Using RSTP and MSTP on OLAN
Document Number
ENG-010557
Introduction
The goal of this application note will be to give an understanding of the application of MSTP at the OLT, and RSTP at the OLT and ONTs to prevent loops and provide a mechanism for redundant interfaces into the system.
Applies To
This application note applies to all Tellabs OLTs (1150/1134/OLT6) and all Tellabs ONTs.
STP/RSTP/MSTP Description
STP, or the Spanning Tree Protocol, was developed initially as a part of the 802.1D. The primary goal of this standard was to prevent loops within the network. In Layer 2 networks, since they represent a broadcast domain, it can be a real problem if a loop occurs because traffic and especially broadcast and multicast, will be looped within the network. This will often result in all the network bandwidth being consumed by the looped traffic and disrupting the network. Spanning Tree Protocol was designed to learn the network topology and remove any loops by breaking the network loop when it is detected.
A secondary benefit came from this by allowing redundant links to be attached to switches via two different paths and letting spanning trees eliminate the loops. In the case of a failure, STP will re-route around the break by re-enabling the previously blocked path.
This allows for the Layer 2 network to be fairly resilient in the face of network changes and support redundant layer 2 links.
So the key functions of STP are:
- Discovering the Topology of the network.
- Looking for loops within the Topology.
- Eliminating Loops.
- Opening redundant links in the case of a network failure.
Spanning Tree Concepts
Root Bridge - Within the topology, it must resolve to a tree and branch structure. One switch or bridge must be elected to be the Root Bridge, which is the root of the tree. The STP protocol will work to ensure that every other bridge only has ONE path to the root bridge.
The spanning tree will select the root bridge and, typically, you want to bias the protocol to select a particular node within the network to be elected as the root bridge. Typically, this will be the core router or the router for that segment of the network.
Bridge ID - Each switch or bridge that is participating in the spanning tree is given a Bridge ID. The spanning tree will select the bridge with the lowest bridge ID as the root bridge. Typically, the root will have the lowest bridge ID and all the others will be set to the default bridge ID, although some topologies will require more complexity than this.
Path Cost - STP will attempt to determine the cost of each path from a bridge to the root. Traffic will be sent along the least cost path to the root and any redundant paths will be blocked.
Root Port - The port that has been determined to be the least cost path back to the root bridge. If there is a tie in path cost, then the path to the neighbor that has the lowest bridge ID will be selected as the root.
Designated Port - Ports that are in the forwarding state and are forwarding traffic away from the root bridge.
Blocked Port - A blocked port is a port that has been determined to be a redundant path to the root bridge and was not selected as the best path to the root bridge by STP.
Port Cost example:
The shortest path to the root is computed using the port costs along the way as shown in the picture below.
STP/RSTP Configuration
The OLT implements RSTP and has two basic interfaces for RSTP. The OLT implements RSTP on the uplinks for protecting the uplinks to the system. The OLT also implements RSTP on the ONT ports to ensure that there are no loops on the ports of the ONTs. Since there are two interfaces, there are two sets of screens for configuring RSTP on the system.
 |
PVST is a proprietary Cisco feature and is incompatible with MSTP/STP on the OLT and cannot be allowed into the system at any system ingress point. It is also recommended that an ACL be placed onto the OIU cards to drop all PVST within the system. PVST passing through the system can cause disruption of service in many scenarios and must either be disabled or dropped. Insert an ACL that drops the mac address 01:00:0c:cc:cc:cd. Please see Appendix A: Configuring Cisco Switches for RSTP for an example of how to do this. |
Create PVST Filter (on QOIU7)
The QOIU7 card has no default filter for PVST, and it is recommended that a filter is created to drop PVST packets from Cisco switches.
The OIU8 automatically includes a PVST filter, and it is not required to add this filter to the OIU8 cards. This is done via a global ACL using the Global ACL tool which will create card level ACLs on every card in the system. The following steps will create an ACL.
Press the New button to create a new Global ACL to be configured on all the cards.
The ACL dialog will then be displayed.
- ACL Type: Leave the default ACL Type of Extended ACL and Action of Deny.
- Ethertype: Select the Ethertype field, but LEAVE BLANK.
