13.01.2021

Spanning Tree Hp Switch

48

If you have a strong Cisco background, then you immediately think of Spanning Tree Protocol when you think of Layer 2 loop protection. Or if you’re keeping abreast of the newest developments, you think of TRILL and SPB. But there are other mechanisms for helping detect loops at layer 2. Here’s one I came across while studying for HP Master ASE: HP Procurve Loop-Protection. In the cisco world RPVSTP (Rapid Per Vlan Spanning Tree Protocol) would probably be the recommended protocol but my understanding is that it is a cisco proprietary protocol. (it is according to the spanning tree wikipedia entry) The fact that it is in the hp configuration would suggest that HP has tried to either duplicate the functionality or at least provide a feature to interract with other RPVSTP switches. Spanning Tree configuration on HP Comware switches part 1Tree config.

The STP BPDU filter feature allows control of spanning tree participation on a per-port basis. It can be used to exclude specific ports from becoming part of spanning tree operations. A port with the BPDU filter enabled will ignore incoming BPDU packets and stay locked in the spanning tree forwarding state. All other ports will maintain their role.

Syntax:

[no] spanning-tree [ port-listall] bpdu-filter

Enables or disables the BPDU filter feature on specified port(s). This forces a port to always stay in the forwarding state and be excluded from standard STP operation.

Sample scenarios in which this feature may be used are:

  • To have STP operations running on selected ports of the switch rather than every port of the switch at a time.

  • To prevent the spread of errant BPDU frames.

  • To eliminate the need for a topology change when a port's link status changes. For example, ports that connect to servers and workstations can be configured to remain outside of spanning tree operations.

  • To protect the network from denial of service attacks that use spoofing BPDUs by dropping incoming BPDU frames. For this scenario, BPDU protection offers a more secure alternative, implementing port shut down and a detection alert when errant BPDU frames are received.

CAUTION: Ports configured with the BPDU filter mode remain active (learning and forward frames); however, spanning tree cannot receive or transmit BPDUs on the port. The port remains in a forwarding state, permitting all broadcast traffic. This can create a network storm if there are any loops (that is, trunks or redundant links) using these ports. If you suddenly have a high load, disconnect the link and disable the bpdu-filter (using the no command).

Configuring BPDU filtering

To configure BPDU filtering on port a9, enter:

Syntax:

spanning-tree show port configuration

Viewing BPDU filter status using the show spanning tree command

Viewing BPDU filters using the show configuration command

BPDU filters per port are displayed as separate entries of the spanning tree category within the configuration file.

Syntax:

[no] spanning-tree port-list bpdu-protection

Enables or disables BPDU protection on specified port(s).

Syntax:

[no] spanning-tree port-list bpdu-protection-timeout timeout

Configures the duration in seconds when protected ports receiving unauthorized BPDUs will remain disabled. The default value of 0 (zero) sets an infinite timeout (that is, ports that are disabled by bpdu-protection are not, by default, re-enabled automatically).

Range: 0-65535 seconds

Default: 0

Syntax:

Enables or disables the sending of errant BPDU traps.

CAUTION: This command should only be used to guard edge ports that are not expected to participate in STP operations. Once BPDU protection is enabled, it will disable the port as soon as any BPDU packet is received on that interface.

Configuring BPDU protection

To configure BPDU protection on ports 1 to 10 with SNMP traps enabled, enter:

The following steps will then be set in progress:

  1. When an STP BPDU packet is received on ports 1-10, STP treats it as an unauthorized transmission attempt and shuts down the port that the BPDU came in on.

  2. An event message is logged and an SNMP notification trap is generated.

  3. The port remains disabled until re-enabled manually by a network administrator using the interfaceport-listenable command.

NOTE: To re-enable the BPDU-protected ports automatically, configure a timeout period using the spanning-tree bpdu-protection-timeout command.

Spanning Tree Hp Switch

Syntax:

show spanning-tree bpdu-protection

Displays a summary listing of ports with BPDU protection enabled. To display detailed per port status information, enter the specific port numbers as shown here.

Viewing BPDU protection status

BPDU protected ports are displayed as separate entries of the spanning tree category within the configuration file.

Viewing BPDU filters using the show configuration command

When a STP enabled HP Switch is hit by a MSTP BPDU storm, the CPU usage rises and the manageability of the switch goes down. In BYOD solution , the HP Switch is connected to a HUB where there is a loop. The HP Switch generates a single MSTP BPDU, which goes through the loop in the HUB and results in a BPDU storm eventually. Since all STP packets are taken to the CPU for processing, CPU usage goes high and the switch response slows down. The switch can become unmanageable as a result of this BPDU storm. BPDU throttling will take care of BPDU storms automatically via rate-limiting.

MSTP BPDU path

BPDU throttling is enabled when the spanning-tree in MSTP mode is enabled. When spanning tree is enabled, all modules and members are assigned corresponding throttle values from the configuration. The default throttle value is 256.

An option is also provided to enabling/disabling BPDU throttling. This option is enabled by default if the switch does not support “V1 modules”. The spanning-tree is enabled in MSTP mode by default.

