Q:
How are the Spanning-Tree port parameters auto-edge-port, admin-edge-port and bpdu-protection used?
A: In the following example, switch Rack2sw1 is connected to the ProLiant server on port L1. The port is configured for the Spanning-Tree options, and the elapsed time before going into the forwarding state is displayed.
The configuration and verification associated with the diagram follows:
The default configuration for a port is “auto-edge-port.” The port will wait for 3 seconds to determine if any BPDU are received, before going into the forwarding state.
Rack2sw2# show spanning-tree l1 detail | include Edge
AdminEdgePort : No
Auto Edge Port : Yes
Rack2sw2(config)# interface l1 enable
I 06/09/12 16:22:35 00435 ports: port L1 is Blocked by STP
I 06/09/12 16:22:38 00076 ports: port L1 is now on-line
Three seconds pass before becoming on-line.
With “auto-edge-port” disabled, the port will go through the standard Spanning-Tree states of Blocking, Listening, Learning and Forwarding.
Rack2sw2(config)# no spanning-tree l1 auto-edge-port
Rack2sw2(config)# show spanning-tree l1 detail | include Edge
AdminEdgePort : No
Auto Edge Port : No
Rack2sw2(config)# interface l1 enable
I 06/09/12 16:27:05 00435 ports: port L1 is Blocked by STP
I 06/09/12 16:27:25 00076 ports: port L1 is now on-line
Twenty seconds pass before becoming on-line.
With “admin-edge-port” enabled, the port will immediately go into the forwarding state.
Rack2sw2(config)# spanning-tree l1 admin-edge-port
Rack2sw2# show spanning-tree l1 detail | include Edge
AdminEdgePort : Yes
Auto Edge Port : No
Rack2sw2(config)# interface l1 enable
I 06/09/12 16:32:13 00435 ports: port L1 is Blocked by STP
I 06/09/12 16:32:13 00076 ports: port L1 is now on-line
Immediately becomes on-line.
With “admin-edge-port” and “auto-edge-port” enabled, the port will immediately go into the forwarding state:
Rack2sw2(config)# spanning-tree l1 auto-edge-port
Rack2sw2(config)# show spanning-tree l1 detail | include Edge
AdminEdgePort : Yes
Auto Edge Port : Yes
Rack2sw2(config)# interface l1 enable
I 06/09/12 16:54:59 00435 ports: port L1 is Blocked by STP
I 06/09/12 16:54:59 00076 ports: port L1 is now on-line
Immediately becomes on-line.
NOTE: When using “admin-edge-port” it is recommend to also configure “bpdu-protection”. This option disables the port if an unauthorized switch is plugged into the port.
Rack2sw2(config)# spanning-tree l1 bpdu-protection
Rack2sw2(config)# show spanning-tree l1 detail | include Edge|Protection
BPDU Protection : Yes
AdminEdgePort : Yes
Auto Edge Port : Yes
The following is a sample log file output that occurs when BPDUs are received on a port configured for BPDU protection.
I 06/09/12 17:08:19 00840 stp: port L1 disabled - BPDU received on protected port.
I 06/09/12 17:08:19 00898 ports: BPDU protect(5) has disabled port L1
I 06/09/12 17:08:19 00077 ports: port L1 is now off-lin