Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring VSTP Protocol

 

Configuring VLAN Spanning Tree Protocol

When you configure VSTP, we recommend that you enable VSTP on all VLANs that can receive VSTP bridge protocol data units (BPDUs).

Note

This task supports the Enhanced Layer 2 Software (ELS) configuration style.

You can configure the VLAN Spanning Tree Protocol (VSTP) under the following hierarchy levels:

The routing instance type can be either virtual-switch or layer2-control.

To configure the VLAN Spanning Tree Protocol under protocols:

  1. If the default RSTP spanning-tree protocol has been disabled, reconfigure it.
    [edit protocols]

    user@switch# set rstp

    Why do this optional step? VSTP can run on a maximum of 253 VLANs on a switch; RSTP runs on the remaining VLANs if configured. Enabling RSTP ensures that a spanning-tree protocol runs on all VLANs.

    If a switch has more than 253 VLANs, You must enable RSTP when using the set vstp vlan all statement to enable VSTP. If you use the set vstp vlan all statement to enable VSTP on a switch with more than 253 VLANs, the configuration cannot be committed.

  2. Enable the VSTP spanning-tree protocol:
    [edit protocols]

    user@host@ set vstp

    OR

    Enable VSTP on all VLANs:

    [edit protocols]

    user@switch# set vstp vlan all

    On EX Series (other than EX9200) and QFX switches running Junos OS that supports ELS—VSTP can support up to 510 VLANs. However, on EX9200 switches, VSTP can support only up to 253 VLANs. If you use the set vstp vlan all statement to enable VSTP on a switch with more than 253 VLANs, also be sure RSTP is configured as shown in step 1. Otherwise, the configuration cannot be committed.

    OR

    Enable VSTP on multiple VLANs using a VLAN group:

    [edit protocols]

    user@switch# set vstp vlan-group group group-name vlan vlan-id-range

    OR

    Enable VSTP on a VLAN using a single VLAN ID:

    [edit protocols]

    user@switch# set vstp vlan vlan-id

    OR

    Enable VSTP on a VLAN using a single VLAN name:

    [edit protocols]

    user@switch# set vstp vlan vlan-name
    Tip

    For all command options for VSTP configuration, see Global and Specific VSTP Configurations for Switches.

  3. (Optional) For compatibility with older bridges that do not support VSTP, you can run force VSTP to run as the original IEEE 802.1D Spanning Tree Protocol (STP) version:

    Note

    If VSTP has been forced to run as the original STP version, you can revert back to VSTP by first removing the force-version statement from the configuration and then entering the clear spanning-tree protocol-migration configuration mode command.

  4. Configure the interfaces that participate in the VSTP instance.

    1. Enable configuration of the interface:
      [edit ... protocols vstp]

      user@host# edit interface interface-name
    2. Configure the interface priority:
      [edit ... protocols vstp interface interface-name]

      user@host# set priority interface-priority
    3. (Optional) By default, the interface link cost is determined by the link speed. You can configure the interface link cost to control which bridge is the designated bridge and which port is the designated port:
      [edit ... protocols vstp interface interface-name]

      user@host# set cost interface-link-cost
    4. Configure the interface link mode to identify point-to-point links:
      [edit ... protocols vstp interface interface-name]

      user@host# set mode (p2p | shared)

      Specify p2p if the link is point to point. Specify shared if the link is a shared media.

    5. (Optional) Configure the interface as an edge port:
      [edit ... protocols vstp interface interface-name]

      user@host# set edge

      Edge ports do not expect to receive bridge protocol data unit (BPDU) packets. If a BPDU packet is received for an edge port, the port becomes a non-edge port

    You can also enable BPDU root protection for all spanning-tree protocol instances on the interface. BPDU root protect ensures the port is the spanning-tree designated port. If the port receives superior BPDU packets, root protect moves this port to a root-prevented spanning-tree state. For configuration details, see Checking the Status of Spanning-Tree Instance Interfaces.
  5. Enable configuration of a VLAN instance:
    [edit ... protocols vstp]

    user@host# edit vlan vlan-id
  6. Configure the bridge priority:
    [edit ... protocols vstp vlan vlan-id]

    user@host# set bridge-priority bridge-priority

    For more information, see Understanding Bridge Priority for Election of Root Bridge and Designated Bridge.

  7. Configure hello BPDU timers.

    1. Configure the maximum expected arrival time of hello BPDUs:
      [edit ... protocols vstp vlan vlan-id]

      user@host# set max-age seconds
    2. Configure the time interval at which the root bridge transmits configuration BPDUs:
      [edit ... protocols vstp vlan vlan-id]

      user@host# set hello-time seconds
  8. (Optional) By default, the bridge port remains in the listening and learning states for 15 seconds before transitioning to the forwarding state. You can specify a delay from 4 through 20 seconds instead:
    [edit ... protocols vstp vlan vlan-id]

    user@host# set forward-delay seconds
  9. Configure the interfaces that participate in the VSTP instance.

