this specific EAPS domain? (y/n)
Enter y to disable the EAPS function for the specified domain. Enter n to cancel this action.
History
This command was first available in ExtremeXOS 11.0.
The interactive messages were added in ExtremeXOS 11.4.
Layer 2 Protocols
255
Platform Availability
This command is available on all platforms.
Description
Disables the ability on ERPS rings to block virtual channel recovery to avoid temporary loops .
Syntax Description
ring-name
block-vc-recovery
Default
N/A.
Usage Guidelines
Use this command to disable the ability on ERPS rings to block on virtual channel recovery to avoid
temporary loops. This is done on interconnected nodes for sub-ring configurations.
Example
The following example disables a virtual channel recovery block on ring1:
diable erps ring1 block-vc-recovery
History
This command was first available in ExtremeXOS 15.13.
Platform Availability
This command is available on all platforms that are running ExtremeXOS.
Layer 2 Protocols
256
Description
Disable an existing ERPS ring/sub-ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to disable an existing ERPS ring/sub-ring.
Example
The following example disables an existing ERPS ring identified as ring1:
disable erps ring1
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Disable the ability of ERPS to set the topology-change bit to send out Flush events.
Syntax Description
ring-name
topology-change
Layer 2 Protocols
257
Default
N/A.
Usage Guidelines
Use this command to disable the ability of ERPS to set the topology-change bit to send out Flush
events.
Example
The following example disables the ability to set the topology-change bit for an existing ERPS sub-ring
identified as ring1:
disable erps ring1 topology-change
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
disable erps
disable erps
Description
Disable ERPS (Ethernet Ring Protection Switching/ITU-T G.8032 standard).
Syntax Description
N/A.
Default
N/A.
Usage Guidelines
Use this command to disable ERPS.
Layer 2 Protocols
258
Example
The following command disables ERPS:
disable erps
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Syntax Description
stpd_name
vlan_name
Default
The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the default
VLAN that participates in the default STPD S0.
Usage Guidelines
Note
Ports already in the STPD remain in that domain (as if they were added manually).
If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are optional.
Ports added to the STPD automatically when autobind is enabled are not removed when autobind is
disabled. The ports are present after a switch reboot.
To view STP configuration status of the ports in a VLAN, use the following command:
show {vlan} vlan_name stpd
Layer 2 Protocols
259
Example
The following example disables autobind on an STPD named s8:
disable stpd s8 auto-bind v5
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Syntax Description
stpd_name
all
port_list
Default
Enabled.
Usage Guidelines
If you create the STPD with a unique name, the keyword stpd is optional.
Disabling STP on one or more ports puts those ports in the forwarding state; all BPDUs received on
those ports are disregarded and dropped.
Use the all keyword to specify that all ports of a given STPD are disabled.
Use the port_list parameter to specify a list of ports of a given STPD are disabled.
If you do not use the default STPD, you must create one or more STPDs and configure and enable the
STPD before you can use the disable stpd ports command.
Layer 2 Protocols
260
Example
The following command disables slot 2, port 4 on an STPD named Backbone_st:
disable stpd backbone_st ports 2:4
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Disables rapid root failover for STP recovery times.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
This command is applicable for STPDs operating in 802.1D.
After you have created the STPD with a unique name, the keyword stpd is optional.
To view the status of rapid root failover on the switch, use the show stpd command. The show stpd
command displays information about the STPD configuration on the switch including the enable/
disable state for rapid root failover.
Example
The following command disables rapid root fail over on STPD Backbone_st:
disable stpd backbone_st rapid-root-failover
Layer 2 Protocols
261
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
disable stpd
disable stpd {stpd_name}
Description
Disables the STP protocol on a particular STPD or for all STPDs.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
After you have created the STPD with a unique name, the keyword stpd is optional.
If you want to disable the STP protocol for all STPDs, do not specify an STPD name.
In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are active in the
system.
Example
The following command disables an STPD named purple_st:
disable stpd purple_st
The following command disables the STP protocol for all STPDs on the switch:
disable stpd
History
This command was first available in ExtremeXOS 10.1.
Layer 2 Protocols
262
Platform Availability
This command is available on all platforms.
enable eaps
enable eaps {name}
Description
Enables the EAPS function for a named domain or for an entire switch.
Syntax Description
Specifies the name of an EAPS domain.
name
Default
Disabled.
Default command enables EAPS for the entire switch.
Usage Guidelines
Note
If you use the same name across categories (for example, STPD and EAPS names), you must
specify the identifying keyword as well as the actual name.
To configure and enable an EAPS, complete the following steps:
1
2
3
4
5
6
7
8
9
10
11
12
Although you can enable EAPS prior to configuring these steps, the EAPS domain(s) does not run until
you configure these parameters.
* These steps can be configured at any time, even after the EAPS domains are running.
Layer 2 Protocols
263
You must enable EAPS globally and specifically for each named EAPS domain.
Example
The following command enables the EAPS function for entire switch:
enable eaps
The following command enables the EAPS function for the domain eaps-1:
enable eaps eaps-1
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Enable ability on ERPS rings to block virtual channel recovery to avoid temporary loops .
Syntax Description
ring-name
block-vc-recovery
Default
N/A.
Usage Guidelines
Use this command to enable ability on ERPS rings to block on virtual channel recovery to avoid
temporary loops. This is done on interconnected nodes for sub-ring configurations.
Layer 2 Protocols
264
Example
The following example enables a virtual channel recovery block on ring1:
enable erps ring1 block-vc-recovery
History
This command was first available in ExtremeXOS 15.13.
Platform Availability
This command is available on all platforms that are running ExtremeXOS.
Description
Enable an existing ERPS ring/sub-ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to enable an existing ERPS ring/sub-ring.
Example
The following example enables an existing ERPS ring identified as ring1:
enable erps ring1
History
This command was first available in ExtremeXOS 15.1.
Layer 2 Protocols
265
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Enable the ability of ERPS to set the topology-change bit to send out Flush events.
Syntax Description
ring-name
topology-change
Default
N/A.
Usage Guidelines
Use this command to enable the ability of ERPS to set the topology-change bit to send out Flush
events.
Example
The following example enables the ability to set the topology-change bit for an existing ERPS sub-ring
identified as ring1:
enable erps ring1 topology-change
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
enable erps
enable erps
Layer 2 Protocols
266
Description
Enable ERPS (Ethernet Ring Protection Switching/ITU-T G.8032 standard).
Syntax Description
N/A.
Default
N/A.
Usage Guidelines
Use this command to enable ERPS.
Example
enable erps
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Automatically adds ports to an STPD when ports are added to a member VLAN.
Syntax Description
stpd_name
vlan_name
Default
The autobind feature is disabled on user-created STPDs. The autobind feature is enabled on the default
VLAN that participates in the default STPD S0.
Layer 2 Protocols
267
If you enable autobind and add ports to a member VLAN, those ports are automatically added to the
STPD.
Usage Guidelines
If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are optional.
You cannot configure the autobind feature on a network login VLAN.
In an EMISTP or PVST+ environment, when you issue this command, any port or list of ports that you
add to the carrier VLAN are automatically added to the STPD with autobind enabled. In addition, any
port or list of ports that you remove from a carrier VLAN are automatically removed from the STPD.
This allows the STPD to increase or decrease its span as you add ports to or remove ports from a
carrier VLAN.
For MSTP, when you issue this command, any port or list of ports that gets automatically added to an
MSTI are automatically inherited by the CIST. In addition, any port or list of ports that you remove from
an MSTI protected VLAN are automatically removed from the CIST. For more information see the
section. For more information, see Automatically Inheriting Ports--MSTP Only on page 269.
Carrier VLAN
A carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belong
to the STPD and the 802.1Q tag used to transport STP BPDUs in the encapsulation mode is EMISTP or
PVST+. Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside the
control of any STPD at the same time.
