STP Extreme

Extreme Networks Application Note
Rapid Spanning Tree Protocol (RSTP) Deployment Guidelines for Converged Networks Revision 01
Abstract: The following Application Note was written to help business partners and systems engineers with conguring Rapid Spanning Tree Protocol (RSTP) loop avoidance for converged networks. This conguration can be generalized and applied to most converged networks from various IP PBX vendors in order to provide loop avoidance and prevent end-user cabling errors from taking down voice, video and data application services.
2009 Extreme Networks, Inc. All rights reserved. Do not reproduce.
Table of Contents
1. Introduction 1.1. Loop Avoidance and Spanning Tree Protocol 2. Conguring RSTP 2.1. STP Domains and Modes 2.2. STP Domain Modes for Converged Networks 2.3. Encapsulation and Default-Encapsulation 2.4. STPD Default-Encapsulation for Converged Networks 2.5. Participating Ports and VLANs 2.6. Adding Ports and VLANs in Converged Networks 2.7. Link-Type and Converged Networks 2.8. Bridge-Priority 2.9. Auto-Bind 3. Sample RSTP Congurations 3.1 Single Core Switch Conguration 3.1.1. NJCore1 Switch Conguration 3.1.2. IDF1 Switch Conguration 3.1.3. IDF2 Switch Conguration 3.2. Dual Aggregation Switch Conguration 3.2.1. NJAgg1 Switch Conguration 3.2.2. NJAgg2 Switch Conguration 3.2.3. IDF1 Switch Conguration 3.2.4. IDF2 Switch Conguration 4. Verication Steps for Sample Congurations 4.1. Single Core Switch Conguration 4.1.1. Verify IDF1 Switch Conguration 4.1.2. Verify IDF2 Switch Conguration 4.2. Dual Aggregation Switch Conguration 4.2.1. Verify IDF1 Switch Conguration 4.2.2. Verify IDF2 Switch Conguration 5. Basic RSTP Deployment Checklist 6. Conclusion 6.1. Hardware and Software Versions Tested 7. Additional References 3 3 4 4 6 6 7 7 8 9 10 10 10 10 11 12 13 14 15 16 17 18 19 19 19 20 21 22 23 24 24 24 25
1. Introduction
Layer 2 loops can occur in converged network environments, sometimes even with Spanning Tree Protocol (STP) enabled. Most loops are accidental, but they can cripple voice and data communication services across entire segments. Spanning tree is disabled on all Extreme Networks switches by default. Operating a network without any type of loop avoidance mechanism like STP or other alternative technique can be problematic even in loop-free topologies. These deployment guidelines explain how to enable Rapid Spanning Tree Protocol (RSTP) in order to eliminate the majority of Layer 2 loops in converged network environments. The two sample congurations represent eld proven cases that provide loop-free operation at the network edge, closest to end users. Two sample congurations described in this Application Note: 1. Single Core, Two IDF Switches 2. Dual Aggregation with Virtual Router Redundancy Protocol (VRRP), Two IDF Switches
1.1. Loop Avoidance and Spanning Tree Protocol

Converged networks require a loop avoidance mechanism to protect against end-user cabling errors. The widespread deployment of automatic polarity on edge ports exacerbates the problem, because a simple straight CAT5e patch cable can automatically establish a link and result in a broadcast storm. Networks that are deployed without enabling STP can leave customers vulnerable to three types of loops without proper conguration. Figure 1 shows the three most common loops found in Ethernet networks. The self loop occurs when an end user loops a cable back within the same switch. A switch-to-switch loop occurs when the end user connects a third party switch into the network with dual connections. Lastly, the IP telephone loop can happen when an end user attaches both the Power+Data and Data only ports of an IP telephone into the switch. Network administrators must take appropriate steps to provide loop-free operation by conguring and enabling RSTP or an alternative loop avoidance mechanism. With RSTP, the network can quickly and automatically detect the most common loops and place one of the two ports into a BLOCKING state to avoid a broadcast storm (See Figure 2).
Loop Formed Self Loop Loop Formed
Loop Formed
IP Telephone Loop
Switch-to-Switch Loop
5361-01
Figure 1: Types of Network Loops
Loop Avoided Self Loop
Blocking
Loop Avoided
Blocking
Blocking
Loop Avoided
IP Telephone Loop
Figure 1: Usage Model
Switch-to-Switch Loop
5362-01
Figure 2: Loop Avoidance Using RSTP
2009 Extreme Networks, Inc. All rights reserved.
RSTP Deployment Guidelines Application NotePage 3
There is a fourth type of loop that occurs less frequently, but it can be just as troublesome. If a user attaches an adjacent device to the network that has a loop the outcome can be catastrophic to voice, video and data communications. To help avoid the occurrence of this possible loop, Extreme Networks introduced the edge-safeguard feature for edge ports. The edge-safeguard feature will detect the presence of an adjacent looped device and software disable the port to avoid a network interruption. See Figure 3.
Loop Formed Looped Hub

5363-01
Figure 3: Adjacent Looped Device
2. Conguring RSTP
Figure 3: Adjacent Looped Device
The following sections outline the fundamentals necessary to successfully congure and enable RSTP on Extreme Networks ExtremeXOS switch for a converged network environment.
2.1. STP Domains and Modes