    1. Enable configuration of the interface:
      [edit ... protocols vstp vlan vlan-id]

      user@host# edit interface interface-name
    2. Configure the interface priority:
      [edit ... protocols vstp vlan vlan-id interface interface-name]

      user@host# set priority interface-priority
    3. (Optional) By default, the interface link cost is determined by the link speed. You can configure the interface link cost to control which bridge is the designated bridge and which port is the designated port:
      [edit ... protocols vstp vlan vlan-id interface interface-name]

      user@host# set cost interface-link-cost
    4. Configure the interface link mode to identify point-to-point links:
      [edit ... protocols vstp vlan vlan-id interface interface-name]

      user@host# set mode (p2p | shared)

      Specify p2p if the link is point to point. Specify shared if the link is a shared media.

    5. (Optional) Configure the interface as an edge port:
      [edit ... protocols vstp vlan vlan-id interface interface-name]

      user@host# set edge

      Edge ports do not expect to receive bridge protocol data unit (BPDU) packets. If a BPDU packet is received for an edge port, the port becomes a non-edge port.

    You can also enable BPDU root protection for all spanning-tree protocol instances on the interface. BPDU root protect ensures the port is the spanning-tree designated port. If the port receives superior BPDU packets, root protect moves this port to a root-prevented spanning-tree state. For configuration details, see Checking the Status of Spanning-Tree Instance Interfaces.
  10. Verify the VSTP configuration:

Global and Specific VSTP Configurations for Switches

Juniper Networks EX Series Ethernet Switches provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol (VSTP). The default factory configuration for EX Series switches uses RSTP. This topic describes options for configuring VSTP on an EX Series or QFX Series switch.

Note

On EX Series (other than EX9200) and QFX switches running Junos OS that supports ELS—VSTP can support up to 510 VLANs. However, on EX9200 switches, VSTP can support only up to 253 VLANs.

Note

When you configure VSTP, we recommend that you enable VSTP on all VLANs that can receive VSTP bridge protocol data units (BPDUs).

Where Can I Configure VSTP?

You can configure VSTP at the global level:

  • For all interfaces on the switch

  • For all interfaces within all VLANs

  • For all interfaces within a specified VLAN

  • For all interfaces within a specified VLAN group

You can configure or disable VSTP for specific interfaces:

  • For a specific interface on the switch

  • For a specific interface within all VLANs

  • For a specific interface within a specified VLAN

  • For a specific interface within a specified VLAN group

Note
  • If you configure VSTP on an interface at both the global and the specific VLAN level, the interface configuration that is defined at the specific VLAN level overrides the interface configuration that is defined at the global level.

  • If you specify VSTP to be configured on an interface that is not configured to belong to the VLAN (or VLANs), an error message is displayed.

  • On EX Series (other than EX9200) and QFX switches running Junos OS that supports ELS—VSTP can support up to 510 VLANs. However, on EX9200 switches, VSTP can support only up to 253 VLANs.

  • When you configure VSTP, we recommend that you enable VSTP on all VLANs that can receive VSTP bridge protocol data units (BPDUs).

    You must enable RSTP if you used the set vstp vlan all statement to enable VSTP and if the switch has more than 253 VLANs. If you use the set vstp vlan all statement to enable VSTP on a switch with more than 253 VLANs, the configuration cannot be committed.

VSTP Commands to Configure All Interfaces

Command to configure VSTP on an individual interface on a switch:

[edit protocols vstp]

user@switch@ set interface interface-name

Command to configure all VSTP interfaces on a switch:

[edit protocols vstp]

user@switch# set interface all

Command to configure all VSTP interfaces for all VLANs:

[edit protocols vstp]

user@switch# set vlan all interface all

Command to configure all VSTP interfaces within a specified VLAN:

[edit protocols vstp]

user@switch# set vlan (vlan-id |vlan-range |open-set-of-values) interface all interface all
Note

When you configure VSTP with the set protocol vstp vlan vlan-id interface interface-name command, the VLAN named default is excluded. You must manually configure a VLAN with the name default to run VSTP.

Command to configure all VSTP interfaces within a specified VLAN group:

[edit protocols vstp]

user@switch# set vlan-group vlan-group-name vlan (vlan-id |vlan-range |open-set-of-values) interface all

VSTP Commands to Configure Specific Interfaces

Command to configure a specific interface on a switch:

[edit protocols vstp]

user@switch# set interface interface-name

Command to configure a specific interface within all VLANs:

[edit protocols vstp]

user@switch# set vlan all interface interface-name
Caution

Ensure that the interface is a member of all VLANs before you add the interface to the VSTP configuration. If the interface is not a member of all VLANs, this VSTP configuration will fail when you try to commit it.