Note
The STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD.
If you configure MSTP, you do not need a carrier VLAN. With MSTP, you configure a CIST that controls
the connectivity of interconnecting MSTP regions and sends BPDUs across the regions to communicate
the status of MSTP regions. All VLANs participating in the MSTP region have the same privileges.
Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD. These VLANs piggyback on the
carrier VLAN. Protected VLANs do not transmit or receive STP BPDUs, but they are affected by STP
state changes and inherit the state of the carrier VLAN. Protected VLANs can participate in multiple
STPDs, but any particular port in the VLAN can belong to only one STPD.
Enabling autobind on a protected VLAN does not expand the boundary of the STPD. However, the
VLAN and port combinations are added to or removed from the STPD subject to the boundaries of the
carrier VLAN.
If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs do
not transmit or receive STP BPDUs, but they are affected by STP state changes communicated by the
CIST to the MSTP regions. MSTIs cannot share the same protected VLAN; however, any port in a
protected VLAN can belong to multiple MSTIs.
Layer 2 Protocols
268
Example
The examples in this section assume that you have already removed the ports from the Default VLAN.
To automatically add ports to an STPD running 802.1D, EMISTP, or PVST+ and to expand the boundary
of the STPD, you must complete the following tasks:
Create the carrier VLAN.
Assign a VLAN ID to the carrier VLAN.
Add ports to the carrier VLAN.
Create an STPD (or use the default, S0).
Enable autobind on the STPDs carrier VLAN.
Configure the STPD tag (the STPD ID must be identical to the VLAN ID of the carrier VLAN in the
STP domain).
Enable STP.
The following example enables autobind on an STPD named s8 after creating a carrier VLAN named v5:
create vlan v5
configure vlan
configure vlan
create stpd s8
enable stpd s8
configure stpd
enable stpd s8
v5 tag 100
v5 add ports 1:1-1:20 tagged
auto-bind v5
s8 tag 100
To automatically add ports to the CIST STPD and to expand the boundary of the STPD, you must
complete the following tasks:
Create a VLAN or use the Default VLAN. (In this example, the Default VLAN is used.)
Create the MSTP region.
Create the STPD to be used as the CIST, and configure the mode of operation for the STPD.
Specify the priority for the CIST.
Enable the CIST.
The following example enables autobind on the VLAN Default for the CIST STPD named s1:
configure mstp region 1
create stpd s1
configure stpd s1 mode mstp cist
Layer 2 Protocols
269
The following example enables autobind on the VLAN math for the MSTI STPD named s2:
create vlan math
configure vlan math tag 2
configure vlan math add ports 2-3
configure mstp region 1
create stpd s2
configure stpd s2 mode mstp msti 1
configure stpd s2 priority 32768
enable stpd s2 auto-bind vlan math
configure stpd s2 ports link-type point-to-point 5-6
enable stpd s2
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Enables the STP protocol on one or more ports.
Syntax Description
stpd_name
all
port_list
Default
Enabled.
Usage Guidelines
If you create an STPD with a unique name, the keyword stpd is optional.
If STP is enabled for a port, BPDUs are generated and processed on that port if STP is enabled for the
associated STPD.
Layer 2 Protocols
270
You must configure one or more STPDs before you can use the enable stpd ports command. To
create an STPD, use the create stpd stpd_name {descriptionstpd-description} command. If
you have considerable knowledge and experience with STP, you can configure the STPD using the
configure stpd commands. However, the default STP parameters are adequate for most networks.
Example
The following command enables slot 2, port 4 on an STPD named Backbone_st:
enable stpd backbone_st ports 2:4
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Description
Enables rapid root failover for faster STP recovery times.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
This command is applicable for STPDs operating in 802.1D.
If you create an STPD with a unique name, the keyword stpd is optional.
To view the status of rapid root failover on the switch, use the show stpd command. The show stpd
command displays information about the STPD configuration on the switch including the enable/
disable state for rapid root failover.
Layer 2 Protocols
271
Example
The following command enables rapid root fail over on STPD Backbone_st:
enable stpd backbone_st rapid-root-failover
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
enable stpd
enable stpd {stpd_name}
Description
Enables the STP protocol for one or all STPDs.
Syntax Description
stpd_name
Default
Disabled.
Usage Guidelines
If you want to enable the STP protocol for all STPDs, do not specify an STPD name.
Example
The following command enables an STPD named Backbone_st:
enable stpd backbone_st
History
This command was first available in ExtremeXOS 10.1.
Layer 2 Protocols
272
Platform Availability
This command is available on all platforms.
MSTP
MSTP logically divides a Layer 2 network into regions.
Each region has a unique identifier and contains multiple spanning tree instances (MSTIs). An MSTI is a
spanning tree domain that operates within and is bounded by a region. MSTIs control the topology
inside the regions. The Common and Internal Spanning Tree (CIST) is a single spanning tree domain
that interconnects MSTP regions. The CIST is responsible for creating a loop-free topology by
exchanging and propagating BPDUs across regions to form a Common Spanning Tree (CST).
MSTP uses RSTP as its converging algorithm and is interoperable with the legacy STP protocols: STP
(802.1D) and RSTP (802.1w).
RSTP
The Rapid Spanning Tree Protocol (RSTP) IEEE 802.1w provides an enhanced spanning tree algorithm
that improves the convergence speed of bridged networks.
RSTP takes advantage of point-to-point links in the network and actively confirms that a port can safely
transition to the forwarding state without relying on any timer configurations. If a network topology
change or failure occurs, RSTP rapidly recovers network connectivity by confirming the change locally
before propagating that change to other devices across the network. For broadcast links, there is no
difference in convergence time between STP and RSTP.
RSTP supersedes legacy STP protocols, supports the existing STP parameters and configurations, and
allows for seamless interoperability with legacy STP.
Description
Set up force and manual switch triggers to the ERPS ring/sub-ring.
Syntax Description
ring-name
force-switch
manual-switch
port
Layer 2 Protocols
273
Default
N/A.
Usage Guidelines
Use this command to set up force and manual switch triggers to the ERPS ring/sub-ring.
Example
The following command sets up force switch operation on port 6 of an ERPS ring named ring1:
run erps ring1 force-switch port 6
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Displays summary EAPS CFM groups information.
Syntax Description
There are no keywords or variables for this command.
Default
N/A.
Usage Guidelines
The following command displays EAPS CFM group information:
X480-48t.2 # sh eaps cfm groups
------------------------------------------------------------------------------MEP Group Name
Status Port
MEP ID
Layer 2 Protocols
274
------------------------------------------------------------------------------eapsCfmGrp1
Up
41
11
eapsCfmGrp2
Up
31
12
History
This command was first available in ExtremeXOS 15.2.
Platform Availability
This command is available on all platforms.
Description
Displays summary EAPS shared port counter information.
Syntax Description
global
Displays general counter information for all configured EAPS shared port instances. The output
displayed is calculated for all configured EAPS shared ports; not just one specific shared port
instance.
port
segport
Identifies the segment port. The segment port is the other ring port of an EAPS domain that is
not the shared-port.
eapsDomain
Specifies the name of the EAPS domain. If no EAPS domain is specified, all counters for all EAPS
domains on the specified segment port are displayed.
Default
N/A.
Usage Guidelines
If the switch is configured for EAPS shared ports, use this command to display an array of counters
associated with the EAPS shared port functionality.
If you specify the global keyword, the switch displays general counter information for all configured
EAPS shared port instances. The output displayed is calculated for all configured EAPS shared ports;
not just one specific shared port instance.
Layer 2 Protocols
275
If you specify a particular EAPS shared port, the switch displays counter information related to only
that shared port.