- Dest MAC(s): Set the destination MAC to 01:00:0c:cc:cc:cd and give a 48 bit mask. Press Add which will add the Dest MAC to the list
- Submit: Press Submit to create the Rule.
The user should now see the Rule in the list of rules for Global ACL.
Select the newly created Rule, then press the Apply button. This will write the rules for all cards in the system.
It will then no longer be visible at the system level but will be visible on every card.
The user can now see the card level ACL has been placed on all cards. In the screen below, the context is set to one of the cards in the system.
Configuring Cisco Switches for RSTP
Cisco switches typically default to PVST+. This is not compatible with Tellabs OLTs as it is a Cisco Proprietary protocol. This section will give guidance on how to ensure that RSTP is properly configured on a Cisco switch.
First dump the RSTP tree with the following command:
hcnasw17-VSSsw1-LAB#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 0
Address 0008.e3ff.fc08
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 0 (priority 0 sys-id-ext 0)
Address 0008.e3ff.fc08
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/12 Desg FWD 2000 128.12 P2p
Po10 Desg FWD 1000 128.2570 P2p
Po20 Desg FWD 1000 128.2580 P2p
MST10
Spanning tree enabled protocol mstp
Root ID Priority 32778
Address 0008.e3ff.fc08
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0008.e3ff.fc08
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/12 Desg FWD 2000 128.12 P2p
Po10 Desg FWD 1000 128.2570 P2p
Po20 Desg FWD 1000 128.2580 P2p
MST20
Spanning tree enabled protocol mstp
Root ID Priority 32788
Address 0008.e3ff.fc08
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 0008.e3ff.fc08
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te1/1/12 Desg FWD 2000 128.12 P2p
Po10 Desg FWD 1000 128.2570 P2p
Po20 Desg FWD 1000 128.2580 P2p
For proper interoperability, VLAN 1 must be configured on the interface that goes to the Tellabs OLT.
ohcnasw17-VSSsw1-LAB# show vlan id 1
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Te1/1/3, Te1/1/4, Te1/1/5
Te1/1/6, Te1/1/7, Te1/1/10
Te1/1/11, Te1/1/12, Te1/1/14
Te1/1/16, Te1/2/1, Te1/2/2
Te1/2/3, Te1/2/4, Te1/2/5
Te1/2/6, Te2/1/3, Te2/1/4
Te2/1/5, Te2/1/6, Te2/1/7
Te2/1/8, Te2/1/9, Te2/1/10
Te2/1/11, Te2/1/12, Te2/1/13
Te2/1/14, Te2/1/15, Te2/1/16
Te2/2/1, Te2/2/2, Te2/2/3
Te2/2/4, Te2/2/5, Te2/2/6, Po1
Po2, Po10, Po20
If VLAN 1 is not present on that interface, it needs to be added to the interface.
Next, Change the Cisco to use Rapid PVST:
ohcnasw17-VSSsw1-LAB(config)#spanning-tree mode rapid-pvst
ohcnasw17-VSSsw1-LAB#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN0080, VLAN0100, VLAN0110, VLAN0120, VLAN0130
VLAN0140, VLAN0810, VLAN0820, VLAN0830, VLAN0840, VLAN0910, VLAN0920
VLAN1000, VLAN1010, VLAN1020, VLAN1030, VLAN1040, VLAN2171-VLAN2202
Extended system ID is enabled
Portfast Default is enabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is enabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 3 3
VLAN0080 0 0 0 3 3
VLAN0100 0 0 0 3 3
VLAN0110 0 0 0 3 3
VLAN0120 0 0 0 3 3
VLAN0130 0 0 0 3 3
Verify that after the change in configuration that the ESU is not root. If it has become root as in the following example, change the priority of the ESU switch to ensure that the upstream switch/router becomes root.
