Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. foundry
STP BPDU filtering
minotaur at crete
Dec 14, 2013, 5:12 AM
Post #1 of 4 (2843 views)
Permalink
Hi,

Recently I noticed that my Brocade MLXe-16 does not drop STP BPDU packets
even if 'spanning-tree protect' is configured in port-configuration:

telnet@lsr1-gdr.ki#show int eth 12/8
10GigabitEthernet12/8 is up, line protocol is up
STP Root Guard is disabled, STP BPDU Guard is enabled
^^^^^^^^^^^^^^^^^^^^^^^^^^^

But there are a lot STP BPDUs coming in that port, and moreover they
are forwarded to all other ports within one VLAN.
Generally, I need just to drop all incoming STP BPDUs on all ports,
and nothing else. Any hints? Thanks in advance!

--
MINO-RIPE
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
Re: STP BPDU filtering [ In reply to ]
robhass at gmail
Dec 14, 2013, 2:21 PM
Post #2 of 4 (2776 views)
Permalink
int ethe 12/8
no spanning-tree



On Sat, Dec 14, 2013 at 2:12 PM, Alexander Shikoff <minotaur@crete.org.ua>wrote:

> Hi,
>
> Recently I noticed that my Brocade MLXe-16 does not drop STP BPDU packets
> even if 'spanning-tree protect' is configured in port-configuration:
>
> telnet@lsr1-gdr.ki#show int eth 12/8
> 10GigabitEthernet12/8 is up, line protocol is up
> STP Root Guard is disabled, STP BPDU Guard is enabled
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> But there are a lot STP BPDUs coming in that port, and moreover they
> are forwarded to all other ports within one VLAN.
> Generally, I need just to drop all incoming STP BPDUs on all ports,
> and nothing else. Any hints? Thanks in advance!
>
> --
> MINO-RIPE
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
Re: STP BPDU filtering [ In reply to ]
minotaur at crete
Dec 16, 2013, 1:19 AM
Post #3 of 4 (2760 views)
Permalink
On Sat, Dec 14, 2013 at 11:21:28PM +0100, Robert Hass wrote:
> int ethe 12/8
> no spanning-tree
It is set by default on MLXe.
And it does not protect from BPDUs receiving and forwarding.

> On Sat, Dec 14, 2013 at 2:12 PM, Alexander Shikoff <[1]minotaur@crete.org.ua> wrote:
>
> Hi,
> Recently I noticed that my Brocade MLXe-16 does not drop STP BPDU packets
> even if 'spanning-tree protect' is configured in port-configuration:
> [2]telnet@lsr1-gdr.ki#show int eth 12/8
> 10GigabitEthernet12/8 is up, line protocol is up
> STP Root Guard is disabled, STP BPDU Guard is enabled
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> But there are a lot STP BPDUs coming in that port, and moreover they
> are forwarded to all other ports within one VLAN.
> Generally, I need just to drop all incoming STP BPDUs on all ports,
> and nothing else. Any hints? Thanks in advance!
> --
> MINO-RIPE
> _______________________________________________
> foundry-nsp mailing list
> [3]foundry-nsp@puck.nether.net
> [4]http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> óÓÙÌËÉ
>
> 1. mailto:minotaur@crete.org.ua
> 2. http://telnet@lsr1-gdr.ki/#show
> 3. mailto:foundry-nsp@puck.nether.net
> 4. http://puck.nether.net/mailman/listinfo/foundry-nsp

--
MINO-RIPE
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
Re: STP BPDU filtering [ In reply to ]
robhass at gmail
Dec 17, 2013, 1:29 PM
Post #4 of 4 (2755 views)
Permalink
If you have enabled spanning-tree for VLAN then "no spanning-tree" on the
port works like BPDU-Filter.
BPDUs are ingress filtered and not sent on this particular port.

Rob


On Mon, Dec 16, 2013 at 10:19 AM, Alexander Shikoff
<minotaur@crete.org.ua>wrote:

> On Sat, Dec 14, 2013 at 11:21:28PM +0100, Robert Hass wrote:
> > int ethe 12/8
> > no spanning-tree
> It is set by default on MLXe.
> And it does not protect from BPDUs receiving and forwarding.
>
> > On Sat, Dec 14, 2013 at 2:12 PM, Alexander Shikoff <[1]
> minotaur@crete.org.ua> wrote:
> >
> > Hi,
> > Recently I noticed that my Brocade MLXe-16 does not drop STP BPDU
> packets
> > even if 'spanning-tree protect' is configured in port-configuration:
> > [2]telnet@lsr1-gdr.ki#show int eth 12/8
> > 10GigabitEthernet12/8 is up, line protocol is up
> > STP Root Guard is disabled, STP BPDU Guard is enabled
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > But there are a lot STP BPDUs coming in that port, and moreover they
> > are forwarded to all other ports within one VLAN.
> > Generally, I need just to drop all incoming STP BPDUs on all ports,
> > and nothing else. Any hints? Thanks in advance!
> > --
> > MINO-RIPE
> > _______________________________________________
> > foundry-nsp mailing list
> > [3]foundry-nsp@puck.nether.net
> > [4]http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> > Ссылки
> >
> > 1. mailto:minotaur@crete.org.ua
> > 2. http://telnet@lsr1-gdr.ki/#show
> > 3. mailto:foundry-nsp@puck.nether.net
> > 4. http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> --
> MINO-RIPE
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal