Switching

Hello together,

I recently had some trouble in configuring VSTP on a EX4500 VC and EX3300 VC after I upgraded them to 12.2R1.8...

Though Junos 11.4R5.5 currently runs very wellon our other 4500/3300ers I need the NSSU feature working on these ones. I actually also tried it on the 4500 and it already worked quite well but now VSTP seems to have changed more than the release-letter reveals...

Now - to get to the point...

11.4R5.5 well working config (only the important parts...):

#set protocols vstp vlan all interface ae0.0 mode point-to-point
#set protocols vstp vlan all interface ae0.0 bpdu-timeout-action block

### ae0 is reserved for a later migration of the upper distribution so that we can use one LAG as uplink instead of our uplinks interface-range
set protocols vstp vlan all interface ae1.0 mode point-to-point
set protocols vstp vlan all interface ae1.0 bpdu-timeout-action block
set protocols vstp vlan all interface ae2.0 mode point-to-point
set protocols vstp vlan all interface ae2.0 bpdu-timeout-action block
set protocols vstp vlan all interface ae5.0 mode point-to-point
set protocols vstp vlan all interface ae5.0 bpdu-timeout-action block
set protocols vstp vlan all interface uplinks mode point-to-point
set protocols vstp vlan all interface uplinks bpdu-timeout-action block

set interfaces interface-range uplinks member xe-0/1/0
set interfaces interface-range uplinks member xe-1/2/0
set interfaces interface-range uplinks unit 0 family ethernet-switching port-mode trunk
set interfaces interface-range uplinks unit 0 family ethernet-switching vlan members 900
set interfaces interface-range uplinks unit 0 family ethernet-switching vlan members 2100
set interfaces interface-range uplinks unit 0 family ethernet-switching vlan members 2101
set interfaces interface-range uplinks unit 0 family ethernet-switching vlan members 1800
set interfaces interface-range uplinks unit 0 family ethernet-switching vlan members 800
set interfaces interface-range switch1 member-range xe-0/0/0 to xe-0/0/1
set interfaces interface-range switch1 member-range xe-1/0/0 to xe-1/0/1
set interfaces interface-range switch1 ether-options 802.3ad ae1
set interfaces interface-range switch2 member-range xe-0/0/2 to xe-0/0/3
set interfaces interface-range switch2 member-range xe-1/0/2 to xe-1/0/3
set interfaces interface-range switch2 ether-options 802.3ad ae2
set interfaces interface-range switch5 member-range xe-0/0/8 to xe-0/0/9
set interfaces interface-range switch5 member-range xe-1/0/8 to xe-1/0/9
set interfaces interface-range switch5 ether-options 802.3ad ae5
set interfaces ae0 description reserved_uplink
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members 900
set interfaces ae0 unit 0 family ethernet-switching vlan members 2100
set interfaces ae0 unit 0 family ethernet-switching vlan members 2101
set interfaces ae0 unit 0 family ethernet-switching vlan members 1800
set interfaces ae0 unit 0 family ethernet-switching vlan members 800
set interfaces ae1 description chanto_switch1
set interfaces ae1 unit 0 family ethernet-switching port-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members 900
set interfaces ae1 unit 0 family ethernet-switching vlan members 2100
set interfaces ae1 unit 0 family ethernet-switching vlan members 1800
set interfaces ae2 description chanto_switch2
set interfaces ae2 unit 0 family ethernet-switching port-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members 900
set interfaces ae2 unit 0 family ethernet-switching vlan members 2100
set interfaces ae2 unit 0 family ethernet-switching vlan members 2101
set interfaces ae5 description chanto_switch5
set interfaces ae5 unit 0 family ethernet-switching port-mode trunk
set interfaces ae5 unit 0 family ethernet-switching vlan members 900
set interfaces ae5 unit 0 family ethernet-switching vlan members 2100
set interfaces ae5 unit 0 family ethernet-switching vlan members 800

To describe it in words - this is the 4500 VC config. As you can see, it is a subdistribution switch. Switches 1,2,5 for now are some 3300 VCs, which are connected via one strong LAG each.

The highe distribution layer are some Cisco boxes which talk rapid-pvst+ on any of the above vlans - the ciscos are standalone or legacy primary/backup switches - one of them is root-bridge.

Now the problem, assuming that my/our VSTP config from above is correct.

Junos 12.2 prevents em from commiting this config. Corresponding the message is - to use the vstp vlan all statement there really needs to be every vlan on this interface - say ae1...