An Extreme Networks spanning tree instance or database is called a Spanning Tree Protocol Domain (STPD). The STPD determines the version of spanning tree protocol to use on the switch, the Bridge Protocol Data Unit (BPDU) encapsulation format and the participating ports and VLANs to be protected by spanning tree. All switch platforms have STPD s0 precongured in their factory default conguration, but spanning tree has been disabled by default. See Example 1. You must properly congure and enable spanning tree if you require a loop-free environment. Example 1: Default Spanning Tree Protocol Domain s0
* NJCore1.5 # show stpd MSTP Global Configuration: MSTP Region Name MSTP Format Identifier MSTP Revision Level Common and Internal Spanning Tree (CIST) Total Number of MST Instances (MSTI) Name s0
: : : : :
00049635e5f9 0 3 ---0
Tag Flags Ports Bridge ID Designated Root Rt Port Rt Cost 0000 D----0 800000049635e5f9 0000000000000000 ------0
Total number of STPDs: 1 Flags: (C) Topology Change, (D) Disable, (E) Enable, (R) Rapid Root Failover (T) Topology Change Detected, (M) MSTP CIST, (I) MSTP MSTI
The domain s0 is precongured to automatically bind and protect all ports assigned to the untagged Default VLAN as show in Example 2. You must enable domain s0 if you want to use the precongured settings to implement spanning tree protection. Many customers modify the untagged VLANs assigned to the switch ports, so Extreme Networks leaves s0 disabled in the factory default conguration. This also minimizes the impact of introducing an Extreme Networks switch into an environment that is already running a version spanning tree. Example 2: STPD s0 Default Conguration
NJCore1.10 # show stpd s0 Stpd: s0 Stp: DISABLED Rapid Root Failover: Disabled Operational Mode: 802.1D 802.1Q Tag: (none) Ports: 1,2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26 Participating Vlans: Default Auto-bind Vlans: Default Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 00:00:00:00:00:00:00:00 RootPathCost: 0 Root Port: ---MaxAge: 0s HelloTime: 0s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 0 Time Since Last Topology Change: 0s
Number of Ports: 26 Default Binding Mode: 802.1D
ForwardDelay: 0s CfgBrForwardDelay: 15s Hold time: 1s Topology Change: FALSE
You have the option of modifying domain s0 to protect different combinations of ports and VLANs or you can create a new domain. Example 3 shows how to create a new domain. User dened domain names have a maximum length of 32 characters. Example 3: User Dened Spanning Tree Domain Conguration
* NJCore1.11 # create stpd s1
All Extreme Networks spanning tree domains, including domain s0 and user dened domains use operational mode IEEE 802.1D by default. Example 4 shows a user dened domain. Notice that the user dened domain is disabled with an operational mode of 802.1D. Example 4: User Dened STPD s1 Default Conguration
* NJCore1.12 # show stpd s1 Stpd: s1 Stp: DISABLED Rapid Root Failover: Disabled Operational Mode: 802.1D 802.1Q Tag: (none) Ports: (none) Participating Vlans: (none) Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 00:00:00:00:00:00:00:00 RootPathCost: 0 Root Port: ---MaxAge: 0s HelloTime: 0s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 0 Time Since Last Topology Change: 0s
Number of Ports: 0 Default Binding Mode: EMISTP
Each STPD instance has three possible modes of operation: IEEE 802.1D Use the 802.1D (dot1d) operational mode for backward compatibility with previous STP versions and for compatibility with third-party switches using IEEE standard 802.1D. When congured in this mode, all rapid conguration mechanisms are disabled. IEEE 802.1w (Rapid Spanning Tree Protocol) Use the 802.1w (dot1w) operational mode for compatibility with RSTP. When congured in this mode, all rapid conguration mechanisms are enabled. IEEE 802.1s (Multiple Instance Spanning Tree Protocol) Use the MSTP (mstp) operational mode for compatibility with MSTP. MSTP is an extension of RSTP and offers the benet of better scaling with fast convergence.
2.2. STP Domain Modes for Converged Networks

IP networks responsible for delivering real-time applications such as Voice-over-IP (VoIP) and video require fast convergence in order to maintain quality audio and satisfactory picture quality. The legacy 802.1D mode of spanning tree takes about 30-60 seconds to converge making it suboptimal for converged networks. If you are deploying spanning tree in a converged network environment you should change your spanning tree domain to mode 802.1w (dot1w) or 802.1s (mstp) to ensure fast convergence when network topology changes occur. Example 5 shows how to properly create and congure a user dened domain to operate in RSPT mode. Example 5: User Dened RSTP Domain Conguration
* NJCore1.8 # create stpd s1 * NJCore1.9 # config stpd s1 mode dot1w
2.3. Encapsulation and Default-Encapsulation

The STPD encapsulation mode determines how the switch formats BPDU messages. The encapsulation mode and operational mode for STPD are independent settings. The encapsulation may be modied on an individual port basis, or you can use the defaultencapsulation congured for the domain. The s0 domain is precongured to use 802.1D as its default-encapsulation mode while user dened domains automatically select Extreme Multiple Instance Spanning Tree Protocol (EMISTP) as their default-encapsulation mode (See Example 6). Example 6: Default-Encapsulation Modes for Spanning Tree Domains
* NJCore1.4 # show stpd s0 Stpd: s0 Stp: DISABLED Rapid Root Failover: Disabled Operational Mode: 802.1D * NJCore1.3 # show stpd s1 Stpd: s1 Stp: DISABLED Rapid Root Failover: Disabled Operational Mode: 802.1W
Number of Ports: 0 Default Binding Mode: EMISTP
Each port assigned to an STPD has three possible modes of BPDU encapsulation: IEEE 802.1D Use the 802.1D (dot1d) encapsulation mode for backward compatibility with previous STP versions and for compatibility with third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and MSTP. Extreme Multiple Instance Spanning Tree Protocol (EMISTP) Use the EMISTP (emistp) encapsulation mode when connecting with Extreme Networks switches only. BPDUs for each STPD are sent with an 802.1Q tag in EMISTP encapsulation mode. The STPDs running in this mode have a one-to-one relationship with VLANs and send and process packets in EMISTP format. This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w. Per VLAN Spanning Tree (PVST+) Use the PVST+ (pvst-plus) encapsulation mode when connecting to third-party switches running the PVST+ version of STP. BPDUs for each STPD are sent with an 802.1Q tag in PVST+ encapsulation mode. The STPDs running in this mode have a one-to-one relationship with VLANs and send and process packets in PVST+ format. This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
You can manually specify how the BPDU should be formatted on a per port basis, but this requires that you append the encapsulation mode at the end of the add VLAN and port command. Example 7 shows how a port can be added to the domain with a manually specied BDPU encapsulation mode. Most administrators prefer to use the default-encapsulation to assign the BPDU format to a switch port. Example 7: Add VLAN and Port to Spanning Tree Domain with Encapsulation
* NJCore1.12 # config stpd s1 add vlan data10 ports 1 dot1d
If most switch ports in a spanning tree domain are using the same port encapsulation mode it is easier to change the default-encapsulation and assign the ports. Example 8 shows how a port can inherit the default-encapsulation mode congured for the spanning tree domain by not appending the BPDU encapsulation at the end of an add VLAN and port command. Example 8: Add VLAN and Port to Spanning Tree Domain with Default-Encapsulation
* NJCore1.14 # config stpd s1 default-encapsulation dot1d * NJCore1.15 # config stpd s1 add vlan data10 ports 1
2.4. STPD Default-Encapsulation for Converged Networks