If you specify a particular EAPS segment port, the switch displays counter information related to only
that segment port for the specified EAPS domain.
Viewing and maintaining statistics on a regular basis allows you to see how well your network is
performing. If you keep simple daily records, you will see trends emerging and notice problems arising
before they cause major network faults.
clear counters
clear eaps counters
Description
Rx-Invalid-Instance
Displays the number of dropped EAPS shared-port PDUs because there is not a valid
EAPS shared port instance for the incoming port.
Rx-Unknown
Displays the number of unknown EAPS PDUs dropped by the shared port instances.
Fw-Invalid-Instance
Displays the number of EAPS shared-port PDUs that could not be forwarded in slow
path because the shared port instances could not find a valid EAPS shared port
instance for the outgoing port.
The following table describes the significant fields and values in the display output of the show eaps
counters shared-port portsegment-port segport eapsDomain command:
Field
Description
Rx-Seg-Health
Indicates the shared port instance received EAPS shared ports Segment-HealthCheck PDUs.
Rx-Path-Detect
Indicates the shared port instance received EAPS shared ports Path-Detect PDUs.
Rx-Flush-Notify
Indicates the shared port instance received EAPS shared ports Flush-Notify PDUs
and flushed the FDB.
If this PDU reaches a port of the shared ports pair that initiated the PDU, the
shared port instance might terminate the PDU. Otherwise, the shared port
instance forwards the PDU.
Rx-Unknown
Displays the number of unknown EAPS PDUs dropped by the shared port
instance.
Layer 2 Protocols
276
Field
Description
Rx-Seg-Health-Dropped
Rx-Path-Detect-Dropped
Displays the number of EAPS shared ports Path-Detect PDUs dropped by the
shared port instance.
This counter increments in the following situations:
If the packets Fwd-id matches the EAPS shared ports Link-Id, the port is not in
the blocking state, and the incoming port is a segment port.If the packets Link-Id
matches the EAPS shared ports Link-Id, the port is not in the blocking state, and
the incoming port is a segment port.
Rx-Flush-Notify-Dropped
Rx-Dropped-Invalid-Port
Displays the number of EAPS shared ports PDUs dropped by the shared port
instance because it does not exist.
Tx-Seg-Health
Indicates the shared port instance sent EAPS shared ports Segment-Health-Check
PDUs.
Tx-Path-Detect
Indicates the shared port instance sent EAPS shared ports Path-Detect PDUs.
NOTE: This counter appears under Common Link Port Stats and should always be
0.
Tx-Flush-Notify
Indicates the shared port instance sent EAPS shared ports Flush-Notify PDUs to
flush the FDB.
NOTE: This counter appears under Common Link Port Stats and should always be
0.
Tx-Flush-Fdb
Indicates the shared port instance sent EAPS Flush-Fdb PDUs because the FDB
needs to be flushed.
NOTE: This counter appears under Common Link Port Stats and should always be
0.
Tx-Unknown
Indicates the number of unknown EAPS PDUs sent by the shared port instance.
NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does not
track in the sending routine.
Tx-Transmit-Err
Indicates the number of EAPS PDUs the shared port instance was unable to send
because of an error.
Fw-Seg-Health
Fw-Path-Detect
Indicates the number of EAPS shared ports Path-Detect PDUs received by the
shared port instance and forwarded in slow path.
Fw-Flush-Notify
Indicates the number of EAPS Flush-Notify PDUs received by the shared port
instance and forwarded in slow path to flush the FDB.
Fw-Flush-Fdb
Indicates the number of EAPS Flush-Fdb PDUs received by the shared port
instance and forwarded in slow path.
Layer 2 Protocols
277
Field
Description
Fw-Unknown
Fw-Transmit-Err
Indicates the number of EAPS PDUs the shared port instance was unable to
forward in slow path because of an error.
Example
The following command displays global, high-level counter information for EAPS shared port:
show eaps counters shared-port global
EAPS Shared-Ports:
: 0
: 0
: 0
The following example assumes that port 17 is configured as an EAPS shared port. The following
command displays counter information the specified EAPS shared port:
show eaps counters shared-port 17
Layer 2 Protocols
278
Fw-Seg-Health
Fw-Path-Detect
Fw-Flush-Notify
Fw Dropped
Fw-Unknown
Fw-Transmit-Err
:
:
:
0
0
0
:
:
0
0
The following example assumes that port 1:2 is configured as an EAPS shared port and port 1:1 is a
segment port. The following command displays counter information the specified EAPS shared port,
segment port, and EAPS domain:
show eaps counters shared-port 1:2 segment-port 1:1 eaps1
History
This command was first available in ExtremeXOS 11.6.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Layer 2 Protocols
279
Description
Displays summary EAPS counter information.
Syntax Description
eapsDomain
Specifies the name of an EAPS domain. The switch displays counter information for only
that domain.
global
Displays EAPS counter information when the events counted are not applicable to any
specific EAPS domain.
Default
N/A.
Usage Guidelines
If you specify the name of an EAPS domain, the switch displays counter information related to only that
domain. If you specify the global keyword, the switch displays EAPS counter information when the
events counted are not applicable to any specific EAPS domain. The output displayed is for all
configured EAPS domains, not just one specific EAPS domain.
Viewing and maintaining statistics on a regular basis allows you to see how well your network is
performing. If you keep simple daily records, you will see trends emerging and notice problems arising
before they cause major network faults.
clear counters
clear eaps counters
Layer 2 Protocols
280
Field
Description
Rx-Health
Rx-RingUp-FlushFdb
Indicates the EAPS ring is up, and the EAPS domain received EAPS RingUpFlushFdb PDUs to flush the FDB.
Rx-RingDown-FlushFdb
Indicates the EAPS ring is down, and the EAPS domain received EAPS RingDownFlushFdb PDUs to flush the FDB.
Rx-Link-Down
Indicates the EAPS domain received EAPS Link-Down PDUs and took down the
link.
Rx-Flush-Fdb
Indicates the EAPS domain received EAPS Flush-Fdb PDUs and flushed the FDB.
Rx-Suspend-Prefwd-Timer
Rx-Query-Link-Status
Rx-Link-Up
Indicates the EAPS domain received EAPS Link-Up PDUs and brought the link
back up.
Rx-Unknown
Rx-Another-Master
Indicates the EAPS domain dropped EAPS PDUs because there is another Master
switch in the same EAPS domain.
Rx-Unconfigured-Port
Indicates the EAPS domain dropped EAPS PDUs because the ingress port is not
configured to be a ring port for the EAPS domain and the corresponding control
VLAN.
Rx-Health-Pdu-Pri-Port
Indicates the EAPS domain dropped EAPS Health PDUs because the primary port
received them instead of the secondary port.
NOTE: The secondary port of the Master switch must receive EAPS Health PDUs,
not the primary port.
Tx-Health
Tx-RingUp-FlushFdb
Indicates the EAPS ring is up, and the EAPS domain sent EAPS RingUp-FlushFdb
PDUs to flush the FDB.
Tx-RingDown-FlushFdb
Indicates the EAPS ring is down, and the EAPS domain sent EAPS RingDownFlushFdb PDUs to flush the FDB.
Tx-Link-Down
Indicates the EAPS domain sent EAPS Link-Down PDUs because the link went
down.
Tx-Flush-Fdb
Indicates the EAPS domain sent EAPS Flush-Fdb PDUs because the FDB needs to
be flushed.
Tx-Suspend-Prefwd-Timer
Tx-Query-Link-Status
Tx-Link-Up
Indicates the EAPS domain sent EAPS Link-Up PDUs and the link is up.
Tx-Unknown
Indicates the number of unknown EAPS PDUs sent by the EAPS domain.
NOTE: Unknown EAPS PDUs can be a new type of PDU that the switch does not
track in the sending routine.
