[j-nsp] TCN guard on Juniper EX

Dennis Hagens root at ipaddr.nl
Wed Sep 11 08:04:58 EDT 2013


Hi Ben,

We currently implement root-protect already. This indeed does not filter TCN's.
These Netgears can't even do MSTP or RSTP... as i said, really need to get rid of them :-). The closest thing I found just now is "fast link" which i assume is somewhat like cisco portfast.
I need to validate in a test environment if that stops the switches from sending TCN's...

Dennis
________________________________________
From: Ben Dale [bdale at comlinx.com.au]
Sent: Wednesday, September 11, 2013 1:45 PM
To: Dennis Hagens
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] TCN guard on Juniper EX

Hi Dennis,

The closest thing Junos has at the moment is root-guard, which would stop your Netgears assuming root for the topology, but AFAIK TCNs would still be accepted and acted upon.

Are your netgear boxes manageable?  You can't force ports into edge mode to stop this?

On 11/09/2013, at 8:18 PM, Dennis Hagens <root at ipaddr.nl> wrote:

> Hi All,
>
> Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch?
>
> We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps.
> This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN  guard to mitigate this, but this introduces a SPOF.
>
> Any ideas?
>
> Thanks,
>
> Dennis Hagens
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>




More information about the juniper-nsp mailing list