Switching

Expand all | Collapse all

mSTP configuration on QFX-5100/EX4300

  • 1.  mSTP configuration on QFX-5100/EX4300

    Posted 01-22-2021 13:40
    I have two switches -- a QFX5100 and an EX4300 with two links between them; each is an aggregated ethernet link.  One ae goes through a firewall, the other does not.  Each link carries a set of VLANs disjoint (i.e. none in common) with the other.  I would like to configure ?STP such that if a VLAN from one link were to appear on the other, forwarding would be blocked to enforce security and prevent loops.  One approach would be vSTP.  Juniper documentation suggests that mSTP is a more efficient protocol and accomplishes the same thing.  My interpretation is that mSTP adds the VLAN-ID to the interface ID when exchanging and evaluating topology information.  However, the documentation is very sketchy.  When I configure mSTP on the interfaces one of the links blocks.  The blocking taking place at the link level and not at the VLAN level suggests that VLAN information is not taking into consideration.  My mSTP configuration is minimal -- essentially set protocols mstp interface <link-id>  for each link.  Doing a "show" of the various bridging data structures, I find no indication that VLAN information is being exchanged, recorded, or evaluated.  After several back and forths with JTAC their solution is to not run STP as it is not needed.  Juniper documentation doesn't provide much information about how the VLAN information is added into the communication, data recording, and operation of STP.    Is what I am trying to do possible and how would one go about doing it?
    Thanks



  • 2.  RE: mSTP configuration on QFX-5100/EX4300

     
    Posted 01-23-2021 00:21
    Hi,

    I think VSTP should work in this case. The switch will run spanning-tree instance separately for each vlan configured similar to pvst. Lets take example ae1, ae2. You have to enable ae1 as part of VSTP vlan 10,20,30 and ae2 as part of vlan 40,50,60.
    In the VSTP scenario we will have separate BPDU for each vlan (the switch identifies with the 802.1q tag for the trunk interfaces). So lets assume you configure a vlan 100 and make ae1 and ae2 both as part of the vlan then the VSTP will stop the loop based on the vlan 100 tagged BPDU by blocking one of the ports in the vlan 100 (ae1 or ae2).



    Hope this helps.