Tx-Transmit-Err
Indicates the number of EAPS PDUs the EAPS domain was unable to send
because of an error.
Layer 2 Protocols
281
Field
Description
Fw-Link-Down
Indicates the number of EAPS Link-Down PDUs received by the EAPS domain and
forwarded in slow path.
Fw-Flush-Fdb
Indicates the number of EAPS Flush-Fdb PDUs received by the EAPS domain and
forwarded in slow path.
FW-Query-Link-Status
Fw-Unknown
Fw-Transmit-Er
Indicates the number of EAPS PDUs the EAPS domain was unable to forward in
slow path because of an error.
Note
Rx and Fw countersIf a PDU is received, processed, and consumed, only the Rx counter
increments. If a PDU is forwarded in slow path, both the Rx counter and Fw counter
increment.
The following table describes the significant fields and values in the display output of the show eaps
counters global command:
Field
Description
Rx-Failed
Rx-Invalid-Vlan-Intf
Indicates that the VLAN interface for the incoming VLAN cannot be
found.
Rx-Undersize-Pkt
Indicates the length of the packet is less than the length of the header.
Rx-Invalid-8021Q-Tag
Rx-Invalid-SNAP-Type
Rx-Invalid-OUI
Rx-EEP-Unsupported-Version
Rx-EEP-Invalid-Length
Indicates the length of the EEP header is greater than the length of the
packet.
Rx-EEP-Checksum-Invalid
Rx-Domain-Invalid
Rx-Lif-Invalid
Layer 2 Protocols
282
Field
Description
Rx-Lif-Down
Indicates the LIF for the ingress port is in the Down state.
Tx-Failed
Example
The following command displays the counters for a specific EAPS domain named eaps1:
show eaps counters eaps1
eaps1
:
:
:
:
:
:
:
:
0
0
0
0
0
0
0
0
:
:
:
:
0
0
0
0
:
:
:
:
:
:
:
:
5011
0
0
0
0
0
3342
0
:
:
0
0
:
:
:
0
0
0
:
:
0
0
Layer 2 Protocols
283
History
This command was first available in ExtremeXOS 11.6.
Platform Availability
This command is available on all platforms.
Description
Displays shared-port information from neighboring shared links for one or more EAPS domains.
Syntax Description
port
Specifies a shared-port.
detail
Default
N/A.
Usage Guidelines
If you enter the command without the detail keyword, the command displays a summary of status
information for all configured EAPS shared ports from neighboring shared links. If you specify an EAPS
shared-port, the command displays information about that specific port. Otherwise, the command
displays information about all of the shared-ports configured on the switch.
Layer 2 Protocols
284
You can use the detail keyword to display more detailed status information about the segments and
VLANs associated with each shared port. For full details of the significant fields and values in the
display output of the command, see the relevant tables in the show eaps shared port {port}
{detail} command description.
History
This command was first available in ExtremeXOS 12.1.
Platform Availability
This command is available on all platforms.
Description
Displays shared-port information for one or more EAPS domains.
Syntax Description
port
Specifies a shared-port.
detail
Default
N/A.
Usage Guidelines
If you enter the show eaps shared-port command without the detail keyword, the command
displays a summary of status information for all configured EAPS shared ports.
If you specify an EAPS shared-port, the command displays information about that specific port and the
related segment ports. The segment ports are sorted in ascending order based on their port number.
You can use this order and your knowledge of the EAPS topology to determine which segment port
becomes the active-open port if the common link fails. For more information, see Common Link Fault
Detection and Response in the ExtremeXOS Concepts Guide.
You can use the detail keyword to display more detailed status information about the segments and
VLANs associated with each shared port.
The following table describes the significant fields and values in the display output of the show eaps
shared-port {port {detail} commands:
Layer 2 Protocols
285
Field
Description
Shared Port
Mode
Indicates whether the switch on either end of the common link is a controller
or partner. The mode is configured by the user.
Link ID
The link ID is the unique common link identifier configured by the user.
Up
State
Domain Count
VLAN Count
Indicates the total number of VLANs that are protected under the EAPS
domains sharing this common link.
Nbr
YesIndicates that the EAPS instance on the other end of the common link is
configured with matching link ID and opposite modes. For example, if one
end of the common link is configured as a controller, the other end must be
configured as a partner.ErrIndicates that the EAPS instance on the other
end of the common link is configured with a matching link ID, but the modes
are configured the same. For example, both modes are configured as
controller, or both modes are configured as partner.NoThe neighbor on the
other end of the common link cannot be reached. Indicates one or more of
the following:- The switch on the other end of the common link is not
running.- The shared port has not been created.- The link IDs on each side of
the common link do not match.- The common link, and any other segment,
between the controller and partner are not fully connected.
RB ID
The ID of the root blocker. If the value is none, there are not two or more
common-link failures.
RB State
Identifies the segment port of an EAPS ring that shares the common link.
Layer 2 Protocols
286
Field
Description
UpConnectivity is established between the segment and the EAPS sharedport on the common link neighbor.DownThere is a break in the path
between the segment and the EAPS shared-port on the common link
neighbor. Blocking-UpThe path is Up, but due to the root blocker being in
the Active state, this port is blocked to prevent a loop.Blocking-DownThe
root blocker is in the Active state; however, the path is Down. Because the
path is Down, there is no need to block the root blocker port to prevent a
loop.[F]The segment timer has expired but has not received an explicit linkdown notification. The segment port remains in the Up state, with the timer
expired flag set to True.
Segment RB Id (available with the NoneThe neighbor on this port is not aware of a root blocker in the
detail keyword or by specifying a network.RB-IdThe neighbor on this port has determined that there is a
shared port)
root blocker in the network with a link ID of RB-Id.
Vlan (available with the detail
keyword or by specifying a
shared port)
Virtual-port Status (available with This information appears for the Controller, when it is in either the Blocking or
the detail keyword or by
Preforwarding state.
specifying a shared port)
Active-OpenThis VLAN or port is in the Forwarding state and has
connectivity to the neighboring EAPS shared port via this port. OpenThis
VLAN or port is in the Forwarding state but does not have connectivity to the
neighboring EAPS shared port via this port.BlockedThis VLAN or port is in
the Blocking state to prevent a loop in the network. DownThis ports link is
down. ActiveAt this moment, this VLAN or port is not being handled by
EAPS shared port. Rather, this VLAN or port is being handled by the regular
EAPS protocol.
