Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: one year ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.
Back to Library

Root-Guard / Loop-Guard / Edge-port (portfast) MSFT configuration on s3500 

Apr 05, 2015 09:14 AM

Configuration Steps- Loop-gaurd:

The loop-guard feature provides additional protection against Layer 2 forwarding loops (spanning-tree loops). A spanning-tree loop is created when a blocking port in a redundant topology erroneously transitions to the forwarding state:
Without loop-guard feature: Once a port that is blocking stops receiving BPDUs, the Spanning-tree protocol conceives that the topology is loop free. It will eventually transition to forwarding. This situation creates a loop.
With loop-guard feature: Ports will assume there has been a unidirectional failure and will continue to block the port (loop-inconsistent) instead of transitioning into forwarding.
Loop-guard pertains to point-to-point links, on non-designated ports.


Confuguration:


Loop-guard is configured under MSTP interface-profile:


(ArubaS3500) (config) #interface-profile mstp-profile LOOPGUARD
(ArubaS3500) (Interface MSTP “LOOPGUARD") #loopguard

(ArubaS3500)(config) #interface gigabitethernet 1/0/23
(ArubaS3500)(gigabitethernet "1/0/23") #mstp-profile loopguard

Root-guard :

Root-guard ensures unintended switch does not become a new root bridge.
A new switch being added to existing topology with lowest bridgeID.
Root-guard prevents ports from transitioning to root or alternate port roles 
When superior BPDU is seen on the port with root-guard configured, the port is blocked (root-inconsistent).
Once the port in root-consistent state no longer sees the superior BPDUs, the port will revert back and will start forwarding.
Recovery is automatic.

Confuguration:


Root-guard is configured under MSTP interface-profile:

ArubaS3500) (config) #interface-profile mstp-profile ROOTGUARD
(ArubaS3500) (Interface MSTP "ROOTGUARD") #rootguard

Configured profile can then be applied to the interface.

(ArubaS3500)(config) #interface gigabitethernet 1/0/23
(ArubaS3500)(gigabitethernet "1/0/23") #mstp-profile rootguard

Edge-port - "port fast"

Interfaces can be configured as edge-ports to enable the ports to transition to immediately forwarding from blocking.
For interfaces that are not participating in Spanning-tree such as interfaces where end-hosts are connected.

Configuration

Edge-port is configured under MSTP interface-profile:


(ArubaS3500) (config) #interface-profile mstp-profile EDGEPORTS
(ArubaS3500) (Interface MSTP "EDGEPORTS") #portfast


Configured profile can then be applied to the interface:

ArubaS3500) (config) #interface gigabitethernet 0/0/9
(ArubaS3500) (gigabitethernet "0/0/9") #mstp-profile EDGEPORTS


Spanning-tree feature configuration can be verified by following CLI command:


(ArubaS3500) #show interface-profile mstp-profile EDGEPORTS
 
Interface MSTP "EDGEPORTS"
--------------------------
Parameter               Value
---------               -----
Instance port cost      N/A
Instance port priority  N/A
Enable point-to-point   Disabled
Enable portfast         Enabled
Enable rootguard        Disabled
Enable loopguard        Disabled

 

Statistics
0 Favorited
7 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.