What this means for the config? To successfully commit I had to do this:

set protocols vstp vlan all interface ae0.0 mode point-to-point
set protocols vstp vlan all interface ae0.0 bpdu-timeout-action block
set protocols vstp vlan 900 interface ae1.0 mode point-to-point
set protocols vstp vlan 2100 interface ae1.0 mode point-to-point
set protocols vstp vlan 2101 interface ae1.0 mode point-to-point
set protocols vstp vlan 1800 interface ae1.0 mode point-to-point
set protocols vstp vlan 800 interface ae1.0 mode point-to-point
set protocols vstp vlan 900 interface ae1.0 bpdu-timeout-action block
set protocols vstp vlan 2100 interface ae1.0 bpdu-timeout-action block
set protocols vstp vlan 2101 interface ae1.0 bpdu-timeout-action block
set protocols vstp vlan 1800 interface ae1.0 bpdu-timeout-action block
set protocols vstp vlan 800 interface ae1.0 bpdu-timeout-action block
set protocols vstp vlan 900 interface ae2.0 mode point-to-point
set protocols vstp vlan 2100 interface ae2.0 mode point-to-point
set protocols vstp vlan 2101 interface ae2.0 mode point-to-point
set protocols vstp vlan 1800 interface ae2.0 mode point-to-point
set protocols vstp vlan 800 interface ae2.0 mode point-to-point
set protocols vstp vlan 900 interface ae2.0 bpdu-timeout-action block
set protocols vstp vlan 2100 interface ae2.0 bpdu-timeout-action block
set protocols vstp vlan 2101 interface ae2.0 bpdu-timeout-action block
set protocols vstp vlan 1800 interface ae2.0 bpdu-timeout-action block
set protocols vstp vlan 800 interface ae2.0 bpdu-timeout-action block
set protocols vstp vlan 900 interface ae5.0 mode point-to-point
set protocols vstp vlan 2100 interface ae5.0 mode point-to-point
set protocols vstp vlan 2101 interface ae5.0 mode point-to-point
set protocols vstp vlan 1800 interface ae5.0 mode point-to-point
set protocols vstp vlan 800 interface ae5.0 mode point-to-point
set protocols vstp vlan 900 interface ae5.0 bpdu-timeout-action block
set protocols vstp vlan 2100 interface ae5.0 bpdu-timeout-action block
set protocols vstp vlan 2101 interface ae5.0 bpdu-timeout-action block
set protocols vstp vlan 1800 interface ae5.0 bpdu-timeout-action block
set protocols vstp vlan 800 interface ae5.0 bpdu-timeout-action block
set protocols vstp vlan all interface uplinks mode point-to-point
set protocols vstp vlan all interface uplinks bpdu-timeout-action block

Thank god on the uplinks really all vlans are configured...

On the EX3300 I want all ports to be edge and exclude the uplinks by explicitly defining them as p2p links...

set protocols vstp vlan all interface ae0.0 mode point-to-point
set protocols vstp vlan all interface ae0.0 bpdu-timeout-action block
set protocols vstp vlan all interface all edge

While this was short and simple it does not function on 12.2. Even on access ports which only can be part of one vlan I have to specifically tell the switch which vlan on which interface shall be edge... the more vlans the more annoying is this way - and I even put one more on top - on my EX3300 I defined as much LAGs for redundant access as possible so I have to do this also again for every LAG because I can not put them to interface-ranges...

While I am not sure now if this is the way how it should have been working already on 11.4 it is a quite tremendous change in behavior which I do not think is communicated correctly with a note like

When you configure VSTP using the set protocol vstp vlan all configuration mode command, VLAN ID 1 is now excluded, thus making the Junos VSTP compatible with Cisco PVST+. To include VLAN ID 1 in the VSTP VLAN, you must now add it explicitly using the set protocol vstp vlan 1 configuration mode command.

Does somebody know if this is just a bug in this early 12.2 release or is this the way Juniper wants vstp working/configured?

Hi,

I am new with Juniper switches, but I'm working on EX2200/3300/4200 to test some features of these products. So I don't know how vstp work in 11.4 but I experimented the same behaviour as you described in 12.2.

If it can help you, I note that if you want to use the term "vlan all" in vstp, you have to configure your uplink like this :

set interfaces ae0.0 family ethernet-switching port-mode trunk vlan members all
or set interfaces ae0.0 family ethernet-switching port-mode trunk vlan members [ vl10 vl12 vl13 ... ]

In the last line, you have to list all your vlan. If you forget one, you will encounter the same error. I test this config on EX2200 and it's work well.

I hope this can help you.

http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/release-notes/12.1/topic-64020.html#jd0e3183

This is it...

A note for changed default behavior would have been more simple to find.