ESU2C> ifc net stp status verbose
| Interface Status |
|=======|=========|==================================|==========|=======|=======|
| Ifc | | | Adm/Opr | LACP | CIST |
| ID | IfIndex | User Label (ifAlias) | State | State | State |
|=======|=========|==================================|==========|=======|=======|
|
| NET2 | 257 | To Cisco 4500 | ena/up | up | fwd |
| | |
| +---> MSTP status |
| | > |
| | > CIST Status |
| | > Port ID : c0:15 |
| | > Uptime : 768993 (s) |
| | > Port Hello : 2 |
| | > MAC Operational State : up |
| | > RSTP State : forwarding |
| | > RSTP Role : designated |
| | > Designated Root : 80:00:00:c0:9b:02:07:85 |
| | > Designated Bridge : 80:00:00:c0:9b:02:07:85 |
| | > Designated Port : c0:15 (NET2) |
| | > Designated Cost : 0 |
| | > TCN ACK : false |
| | > Edge Port : false |
| | > Point to Point MAC : true |
| | > Disputed : false |
| | > CIST Regional Root : 80:00:00:c0:9b:02:07:85 |
| | > CIST Path Cost : 0 |
| | > Role Count : 11 |
| | > Time In Role : 123 (s) |
| | > Re-Rooted Count : 2 |
| | > Time Since Re-Rooted : 768992 (s) |
| | > |
| | > MSTI Status #1 |
| | > MSTP State : forwarding |
| | > MSTP Role : designated |
| | > Designated Root : 80:0a:00:c0:9b:02:07:85 |
| | > Designated Bridge : 80:0a:00:c0:9b:02:07:85 |
| | > Designated Port : c0:15 (NET2) |
| | > Designated Cost : 0 |
| | > Time In Role : 124 (s) |
| | > |
| | > MSTI Status #2 |
| | > MSTP State : forwarding |
| | > MSTP Role : designated |
| | > Designated Root : 80:14:00:c0:9b:02:07:85 |
| | > Designated Bridge : 80:14:00:c0:9b:02:07:85 |
| | > Designated Port : c0:15 (NET2) |
| | > Designated Cost : 0 |
| | > Time In Role : 124 (s) |
|=======|=========|==================================|==========|=======|=======|
From the above output, the OLT is the designated root. We need the Cisco to be the designated root for the PPG failover logic to work.
Designated Root : 80:00:00:c0:9b:02:07:85 <<< RSTP header + Tellabs MAC
The reason the OLT was the root was because of the priority of the Tellabs OLT bridge was higher than the Cisco switch. The Cisco/Core Switch needs to be highest priority between the OLT and the Cisco.
Root ID Priority 32848 <<< This is actually lowest priority, even though the number is larger!!
Address 0008.e3ff.fc08
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32848 (priority 32768 sys-id-ext 80)
Change the priority on the Cisco switch to ensure it has the root.
ohcnasw17-VSSsw1-LAB(config)#spanning-tree vlan 1 priority 4096
Immediately after the change, the OLT, receives RSTP BPDUs from the Cisco switch’s MAC address:
MDS1-ESUA:/usr/bob/bin# tcpdump -i /dev/pcap/any vlan and stp -e | grep -v 00:c0:9b:02:07:85
tcpdump: WARNING: SIOCGIFADDR: /dev/pcap/any: No such device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on /dev/pcap/any, link-type EN10MB (Ethernet), capture size 65535 bytes
13:00:43.539035 84:b8:02:1a:74:c0 (oui Unknown) > 01:80:c2:00:00:00 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1001.00:08:e3:ff:fc:08.850a, length 43
13:00:43.570829 84:b8:02:1a:74:c0 (oui Unknown) > 01:80:c2:00:00:00 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Topology change, Learn, Forward], bridge-id 1001.00:08:e3:ff:fc:08.850a, length 43
13:00:44.933117 84:b8:02:1a:74:c0 (oui Unknown) > 01:80:c2:00:00:00 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1w, Rapid STP, Flags [Topology change, Learn, Forward], bridge-id 1001.00:08:e3:ff:fc:08.850a, length 43
13:00:46.933161 84:b8:02:1a:74:c0 (oui Unknown) > 01:80:c2:00:00:00 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 1, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
84:b8:02:1a:74:c0 from output above is the MAC address of the Cisco.
