Mailing List Archive

Eduardo,

Your EAPS configuration should not have spanning tree turned on neither the primary nor secondary ports that are prt of the EAPS ring., however you can turn on spanning-tree on ports that are not
part of the ring. I have pvst running on stacked x460 switches when connecting cisco switches to each node on the stack. This will ensure we don't run into spanning tree issues. The best policy is to keep
all ports not in use in shutdown this way you can control the whole process. Preconfigure spanning tree etc.... have them connect then unshut the ports.



create vlan "POOL-111"
configure vlan POOL-111 tag 111

Client:

create vlan "POOL-113"
configure vlan POOL-113 tag 113

create vlan "EAPS-CONTROL3"
configure vlan EAPS-CONTROL3 tag 1014

configure vlan POOL-111 add ports 1:29, 2:29 tagged
configure vlan POOL-113 add ports 1:29, 2:29 tagged
configure vlan EAPS-CONTROL3 add ports 1:29, 2:29 tagged

configure eaps fast-convergence on
enable eaps
create eaps EAPS-DOMAIN3
configure eaps EAPS-DOMAIN3 mode master
configure eaps EAPS-DOMAIN3 primary port 1:29
configure eaps EAPS-DOMAIN3 secondary port 2:29
enable eaps EAPS-DOMAIN3
configure eaps EAPS-DOMAIN3 add control vlan EAPS-CONTROL3
configure eaps EAPS-DOMAIN3 add protected vlan POOL-111
configure eaps EAPS-DOMAIN3 add protected vlan POOL-113


I have two cisco switches connected to each slot in the stack.

1:4 is really a shared port 1:4 and 2:4

Here is my spanning tree config


configure stpd PVST-POOL111 add vlan POOL-111 ports 1:4 pvst-plus
configure stpd PVST-POOL111 ports mode pvst-plus 1:4
configure stpd PVST-POOL111 ports cost auto 1:4
configure stpd PVST-POOL111 ports priority 16 1:4
configure stpd PVST-POOL111 ports link-type point-to-point 1:4
configure stpd PVST-POOL111 ports edge-safeguard disable 1:4
enable stpd PVST-POOL111 ports 1:4
configure stpd PVST-POOL111 ports mode pvst-plus 1:5
configure stpd PVST-POOL111 ports cost auto 1:5
configure stpd PVST-POOL111 ports priority 16 1:5
configure stpd PVST-POOL111 ports link-type point-to-point 1:5
configure stpd PVST-POOL111 ports edge-safeguard disable 1:5
enable stpd PVST-POOL111 ports 1:5

Regards,

-LM

From: extreme-nsp-bounces@puck.nether.net [mailto:extreme-nsp-bounces@puck.nether.net] On Behalf Of Eduardo Schoedler
Sent: Monday, April 01, 2013 6:27 PM
To: Extreme NSP
Subject: [e-nsp] EAPS + xSTP + Private VLAN

Hello everyone,

First of all, sorry my bad english :).

I have an metroethernet network runing in extreme networks x350 switches.
It's a ring network, working with EAPS.
But in some times, my field crew loops the ring in some port.

So I noticed that EAPS don't cover this, only ring failure.
That's why I think to run a xSTP instance, to block the port with in loop.

That will work?
How to prevent to the xSTP don't block forwarding the ring ports?
Someone can help me with this configuration?

In time, how I can configure Private VLAN in ports of some vlans in this setup?
My idea is to provide layer2 isolation between customers.

Thanks in advance.

Regards,


--
Eduardo Schoedler

On 2013-04-02 00:27, Eduardo Schoedler wrote:
> Hello everyone,
>
> First of all, sorry my bad english :).
>
> I have an metroethernet network runing in extreme networks x350 switches.
> It's a ring network, working with EAPS.
> But in some times, my field crew loops the ring in some port.


Maybe it is better to set rate-limits on edge ports on broadcast,
unknown-unicasts and multicasts on ingres ?

Marcin
_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp

Hi Luis,

Thanks for the configuration,I'll try here.