The CLI allows you to configure MSTP BPDU throttling.

Syntax

[no]spanning-tree bpdu-throttle [Throttle-Value]

Configures BPDU throttling on a device. BPDU throttling limits the number of BPDUs that are sent to the switch’s CPU. The result prevents high CPU utilization on the switch when the network undergoes a broadcast storm or loop. The BPDU throttle value is in packets per second (pps). The valid BPDU throttle values are 64, 128, and 256 pps. The default throttle value is 256 pps.

The CLI allows you to show MSTP BPDU throttling configurations.

Syntax

show spanning-tree bpdu-throttle

Displays the configured throttle value.

Example
Syntax

show running configuration

Show running configuration will display any one of the following line based on the configuration.

Hp Spanning Tree Best Practices

no spanning-tree bpdu throttle
spanning-tree bpdu throttle 128
spanning-tree bpdu throttle 64

Event log

EventMessage

When the HW meter goes over the bandwidth, system generates a log message.

stp: BPDU Throttling triggered for STP BPDUs on portGroup 1-24.

On a 5400 series switch, when allow-v1-modules is enabled, BPDU throttling is disabled and the system generates a log message.

stp: BPDU Throttling is disabled, because allow-v1-module is enabled.

When QinQ is enabled, BPDU throttling is disabled and the system generates a log message.

stp: BPDU Throttling is disabled, because QinQ is enabled.

When meshing is enabled, BPDU throttling is disabled and the system generates a log message.

stp: BPDU Throttling is disabled, because Meshing is enabled. Iso dreamcast download.

Validation rules

ValidationError/Warning/Prompt

Throttle value not within the range of 64 to 256.

The BPDU throttle value is invalid. The valid values are 64, 128 and 256.

Configuring lower throttle value (64).

Configuring lower throttle value may cause legitimate BPDU’s to be dropped.

Enabling QinQ when BPDU throttling is configured.

Q-in-Q cannot be enabled when BPDU throttling is configured.

Configuring BPDU throttling when QinQ is enabled.

BPDU throttling cannot be configured when Q-in-Q is enabled.

Configuring BPDU throttling when meshing is configured.

BPDU throttling cannot be configured when meshing is configured.

Configuring meshing when BPDU throttling is configured.

Meshing cannot be configured when BPDU throttling is configured.

Spanning Tree Hp Switch Wiring

NOTE: This feature is exclusively for MSTP BPDUs and not applicable for any other IEEE BPDUs such as LLDP, slow protocols etc.

The switch automatically negotiates trunked links between LACP-configured ports on separate devices, and offers one dynamic trunk option: LACP. To configure the switch to initiate a dynamic LACP trunk with another device, use the interface command in the CLI to set the default LACP option to active on the ports you want to use for the trunk. For example, the following command sets ports C1 to C4 to LACP active:

The preceding Example: works if the ports are not already operating in a trunk. To change the LACP option on ports already operating as a trunk, you must first remove them from the trunk. For example, if ports C1 to C4 are LACP-active and operating in a trunk with another device, you would do the following to change them to LACP-passive:

Removes the ports from the trunk.

Configures LACP passive.

Using keys to control dynamic LACP trunk configuration

The lacp key option provides the ability to control dynamic trunk configuration. Ports with the same key will be aggregated as a single trunk.

There are two types of keys associated with each port, the Admin key and the Operational key. The Operational key is the key currently in use. The Admin key is used internally to modify the value of the Operational key. The Admin and Operational key are usually the same, but using static LACP can alter the Operational key during runtime, in which case the keys would differ.

Spanning Tree Hp Switch

The lacp key command configures both the Admin and Operational keys when using dynamic LACP trunks. It only configures the Admin key if the trunk is a static LACP trunk. It is executed in the interface context.

Show Spanning-tree Hp Switch

Syntax:

Sets the LACP key. During dynamic link aggregation using LACP, ports with the same key are aggregated as a single trunk.

Enabling LACP and configuring an LACP key

The switch uses the links you configure with the Port/Trunk Settings screen in the menu interface or the trunk command in the CLI to create a static port trunk. The switch offers two types of static trunks: LACP and Trunk.

Spanning Tree Hp Switch Replacement

Trunk types used in static and dynamic trunk groups

Trunking methodLACPTrunk
DynamicYesNo
StaticYesYes

Trunk configuration protocols describes the trunking options for LACP and Trunk protocols.

Trunk configuration protocols

ProtocolTrunking Options
LACP (802.3ad)

Provides dynamic and static LACP trunking options.

  • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when:

    • The port on the other end of the trunk link is configured for Active or Passive LACP.

    • You want fault-tolerance for high-availability applications. If you use an eight-link trunk, you can also configure one or more additional links to operate as standby links that will activate only if another active link goes down.

  • Static LACP — Use the manually configured static LACP trunk when:

    • The port on the other end of the trunk link is configured for a static LACP trunk.

    • You want to configure non-default spanning tree or IGMP parameters on an LACP trunk group.