After Getting BPDUs from Cisco, the OLT converges on Cisco as Designated Root
ESU2C> ifc net stp status verbose
| Interface Status |
|=======|=========|==================================|==========|=======|=======|
| Ifc | | | Adm/Opr | LACP | CIST |
| ID | IfIndex | User Label (ifAlias) | State | State | State |
|=======|=========|==================================|==========|=======|=======|
| NET2 | 257 | To Cisco 4500 | ena/up | up | fwd |
| | |
| +---> MSTP status |
| | > |
| | > CIST Status |
| | > Port ID : c0:15 |
| | > Uptime : 770471 (s) |
| | > Port Hello : 2 |
| | > MAC Operational State : up |
| | > RSTP State : forwarding |
| | > RSTP Role : root |
| | > Designated Root : 10:01:00:08:e3:ff:fc:08 |
| | > Designated Bridge : 10:01:00:08:e3:ff:fc:08 |
| | > Designated Port : 85:0a |
| | > Designated Cost : 0 |
| | > TCN ACK : false |
| | > Edge Port : false |
| | > Point to Point MAC : true |
| | > Disputed : false |
| | > CIST Regional Root : 10:01:00:08:e3:ff:fc:08 |
| | > CIST Path Cost : 0 |
| | > Role Count : 12 |
| | > Time In Role : 42 (s) |
| | > Re-Rooted Count : 3 |
| | > Time Since Re-Rooted : 42 (s) |
| | > |
| | > MSTI Status #1 |
| | > MSTP State : forwarding |
| | > MSTP Role : unavailable |
| | > Designated Root : 80:0a:00:c0:9b:02:07:85 |
| | > Designated Bridge : 80:0a:00:c0:9b:02:07:85 |
| | > Designated Port : c0:15 (NET2) |
| | > Designated Cost : 0 |
| | > Time In Role : 42 (s) |
| | > |
| | > MSTI Status #2 |
| | > MSTP State : forwarding |
| | > MSTP Role : unavailable |
| | > Designated Root : 80:14:00:c0:9b:02:07:85 |
| | > Designated Bridge : 80:14:00:c0:9b:02:07:85 |
| | > Designated Port : c0:15 (NET2) |
| | > Designated Cost : 0 |
| | > Time In Role : 42 (s) |
| | |
|=======|=========|==================================|========|=======|
Uplink STP/RSTP Configuration
The OLT level spanning tree GUI allows configuration of the bridge level settings for the Spanning Tree. The configuration screen for the OLT can be reached from OLT Right click menu: Protocol->Spanning Tree.
The following attributes can be configured:
Protocol Version
This determines the protocol to be used. MSTP and RSTP are backwards compatible with STP and so can be used with STP only terminals. Most systems use RSTP due to improved convergence times.
- MSTP (802.1s) - Multiple Spanning Tree Protocol, allows multiple Spanning Tree Domains. For more information, see MSTP section. The default is MSTP and this works well in most network topologies, even if all the other nodes are RSTP. If no MSTIs are configured as in this example, it will place all the VLANs into the CST or Common Spanning Tree used by RSTP and STP.
- RSTP (802.1w) - Adds improved convergence times to STP.
- STP (802.1D) - Simple Spanning tree Protocol Instance
CIST Configuration
- Bridge Priority - This is used to bias the selection of Root Bridge by the spanning tree protocol. The default bridge priority of the OLT is 53248 or 0xD000, which is lower than most switch defaults of 32768 or 0x8000. Since typically the OLT is attached to either the aggregation or core network, this ensures the OLT is not selected as the root, which in most layer 2 topologies would be a mistake. If the OLT is essentially the network, this value may need to be lowered to force the OLT to be elected as root.
- Bridge Forward Delay - The time that is spent in the Listening and Learning states of the STP protocol machine. Default on most bridges is 15s and can be in a range of 4 to 30 seconds. Typically, not modified.
- Bridge Hold Count - Defines the maximum number of BPDUs that can be transmitted during every hello time period. Default is 6 and is not editable.
- Bridge Max Age - The Max Age timer is zeroed when BPDUs are received and, when it expires, causes a port to update the state of the port to Designated and begin going through the listening and learning state to the forwarding state. Default is 20 seconds and should not typically be modified.
- Bridge Hello Time - BPDUs are sent at a minimum every hello time interval. The Hello time is set to 2 seconds and cannot be modified.