Most IP telephones have the ability to pass untagged BPDU messages across their internal switch fabrics. Unfortunately, many manufacturers and models of IP telephones are also incapable of passing 802.1Q tagged BDPU messages across their internal switch fabrics. This makes the EMISTP and PVST+ encapsulation modes suboptimal for converged network environments. If you are deploying spanning tree in a converged network environment you should change your spanning tree domain default-encapsulation mode to 802.1D (dot1d) so that the IEEE standard untagged BPDU message format is used. Example 9 shows how a user dened spanning tree domain can be congured to properly support RSTP in a converged network. This conguration will allow the Extreme Networks switch to detect and prevent loops across an IP telephones internal switch fabric. The STPD mode 802.1w (dot1w) and default-encapsulation 802.1D (dot1d) are the preferred setting for interoperating with third-party IEEE bridges and for preventing looped IP telephone scenarios. Example 9: User Dened RSTP Domain with 802.1D Encapsulation Mode Conguration
* * * * NJCore1.8 # create stpd s1 NJCore1.9 # config stpd s1 mode dot1w NJCore1.19 # config stpd s1 default-encapsulation dot1d NJCore1.20 # enable stpd s1
2.5. Participating Ports and VLANs

Once you have selected a STPD domain, operational mode and default-encapsulation mode for a converged network environment you will need to add ports and VLANs that are to be protected. The ordering by which you add ports and VLANs is very important when using 802.1D (dot1d) default-encapsulation. Example 10: Adding Port and Untagged VLAN to RSTP Conguration
* * * * * * * * NJCore1.5 # create vlan data10 NJCore1.6 # config vlan data10 tag 10 NJCore1.7 # config vlan data10 add ports 1 NJCore1.8 # create stpd s1 NJCore1.9 # config stpd s1 mode dot1w NJCore1.10 # config stpd s1 default-encapsulation dot1d NJCore1.11 # enable stpd s1 NJCore1.12 # config stpd s1 add vlan data10 ports 1
Example 10 shows port 1 and untagged data10 VLAN being added to spanning tree domain s1. Example 11 shows port 1 and untagged data10 VLAN are participating in the domain.
Example 11: Spanning Tree Domain with Port and Untagged Participating VLAN Added
* NJCore1.14 # show stpd s1 Stpd: s1 Stp: ENABLED Rapid Root Failover: Disabled Operational Mode: 802.1W 802.1Q Tag: (none) Ports: 1 Participating Vlans: data10 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 80:00:00:04:96:35:e5:f9 RootPathCost: 0 Root Port: ---MaxAge: 20s HelloTime: 2s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 1 Time Since Last Topology Change: 260s
If you attempt to add a port and tagged VLAN to the spanning tree domain before you have added the port and its untagged VLAN, you will receive an error in the command prompt. The ports untagged VLAN must be added rst, because the 802.1w domain requires an untagged VLAN in order to transmit and receive BPDUs. If you attempt to bind a port and tagged VLAN before you have bound the ports untagged VLAN, the domain will have no way of transmitting or receiving BPDU messages, which is why you see an error condition in Example 12. Example 12: Error Adding Port and Tagged VLAN Only to RSTP Conguration
* NJCore1.5 # create vlan voice11 * NJCore1.6 # config vlan voice11 tag 11 * NJCore1.7 # config vlan voice11 add ports 1 tagged * NJCore1.8 # create stpd s1 * NJCore1.9 # config stpd s1 mode dot1w * NJCore1.10 # config stpd s1 default-encapsulation dot1d * NJCore1.11 # enable stpd s1 * NJCore1.12 # config stpd s1 add vlan voice11 ports 1 Error: Cannot add VLAN voice11 port 1 to STP domain s1
When you add untagged and tagged VLANs in the incorrect order, an error may occur and VLANs will fail to be added to the domain. You must add ports and untagged VLANs to the domain rst.
2.6. Adding Ports and VLANs in Converged Networks

In a converged network environment you want to avoid loops on both the data and voice VLANs, therefore, both must be added to the RSTP domain for protection. As per the previous section, you must always add ports and untagged VLANs to the RSTP domain, before you add ports and its tagged VLANs. This is necessary because the dot1d encapsulation requires an untagged VLAN in order transmit and receive untagged BPDU messages. When adding ports to an RSTP domain, you must follow this approach: First, add each port and its untagged VLAN to the RSTP domain Second, add each port and its tagged VLANs to the RSTP domain Example 13 shows the proper order for adding untagged and tagged VLANs to an RSTP domain in a converged network environment. The data10 VLAN was previously added to port 1 as untagged and the voice11 VLAN was previously added to port 1 as tagged.
Example 13: Adding Untagged and Tagged VLANs to an STPD in a Converged Network
* NJCore1.12 # config stpd s1 add vlan data10 ports 1 # must add untagged 1st * NJCore1.13 # config stpd s1 add vlan voice11 ports 1 # must add tagged 2nd
Note: If you remove the port and untagged VLAN from the RSTP domain and you are using dot1d encapsulation, the tagged VLANs will also be removed from the domain. Example 14: Port Data and Voice VLANs Participating in STP Domain s1
* X450a-24t.16 # show stpd s1 Stpd: s1 Stp: ENABLED Rapid Root Failover: Disabled Operational Mode: 802.1W 802.1Q Tag: (none) Ports: 1 Participating Vlans: data10,voice11 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 80:00:00:04:96:35:e5:f9 RootPathCost: 0 Root Port: ---MaxAge: 20s HelloTime: 2s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 1 Time Since Last Topology Change: 350s
2.7. Link-Type and Converged Networks

The STPD port link-type is a very important parameter that should be congured in any converged network environment. The link-type effects whether or not the port Forwarding Database (FDB) table will be ushed during a topology change. The link-type also controls how quickly a port will transition to the forwarding state and it determines whether or not the port transmits and receives BPDU messages to participate in the spanning tree topology. Failure to congure port link-types can result in undesired behavior such as inadvertent FDB ushing and longer convergence times when a topology change occurs. In order to minimize FDB ushing and speed up convergence there are two link-type combinations that should be applied in a converged network environment: Point-to-Point Use link type point-to-point on all switch-to-switch links within the environment. If the switch-toswitch connection is a Link Aggregation Group, congure the master port as link-type point-to-point. Edge with Edge-Safeguard Use link type edge with edge-safeguard enable on any edge ports connected to hosts that are participating in spanning tree, such as PC workstations, printers, IP telephones. If you plan on implementing RSTP on application server and IP PBX ports you should use Edge with Edge-Safeguard. Most enterprises leave RSTP disabled for ports connected to these services to avoid any effects of STP apping. If you use auto-bind in the core the PBX and application server ports will automatically be added to the domain so remember to congure your link-types properly in this type of arrangement. Example 15 shows how to congure port link-types for a switch-to-switch port 24 and edge port 1. Example 15: Port Link-Type Conguration for STP Domain s1
* NJCore1.14 # config stpd s1 port link-type point-to-point 24 * NJCore1.15 # config stpd s1 port link-type edge 1 edge-safeguard enable
2.8. Bridge Priority

