• November 24, 2020, 10:53:18 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Loop prevention with spanning tree ???  (Read 8113 times)

0 Members and 1 Guest are viewing this topic.

Offline tieuantuan

  • Rookie
  • **
  • Posts: 8
Loop prevention with spanning tree ???
« on: April 01, 2014, 12:01:43 PM »
My company has owned more than 20 avaya switch 4548 & 2 core switch 8006.
I have configure spanning tree  .I so confuse between Fast Start with spanning tree & BPDU filtering

If we enable Fast Start & BPDU-Filtering on Port 1,2 , so what happen if someone plug small switch just like tp-link which not running spanning tree to port 1,2. I mean small switch doesn't send out any BPDU, how can switch block port.

Another question is, if I disable Fast Start on port 1,2 , so when User connect to these port, they must waiting 30 seconds ,right ? Or longer ???
Sorry because I not familiar with avaya, I am cisco networker so that I think everything like cisco.


Offline Paul L

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 755
    • paulaleroux
    • Paul's Networking blog
Re: Loop prevention with spanning tree ???
« Reply #1 on: April 02, 2014, 10:31:57 PM »
STP is a ratified standard and operates the same on cisco, hp, avaya, juniper.  If you are a Cisco expert you can figure it out on anything else.

You are right, if you have a small switch or hub that doesn't send out the BPDU the avaya port will never block it. so you will have the same problem no mater which vendor you use.

Fast start will just allow the port to pass traffic while the switch recalculates the Root bridge.  with Normal learning you will need to wait the 45 seconds while the port is blocked.

again, STP is a standard. works the same everywhere.

ACSS- Avaya Enterprise Routing Switch  #8

Offline netnabz

  • Rookie
  • **
  • Posts: 4
Re: Loop prevention with spanning tree ???
« Reply #2 on: April 10, 2014, 10:58:31 AM »
My company has owned more than 20 avaya switch 4548 & 2 core switch 8006.
I have configure spanning tree  .I so confuse between Fast Start with spanning tree & BPDU filtering

If we enable Fast Start & BPDU-Filtering on Port 1,2 , so what happen if someone plug small switch just like tp-link which not running spanning tree to port 1,2. I mean small switch doesn't send out any BPDU, how can switch block port.

Another question is, if I disable Fast Start on port 1,2 , so when User connect to these port, they must waiting 30 seconds ,right ? Or longer ???
Sorry because I not familiar with avaya, I am cisco networker so that I think everything like cisco.
hiya tieuantuan
best if you configure RSTP (rapid stp) and set all the non backbone ports to Admin Edge Port = true called fast start at cisco's and BPDU filtering enable ( AVAYA recommanded best practices so I hear)
that's what we do here on our ERS 55xx and it allows the ports to be blocked if someone plugs a lil tplink swich and does a loop in it ...not ONLY if the tplink would send a BPDU... I think that's what you re asking.
regards

Offline tieuantuan

  • Rookie
  • **
  • Posts: 8
Re: Loop prevention with spanning tree ???
« Reply #3 on: April 10, 2014, 09:50:14 PM »
Thank everyone commend my case,
I have test on my 4548 , Spanning tree BPDU filter will block down Port if small hub like Tp-Link making a loop.
I find out the reason because , BPDU packet in payload of ethernet frame, so that Switch will receive it's bpdu, that explain switch can block traffic loop from small hub.

Offline Théo

  • Jr. Member
  • **
  • Posts: 34
Re: Loop prevention with spanning tree ???
« Reply #4 on: April 18, 2014, 03:48:50 AM »
Hi tieuantuan,

For your information, in some cases BPDU are blocked (or filtered) and STP or BPDU-filtering can't detect a loop.
The most common example is with an IPphone with two ports (one for switch one for PC). if a genius guy plug both on your switch it will create a loop and STP (or RSTP) or BPDU-filtering will be useless.
To protect from this, use SLPP on core and SLPP-Guard on edge device.

Regards,
Théo 
ACIS 6103 - ACSS 3605

Offline Budoy

  • Rookie
  • **
  • Posts: 4
Re: Loop prevention with spanning tree ???
« Reply #5 on: October 17, 2015, 10:53:55 AM »
Hi Theo,


Offline Budoy

  • Rookie
  • **
  • Posts: 4
Re: Loop prevention with spanning tree ???
« Reply #6 on: October 17, 2015, 10:55:13 AM »
Hi Theo,


Can you explain this further
"IPphone with two ports (one for switch one for PC). if a genius guy plug both on your switch it will create a loop and STP (or RSTP) or BPDU-filtering will be useless. .." Thanks


Offline Théo

  • Jr. Member
  • **
  • Posts: 34
Re: Loop prevention with spanning tree ???
« Reply #7 on: October 19, 2015, 03:49:04 AM »
Hi Budoy,

IPphones works like a filter for BPDU. So if you make a loop with phone's ports, STP BPDU will be filtered and a loop will impact you network.

regards,
Théo
ACIS 6103 - ACSS 3605

Offline Budoy

  • Rookie
  • **
  • Posts: 4
Re: Loop prevention with spanning tree ???
« Reply #8 on: October 19, 2015, 06:12:06 AM »
Hi Theo,


Offline Budoy

  • Rookie
  • **
  • Posts: 4
Re: Loop prevention with spanning tree ???
« Reply #9 on: October 19, 2015, 06:18:26 AM »
Hi Theo,

Thank you for your reply. So if this happens, is there any way to stop the IP phone from filtering the bpdu? ThankS!

Offline Théo

  • Jr. Member
  • **
  • Posts: 34
Re: Loop prevention with spanning tree ???
« Reply #10 on: October 19, 2015, 07:43:54 AM »
Hi Budoy,

I think that it's not possible to change this behavior of IPphone. To protect your network you can use SLPP-guard (used pdu can pass across the IP Phone) but you need to a SLPP packet source.
SLPP is normally used to protected core device from loop created by an Edge MLT error in SMLT topology. each core send packets to the Edge. the Edge forward them to all ports. if Edge's MLT is disabled, SLPP PDU are forwarded to the other Core device. Each Core count packets received and when the threshold is reached, it shutdown the port. Loop is suppressed and Edge device is still reachable.
SLPP-Guard is an extension of this for Edge device. Edge device will use SLPP PDU sent by core and forward them on all ports*. If a SLPP PDU come back by another port than source port, a counter is incremented and when the threshold is reached, the port is shutdown.

* SLPP PDU are sent on all ports members of the vlan through they come. So, if you use only SLPP you will send packets only on one vlan. But if you use SLPP-Guard you have to send packets on all vlans present on you Edge device.

You can found more information on this document :
https://downloads.avaya.com/css/P8/documents/100177229

The other way, if you have ERS 4800 in 5.8.0+ is to use storm-control.

regards,
Théo

 
ACIS 6103 - ACSS 3605