- Spanning Tree Protocol Example
- Spanning-tree 9 Admin-edge-port
- Spanning Tree Admin Edge Port Ludlow
- Spanning Tree Admin Edge Port
- Spanning Tree Admin Edge Port Sanilac
- Spanning Tree Cost Command
See full list on cisco.com.
Admin Edge Port-Specify whether this port is an edge port or a nonedge port. An edge port is not connected to any other bridge. Only edge ports and point-to-point links can rapidly transition to forwarding state. Options are: edge-port-Defines the port as an edge port. Non-edge-port-Defines the port as a nonedge port. If you set this field to edge-port, the Oper Edge Port field is also set to edge-port. Admin-edge Specifies the port type as administrative edge. During spanning tree establishment, ports with admin-edge enabled transition immediately to the forwarding state.
Spanning tree protocol (STP) is always recommended in layer 2topologies, as it prevents bridge loops and broadcast radiation on abridged network. STP also provides redundant links for automaticfailover when an active link fails. STP is disabled by default onbridges in Cumulus Linux.
Supported Modes
The STP modes Cumulus Linux supports vary depending upon whether thetraditional or VLAN-aware bridge driver modeis in use.
- Bridges configured inVLAN-awaremode operate only in RSTP mode.
- Bridges configured intraditional modeoperate in PVST and PVRST mode. The default is set to PVRST. Eachtraditional bridge has its own separate STP instance.
NCLU commands are not supported for traditional-mode bridges in CumulusLinux 3.6.1 and earlier.
STP for a VLAN-aware Bridge
VLAN-awarebridges only operate in RSTP mode. STP bridge protocol data units(BPDUs) are transmitted on the native VLAN.
If a bridge running RSTP (802.1w) receives a common STP (802.1D) BPDU,it will automatically fall back to 802.1D operation. RSTP interoperateswith MST seamlessly, creating a single instance of spanning tree, whichtransmits BPDUs on the native VLAN. RSTP treats the MST domain as if itwere one giant switch.
As of version 3.2.1, STP is enabled by default in Cumulus Linux. Thereis no need to specify bridge-stp on
for the bridge any more.
When connecting aVLAN-aware bridgeto a proprietary PVST+ switch using STP, VLAN 1 must be allowed on all802.1Q trunks that interconnect them, regardless of the configured“native” VLAN. This is because only VLAN 1 enables the switches to addressthe BPDU frames to the IEEE multicast MAC address. The proprietaryswitch might be configured like this:
STP within a Traditional Mode Bridge
Per VLAN Spanning Tree (PVST) creates a spanning tree instance for abridge. Rapid PVST (PVRST) supports RSTP enhancements for each spanningtree instance. In order to use PVRST with a traditional bridge, a bridgecorresponding to the untagged native VLAN must be created, and all thephysical switch ports must be part of the same VLAN.
When connected to a switch that has a native VLAN configuration, thenative VLAN must be configured to be VLAN 1 only for maximuminteroperability.
Spanning Tree Protocol Example
Viewing Bridge and STP Status/Logs
To check STP status for a bridge, run net show bridge spanning-tree
:
Click to reveal the output ..
Using Linux to Check Spanning Tree Status (Advanced)
mstpctl
is the utility provided by the mstpd
service to configureSTP. The mstpd
daemon is an open source project used by Cumulus Linuxto implement IEEE802.1D 2004 and IEEE802.1Q 2011.
mstpd
is started by default when the switch boots. mstpd
logs anderrors are located in /var/log/syslog
.
mstpd
is the preferred utility for interacting with STP on CumulusLinux. brctl
also provides certain methods for configuring STP;however, they are not as complete as the tools offered in mstpd
andoutput from brctl can be misleadingin some cases.
To get the bridge state, use:
To get the mstpd
bridge state, use:
To get the mstpd
bridge port state, use:
Customizing Spanning Tree Protocol
There are a number of ways you can customize STP in Cumulus Linux. Youshould exercise extreme caution with many of the settings below toprevent malfunctions in STP’s loop avoidance.
Spanning Tree Priority
If you have a multiple spanning tree instance (MSTI 0, also known as acommon spanning tree, or CST), you can set the tree priority for abridge. The bridge with the lowest priority is elected the rootbridge. The priority must be a number between 0 and 61440 and mustbe a multiple of 4096; the default is 32768.
To set the tree priority, run:
Cumulus Linux supports MSTI 0 only. It does not support MSTI 1 through 15.
PortAdminEdge/PortFast Mode
PortAdminEdge is equivalent to the PortFast feature offered by othervendors. It enables or disables the initial edge state of a port in abridge.
All ports configured with PortAdminEdge bypass the listening andlearning states to move immediately to forwarding.
Using PortAdminEdge mode has the potential to cause loops if it is notaccompanied by the BPDU guard feature.