- Max Hops - Maximum number of Hops that the BPDUs can travel within the L2 network. Default is 20 and typically is not changed.
The STP configuration for uplinks is reached by going to the Links View and right-clicking on an uplink interface, then Protocol->Spanning Tree.
Port Priority - Port priority is used as a tiebreaker for two equal-cost paths to the root bridge. The Port Priority default is 128 and typically should not be modified unless you wish to bias the selection of the path to the root to prefer a specific link.
Port Path Cost - The port path cost defines the "cost" for traversing the link to the root. The OLT will default the port path cost to agree with the standard conventions for that speed port and should not typically be modified. The most common reason to modify the port path cost is to bias towards a particular link. Due to the standard definition of the port path cost, higher capacity links will be preferred over lower-speed links. The following table shows the standard definitions for Port Path Cost. Note that since the system uses RSTP, the right-hand column will be used for default port costs.
Port Hello Time - The time between each BPDU sent on the port. This value is defaulted to 2 seconds and typically should not be modified. The Hello time can be lowered to 1 second, but this doubles the CPU load for STP processing.
Port Internal Path Cost - The port path cost to be used for communicating downstream towards the ONTs. Should not be modified.
Admin Edge Port - When a port is declared to be an Admin Edge port, it is assumed to be at the network edge and unlikely to be participating in STP. To speed acceptance and transition of the port to forwarding, ports declared as Admin Edge will go into forwarding state immediately but still process the state machine. If a loop is detected after it is in the forwarding state, the port will be blocked. Admin Edge port should only be used for ports that have end devices attached.
Auto Edge Port - When enabled, the system attempts to determine whether a port is an Edge port and automatically configures the port to be Admin Edge if needed. Typically, this works well to properly configure the port but may occasionally be overridden.
Enable STP - Whether to enable STP and process the RSTP state machine.
Restricted TCN - If enabled, will not allow processing of BPDUs from the uplink interface that attempts to change the spanning tree topology. Typically, it should be disabled as the spanning tree above the OLT is expected to change upon network failures or additions of network equipment.
Restricted Role - This parameter restricts the ROLE of this port from becoming the root port or a port that is used to communicate to the root if this is set to True. The spanning tree information received on the configured port is subjected to role selection. If the received information is superior, the port is selected as the alternate port or backup port. If the received information is inferior, the port is selected as the designated port. If all ports of a switch are set to true, then this will force the switch into the role of root bridge. (Essentially it indicates the root can’t be in this direction).
Admin Point to Point MAC - For MSTP it creates a point to point link between two ports to increase the speed of convergence. Essentially eliminates the possibility of a hub with additional nodes being attached to this port and allows for faster convergence.
Multiple Spanning Tree Protocol (MSTP)
The system also supports MSTP or Multiple Spanning Tree Protocol on the uplinks. MSTP is not supported on the ONT UNI ports. MSTP is used to perform load balancing of VLAN traffic across redundant interfaces into the network.
MSTP essentially allows multiple logical spanning tree instances to run over the same set of physical links. Each instance is known as an MSTI (Multiple Spanning Tree Instance) and runs its own RSTP state machine. Rather than blocking all VLAN traffic on a port, the MSTP only blocks traffic at an MSTI. Essentially, it can coexist with STP and the MSTI=0 is the standard CIST (or common spanning tree instance). If MSTP is not configured, then by default, all configured VLANs are in the CIST.
Within a given region, all the VLANs within the MSTI must be consistent on all switches within the region. Failure to consistently do this will result in odd faults where some VLANs may be orphaned onto blocked links. The MSTI defines a list of VLANs that will be passed or filtered when that MSTI forwards or blocks a particular link.
The MSTP Configuration
The configuration of the MSTP protocol is performed via right-clicking on an OLT and selecting Protocol->STP. The MST configuration is at the bottom portion of the dialog.
When using MSTP, there is the CIST (Common Spanning Tree) and the MSTI or Multiple Spanning Tree Instances. Each MSTI is a logical spanning tree instance and runs completely independent of the others. VLANs are associated with each MSTI and all VLANs within an MSTP region will all use the same topology.
MSTP does not extend down to the ONT ports, only the CIST or common spanning tree extends to the ONT UNIs.