The STPD bridge priority value determines whether or not the Extreme Networks switch will operate as a root bridge. The bridge with the lowest priority is elected as the root bridge for the domain. Generally, you will only modify the priority on a switch that you want to force to be the root bridge (typically a core switch) and you sometimes modify a second switch that you want to force to be the backup root bridge (typically a backup core switch). The default STPD priority for all Extreme Networks switches is 32768. The bridge priority can be modied in increments of 4096 from 0 to 61440. Assuming no tie conditions, the bridge with the lowest priority is elected as the root bridge and the bridge with the second lowest bridge priority would act as the backup root bridge. When there is a tie and two or more bridges have equal priority, the bridge with the lowest MAC address becomes the root bridge and the bridge with the second lowest MAC address will essentially be the backup root bridge Example 16: Bridge Priority Conguration for STP Domain s1
* NJCore1.27 # config stpd s1 priority 4096
2.9. Auto-bind
The auto-bind feature allows the domain to automatically add and remove ports and VLANs to the STPD domain using the defaultencapsulation. You should only use auto-bind for VLANs that are to be protected by spanning tree. The auto-bind feature makes STP modications to the switch less error prone, because the switch will automatically adjust the STP bindings according to how the switch VLANs and port are congured.
3. Sample RSTP Congurations

3.1. Single Core Switch Conguration
Figure 4 show a basic RSTP conguration. There is a single Summit X450a-24t switch CORE1 that is the Layer 3 switch and Spanning Tree Root Bridge. There are two IDF closets. The IDF1 closet has two stacked Summit X250e-24p switches that are link aggregated back to the core. The IDF2 closet has a single Summit X150-24p switch that is link aggregated back to the core. The STP was intentionally disabled for all IP PBX and application server facing ports on CORE1. The untagged data10 VLAN is used to transmit and receive BPDUs and both the untagged data10 and tagged voice11 VLANs are protected by spanning tree.
IP PBX 10.1.1.10/24
10/3
STPD sO mode dot1w Default Encapsulation dot1d Bridge Priority 4096 Ports 21,23 P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
1
DHCPSVR 10.1.1.254/24
Avaya G700
NJCore1
21 22 23 24
100-Full
LAG
LAG
IDF1 1:25
2:25
IDF2
26
25
STPD sO mode dot1w Default Encapsulation dot1d Ports 1:1-1:24,2:1-2:24 type Edge w/Edge-Safeguard Ports 1:25 P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
STPD sO mode dot1w Default Encapsulation dot1d Ports 1-24 type Edge w/Edge-Safeguard Ports 25 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
5364-01
Figure 4: Single Core RSTP Conguration
3.1.1. NJCore1 Switch Conguration

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all config snmp sysname NJCore1 # Configure Link Aggregation Groups enable sharing 21 grouping 21-22 lacp enable sharing 23 grouping 23-24 lacp # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 21,23 untagged config vlan data10 ipaddress 192.168.10.1/24 enable ipforwarding data10 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 21,23 tagged config vlan voice11 ipaddress 192.168.11.1/24 enable ipforwarding voice11 create vlan server100 config vlan server100 tag 100 config vlan server100 add ports 1-2 untagged config port 1 auto off speed 100 duplex full config vlan server100 ipaddress 10.1.1.1/24 enable ipforwarding server100 # Configure DHCP Relay function config bootprelay add 10.1.1.254 enable bootprelay # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Define and enable a custom RSTP domain for the root bridge create stpd s1 config stpd s1 mode dot1w config stpd s1 default-encapsulation dot1d config stpd s1 priority 4096 enable stpd s1 # Manually add sports, untagged and tagged participant VLANs to spanning tree config stpd s1 add data10 ports 21,23 config stpd s1 add voice11 ports 21,23 # Tune participant port link-types for fastest transition to forwarding config stpd s1 ports link-type point-to-point 21,23 # Turn on CPU DoS protection enable dos-protect
3.1.2. IDF1 Switch Conguration

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all config snmp sysname IDF1 # Configure Link Aggregation Groups enable sharing 1:25 grouping 1:25,2:25 lacp # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 1:1-25,2:1-24 untagged config vlan data10 ipaddress 192.168.10.2/24 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 1:1-25,2:1-24 tagged config iproute add default 192.168.10.1 # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Define and enable a custom RSTP domain create stpd s1 config stpd s1 mode dot1w config stpd s1 default-encapsulation dot1d enable stpd s1 # Autobind the ports, untagged and tagged participant VLANs to spanning tree enable stpd s1 auto-bind data10 enable stpd s1 auto-bind voice11 # Tune participant port link-types for fastest transition to forwarding state config stpd s1 ports link-type point-to-point 1:25 config stpd s1 ports link-type edge 1:1-24,2:1-24 edge-safeguard enable # Configure static LLDP-MED for phone provisioning on edge ports enable lldp ports 1:1-24,2:1-24 config lldp ports 1:1-24,2:1-24 advertise vendor-specific avaya-extreme call-server 10.1.1.10 config lldp ports 1:1-24,2:1-24 advertise vendor-specific avaya-extreme file-server 10.1.1.254 config lldp ports 1:1-24,2:1-24 advertise vendor-specific avaya-extreme dot1q-framing tagged config lldp ports 1:1-24,2:1-24 advertise vendor-specific dot1 vlan-name # Disable EDP on edge ports disable edp ports all enable edp ports 1:25 # Configure flood rate limiting on edge ports. This control excessive flooding # on the network edge, which can be harmful to host and IP Phone CPU processing config ports 1:1-24,2:1-24 rate-limit flood broadcast 500 config ports 1:1-24,2:1-24 rate-limit flood multicast 500 config ports 1:1-24,2:1-24 rate-limit flood unknown-destmac 500 # Turn on CPU DoS protection enable dos-protect