While it is common for edge ports to be configured as access ports for asimple end host, this is not mandatory. In the data center, edge portstypically connect to servers, which may pass both tagged and untaggedtraffic.
Example VLAN-aware Bridge Configuration
To configure PortAdminEdge mode, use the bpduguard
and portadminedge
NCLU configuration commands:
The NCLU commands above create the following code snippet:
Example Traditional Bridge Configuration
For a bridge in traditional mode, configure PortAdminEdge
under the bridge stanza in/etc/network/interfaces
:
To load the new configuration, run ifreload -a
:
PortAutoEdge
PortAutoEdge is an enhancement to the standard PortAdminEdge(PortFast) mode, which allows for the automatic detection of edge ports.PortAutoEdge enables and disables the auto transition to/from the edgestate of a port in a bridge.
Edge ports and access ports are not the same thing. Edge portstransition directly to the forwarding state and skip the listening andlearning stages. Upstream topology change notifications are notgenerated when an edge port’s link changes state. Access ports onlyforward untagged traffic; however, there is no such restriction on edgeports, which can forward both tagged and untagged traffic.
When a BPDU is received on a port configured with portautoedge, the portceases to be in the edge port state and transitions into a normal STPport. Nfs vs samba. When BPDUs are no longer received on the interface, the portbecomes an edge port, and transitions through the discarding andlearning states before resuming forwarding.
PortAutoEdge is enabled by default in Cumulus Linux.
To disable PortAutoEdge for an interface, run thenet add interface <port> stp portautoedge no
command. The followingexample disables PortAutoEdge on swp1:
To re-enable PortAutoEdge for an interface, run the thenet del interface <port> stp portautoedge no
command. The following examplere-enables PortAutoEdge on swp1:
BPDU Guard
Spanning-tree 9 Admin-edge-port
To protect the spanning tree topology from unauthorized switchesaffecting the forwarding path, you can configure BPDU guard (BridgeProtocol Data Unit). One very common example is when someone hooks up anew switch to an access port off of a leaf switch. If this new switch isconfigured with a low priority, it could become the new root switch andaffect the forwarding path for the entire layer 2 topology.
Example BPDU Guard Configuration
To configure BPDU guard, set the bpduguard
value for the interface:
This creates the following stanza in the /etc/network/interfaces
file:
Recovering a Port Disabled by BPDU Guard
If a BPDU is received on the port, STP will bring down the port and logan error in /var/log/syslog
. The following is a sample error:
To determine whether BPDU guard is configured, or if a BPDU has beenreceived, run:
The only way to recover a port that has been placed in the disabledstate is to manually un-shut or bring up the port withsudo ifup [port]
, as shown in the example below.
Bringing up the disabled port does not fix the problem if theconfiguration on the connected end-station has not been rectified.
Bridge Assurance
On a point-to-point link where RSTP is running, if you want to detectunidirectional links and put the port in a discarding state (in error),you can enable bridge assurance on the port by enabling a port typenetwork. The port would be in a bridge assurance inconsistent stateuntil a BPDU is received from the peer. You need to configure the porttype network on both the ends of the link in order for bridge assuranceto operate properly.
The default setting for bridge assurance is off. This means that thereis no difference between disabling bridge assurance on an interface andnot configuring bridge assurance on an interface.
Example Bridge Assurance Configuration
To enable bridge assurance on an interface, add the portnetwork
optionto the interface:
This creates the following interface stanza:
You can monitor logs for bridge assurance messages by doing thefollowing:
BPDU Filter
You can enable bpdufilter
on a switch port, which filters BPDUs inboth directions. This effectively disables STP on the port as no BPDUsare transiting.
Using BDPU filter inappropriately can cause layer 2 loops. Use thisfeature deliberately and with extreme caution.
Example BPDU Filter Configuration
To configure the BPDU filter, add the portbpdufilter
option to theinterface:
These commands create the following stanza in the/etc/network/interfaces
file:
Storm Control
Storm control provides protection against excessive inbound BUM(broadcast, unknown unicast, multicast) traffic on layer 2 switch portinterfaces, which can cause poor network performance.
You configure storm control for each physical port byconfiguring switchd
BUM parameters.For example, to enable unicast and multicast storm control at 400packets per second (pps) and 3000 pps, respectively, for swp1, run thefollowing:
Configuring Other Spanning Tree Parameters
Spanning tree parameters are defined in the IEEE802.1D,802.1Qspecifications and in the table below.
For a comparison of STP parameter configuration between mstpctl
andother vendors,read this knowledge base article.
The table below describes the configuration parameters available.
You configure these parameters using NCLU on the interfaces, not thebridge itself. Most of these parameters are blacklisted in netd.conf
in the ifupdown_blacklist; blacklisted parameters are indicated with anasterisk (*). You canedit the blacklistto remove any of them.