Bvlan
Example
The following command displays shared-port information for all EAPS shared ports on a switch:
show eaps shared-port
EAPS shared-port count: 1
------------------------------------------------------------------------------Link
Domain Vlan
RB
RB
Shared-port Mode
Id
Up State
count count Nbr State
Id
------------------------------------------------------------------------------
Layer 2 Protocols
287
-10:1
Controller 1
Y Ready
2
1
Yes None
None
Segment Timer expiry action: Send alert
-------------------------------------------------------------------------------
The following command displays detailed information for all EAPS shared ports:
show eaps shared-port detail
EAPS shared-port count: 1
------------------------------------------------------------------------------Link
Domain Vlan
RB
RB
Shared-port Mode
Id
Up State
count count Nbr State
Id
------------------------------------------------------------------------------4:1
Controller 10
Y Blocking
2
1
Yes Active
10
Segment Timer expiry action: Send alert
Segment Port: 5:7, Status: Blocking-Up
EAPS Domain:
d1
Vlan-port count:
1
Adjacent Blocking Id:
None
Segment RB Id:
None
Vlan
Virtual-port Status
p_1
Blocked
Segment Port: 2:11,
Status: Down
EAPS Domain:
d2
Vlan-port count:
1
Adjacent Blocking Id:
20
Segment RB Id:
None
Vlan
Virtual-port Status
p_1
Open
Vlan: p_1,
Vlan-port count: 2,
Active Open: None
Segment Port
Virtual-port Status
5:7
Blocked
2:11
Open
The following command displays detailed information for an EAPS shared port that is in the Blocking
state:
* Switch.2 # show eaps shared-port 1:24
------------------------------------------------------------------------------Link
Domain Vlan
RB
RB
Shared-port Mode
Id
Up State
count count Nbr State
Id
------------------------------------------------------------------------------1:24
Controller 10
Y Blocking
3
5
Yes None
None
Segment Health Check interval:
1 sec
Segment Timeout:
3 sec
Segment Fail Timer expiry action:
Send alert
Common Path Health Check interval:
1 sec
Common Path Timeout:
3 sec
Segment Port: 3:35 Status: Up
EAPS Domain:
d3
Layer 2 Protocols
288
Vlan-port count:
3
Adjacent Blocking Id:
None
Segment RB Id:
None
Segment Port: 3:36 Status: Up
EAPS Domain:
d2
Vlan-port count:
3
Adjacent Blocking Id:
None
Segment RB Id:
None
Segment Port: 3:38 Status: Up
EAPS Domain:
d1
Vlan-port count:
5
Adjacent Blocking Id:
None
Segment RB Id:
None
Vlan: data1,
Vlan-port count: 3,
Active Open: 3:38 Bvlan: metro1
Vlan: data2,
Vlan-port count: 3,
Active Open: 3:38 Bvlan: metro1
Vlan: data3,
Vlan-port count: 3,
Active Open: 3:38 Bvlan: metro2
Vlan: metro1,
Vlan-port count: 1,
Active Open: 3:38
Vlan: metro2,
Vlan-port count: 1,
Active Open: 3:38
-------------------------------------------------------------------------------
Note
The BVLAN information in the previous example appears only when a BVLAN configuration is
present.
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
show eaps
show eaps {eapsDomain} {detail}
Description
Displays EAPS status information.
Syntax Description
eapsDomain
detail
Layer 2 Protocols
289
Default
N/A.
Usage Guidelines
If you enter the show eaps command without a keyword, the command displays less than with the
detail keyword.
Use the optional eapsDomain parameter to display status information for a specific EAPS domain.
Some state values are different on a transit node than on a master node.
When you enter the show eaps command without a domain name, the switch displays the following
fields:
EAPS Enabled:
EAPS Multicast Send IGMP Query: Displays the configuration of the multicast send-igmp-query feature as
configured with the configure eaps multicast send-igmpquery command.
EAPS Multicast Temporary
Flooding:
Domain:
Layer 2 Protocols
290
State:
Mo:
The configured EAPS mode for this switch: transit (T) or master (M).
Primary/Secondary port:
The port numbers assigned as the EAPS primary and secondary ports. On the
master node, the port distinction indicates which port is blocked to avoid a
loop.
Prio
The EAPS domain priority, which is H for high priority or N for normal priority.
When you enter the show eaps command with a domain name or the detail keyword, the switch
displays the following fields:
Name:
Priority
Layer 2 Protocols
291
State:
[Running: ]
Enabled:
Mode:
The configured EAPS mode for this switch: transit (T) or master (M).
Primary/Secondary port:
The port numbers assigned as the EAPS primary and secondary ports. On the
master node, the port distinction indicates which port is blocked to avoid a
loop.
Port status:
UnknownThis EAPS domain is not running, so the port status has not yet
been determined. UpThe port is up and is forwarding data.DownThe port
is down.BlockedThe port is up, but data is blocked from being forwarded.
Tagstatus:
The configured value of the timer in seconds and milliseconds, specifying the
time that the master node waits between transmissions of health check
packets.
The configured value of the timer in seconds, specifying the time that the
master node waits before the failtimer expires.
Layer 2 Protocols
292
The configured value of the timer. This value is set internally by the EAPS
software. The set value is 15 seconds.
Note: If two links in an EAPS domain go down at the same time and one link
comes back up, it takes 15 seconds for the reconnected link to start receiving
traffic again.
Displays only for transit nodes.
Lists the assigned names and VLAN IDs of all the protected VLANs
configured on this EAPS domain.
Example
The following command displays information for all EAPS domains:
Switch.5 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: On
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 2
# EAPS domain configuration :
------------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
Prio
------------------------------------------------------------------------------d1
Idle
T
N
1
2
cv1
(101 ) 0
H
d2
Links-Up
T
Y
3:8
3:16 c2
(1001) 100
H
-------------------------------------------------------------------------------
These fields apply only to transit nodes; they are not displayed for a master node.
Layer 2 Protocols
293
EAPS
Vlan
c1
EAPS
Vlan
p_1
p_2
p_3
p_4
p_5
p_6
p_7
p_8
p_9
p_10
p_11
p_12
p_13
p_14
p_15
p_16
p_17
p_18
p_19
p_20
p_21
p_22
p_23
p_24
p_25
p_26
p_27
p_28
p_29
p_30
The following command displays information on EAPS domain domain12, which is configured to send
hello packets on the secondary port:
Switch.9 # show eaps "domain12"
Name: domain12
Priority: High
State: Complete
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
17
Port status: Up Tag status: Tagged
Secondary port: 27
Port status: Blocked
Tag status: Tagged
Hello Egress Port: Secondary
Hello timer interval: 0 sec 100 millisec
Fail timer interval: 0 sec 300 millisec
Fail Timer expiry action: Send alert
Last update: From Master Id 00:04:96:34:e3:43, at Tue May 11 15:39:29 2010
EAPS Domain has following Controller Vlan:
Vlan Name
VID
vlanc12
1002
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
pvlan11
204
pvlan12
205
Layer 2 Protocols
294
pvlan13
206
Number of Protected Vlans: 3
Note
You might see a slightly different display, depending on whether you display the master node
or the transit node.
The display from the show eaps detail command shows all the information shown in the show eaps
eapsDomain command, but displays information for all configured EAPS domains.
For the CFM support in EAPS, t he existing show eaps output places a ! next to a CFM monitored ring
port if the CFM indicates the MEP group for that port is down.
X480-48t.1 # sh eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: Off
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 1
# EAPS domain configuration :
--------------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
Prio
--------------------------------------------------------------------------------d2
Failed
M
Y
!41
31
v2
(101 )
1
N
--------------------------------------------------------------------------------Flags : (!) CFM Down
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Display specific details for an ERPS ring.
Layer 2 Protocols
295
Syntax Description
Alphanumeric string that identifies the ERPS ring.
ring-name
Default
N/A.
Usage Guidelines
Use this command to display specific details for an ERPS ring.
Example
The following example displays details for an ERPS ring named "R1":
# show erps "R1"
Name: R1
Operational State: Protection enabled
Configured State : Enabled
East Ring Port : 21
West Ring Port : +20
MepId: 1
MepId: 2
Remote MepId: 3
Remote MepId: 4
5000
0
500
5500
1000
Ring MD Level
CCM Interval East
CCM Interval West
Notify Topology Change
Subring Mode
1
1000 millisec
1000 millisec
------Virtual Channel
:
:
:
:
:
millisec
millisec
millisec
millisec
millisec
Revertive
Status: Blocked
Status: Blocked
(Enabled)
(Enabled)
(Enabled)
(Enabled)
(Enabled)
History
This command was first available in ExtremeXOS 15.1.
Layer 2 Protocols
296
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Display control packet and event statistics for an ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to display control packet and event statistics for an ERPS ring.
Example
The following example displays statistics for an ERPS ring named "R1":
# show erps "R1" statistics
port
Sent
Received Dropped
Blocked Un-blocked SF
SF-clear
R-APS R-APS
R-APS
events
events
----------------------------------------------------------------2:1
2309
3400
4
5
0
0
0
1:20
100
45
0
0
10
2000
100
-----------------------------------------------------------------
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Layer 2 Protocols
297
show erps
show erps
Description
Display global information for ERPS.