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all config snmp sysname IDF2 # Configure Link Aggregation Groups enable sharing 25 grouping 25,26 lacp # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 1-25 untagged config vlan data10 ipaddress 192.168.10.3/24 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 1-25 tagged config iproute add default 192.168.10.1 # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Define and enable a custom RSTP domain create stpd s1 config stpd s1 mode dot1w config stpd s1 default-encapsulation dot1d enable stpd s1 # Autobind the ports, untagged and tagged participant VLANs to spanning tree enable stpd s1 auto-bind data10 enable stpd s1 auto-bind voice11 # Tune participant port link-types for fastest transition to forwarding state config stpd s1 ports link-type point-to-point 25 config stpd s1 ports link-type edge 1-24 edge-safeguard enable # Configure static LLDP-MED for phone provisioning on edge ports enable lldp ports 1-24 config lldp ports 1-24 advertise vendor-specific avaya-extreme call-server 10.1.1.10 config lldp ports 1-24 advertise vendor-specific avaya-extreme file-server 10.1.1.254 config lldp ports 1-24 advertise vendor-specific avaya-extreme dot1q-framing tagged config lldp ports 1-24 advertise vendor-specific dot1 vlan-name # Disable EDP on edge ports disable edp ports all enable edp ports 25 # Configure flood rate limiting on edge ports. This control excessive flooding # on the network edge, which can be harmful to host and IP Phone CPU processing config ports 1-24 rate-limit flood broadcast 500 config ports 1-24 rate-limit flood multicast 500 config ports 1-24 rate-limit flood unknown-destmac 500 # Turn on CPU DoS protection enable dos-protect
3.2. Dual Aggregation Switch

This is an advanced RSTP conguration (Figure 5). There are dual Summit X450a-24t switches at the core. The NJAgg1 switch is the VRRP Master that is providing the Layer 3 routing and Spanning Tree Root Bridge functions. The NJAgg2 switch is the VRRP Backup and backup Root Bridge. There are two IDF closets. The IDF1 closet has two stacked Summit X250e-24p switches that are single connected back to each core switch. The IDF2 closet has a single Summit X150-24p switch that is single connected back to each core switch. Spanning Tree Protocol was intentionally disabled for all IP PBX and application server facing ports on NJAgg1 and NJAgg2. The untagged data10 VLAN is used to transmit and receive BPDUs. Both the data10 and voice11 VLANs have been protected against loops.
STPD sO mode dot1w Default Encapsulation dot1d Bridge Priority 4096 Ports 21,23,24 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11 VRRP Master
NJAgg1
STPD sO mode dot1w Default Encapsulation dot1d Bridge Priority 8192 Ports 21,23,24 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11 VRRP Backup
NJAgg2
21 23 24
21 23 24
IDF1
1:25
2:26
IDF2
25
26
STPD sO mode dot1w Default Encapsulation dot1d Ports 1:1-1:24,2:1-2:24 type Edge with Safeguard Ports 1:25,2:26 P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
STPD sO mode dot1w Default Encapsulation dot1d Ports 1-24 type Edge with Safeguard Ports 25,26 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
5365-01
Figure 5: Dual Aggregation Switch RSTP Conguration
3.2.1. NJAgg1 Switch Conguration

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all disable stpd s0 auto-bind default config snmp sysname NJAgg1 # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 21,23,24 untagged config vlan data10 ipaddress 192.168.10.1/24 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 21,23,24 tagged config vlan voice11 ipaddress 192.168.11.1/24 create vlan server100 config vlan server100 tag 100 config vlan server100 add ports 1-2 untagged config port 1 auto off speed 100 duplex full config vlan server100 ipaddress 10.1.1.1/24 enable ipforwarding # Configure Virtual Router Redundancy Protocol Master Switch # You can use the same or different vrids for each VLAN create vrrp data10 vrid 1 config vrrp data10 vrid 1 priority 255 config vrrp data10 vrid 1 add 192.168.10.1 create vrrp voice11 vrid 2 config vrrp voice11 vrid 2 priority 255 config vrrp voice11 vrid 2 add 192.168.11.1 create vrrp server100 vrid 3 config vrrp server100 vrid 3 priority 255 config vrrp server100 vrid 3 add 10.1.1.1 enable vrrp # Configure DHCP Relay function config bootprelay add 10.1.1.254 enable bootprelay # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Use domain s0 for the root bridge config stpd s0 mode dot1w config stpd s0 default-encapsulation dot1d config stpd s0 priority 4096 enable stpd s0 # Manually add ports, untagged and tagged participant VLANs to spanning tree config stpd s0 add data10 ports 21,23,24 config stpd s0 add voice11 ports 21,23,24 # Tune participant port link-types for fastest transition to forwarding config stpd s0 ports link-type point-to-point 21,23,24 # Turn on CPU DoS protection enable dos-protect
3.2.2. NJAgg2 Switch Conguration

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all disable stpd s0 auto-bind default config snmp sysname NJAgg2 # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 21,23,24 untagged config vlan data10 ipaddress 192.168.10.254/24 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 21,23,24 tagged config vlan voice11 ipaddress 192.168.11.254/24 create vlan server100 config vlan server100 tag 100 config vlan server100 add ports 1-2 untagged config port 1 auto off speed 100 duplex full config vlan server100 ipaddress 10.1.1.254/24 enable ipforwarding # Configure Virtual Router Redundancy Protocol Master Switch # You can use the same or different vrids for each VLAN create vrrp data10 vrid 1 config vrrp data10 vrid 1 priority 100 config vrrp data10 vrid 1 add 192.168.10.1 create vrrp voice11 vrid 2 config vrrp voice11 vrid 2 priority 100 config vrrp voice11 vrid 2 add 192.168.11.1 create vrrp server100 vrid 3 config vrrp server100 vrid 3 priority 100 config vrrp server100 vrid 3 add 10.1.1.1 enable vrrp # Configure DHCP Relay function config bootprelay add 10.1.1.254 enable bootprelay # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Use domain s0 for the root bridge config stpd s0 mode dot1w config stpd s0 default-encapsulation dot1d config stpd s0 priority 8192 enable stpd s0 # Manually add ports, untagged and tagged participant VLANs to spanning tree config stpd s0 add data10 ports 21,23,24 config stpd s0 add voice11 ports 21,23,24 # Tune participant port link-types for fastest transition to forwarding config stpd s0 ports link-type point-to-point 21,23,24 # Turn on CPU DoS protection enable dos-protect