Parameter | NCLU Command | Description |
---|---|---|
|
| Sets the bridge's maximum age to |
|
| Sets the Ethernet (MAC) address ageing time in |
|
| Sets the bridge's bridge forward delay to |
|
| Sets the bridge's maximum hops to |
|
| Sets the bridge's bridge transmit hold count to |
|
| Sets the bridge's force STP version to either RSTP/STP. MSTP is not supported currently. The default is RSTP. |
|
| Sets the bridge's tree priority to Cumulus Linux supports MSTI 0 only. It does not support MSTI 1 through 15. |
|
| Sets the priority of port Cumulus Linux supports MSTI 0 only. It does not support MSTI 1 through 15. |
|
| Sets the bridge's bridge hello time to |
|
| Sets the port cost of the port
|
|
| Enables/disables the initial edge state of the port This setting only applies to a bridge in traditional mode; it does not apply to VLAN-aware bridges. |
|
| Enables/disables the auto transition to/from the edge state of the port portautoedge is an enhancement to the standard PortAdminEdge (PortFast) mode, which allows for the automatic detection of edge ports. Edge ports and access ports are not the same thing. Edge ports transition directly to the forwarding state and skip the listening and learning stages. Upstream topology change notifications are not generated when an edge port's link changes state. Access ports only forward untagged traffic; however, there is no such restriction on edge ports, which can forward both tagged and untagged traffic. When a BPDU is received on a port configured with portautoedge, the port ceases to be in the edge port state and transitions into a normal STP port. When BPDUs are no longer received on the interface, the port becomes an edge port, and transitions through the discarding and learning states before resuming forwarding. |
|
| Enables/disables the point-to-point detection mode of the port |
|
| Enables/disables the ability of the port |
|
| Enables/disables the ability of the port |
|
| Enables/disables the bridge assurance capability for a network port |
|
| Enables/disables the BPDU guard configuration of the port |
|
| Enables/disables the BPDU filter functionality for a port |
|
| Sets the spanning tree port cost to a value from 0 to 255. The default is 0. |
Caveats and Errata
- MSTP is not supported currently since Cumulus Linux only supportsMSTI 0 (not MSTI 1 through 15). However, interoperability with MSTPnetworks can be accomplished using PVRSTP or PVSTP.
Spanning Tree Admin Edge Port Ludlow
Related Information
The source code for mstpd
/mstpctl
was written byVitalii Demianets and is hosted at the URLbelow.
- brctl(8)
- bridge-utils-interfaces(5)
- ifupdown-addons-interfaces(5)
- mstpctl(8)
- mstpctl-utils-interfaces(5)
I want to point out that Ruckus/Brocade has 2 commands that contradict each other when configuring Spanning Tree:
Brocade(config-vlan-1)#spanning-tree ?
802-1w Enable Rapid Spanning Tree IEEE 802.1w
rstp Enable Rapid Spanning Tree
Since RSTP is the same as 802.1w further clarification is needed.
Brocade(config-vlan-1)#spanning-tree rstp is a Brocade early implementation of the IEEE 802.1W which provided only a subset of the standard, whereas the
Brocade(config-vlan-1)#spanning-tree 802-1w feature provides the full standard, so basically you should use 802.1w.
How to configure Spanning Tree on Brocade
Ran mainly on a per VLAN basis.
Spanning Tree Admin Edge Port
Brocade# conf t
Brocade (config)#vlan 1
Brocade (config-vlan-1)# spanning-tree 802-1w – enabled spanning tree basic mode
Brocade (config-vlan-1)# show 802-1w – shows spanning tree information
Brocade (config-vlan-1)# spanning-tree 802-1w priority 0 – to designate that switch Root bridge
If you know there is a point to point link between 2 rapid spanning tree devices you have to turn that on at the interface level
Point-to-Point/Uplinks
Brocade (config-vlan-1)#int e 1/1/1
Brocade (config-if-e10000-1/1/1)# spanning-tree 802-1w admin-p2pt-mac – don’t allow for a broadcast domain, assume there is a link between 2 rapid spanning tree root bridges/uplinks ( without this it will fail over in 2 seconds or less, but fail back takes the traditional 30 of listening and learning, but this allows it to fail forward and back in 2 seconds or less
Access/Edge-Ports
Brocade (config-if-e10000-1/1/1)# int e 1/1/3 to 1/1/24
Brocade (config-if-e10000-1/1/3-1/1/24)# spanning-tree 802-1w admin-edge-port (not really required, just means topology changes on the edge is not going to cause re-convergence on the core links or vice versa
Spanning Tree Admin Edge Port Sanilac
Brocade (config-if-e10000-1/1/3-1/1/24)# show run – will see spanning tree on the VLAN and the int ports
Spanning Tree Cost Command
***DO NOT USE VLAN1 IN PRODUCTION, THIS IS PURELY FOR DEMONSTRATION PURPOSES***