According to my understanding and reading about configuring rstp on Juniper interfaces:
if bpdu-block-on-edge is configured:
- When BPDU is received the port will be blocked.
-It should be configured on all host interfaces to prevent any possible loops.
-it should not be configured on the ends of links between switches.
But our customer has the below recommendations:
BPDU Block-On-Edge will operate on all Edge ports to ensure that the reception of a STP BPDU will block the port
Rapid transition to a forwarding state, BPDU Block-On-Edge will automatically be applied to the port from the Global configuration
Rapid transition to a forwarding state, BPDU Block-On-Edge blocks the port in the event of a loop during start-up.
The external switch to be connected to the fabric must configured with STP disabled so that when a loop is formed, BPDUs flowing from the fabric will automatically be forwarded through the loop back to the fabric switch resulting in the port on the fabric switch being disabled.
and so seems it has Edge port enabled on Fabric switches towards Access ones and disable on Access ones towards Fabric ones (configuration is below), so my question how is that working? ACC swithces are sending BPDUs I guess to Fabric switches so in theory Fabric ports should be blocked, but it is not and all is working fine, so it seems I am missing something, can you help in understanding this.
VCF ae20 > ACC01 ae0
S00-VCF> show configuration | display set | match ae20set interfaces xe-11/0/17:0 ether-options 802.3ad ae20set interfaces xe-12/0/17:0 ether-options 802.3ad ae20set interfaces ae20 apply-groups LAGset interfaces ae20 description "VCF:S1>S01-ACC"set interfaces ae20 mtu 9192set interfaces ae20 aggregated-ether-options lacp activeset interfaces ae20 aggregated-ether-options lacp periodic slowset interfaces ae20 unit 0 family ethernet-switching vlan members allset protocols rstp interface ae20 edgeset class-of-service interfaces ae20 apply-groups TRUSTEDset protocols rstp bpdu-block-on-edge
S01-ACC> show configuration | display set | match ae0set interfaces xe-0/2/0 ether-options 802.3ad ae0set interfaces xe-1/2/0 ether-options 802.3ad ae0set interfaces ae0 apply-groups LAGset interfaces ae0 description S01-ACC->S00-VCFset interfaces ae0 unit 0 family ethernet-switching vlan members allset protocols uplink-failure-detection group TRACK_UPLINK_ACC:1 link-to-monitor ae0set protocols uplink-failure-detection group TRACK_UPLINK_ACC:2 link-to-monitor ae0set class-of-service interfaces ae0 apply-groups TRUSTEDset protocols rstp bpdu-block-on-edge