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all disable stpd s0 auto-bind default config snmp sysname IDF1 # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 1:1-25,2:1-24,2:26 untagged config vlan data10 ipaddress 192.168.10.2/24 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 1:1-25,2:1-24,2:26 tagged config iproute add default 192.168.10.1 # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Configure and use domain s0 for RSTP config stpd s0 mode dot1w config stpd s0 default-encapsulation dot1d enable stpd s0 # Autobind the ports, untagged and tagged participant VLANs to spanning tree enable stpd s0 auto-bind data10 enable stpd s0 auto-bind voice11 # Tune participant port link-types for fastest transition to forwarding state config stpd s0 ports link-type point-to-point 1:25,2:26 config stpd s0 ports link-type edge 1:1-24,2:1-24 edge-safeguard enable # Configure static LLDP-MED for phone provisioning on edge ports enable lldp ports 1:1-24,2:1-24 config lldp ports 1:1-24,2:1-24 advertise vendor-specific avaya-extreme call-server 10.1.1.10 config lldp ports 1:1-24,2:1-24 advertise vendor-specific avaya-extreme file-server 10.1.1.254 config lldp ports 1:1-24,2:1-24 advertise vendor-specific avaya-extreme dot1q-framing tagged config lldp ports 1:1-24,2:1-24 advertise vendor-specific dot1 vlan-name # Disable EDP on edge ports disable edp ports all enable edp ports 1:25,2:26 # Configure flood rate limiting on edge ports. This control excessive flooding # on the network edge, which can be harmful to host and IP Phone CPU processing config ports 1:1-24,2:1-24 rate-limit flood broadcast 500 config ports 1:1-24,2:1-24 rate-limit flood multicast 500 config ports 1:1-24,2:1-24 rate-limit flood unknown-destmac 500 # Turn on CPU DoS protection enable dos-protect

# Remove the default VLAN from all ports and name the switch config vlan default delete ports all disable stpd s0 auto-bind default config snmp sysname IDF2 # Define VLANs, assign ports, IP addresses and enable forwarding create vlan data10 config vlan data10 tag 10 config vlan data10 add ports 1-26 untagged config vlan data10 ipaddress 192.168.10.3/24 create vlan voice11 config vlan voice11 tag 11 config vlan voice11 add ports 1-26 tagged config iproute add default 192.168.10.1 # Configure Layer 3 based Quality of Service for VoIP create qosprofile qp6 config diffserv examination code-point 46 qp6 enable diffserv examination ports all disable dot1p examination ports all # Configure and use domain s0 for RSTP config stpd s0 mode dot1w config stpd s0 default-encapsulation dot1d enable stpd s0 # Autobind the ports, untagged and tagged participant VLANs to spanning tree enable stpd s0 auto-bind data10 enable stpd s0 auto-bind voice11 # Tune participant port link-types for fastest transition to forwarding state config stpd s0 ports link-type point-to-point 25,26 config stpd s0 ports link-type edge 1-24 edge-safeguard enable # Configure static LLDP-MED for phone provisioning on edge ports enable lldp ports 1-24 config lldp ports 1-24 advertise vendor-specific avaya-extreme call-server 10.1.1.10 config lldp ports 1-24 advertise vendor-specific avaya-extreme file-server 10.1.1.254 config lldp ports 1-24 advertise vendor-specific avaya-extreme dot1q-framing tagged config lldp ports 1-24 advertise vendor-specific dot1 vlan-name # Disable EDP on edge ports disable edp ports all enable edp ports 25,26 # Configure flood rate limiting on edge ports. This control excessive flooding # on the network edge, which can be harmful to host and IP Phone CPU processing config ports 1-24 rate-limit flood broadcast 500 config ports 1-24 rate-limit flood multicast 500 config ports 1-24 rate-limit flood unknown-destmac 500 # Turn on CPU DoS protection enable dos-protect
4. Verication Steps for Sample Congurations

4.1. Single Core Switch Conguration
Introduce all eight loop scenarios and verify that the Extreme Networks switch correctly enters the BLOCKING state on looped ports. Also check that the ports go into the DISABLED state when an adjacent looped device is attached.
IPPBX 10.1.1.10/24
DHCPSVR 10.1.1.254/24
Avaya G700
10/3 1 100-Full 21
NJCore1
22 23 24
LAG
LAG
Self Loop #1 IDF1

1:3 1:25 2:26
Self Loop #2 IDF2

3 4 25 26
1:1
1:2 1:5
1:6
1:7
Data and Power
Data Only
Data and Power Hub
Data Only Hub
Looped IP Telephone #1
Adjacent Looped Device #1
Looped IP Telephone #2
L2 Switch Switch-to-Switch Loop #1

5366-01
Figure 6: Single Core Switch Conguration
4.1.1. Verify IDF1 Switch Conguration

Introduce several Layer 2 loops into the IDF1 conguration and verify Spanning Tree Protocol resolution. Connect IDF1 switch ports as follows: Connect IP Telephone #1 Power+Data Port to IDF1 Port 1:1 Connect IP Telephone #1 Data Port to IDF1 Port 1:2 Connect between IDF1 Port 1:3 to IFD1 Port 1:4 Connect IDF1 Port 1:5 to Netgear Switch Port 1 Connect IDF1 Port 1:6 to Netgear Switch Port 2 Connect looped hub to IDF1 Port 1:7 Whenever a loop is introduced the lowest port number in the loop will remain in the FORWARDING state and the highest port number in the loop will enter the BLOCKING state. If an adjacent looped device is attached the edge-safeguard feature will place the port in the DISABLED state by software disabling it. The administrator must manually re-enable the downed port in software after the adjacent looped device has been removed. Example 17 shows the results from the IDF1 switch. You should expect similar results in your own conguration.
Example 17: IFD1 Switch with Loops Congured

Slot-1 Port 1:1 1:2 1:3 1:5 1:6 1:7 2:3 IDF1.2 Mode 802.1D 802.1D 802.1D 802.1D 802.1D 802.1D 802.1D # show stpd s1 ports 1:1-3,1:5-7,2:3 State Cost Flags Priority Port ID FORWARDING 200000 eDeepw-S-- 128 8001 BLOCKING 200000 eBeeaw-S-- 128 8002 FORWARDING 200000 eDeepw-S-- 128 8003 FORWARDING 200000 eDeepw-S-- 128 8005 BLOCKING 200000 eBeeaw-S-- 128 8006 DISABLED 200000 e?ee-w-S-- 128 8007 BLOCKING 200000 eBeeaw-S-- 128 8083
Designated Bridge 80:00:02:04:96:34:4f:65 80:00:02:04:96:34:4f:65 80:00:02:04:96:34:4f:65 80:00:02:04:96:34:4f:65 80:00:02:04:96:34:4f:65 00:00:00:00:00:00:00:00 80:00:02:04:96:34:4f:65
Total Ports: 7 ------------------------- Flags: ---------------------------1: e=Enable, d=Disable 2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master 3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto 4: (Oper. type) b=broadcast, p=point-to-point, e=edge 5: p=proposing, a=agree 6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: i = edgeport inconsistency 8: S = edgeport safe guard active s = edgeport safe guard configured but inactive 9: B = Boundary, I = Internal 10: r = Restricted Role

