[e-nsp] EAPS + xSTP + Private VLAN

Luis Mercado lmercado at logicworks.net
Mon Apr 1 18:54:17 EDT 2013 

Eduardo,

Your EAPS configuration should not have spanning tree turned on neither the primary nor secondary  ports that are prt of the EAPS ring., however you can turn on spanning-tree on ports that are not
part of the ring. I have pvst running on stacked  x460 switches when connecting cisco switches to each node on the stack. This will ensure we don't run into spanning tree issues. The best policy is to keep
all ports not in use in shutdown this way you can control the whole process. Preconfigure spanning tree etc.... have them connect then unshut the ports.



create vlan "POOL-111"
configure vlan POOL-111 tag 111

Client:

create vlan "POOL-113"
configure vlan POOL-113 tag 113

create vlan "EAPS-CONTROL3"
configure vlan EAPS-CONTROL3 tag 1014

configure vlan POOL-111 add ports 1:29, 2:29 tagged
configure vlan POOL-113 add ports 1:29, 2:29 tagged
configure vlan EAPS-CONTROL3 add ports 1:29, 2:29 tagged

configure eaps fast-convergence on
enable eaps
create eaps EAPS-DOMAIN3
configure eaps EAPS-DOMAIN3 mode master
configure eaps EAPS-DOMAIN3 primary port 1:29
configure eaps EAPS-DOMAIN3 secondary port 2:29
enable eaps EAPS-DOMAIN3
configure eaps EAPS-DOMAIN3 add control vlan EAPS-CONTROL3
configure eaps EAPS-DOMAIN3 add protected vlan POOL-111
configure eaps EAPS-DOMAIN3 add protected vlan POOL-113


I have two cisco switches connected to each slot in the stack.

1:4 is really a shared port 1:4 and 2:4

Here is my spanning tree config


configure stpd PVST-POOL111 add vlan POOL-111 ports 1:4 pvst-plus
configure stpd PVST-POOL111 ports mode pvst-plus 1:4
configure stpd PVST-POOL111 ports cost auto 1:4
configure stpd PVST-POOL111 ports priority 16 1:4
configure stpd PVST-POOL111 ports link-type point-to-point 1:4
configure stpd PVST-POOL111 ports edge-safeguard disable 1:4
enable stpd PVST-POOL111 ports 1:4
configure stpd PVST-POOL111 ports mode pvst-plus 1:5
configure stpd PVST-POOL111 ports cost auto 1:5
configure stpd PVST-POOL111 ports priority 16 1:5
configure stpd PVST-POOL111 ports link-type point-to-point 1:5
configure stpd PVST-POOL111 ports edge-safeguard disable 1:5
enable stpd PVST-POOL111 ports 1:5

Regards,

-LM

From: extreme-nsp-bounces at puck.nether.net [mailto:extreme-nsp-bounces at puck.nether.net] On Behalf Of Eduardo Schoedler
Sent: Monday, April 01, 2013 6:27 PM
To: Extreme NSP
Subject: [e-nsp] EAPS + xSTP + Private VLAN

Hello everyone,

First of all, sorry my bad english :).

I have an metroethernet network runing in extreme networks x350 switches.
It's a ring network, working with EAPS.
But in some times, my field crew loops the ring in some port.

So I noticed that EAPS don't cover this, only ring failure.
That's why I think to run a xSTP instance, to block the port with in loop.

That will work?
How to prevent to the xSTP don't block forwarding the ring ports?
Someone can help me with this configuration?

In time, how I can configure Private VLAN in ports of some vlans in this setup?
My idea is to provide layer2 isolation between customers.

Thanks in advance.

Regards,


--
Eduardo Schoedler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/extreme-nsp/attachments/20130401/972c5aad/attachment.html>

More information about the extreme-nsp mailing list