Syntax Description
N/A.
Default
N/A.
Usage Guidelines
Use this command to display global information for ERPS.
Example
# show erps
ERPS Enabled: Yes
ERPS Display Config Warnings: On
ERPS Multicast Add Ring Ports: Off
ERPS Multicast Send IGMP Query: On
ERPS Multicast Temporary Flooding: Off
ERPS Multicast Temporary Flooding Duration: 15 sec
Number of ERPS instances: 1
# ERPS ring configuration :
------------------------------------------------------------------------------Ring
State
Type
East
West
Control-Vlan
VID
------------------------------------------------------------------------------R1
Protection
R r
21
+20
cvl
(1000)
------------------------------------------------------------------------------where State: Init/Idle/Protection/Manual-Switch/Force-Switch/Pending
Type: (I) Interconnected node, (N) RPL Neighbor,
R) RPL Owner, (X) Ring node
Flags: (n) Non-revertive, (r) Revertive,
(+) RPL Protection Port, (^) RPL Neighbor Port
(f) Force Switch Port, (m) Manual Switch Port
Layer 2 Protocols
298
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Displays the STP state of a port.
Syntax Description
stpd_name
port_list
detail
Specifies more detailed information about one or more ports of the STPD.
Default
N/A.
Usage Guidelines
This command displays the following:
STPD port configuration.
STPD port encapsulation mode.
STPD path cost.
STPD priority.
STPD state (root bridge, and so on).
Port role (root designated, alternate and so on).
STPD port state (forwarding, blocking, and so on).
Configured port link type.
Operational port link type.
Edge port settings (inconsistent behavior, edge safeguard setting).
Restricted role (enabled, disabled).
MSTP port role (internal or boundary).
Active port role.
To display more detailed information for one or more ports in the specified STPD, including
participating VLANs, specify the detail option.
Layer 2 Protocols
299
If you have MSTP configured and specify the detail option, this command displays additional
information:
MSTP internal path cost.
MSTP timers.
If your STPD has the same name as another component, for example a VLAN, Extreme Networks
recommends that you specify the identifying keyword as well as the name. If you do not specify the
stpd keyword, an error message similar to the following is displayed:
%% Ambiguous command: "show Test ports"
In this example, to view all of the port settings of STPD Test, enter show stpd Test ports.
If your STPD has a name unique only to that STPD, the keyword stpd is optional.
Example
The following command displays the state of ports 1, 2, and 4 on an STPD named s1:
show stpd s1 ports
The following command displays the detailed information for the ports in STPD s1:
show stpd s1 ports 1 detail
Layer 2 Protocols
300
The following command displays the detailed information for the ports in STPD s1 configured for MSTP:
show stpd s1 ports detail
Layer 2 Protocols
301
1:
2: (Port role)
3: (Config type)
4: (Oper. type)
5:
6: (partner mode)
7:
8:
s = edgeport safe
G = edgeport safe
g = edgeport safe
9:
10:
e=Enable, d=Disable
R=Root, D=Designated, A=Alternate, B=Backup, M=Master
b=broadcast, p=point-to-point, e=edge, a=auto
b=broadcast, p=point-to-point, e=edge
p=proposing, a=agree
d = 802.1d, w = 802.1w, m = mstp
i = edgeport inconsistency
S = edgeport safe guard active
guard configured but inactive
guard bpdu restrict active
guard bpdu restrict configured but inactive only dot1w, mstp
B = Boundary, I = Internal
r = Restricted Role, t = active role
History
This command was first available in ExtremeXOS 10.1.
Information about MSTP was added in ExtremeXOS 11.4.
Information about BPDU Restrict was added in ExtremeXOS 12.4.
Information about active role was added in ExtremeXOS 12.5.
Platform Availability
This command is available on all platforms.
show stpd
show stpd {stpd_name | detail}
Description
Displays STPD settings on the switch.
Syntax Description
stpd_name
detail
Default
N/A.
Usage Guidelines
If you specify the command without any options, the following STPD information appears:
Layer 2 Protocols
302
If you have an MSTP region and associated spanning trees configured on the switch, the command also
displays the following global MSTP information:
MSTP RegionThe name of the MSTP region configured on the switch.
Format IdentifierThe number used by BPDUs to communicate within an MSTP region.
Revision LevelThis number is reserved for future use.
Common and Internal Spanning Tree (CIST)The name of the CIST that controls the connectivity of
interconnecting MSTP regions.
Total
number of MST Instances (MSTI)The number of MSTIs running in the MSTP region.
If you use the show stpd command and specify the name of an STPD, in addition to the data previously
described, the command displays more detailed information about the STPD. If you specify the detail
option, the switch displays the same type of information for all of the STPDs configured on the switch.
The additional output includes the following:
STPD mode of operation.
Autobind mode.
Active VLANs.
Timer information.
Topology change information.
If you have MSTP configured, the command also displays the following information:
Bridge role.
CIST root.
CIST regional root.
MSTI instances.
Master port (Displayed only on MSTI STPDs).
Layer 2 Protocols
303
If your STPD has the same name as another component, for example a VLAN, we recommend that you
specify the identifying keyword as well as the name. If you do not specify the stpd keyword, an error
message similar to the following is displayed:
%% Ambiguous command: "show Test"
In this example, to view the settings of the STPD Test, enter show stpd Test.
If your STPD has a name unique only to that STPD, the keyword stpd is optional.
Example
The following command displays the STPD settings on a switch that has MSTP configured:
show stpd
Layer 2 Protocols
304
The following is sample output for an STPD configured as the CIST (the output is similar for an STPD
configured as an MSTI):
Stpd: s0 Stp: DISABLED
Number of Ports: 0
Description: this is s0 domain
Rapid Root Failover:
Disabled
Operational Mode:
MSTP Default Binding Mode: 802.1d
MSTP Instance :CIST CIST : s0
802.1Q Tag:
(none)
Ports:
(none)
Participating Vlan Count: 1
Auto-bind Vlans Count: 1
Bridge Priority:
32768
BridgeID:
80:00:00:10:30:f9:9d:c0Bridge
Role : CIST Regional Root
CIST Root 80:00:00:10:30:f9:9d:c0CIST
Regional Root: 80:00:00:10:30:f9:9d:c0
Designated root: 00:00:00:00:00:00:00:00
RootPathCost: 0 External RootPathCost: 0 Root Port:
---MaxAge:0sHelloTime:
0sForwardDelay:0s
CfgBrMaxAge:20sCfgBrHelloTime:
2sCfgBrForwardDelay: 15s MaxHopCount: 20 CfgBrMaxHopCount :
20
Topology Change Time: 35s
Hold time:
1s
Topology Change Detected: FALSE Topology Change:
FALSE
Number of Topology Changes:
0
Time Since Last Topology
Change: 0s
Participating Vlans
:
(none)
Auto-bind Vlans :
Default
History
This command was first available in ExtremeXOS 10.1.
Information about MSTP was added in ExtremeXOS 11.4.
Description was added in ExtremeXOS 12.4.4.
Layer 2 Protocols
305
Platform Availability
This command is available on all platforms.
Description
Displays the EAPS configuration (control, partner, or not added to an EAPS domain) of a specific VLAN.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
Use this command to see if the specified VLAN is associated with an EAPS domain.
The output of this command displays whether the VLAN is a control or partner VLAN for an EAPS
domain. This command also displays if the VLAN is not a member of any EAPS domain.
If a VLAN is a partner VLAN for more than one EAPS domain, all of the EAPS domains that the VLAN is
a partner of appears in the output.