Introduce several Layer 2 loops into the IDF2 conguration and verify Spanning Tree Protocol resolution. Connect IDF2 switch ports as follows: Connect IP Telephone #1 Power+Data Port to IDF2 Port 1 Connect IP Telephone #1 Data Port to IDF2 Port 2 Connect between IDF2 Port 3 to IFD2 Port 4 Connect IDF2 Port 5 to Netgear Switch Port 1 Connect IDF2 Port 6 to Netgear Switch Port 2 Connect looped hub to IDF2 Port 7 You should expect similar results in your own conguration.
Example 18: IFD2 Switch with Loops Congured

IDF2.37 # show stpd s1 ports 1-7 Port Mode State Cost Flags Priority Port ID 1 802.1D FORWARDING 200000 eDeepw-S-- 128 8001 2 802.1D BLOCKING 200000 eBeeaw-S-- 128 8002 3 802.1D FORWARDING 200000 eDeepw-S-- 128 8003 4 802.1D BLOCKING 200000 eBeeaw-S-- 128 8004 5 802.1D FORWARDING 200000 eDeepw-S-- 128 8005 6 802.1D BLOCKING 200000 eBeeaw-S-- 128 8006 7 802.1D DISABLED 200000 e?ee-w-S-- 128 8007 Total Ports: 7 ------------------------- Flags: ---------------------------1: e=Enable, d=Disable 2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master 3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto 4: (Oper. type) b=broadcast, p=point-to-point, e=edge 5: p=proposing, a=agree 6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: i = edgeport inconsistency 8: S = edgeport safe guard active s = edgeport safe guard configured but inactive 9: B = Boundary, I = Internal 10: r = Restricted Role
Designated Bridge 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 00:00:00:00:00:00:00:00
4.2. Dual Aggregation Switch Conguration

Introduce all eight loop scenarios and verify that the Extreme Networks switch correctly enters into the BLOCKING state on looped ports. Also check that the ports go into the DISABLED state when an adjacent looped device is attached.
NJAgg1
21 23 24 21
NJAgg2
23
24
Self Loop #1 IDF1

1:3 1:25 2:26
Self Loop #2 IDF2

3 4 25 26
1:1
1:2 1:5
1:6
1:7
Hub Looped IP Telephone #1

1
Hub Looped IP Telephone #2

1

5367-01
Figure 7: Dual Aggregation Switch Conguration

Introduce several Layer 2 loops into the IDF1 conguration and verify Spanning Tree Protocol resolution. Connect IDF1 switch ports as follows: Connect IP Telephone #1 Power+Data Port to IDF1 Port 1:1 Connect IP Telephone #1 Data Port to IDF1 Port 1:2 Connect between IDF1 Port 1:3 to IFD1 Port 1:4 Connect IDF1 Port 1:5 to Netgear Switch Port 1 Connect IDF1 Port 1:6 to Netgear Switch Port 2 Connect looped hub to IDF1 Port 1:7 Whenever a loop is introduced the lowest port number in the loop will remain in the FORWARDING state and the highest port number in the loop will enter the BLOCKING state. If an adjacent looped device is attached the edge-safeguard feature will place the port in the DISABLED state by software disabling it. The administrator must manually re-enable the downed port-in-software after the adjacent looped device has been removed. Example IDF shows the results from the IDF1 switch. You should expect similar results in your own conguration. Example 19: IFD1 Switch with Loops Congured
* Slot-1 IDF1.31 # show stpd s0 ports 1:1-3,1:5-7,2:3,1:25,2:26 Port Mode State Cost Flags Priority Port ID Designated Bridge 1:1 802.1D FORWARDING 200000 eDeepw-S-- 128 8001 80:00:02:04:96:34:4f:65 1:2 802.1D BLOCKING 200000 eBeeaw-S-- 128 8002 80:00:02:04:96:34:4f:65 1:3 802.1D FORWARDING 200000 eDee-w-S-- 128 8003 80:00:02:04:96:34:4f:65 1:5 802.1D FORWARDING 200000 eDeepw-S-- 128 8005 80:00:02:04:96:34:4f:65 1:6 802.1D BLOCKING 200000 eBeeaw-S-- 128 8006 80:00:02:04:96:34:4f:65 1:7 802.1D DISABLED 200000 e?ee-w-S-- 128 8007 00:00:00:00:00:00:00:00 1:25 802.1D FORWARDING 20000 eRppaw---- 128 8019 10:00:00:04:96:35:e5:f9 2:3 802.1D BLOCKING 200000 eBeeaw-S-- 128 8083 80:00:02:04:96:34:4f:65 2:26 802.1D BLOCKING 20000 eAppaw---- 128 809a 20:00:00:04:96:27:c5:49 Total Ports: 9 ------------------------- Flags: ---------------------------1: e=Enable, d=Disable 2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master 3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto 4: (Oper. type) b=broadcast, p=point-to-point, e=edge 5: p=proposing, a=agree 6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: i = edgeport inconsistency 8: S = edgeport safe guard active s = edgeport safe guard configured but inactive 9: B = Boundary, I = Internal 10: r = Restricted Role

Introduce several Layer 2 loops into the IDF2 conguration and verify Spanning Tree Protocol resolution. Connect IDF2 switch ports as follows: Connect IP Telephone #1 Power+Data Port to IDF2 Port 1 Connect IP Telephone #1 Data Port to IDF2 Port 2 Connect between IDF2 Port 3 to IFD2 Port 4 Connect IDF2 Port 5 to Netgear Switch Port 1 Connect IDF2 Port 6 to Netgear Switch Port 2 Connect looped hub to IDF2 Port 7 You should expect similar results in your own conguration. Example 20: IFD2 Switch with Loops Congured
* Slot-1 IDF1.32 # show stpd s0 ports 1-7,25,26 Port Mode State Cost Flags Priority 1 802.1D FORWARDING 200000 eDee-w-S-- 128 2 802.1D BLOCKING 200000 eBeeaw-S-- 128 3 802.1D FORWARDING 200000 eDee-w-S-- 128 4 802.1D BLOCKING 200000 eBeeaw-S-- 128 5 802.1D FORWARDING 200000 eDeepw-S-- 128 6 802.1D BLOCKING 200000 eBeeaw-S-- 128 7 802.1D DISABLED 200000 e?ee-w-S-- 128 25 802.1D FORWARDING 20000 eRppaw---- 128 26 802.1D BLOCKING 20000 eAppaw---- 128 Total Ports: 9 ------------------------- Flags: ---------------------------1: e=Enable, d=Disable 2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master 3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto 4: (Oper. type) b=broadcast, p=point-to-point, e=edge 5: p=proposing, a=agree 6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: i = edgeport inconsistency 8: S = edgeport safe guard active s = edgeport safe guard configured but inactive 9: B = Boundary, I = Internal 10: r = Restricted Role
Port ID 8001 8002 8003 8004 8005 8006 8007 8019 801a
Designated Bridge 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 00:00:00:00:00:00:00:00 10:00:00:04:96:35:e5:f9 20:00:00:04:96:27:c5:49
5. Basic RSTP Deployment Checklist