Regards,

--
Eduardo Schoedler


2013/4/1 Luis Mercado <lmercado@logicworks.net>

> Eduardo,****
>
> ** **
>
> Your EAPS configuration should not have spanning tree turned on neither
> the primary nor secondary ports that are prt of the EAPS ring., however
> you can turn on spanning-tree on ports that are not ****
>
> part of the ring. I have pvst running on stacked x460 switches when
> connecting cisco switches to each node on the stack. This will ensure we
> don’t run into spanning tree issues. The best policy is to keep ****
>
> all ports not in use in shutdown this way you can control the whole
> process. Preconfigure spanning tree etc…. have them connect then unshut the
> ports.****
>
> ** **
>
> ** **
>
> ** **
>
> create vlan "POOL-111"****
>
> configure vlan POOL-111 tag 111****
>
> ** **
>
> Client:****
>
> ** **
>
> create vlan "POOL-113"****
>
> configure vlan POOL-113 tag 113****
>
> ** **
>
> create vlan "EAPS-CONTROL3"****
>
> configure vlan EAPS-CONTROL3 tag 1014****
>
> ** **
>
> configure vlan POOL-111 add ports 1:29, 2:29 tagged ****
>
> configure vlan POOL-113 add ports 1:29, 2:29 tagged ****
>
> configure vlan EAPS-CONTROL3 add ports 1:29, 2:29 tagged ****
>
> ** **
>
> configure eaps fast-convergence on****
>
> enable eaps****
>
> create eaps EAPS-DOMAIN3****
>
> configure eaps EAPS-DOMAIN3 mode master****
>
> configure eaps EAPS-DOMAIN3 primary port 1:29****
>
> configure eaps EAPS-DOMAIN3 secondary port 2:29****
>
> enable eaps EAPS-DOMAIN3****
>
> configure eaps EAPS-DOMAIN3 add control vlan EAPS-CONTROL3****
>
> configure eaps EAPS-DOMAIN3 add protected vlan POOL-111****
>
> configure eaps EAPS-DOMAIN3 add protected vlan POOL-113****
>
> ** **
>
> ** **
>
> I have two cisco switches connected to each slot in the stack. ****
>
> ** **
>
> 1:4 is really a shared port 1:4 and 2:4****
>
> ** **
>
> Here is my spanning tree config****
>
> ** **
>
> ** **
>
> configure stpd PVST-POOL111 add vlan POOL-111 ports 1:4 pvst-plus****
>
> configure stpd PVST-POOL111 ports mode pvst-plus 1:4****
>
> configure stpd PVST-POOL111 ports cost auto 1:4****
>
> configure stpd PVST-POOL111 ports priority 16 1:4****
>
> configure stpd PVST-POOL111 ports link-type point-to-point 1:4****
>
> configure stpd PVST-POOL111 ports edge-safeguard disable 1:4****
>
> enable stpd PVST-POOL111 ports 1:4****
>
> configure stpd PVST-POOL111 ports mode pvst-plus 1:5****
>
> configure stpd PVST-POOL111 ports cost auto 1:5****
>
> configure stpd PVST-POOL111 ports priority 16 1:5****
>
> configure stpd PVST-POOL111 ports link-type point-to-point 1:5****
>
> configure stpd PVST-POOL111 ports edge-safeguard disable 1:5****
>
> enable stpd PVST-POOL111 ports 1:5****
>
> ** **
>
> Regards,****
>
> ** **
>
> -LM****
>
> ** **
>
> *From:* extreme-nsp-bounces@puck.nether.net [mailto:
> extreme-nsp-bounces@puck.nether.net] *On Behalf Of *Eduardo Schoedler
> *Sent:* Monday, April 01, 2013 6:27 PM
> *To:* Extreme NSP
> *Subject:* [e-nsp] EAPS + xSTP + Private VLAN****
>
> ** **
>
> Hello everyone,****
>
> ** **
>
> First of all, sorry my bad english :).****
>
> ** **
>
> I have an metroethernet network runing in extreme networks x350 switches.*
> ***
>
> It's a ring network, working with EAPS.****
>
> But in some times, my field crew loops the ring in some port.****
>
> ** **
>
> So I noticed that EAPS don't cover this, only ring failure.****
>
> That's why I think to run a xSTP instance, to block the port with in loop.
> ****
>
> ** **
>
> That will work?****
>
> How to prevent to the xSTP don't block forwarding the ring ports?****
>
> Someone can help me with this configuration?****
>
> ** **
>
> In time, how I can configure Private VLAN in ports of some vlans in this
> setup?****
>
> My idea is to provide layer2 isolation between customers.****
>
> ** **
>
> Thanks in advance.****
>
> ** **
>
> Regards,****
>
> **
>
> -- ****
>
> Eduardo Schoedler
>