Example
The following command displays the EAPS configuration for the control VLAN orange in EAPS domain
eaps1:
show vlan orange eaps
The following command displays the EAPS configuration for the protected VLAN purple in EAPS
domain eaps1:
show vlan purple eaps
Layer 2 Protocols
306
The following command displays information about the VLAN default not participating in EAPS:
show vlan default eaps
History
This command was first available in ExtremeXOS 11.0.
Platform Availability
This command is available on all platforms.
Description
Displays the STP configuration of the ports assigned to a specific VLAN.
Syntax Description
vlan_name
Default
N/A.
Usage Guidelines
If you have a VLAN that spans multiple STPDs, use this command to display the STP configuration of
the ports assigned to that specific VLAN.
This command displays the following:
Layer 2 Protocols
307
If your VLAN has the same name as another component, for example an STPD, Extreme Networks
recommends that you specify the identifying keyword as well as the name. If you do not specify the
vlan keyword, the switch displays an error message similar to the following:
%% Ambiguous command: "show Test stpd"
In this example, to view the STPD state of VLAN Test, enter show vlan Test stpd.
If you enter a VLAN name that is not associated with an STPD or does not exist, the switch displays an
error message similar to the following:
Failed to find vlan 'vlan1' or it has no STP domains configured on it
If this happens, check to make sure you typed the correct name of the VLAN and that the VLAN is
associated with an STPD.
If your VLAN has a name unique only to that VLAN, the keyword vlan is optional.
Example
The following command displays the spanning tree configurations for the VLAN Default:
show vlan default stpd
Layer 2 Protocols
e------ 16
8002
e------ 16
8003
eDbb-d- 16
8004
eDbb-d- 16
8005
e------ 16
8006
e------ 16
8007
308
00:00:00:00:00:00:00:00
1:8
802.1D DISABLED
4
e------ 16
8008
00:00:00:00:00:00:00:00
------------------------- Flags: ---------------------------1:
e=Enable, d=Disable
2: (Port role)
R=Root, D=Designated, A=Alternate, B=Backup, M=Master,
Y=Boundary
3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
4: (Oper. type)
b=broadcast, p=point-to-point, e=edge
5:
p=proposing, a=agree
6: (partner mode) d=802.1d, w=802.1w, m=mstp
7:
i=edgeport inconsistency
8:
B = Boundary, I = Internal
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Member VLANs
When you add a VLAN to an STPD, that VLAN becomes a member of the STPD. The two types of
member VLANs in an STPD are:
Carrier.
Protected.
Carrier VLAN
A carrier VLAN defines the scope of the STPD, which includes the physical and logical ports that belong
to the STPD and if configured, the 802.1Q tag used to transport Extreme Multiple Instance Spanning
Tree Protocol (EMISTP) or Per VLAN Spanning Tree (PVST+) encapsulated Bridge Protocol Data Units
Layer 2 Protocols
309
(BPDUs). Only one carrier VLAN can exist in a given STPD, although some of its ports can be outside
the control of any STPD at the same time.
Note
If you use EMISTP or PVST+, the STPD ID must be identical to the VLAN ID of the carrier
VLAN in that STPD.
If you have an 802.1D configuration, we recommend that you configure the StpdID to be identical to the
VLAN ID of the carrier VLAN in that STPD.
If you configure MSTP, you do not need carrier VLANs for MSTP operation. With MSTP, you configure a
CIST that controls the connectivity of interconnecting MSTP regions and sends BPDUs across the
regions to communicate the status of MSTP regions. All VLANs participating in the MSTP region have
the same privileges.
Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD. These VLANs piggyback on the
carrier VLAN. Protected VLANs do not transmit or receive STP BPDUs, but they are affected by STP
state changes and inherit the state of the carrier VLAN. Protected VLANs can participate in multiple
STPD, but any particular port in the VLAN can belong to only one STPD. Also known as non-carrier
VLANs.
If you configure MSTP, all member VLANs in an MSTP region are protected VLANs. These VLANs do
not transmit or receive STP BPDUs, but they are affected by STP state changes communicated by the
CIST to the MSTP regions. MSTIs cannot share the same protected VLAN; however, any port in a
protected VLAN can belong to multiple MSTIs.
STPD Modes
An STPD has three modes of operation:
802.1D mode
Use this mode for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1D. When configured in this mode, all rapid
configuration mechanisms are disabled.
802.1w mode
Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode, all
rapid configuration mechanisms are enabled. The benefit of this mode is available on point-to-point
and edge ports only.
You enable or disable RSTP on a per STPD basis only. You do not enable RSTP on a per port basis.
MSTP mode
Use this mode for compatibility with Multiple Spanning Tree (MSTP, 802.1s). MSTP is an extension of
RSTP and offers the benefit of better scaling with fast convergence. When configured in this mode,
all rapid configuration mechanisms are enabled. The benefit of MSTP is available only on point-topoint links and when you configure the peer in MSTP or 802.1w mode. If you do not select point-topoint links and the peer is not configured in 802.1w mode, the STPD fails back to 802.1D mode.
Layer 2 Protocols
310
You can create only one MSTP region on the switch, and all switches that participate in the region
must have the same regional configurations. You enable or disable an MSTP on a per STPD basis
only. You do not enable MSTP on a per port basis.
By default, the:
STPD operates in 802.1D mode.
Default device configuration contains a single STPD called s0.
Default VLAN is a member of STPD s0 with autobind enabled.
All STP parameters default to the IEEE 802.1D values, as appropriate.
Encapsulation Modes
You can configure ports within an STPD to accept and transmit specific BPDU encapsulations. This STP
port encapsulation is separate from the STP mode of operation. For example, you can configure a port
to accept the PVST+ BPDU encapsulation while running in 802.1D mode.
An STP port has three possible encapsulation modes:
802.1D mode
This mode is used for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. Because
of this, any given physical interface can have only one STPD running in 802.1D mode.
This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and
MSTP.
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode
EMISTP mode is proprietary to Extreme Networks and is an extension of STP that allows a physical
port to belong to multiple STPDs by assigning the port to multiple VLANs. EMISTP adds significant
flexibility to STP network design. BPDUs are sent with an 802.1Q tag having an STPD instance
Identifier (STPD ID) in the VLAN ID field.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
Per VLAN Spanning Tree (PVST+) mode
This mode implements PVST+ in compatibility with third-party switches running this version of STP.
The STPDs running in this mode have a one-to-one relationship with VLANs, and send and process
packets in PVST+ format.
This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
These encapsulation modes are for STP ports, not for physical ports. When a physical port belongs to
multiple STPDs, it is associated with multiple STP ports. It is possible for the physical port to run in
different modes for different domains to which it belongs.
MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from configuring
EMISTP or PVST+ encapsulation mode for MSTP STPDs.
Layer 2 Protocols
311
The carrier VLAN must span all ports of the STPD. (This is not applicable to MSTP.)
The STPD ID must be the VLAN ID of the carrier VLAN; the carrier VLAN cannot be partitioned. (This
is not applicable to MSTP.)
A default VLAN cannot be partitioned. If a VLAN traverses multiple STPDs, the VLAN must be
tagged.
An STPD can carry, at most, one VLAN running in PVST+ mode, and its STPD ID must be identical
with that VLAN ID. In addition, the PVST+ VLAN cannot be partitioned.
The default VLAN of a PVST+ port must be identical with the native VLAN on the PVST+ device
connected to that port.
If an STPD contains both PVST+ and non-PVST+ ports, that STPD must be enabled. If that STPD is
disabled, the BPDUs are flooded in the format of the incoming STP port, which may be incompatible
with those of the connected devices.
The 802.1D ports must be untagged; and the EMISTP/PVST+ ports must be tagged in the carrier
VLAN.
An STPD with multiple VLANs must contain only VLANs that belong to the same virtual router
instance.