P Select a STPD domain (Either use s0 or create a new one, e.g. s1) P Congure STPD mode dot1w P Congure STPD default-encapsulation dot1d P If the bridge is root, congure STPD priority to 4096 P If the bridge is backup root, congure STPD priority to 8192 (VRRP arrangement) P Enable the selected STPD domain P (Optionally) Auto-bind VLANs to the STPD domain P If no auto-bind, add ports and untagged VLANs to the STPD domain rst P If no auto-bind, add ports and tagged VLANs to the STPD domain second P Congure STPD port link-type point-to-point on switch-to-switch links P Congure STPD port link-type edge with edge-safeguard enabled on user facing ports
6. Conclusion
The sample congurations and recommendations described in this Application Note can be generalized for most customer congurations. The behavior of some features shown, such as edge-safeguard, will operate slightly different in pre-12.x software releases. Layer 2 loops can occur in converged networks, even with STP enabled. By default, Extreme Networks switches have spanning tree disabled. These deployment guidelines explain how to enable RSTP in order to eliminate the majority of Layer 2 loop conditions that end users may accidentally introduce. The three sample congurations represent eld proven cases that can be leveraged to help provide loop-free operation at the network edge, closest to end users.
6.1. Hardware and Software Versions Tested

The following hardware models and software versions were used to test all three RSTP loop avoidance congurations described in this Application Note.
Table 1:
Qty. Models Tested
2 Summit X450a-24t
License Levels
Core
Software Versions
12.1.2.17-patch1-17 12.1.3.14 12.2.2.11 12.1.2.17-patch1-17 12.1.3.14 12.2.2.11 12.1.2.17-patch1-17 12.1.3.14 12.2.2.11 Release 2.9 Release 2.8.3 Release 2.9 Release 2.8.3 Release 3.0 Release R014x.00.1.731.2 Release 27.27
Summit X250e-24p
Edge
Summit X150-24p
L2-Edge
1 1 2 1 1 1
Avaya 4602SW+ IP Telephone Avaya 4610SW+ IP Telephone Avaya 9640 IP Telephone Avaya S8300B Media Server Avaya G250 Media Servers EPICenter 7.0 SP1 Server
N/A N/A N/A N/A N/A Bronze-20
7. Additional References
[1] ExtremeXOS Command Reference Guide, Software Version 12.2.2, Extreme Networks, March 2009, http://www.extremenetworks.com/services/software-userguide.aspx [2] ExtremeXOS Concepts Guide, Software Version 12.2.2, Extreme Networks, March 2009, http://www.extremenetworks.com/services/software-userguide.aspx [3] Newtons Telecom Dictionary 21st Edition, Harry Newton, March 2005, CMP Books
www.extremenetworks.com
Corporate and North America Extreme Networks, Inc. 3585 Monroe Street Santa Clara, CA 95051 USA Phone +1 408 579 2800
Europe, Middle East, Africa and South America Phone +31 30 800 5100
Asia Pacic Phone +852 2517 1123
Japan Phone +81 3 5842 4011
2009 Extreme Networks, Inc. All rights reserved. Extreme Networks, the Extreme Networks logo, EPICenter, ExtremeXOS and Summit are either registered trademarks or trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names and marks are the property of their respective owners. Specications are subject to change without notice. 1779_01 08/09

STP Extreme

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

STP Extreme

Uploaded by

Copyright:

Available Formats

Extreme Networks Application Note

2009 Extreme Networks, Inc. All rights reserved. Do not reproduce.

Extreme Networks Application Note

Extreme Networks Application Note

1.1. Loop Avoidance and Spanning Tree Protocol

Loop Formed Self Loop Loop Formed

Figure 1: Types of Network Loops

Loop Avoided Self Loop

Figure 1: Usage Model

Figure 2: Loop Avoidance Using RSTP

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 3

Extreme Networks Application Note

Loop Formed Looped Hub

Figure 3: Adjacent Looped Device

Figure 3: Adjacent Looped Device

2.1. STP Domains and Modes

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 4

Extreme Networks Application Note

Number of Ports: 26 Default Binding Mode: 802.1D

ForwardDelay: 0s CfgBrForwardDelay: 15s Hold time: 1s Topology Change: FALSE

Number of Ports: 0 Default Binding Mode: EMISTP

ForwardDelay: 0s CfgBrForwardDelay: 15s Hold time: 1s Topology Change: FALSE

RSTP Deployment Guidelines Application NotePage 5

Extreme Networks Application Note

2.2. STP Domain Modes for Converged Networks

2.3. Encapsulation and Default-Encapsulation

Number of Ports: 26 Default Binding Mode: 802.1D

Number of Ports: 0 Default Binding Mode: EMISTP

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 6

Extreme Networks Application Note

2.4. STPD Default-Encapsulation for Converged Networks

2.5. Participating Ports and VLANs

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 7

Extreme Networks Application Note

Number of Ports: 1 Default Binding Mode: 802.1D

ForwardDelay: 15s CfgBrForwardDelay: 15s Hold time: 1s Topology Change: FALSE

2.6. Adding Ports and VLANs in Converged Networks

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 8

Extreme Networks Application Note

Number of Ports: 1 Default Binding Mode: 802.1D

ForwardDelay: 15s CfgBrForwardDelay: 15s Hold time: 1s Topology Change: FALSE

2.7. Link-Type and Converged Networks

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 9

Extreme Networks Application Note

2.8. Bridge Priority

3. Sample RSTP Congurations

Figure 4: Single Core RSTP Conguration

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 10

Extreme Networks Application Note

3.1.1. NJCore1 Switch Conguration

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 11

Extreme Networks Application Note

3.1.2. IDF1 Switch Conguration

2009 Extreme Networks, Inc. All rights reserved.

RSTP Deployment Guidelines Application NotePage 12