2013/4/2 Marcin Kuczera <marcin@leon.pl>

> On 2013-04-02 00:27, Eduardo Schoedler wrote:
>
>> Hello everyone,
>>
>> First of all, sorry my bad english :).
>>
>> I have an metroethernet network runing in extreme networks x350 switches.
>> It's a ring network, working with EAPS.
>> But in some times, my field crew loops the ring in some port.
>>
>
>
> Maybe it is better to set rate-limits on edge ports on broadcast,
> unknown-unicasts and multicasts on ingres ?
>

Marcin,

In some cases this is not possible, for example a port that is used as
uplink from my POP.
That's why I need xSTP, to disable forwarding in a loop port.

Thanks,

--
Eduardo Schoedler

By the way, how to include private vlan configuration in this setup?

Thanks!


--
Eduardo Schoedler


2013/4/2 Eduardo Schoedler <listas@esds.com.br>

> Hi Luis,
>
> Thanks for the configuration,I'll try here.
>
> Regards,
>
> --
> Eduardo Schoedler
>
>
> 2013/4/1 Luis Mercado <lmercado@logicworks.net>
>
>> Eduardo,****
>>
>> ** **
>>
>> Your EAPS configuration should not have spanning tree turned on neither
>> the primary nor secondary ports that are prt of the EAPS ring., however
>> you can turn on spanning-tree on ports that are not ****
>>
>> part of the ring. I have pvst running on stacked x460 switches when
>> connecting cisco switches to each node on the stack. This will ensure we
>> don’t run into spanning tree issues. The best policy is to keep ****
>>
>> all ports not in use in shutdown this way you can control the whole
>> process. Preconfigure spanning tree etc…. have them connect then unshut the
>> ports.****
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> create vlan "POOL-111"****
>>
>> configure vlan POOL-111 tag 111****
>>
>> ** **
>>
>> Client:****
>>
>> ** **
>>
>> create vlan "POOL-113"****
>>
>> configure vlan POOL-113 tag 113****
>>
>> ** **
>>
>> create vlan "EAPS-CONTROL3"****
>>
>> configure vlan EAPS-CONTROL3 tag 1014****
>>
>> ** **
>>
>> configure vlan POOL-111 add ports 1:29, 2:29 tagged ****
>>
>> configure vlan POOL-113 add ports 1:29, 2:29 tagged ****
>>
>> configure vlan EAPS-CONTROL3 add ports 1:29, 2:29 tagged ****
>>
>> ** **
>>
>> configure eaps fast-convergence on****
>>
>> enable eaps****
>>
>> create eaps EAPS-DOMAIN3****
>>
>> configure eaps EAPS-DOMAIN3 mode master****
>>
>> configure eaps EAPS-DOMAIN3 primary port 1:29****
>>
>> configure eaps EAPS-DOMAIN3 secondary port 2:29****
>>
>> enable eaps EAPS-DOMAIN3****
>>
>> configure eaps EAPS-DOMAIN3 add control vlan EAPS-CONTROL3****
>>
>> configure eaps EAPS-DOMAIN3 add protected vlan POOL-111****
>>
>> configure eaps EAPS-DOMAIN3 add protected vlan POOL-113****
>>
>> ** **
>>
>> ** **
>>
>> I have two cisco switches connected to each slot in the stack. ****
>>
>> ** **
>>
>> 1:4 is really a shared port 1:4 and 2:4****
>>
>> ** **
>>
>> Here is my spanning tree config****
>>
>> ** **
>>
>> ** **
>>
>> configure stpd PVST-POOL111 add vlan POOL-111 ports 1:4 pvst-plus****
>>
>> configure stpd PVST-POOL111 ports mode pvst-plus 1:4****