All MSTI’s within the region MUST agree on the VLAN set or MSTP will not operate properly.
Spanning Tree Bridge Configuration
MSTI ID - The MSTI ID uniquely identifies the MSTI within the region. It is an integer from 1..4094. MSTI ID of zero is reserved for the CIST.
MSTI Bridge Priority - The MSTI Priority is used to set the bridge priority for that MSTI. It serves an identical function to the bridge priority within the CIST. The range is 0 to 61,440, in increments of 4,096. The default is 16384 for the MSTI Bridge Priority.
MSTI Delete - Checking this box will delete the MSTI instance from this OLT.
MSTI Spanning Tree Port Configuration
MSTI ID - Defines the MSTI configuration for each Multiple Spanning Tree Instance. The MSTI ID will be copied from the Bridge configuration into the port configuration.
MSTI Port Priority - As with the CST, each MSTI has a separate port priority. The default port priority is 128 and typically should not be modified unless you are trying to bias a spanning tree to take a specific path.
MSTI Path Cost - As with the CST, ach interface has a path cost which is used in computing the least cost path to the root. Each MSTI has its own path cost.
VLAN Property Configuration
MST ID - The VLAN Property table includes one attribute associated with the Multiple Spanning Tree Protocol. The MST ID associates a VLAN with a particular spanning tree instance. The CST and each MSTI will separately compute the state of the spanning tree, and all VLANs associated with that spanning tree instance will be blocked or forwarded based on the spanning tree state of that MSTI or CIST.
The ONT Port STP/RSTP Configuration
The system also supports RSTP in the downstream direction towards the ONT ports. This implantation is slightly different from the uplinks and optimized for the high port fanout of the PONs. It also has different recommendations for settings for most typical networks to maximize protection from faults and loopbacks affecting the network.
Admin State - The default Admin State is Enabled, and should typically only be disabled on ports where the specific network requirements prevent RSTP from being enabled.
Path Cost - The default since all the ONT ports are 1G is 20,000 and typically should not be modified.
Port Priority - Should not typically be modified from the default of 128.
Port Hello Time - Should not typically be modified from its default of 2.
Admin Point to Point Mac - Values are Auto, Off or On. Auto will attempt to detect whether this is a point-to-point mac or not. Off is used to indicate that this is not a point-to-point MAC. On is used when it is known that this is a point-to-point MAC. Typically, the default of Auto is appropriate.
Admin Edge Port - Typically should be enabled to speed moving the port to the forwarding state if the port is expected to be attached to an end device. If a switch is attached, typically you would want to disable the admin Edge port. The Default is disabled.
Restricted TCN - The network architecture should typically be such that the Root should be somewhere above the OLT on the Uplink Network. As a result, it would be very odd for Topology change notices to be coming from the endpoints. As such, typically topology change notices will be dropped. The default is enabled, which will drop all TCN messages.
Restricted Role - All ONT ports are assumed to point "outward" in the network away from the root and, as such, should never become Root ports (as that would indicate the shortest path is through the ONT). As such, the system sets restricted roles and cannot be modified.
Enable Root Protected Notification - Root Protect notification indicates that a topology change has been received which indicates that the attached device or something downstream of it is assuming the root bridge role (and that the port will transition to a root port role). Enabling the Root Protect Notification allows alarming of this event and if Auto Disable in the NAC profile is enabled, the port will be disabled. Typically, it is a good policy to turn this on along with the NAC profile Auto Disable to ensure that the network returns to a normal working state and that loops and misconfigured equipment are isolated from the network when detected.
BPDU Guard Violation - BPDU Guard Violation reports whenever BPDUs are received on a port via an alarm. When the NAC profile Auto Disable is enabled, the port will be disabled. If this port is only expected to have end devices attached to the ONT port, then the devices are not typically expected to participate in the spanning tree. As such, the default value is enabled so that the port will be alarmed if a BPDU is detected. If the port is expected to participate in spanning tree, BPDU Guard Violation should be disabled. For laptops that have multiple routes to the network (via wireless and one or more NICs), they may often need to have RSTP enabled to allow them to block one of the two interfaces.
Video