We have an Exadata X2 system we are supporting at a managed hosted Datacenter facility that is being supported by me and our company. One fine day in the datacenter the Juniper switch which allows the Exadata system to communicate to the outside world stopped working. Eventually we found out the hosting facility enabled the bpdufilter on the Juniper switch and in turn we needed to do the same setup on out Cisco switch.
Below is a diagram of the highlevel layout of our setup in our datacenter.
- The Exadata X2 Database Machine connects first to the Cisco 4948 Switch.
- The Cisco switch connects to the Juniper Switch provided by the hosting facility.
- Juniper Switch is the gateway to outside internet traffic.
A BPDU filter what is that?
Bridge Protocol Data Unit’s known also as BPDU’s play a fundamental part in a spanning-tree topology.
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
BPDU’s are sent out by a switch to exchange information about bridge ID’s and costs of the root path. Exchanged at a frequency of every 2 seconds by default, BPDU’s allow switches to keep a track of network changes and when to block or forward ports to ensure a loop free topology. A BPDU filter disables spanning-tree which would result in the port to not participate in STP, and loops may occur.
For more information on Spanning Tree Protocol, please refer to the Wikipedia or Cisco documentation links below.
Commands to enable bpdu filter.
- · Telnet to cisco switch
$ telnet IPADDRESS
- · Enable commandline for switch
telnet> enable
- · Prepare to configure switch.
ciscoswitch-ip# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ciscoswitch-ip(config)#interface GigabitEthernet1/48
ciscoswitch-ip(config-if)#
- · Enable BPDU filter
ciscoswitch-ip(config-if)# spanning-tree bpdufilter enable
ciscoswitch-ip(config-if)# end
- · Save the configuration to the startup configuration.
ciscoswitch-ip# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
Compressed configuration from 3889 bytes to 1546 bytes[OK]
ciscoswitch-ip#reload
Proceed with reload? [confirm]
Connection closed by foreign host
- · Verify the configuration and BPDU filter is enabled.
ciscoswitch-ip# show running-config
ciscoswitch-ip# show interfaces status
ciscoswitch-ip# show spanning-tree interface GigabitEthernet1/48 portfast
interface GigabitEthernet1/48
media-type rj45
spanning-tree bpdufilter enable
No comments:
Post a Comment