>>
>> configure stpd PVST-POOL111 ports cost auto 1:4****
>>
>> configure stpd PVST-POOL111 ports priority 16 1:4****
>>
>> configure stpd PVST-POOL111 ports link-type point-to-point 1:4****
>>
>> configure stpd PVST-POOL111 ports edge-safeguard disable 1:4****
>>
>> enable stpd PVST-POOL111 ports 1:4****
>>
>> configure stpd PVST-POOL111 ports mode pvst-plus 1:5****
>>
>> configure stpd PVST-POOL111 ports cost auto 1:5****
>>
>> configure stpd PVST-POOL111 ports priority 16 1:5****
>>
>> configure stpd PVST-POOL111 ports link-type point-to-point 1:5****
>>
>> configure stpd PVST-POOL111 ports edge-safeguard disable 1:5****
>>
>> enable stpd PVST-POOL111 ports 1:5****
>>
>> ** **
>>
>> Regards,****
>>
>> ** **
>>
>> -LM****
>>
>> ** **
>>
>> *From:* extreme-nsp-bounces@puck.nether.net [mailto:
>> extreme-nsp-bounces@puck.nether.net] *On Behalf Of *Eduardo Schoedler
>> *Sent:* Monday, April 01, 2013 6:27 PM
>> *To:* Extreme NSP
>> *Subject:* [e-nsp] EAPS + xSTP + Private VLAN****
>>
>> ** **
>>
>> Hello everyone,****
>>
>> ** **
>>
>> First of all, sorry my bad english :).****
>>
>> ** **
>>
>> I have an metroethernet network runing in extreme networks x350 switches.
>> ****
>>
>> It's a ring network, working with EAPS.****
>>
>> But in some times, my field crew loops the ring in some port.****
>>
>> ** **
>>
>> So I noticed that EAPS don't cover this, only ring failure.****
>>
>> That's why I think to run a xSTP instance, to block the port with in loop.
>> ****
>>
>> ** **
>>
>> That will work?****
>>
>> How to prevent to the xSTP don't block forwarding the ring ports?****
>>
>> Someone can help me with this configuration?****
>>
>> ** **
>>
>> In time, how I can configure Private VLAN in ports of some vlans in this
>> setup?****
>>
>> My idea is to provide layer2 isolation between customers.****
>>
>> ** **
>>
>> Thanks in advance.****
>>
>> ** **
>>
>> Regards,****
>>
>> **
>>
>> -- ****
>>
>> Eduardo Schoedler
>>
>

On 2013-04-02 22:02, Eduardo Schoedler wrote:
> 2013/4/2 Marcin Kuczera <marcin@leon.pl <mailto:marcin@leon.pl>>
>
> On 2013-04-02 00:27, Eduardo Schoedler wrote:
>
> Hello everyone,
>
> First of all, sorry my bad english :).
>
> I have an metroethernet network runing in extreme networks
> x350 switches.
> It's a ring network, working with EAPS.
> But in some times, my field crew loops the ring in some port.
>
>
>
> Maybe it is better to set rate-limits on edge ports on broadcast,
> unknown-unicasts and multicasts on ingres ?
>
>
> Marcin,
>
> In some cases this is not possible, for example a port that is used as
> uplink from my POP.
But broadcast limitation (which should be enough) shouldn't block
anything in normal circumstances.

Regards,

Marcin



> That's why I need xSTP, to disable forwarding in a loop port.
>
> Thanks,
>
> --
> Eduardo Schoedler
>
>
> _______________________________________________
> extreme-nsp mailing list
> extreme-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/extreme-nsp