STP and network login operate on the same port as follows:
STP (802.1D), RSTP (802.1W), and MSTP (802.1S) support both network login and STP on the
same port.
At least one VLAN on the intended port should be configured both for STP and network login.
When STP blocks a port, network login does not process authentication requests and BPDUs are
the only traffic in and out of the port. All user data forwarding stops.
When STP places a port in forwarding state, network login operates and BPDUs and user data
flow in and out of the port. The forwarding state is the only STP state that allows network login
and user data forwarding.
When RSTP is used with network login campus mode, autobind must be enabled on all VLANs
that support RSTP and network login campus mode.
When RSTP is used with network login campus mode on a port, dynamic VLANs cannot be
supported.
STP cannot be configured on the following ports:
A mirroring target port.
A software-controlled redundant port.
MSTP and 802.1D STPDs cannot share a physical port.
Only one MSTP region can be configured on a switch.
In an MSTP environment, A VLAN can belong to either a CIST or one of the MSTIs.
A VLAN can belong to only one MSTP domain.
MSTP is not interoperable with PVST+.
The CIST can operate without any member VLANs.
Layer 2 Protocols
312
STP
STP is a bridge-based mechanism for providing fault tolerance on networks. STP is a part of the 802.1D
bridge specification defined by the IEEE Computer Society. To explain STP in terms used by the 802.1D
specification, the switch is referred to as a bridge.
STP allows you to implement parallel paths for network traffic and ensure that redundant paths are:
Disabled when the main paths are operational.
Enabled if the main path fails.
Note
STP and Extreme Standby Router Protocol (ESRP) cannot be configured on the same
Virtual LAN (VLAN) simultaneously.
Description
Sets the specified ports internal configuration state to INVALID.
Syntax Description
eapsDomain
primary
secondary
Default
N/A.
Usage Guidelines
Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to
appear in the Idle state with a port status of Unknown when you use the show eaps detail command to
display the status information about the port.
To prevent loops in the network, the switch displays by default a warning message and prompts you to
unconfigure the specified EAPS primary or secondary ring port. When prompted, do one of the
following:
Enter y to unconfigure the specified port.
Enter n or press [Return] to cancel this action.
Layer 2 Protocols
313
If you have considerable knowledge and experience with EAPS, you might find the EAPS loop
protection warning messages unnecessary. For more information, see the configure eaps
config-warnings off .
Example
The following command unconfigures this nodes EAPS primary ring port on the domain eaps_1:
unconfigureeapseaps_1primary port
The switch displays the following warning message and prompts you to confirm this action:
WARNING: Unconfiguring the Primary port from the EAPS domain could cause
a loop in the network! Are you sure you want to unconfigure the Primary
EAPS Port? (y/n)
Enter y to continue and unconfigure the EAPS primary ring port. Enter n to cancel this action.
The switch displays a similar warning message if you unconfigure the secondary EAPS port.
History
This command was first available in ExtremeXOS 11.0.
The interactive messages were added in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Unconfigures an EAPS link ID on a shared port on the switch.
Syntax Description
ports
Default
N/A.
Layer 2 Protocols
314
Usage Guidelines
None.
Example
The following command unconfigures the link ID on shared port 1:1.
unconfigure eaps shared-port 1:1 link-id
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Unconfigures the EAPS shared port mode.
Syntax Description
ports
Default
N/A.
Usage Guidelines
None.
Example
The following command unconfigures the shared port mode on port 1:1:
unconfigure eaps shared-port 1:1 mode
Layer 2 Protocols
315
History
This command was first available in ExtremeXOS 11.1.
Platform Availability
This command is available on all platforms with the appropriate license. For complete information
about software licensing, including how to obtain and upgrade your license and what licenses are
appropriate for this feature, see the Feature License Requirements document.
Description
Unconfigure the CFM maintenance association for the ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to unconfigure connectivity fault management (CFM) for the ERPS ring.
Example
The following command unconfigures connectivity fault management on an ERPS ring named ring1:
unconfigure erps ring1 cfm
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Layer 2 Protocols
316
Description
Delete the ring protection link (RPL) neighbor configuration for the ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
See Description.
Example
The following command deletes RPL neighbor configuration for the ERPS ring named ring1:
unconfigure erps ring1 neighbor-port
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Delete an ERPS sub-ring from the EAPS domain.
Layer 2 Protocols
317
Syntax Description
ring-name
domain_name
Default
N/A.
Usage Guidelines
Use this command to delete an ERPS sub-ring from the EAPS domain.
Example
Example output not yet available and will be provided in a future release.
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Delete ring protection link (RPL) owner configuration for the ERPS ring.
Syntax Description
ring-name
Default
N/A.
Usage Guidelines
Use this command to delete ring protection link (RPL) owner configuration for the ERPS ring.
Layer 2 Protocols
318
Example
The following command deletes RPL owner configuration on an ERPS ring named ring1:
unconfigure erps ring1 protection-port
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Delete ring ports on the ERPS ring.
Syntax Description
ring-name
west
Default
N/A.
Usage Guidelines
Use this command to delete ring ports on the ERPS ring. Ring ports are the ports of the switch that
connect it to the ERPS ring. This command deletes the ring port on the west port of the switch.
Note
On unconfiguring the west port, the node is treated as an interconnected node.
Layer 2 Protocols
319
Example
The following command deletes the ring ports on the west port of the switch for an ERPS ring named
ring1:
unconfigure erps ring1 ring-ports west
History
This command was first available in ExtremeXOS 15.1.
Platform Availability
This command is available on all platforms supported in 12.6 and forward that are running ExtremeXOS.
Description
Unconfigures the MSTP region on the switch and returns all MSTP settings to their default values.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Before you unconfigure an MSTP region, we recommend that you disable all active STPDs in the region.
This includes the CIST and any active MSTIs.
After you issue this command, all of the MSTP settings return to their default values, as described
below:
Region NameThis indicates the name of the MSTP region. In the Extreme Networks
implementation, the maximum length of the name is 32 characters and can be a combination of
alphanumeric characters and underscores ( _ ).
Format SelectorThis indicates a number to identify the format of MSTP BPDUs. The default is 0.
Revision LevelThis identifier is reserved for future use; however, the switch uses and displays a
default of 3.
Layer 2 Protocols
320
Example
The following command unconfigures the MSTP region on the switch:
unconfigure mstp region
History
This command was first available in ExtremeXOS 11.4.
Platform Availability
This command is available on all platforms.
Description
Returns the specified port to the factory default setting of broadcast link.
Syntax Description
stpd_name
port_list
Default
All ports are broadcast link types.
Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, you must enter the stpd
keyword to specify the STPD. If your STPD has a name unique only to that STPD, the keyword stpd is
optional.
If the switch operates in 802.1D mode, any configured port link type will behave the same as the
broadcast link type.
In an MSTP environment, configure the same link types for the CIST and all MSTIs.
Layer 2 Protocols
321
Example
The following command configures slot 2, ports 1 through 4 to return to the factory default of
broadcast links in STPD s1:
unconfigure stpd s1 ports link-type 2:1-2:4
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
unconfigure stpd
unconfigure stpd {stpd_name}
Description
Restores default STP values to a particular STPD or all STPDs.
Syntax Description
stpd_name
Default
N/A.
Usage Guidelines
If you create an STPD with a unique name, the keyword stpd is optional.
Use this command to restore default STP values to a particular STPD. If you want to restore default STP
values on all STPDs, do not specify a spanning tree name.
Example
The following command restores default values to an STPD named Backbone_st:
unconfigure stpd backbone_st
Layer 2 Protocols
322
History
This command was first available in ExtremeXOS 10.1.
Platform Availability
This command is available on all platforms.
Layer 2 Protocols
323