    • You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled. (See VLANs and dynamic LACP.)

    • You want to use a monitor port on the switch to monitor an LACP trunk.

For more information, see Trunk group operation using LACP.

Trunk

(non-protocol)

Provides manually configured, static-only trunking to:

  • Most HP Switch and routing switches not running the 802.3ad LACP protocol.

  • Windows NT and HP-UX workstations and servers

Use the Trunk option when:

  • The device to which you want to create a trunk link is using a non-802.3ad trunking protocol.

  • You are unsure which type of trunk to use, or the device to which you want to create a trunk link is using an unknown trunking protocol.

  • You want to use a monitor port on the switch to monitor traffic on a trunk.

See Trunk group operation using the 'trunk' option.

General operating rules for port trunks

Media:

For proper trunk operation, all ports on both ends of a trunk group must have the same media type and mode (speed and duplex). (For the switches, HP Switch recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.)

Port Configuration:

The default port configuration is Auto, which enables a port to sense speed and negotiate duplex with an auto-enabled port on another device. HP Switch recommends that you use the Auto setting for all ports you plan to use for trunking. Otherwise, you must manually ensure that the mode setting for each port in a trunk is compatible with the other ports in the trunk.

All of the following operate on a per-port basis, regardless of trunk membership:

  • Enable/Disable

  • Flow control (Flow Ctrl)

LACP is a full-duplex protocol. See Trunk group operation using LACP.

Trunk configuration:

All ports in the same trunk group must be the same trunk type (LACP or trunk). All LACP ports in the same trunk group must be either all static LACP or all dynamic LACP.

A trunk appears as a single port labeledDyn1(for an LACP dynamic trunk) or Trk1 (for a static trunk of type LACP, Trunk) on various menu and CLI screens. For a listing of which screens show which trunk types, see How the switch lists trunk data.

For spanning-tree or VLAN operation, configuration for all ports in a trunk is done at the trunk level. (You cannot separately configure individual ports within a trunk for spanning-tree or VLAN operation.)

Traffic distribution:

All of the switch trunk protocols use the SA/DA (source address/destination address) method of distributing traffic across the trunked links. See Outbound traffic distribution across trunked links.

Spanning Tree:

802.1D (STP) and 802.1w (RSTP) Spanning Tree operate as a global setting on the switch (with one instance of Spanning Tree per switch). 802.1s (MSTP) Spanning Tree operates on a per-instance basis (with multiple instances allowed per switch). For each Spanning Tree instance, you can adjust Spanning Tree parameters on a per-port basis.

A static trunk of any type appears in the Spanning Tree configuration display, and you can configure Spanning Tree parameters for a static trunk in the same way that you would configure Spanning Tree parameters on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) For example, if ports C1 and C2 are configured as a static trunk named Trk1, they are listed in the Spanning Tree display as Trk1 and do not appear as individual ports in the Spanning Tree displays. See A port trunk in a Spanning Tree listing.

When Spanning Tree forwards on a trunk, all ports in the trunk will be forwarding. Conversely, when Spanning Tree blocks a trunk, all ports in the trunk are blocked.

NOTE: A dynamic LACP trunk operates only with the default Spanning Tree settings. Also, this type of trunk appears in the CLI show spanning-tree display, but not in the Spanning Tree Operation display of the Menu interface.

If you remove a port from a static trunk, the port retains the same Spanning Tree settings that were configured for the trunk.

In the below Example:, ports C1 and C2 are members of TRK1 and do not appear as individual ports in the port configuration part of the listing.

A port trunk in a Spanning Tree listing

IP multicast protocol (IGMP):

A static trunk of any type appears in the IGMP configuration display, and you can configure IGMP for a static trunk in the same way that you would configure IGMP on a non-trunked port. (Note that the switch lists the trunk by name—such as Trk1—and does not list the individual ports in the trunk.) Also, creating a new trunk automatically places the trunk in IGMP Auto status if IGMP is enabled for the default VLAN.

A dynamic LACP trunk operates only with the default IGMP settings and does not appear in the IGMP configuration display or show ip igmp listing.

VLANs:

Creating a new trunk automatically places the trunk in the DEFAULT_VLAN, regardless of whether the ports in the trunk were in another VLAN. Similarly, removing a port from a trunk group automatically places the port in the default VLAN. You can configure a static trunk in the same way that you configure a port for membership in any VLAN.

NOTE: For a dynamic LACP trunk to operate in a VLAN other than the default VLAN (DEFAULT_VLAN), GVRP must be enabled. See Trunk group operation using LACP.

Port security:

Trunk groups (and their individual ports) cannot be configured for port security, and the switch excludes trunked ports from the show port-security listing. If you configure non-default port security settings for a port, then subsequently try to place the port in a trunk, you see the following message and the command is not executed:

<port-list> Command cannot operate over a logical port.

Monitor port:

NOTE: A trunk cannot be a monitor port. A monitor port can monitor a static trunk but cannot monitor a dynamic LACP trunk.