Command to configure a specific interface within a specific VLAN:

[edit protocols vstp]

user@switch# set vlan vlan-id-or-vlan-range interface interface-name

Command to configure a specific interface within a specific VLAN group:

[edit protocols vstp]

user@switch# set vlan-group vlan-group-name vlan (vlan-id |vlan-range |open-set-of-values) interface interface-name

VSTP Commands to Disable Interfaces

Command to disable VSTP on an individual interface on a switch:

[edit protocols vstp]

user@switch@ set interface interface-name disable

Command to disable VSTP on a specific interface within a specific VLAN on a switch:

[edit protocols vstp]

user@switch@ set vlan vlan-id interface interface-name disable

Command to disable one specific VSTP interface on all the VLANs on the switch:

[edit protocols vstp]

user@switch@ set vlan all interface interface-name disable

Command to disable a specific VSTP interface within a specific VLAN group:

[edit protocols vstp]

user@switch@ set vlan-group group group-name vlan (vlan-id |vlan-range | open-set-of-values) interface interface-name disable
Note

You cannot disable the VSTP VLAN parameters for all VSTP interfaces.

Example: Configuring VSTP on a Trunk Port with Tagged Traffic

In 802.1ad provider bridge networks (stacked VLANs), single-tagged access ports and double-tagged trunk ports can co-exist in a single spanning tree context. In this mode, the VLAN Spanning Tree Protocol (VSTP) can send and receive untagged Rapid Spanning Tree Protocol (RSTP) bridge protocol data units (BPDUs) on Gigabit Ethernet (ge), 10 -Gigabit Ethernet (xe), and aggregated Ethernet (ae) interfaces. The untagged RSTP BPDUs interoperate with tagged VSTP BPDUs sent over the double-tagged trunk ports.

Double-tagging can be useful for Internet service providers, allowing them to use VLANs internally while mixing traffic from clients that are already VLAN-tagged.

This example shows how to configure the VSTP to send and receive standard untagged Rapid Spanning Tree Protocol (RSTP) bridge protocol data units (BPDUs) on access trunks that interoperate with tagged VSTP BPDUs sent over the double-tagged trunk ports.

Requirements

This example uses the following hardware and software components:

  • Two CE devices (MX Series routers with DPCE or MPC cards)

  • Two PE devices (MX Series routers with DPCE or MPC cards)

  • Junos OS Release 12.3 or later running on the PE devices

Overview

This example shows how to configure VSTP on a trunk port with tagged traffic.

Topology

Figure 1 shows a sample topology in which two customer edge (CE) bridges are dual-homed to two provider edge (PE) devices. All of the PE-CE links are single-tagged trunks using C-VLANs 1-100. The core link between Devices PE1 and PE2 is a double-tagged trunk that carries traffic from both CE devices, using S-VLANs 100 and 200 to distinguish the CE traffic.

Two VSTP instances are created on the PE devices, one for each S-VLAN. The CE devices run the standard RSTP. The PE devices run VSTP on the core link while sending standard untagged RSTP BPDUs toward the CE devices.

Figure 1: Topology for VSTP Configured on a Trunk Port with Tagged Traffic
Topology for VSTP Configured on a Trunk
Port with Tagged Traffic

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device PE1

Device PE2

Device CE1

Device CE2

Configuring PE1, PE2, CE1, and CE2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Device PE1:

  1. Configure the network interfaces.
  2. Configure the routing instances.

Step-by-Step Procedure

To configure Device PE2:

  1. Configure the interfaces.
  2. Configure the routing instances.

Step-by-Step Procedure

To configure CE1:

  1. Configure the interfaces.
  2. Configure the protocols.
  3. Configure the bridge domain.

Step-by-Step Procedure

To configure CE2:

  1. Configure the interfaces.
  2. Configure the protocols.
  3. Configure the bridge domain.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show routing-instances, show protocols, and show bridge-domains commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Device PE1

Device PE2

Device CE1

Device CE2

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying That the Interfaces Are Operational

Purpose

Verify that the interfaces are operational.

Action

From operational mode, enter the show spanning-tree interface routing-instance command.

user@PE1> show spanning-tree interface routing-instance vs1

Meaning

The output shows the status of the interfaces configured for VLAN 100.

Verifying the STP Bridge Parameters of the Routing Instances

Purpose

Verify the STP bridge parameters configured for the routing instances.

Action

From operational mode, enter the show spanning-tree bridge routing-instance command.

user@PE1> show spanning-tree bridge routing-instance vs1

Meaning

The output shows the status of the STP bridge parameters for routing instance vs1.

Displaying STP Statistics for the Configured Bridge

Purpose

Display spanning-tree statistics for the configured bridge.

Action

From operational mode, enter the show spanning-tree statistics bridge command.

user@PE1> show spanning-tree statistics bridge

Meaning

The command output shows spanning-tree statistics for the configured bridge.

Understanding RSTP or VSTP Forced to Run as IEEE 802.1D STP

On MX Series routers and EX Series and QFX Series switches in a Layer 2 environment, you can force the configured Rapid Spanning Tree Protocol (RSTP) or VLAN Spanning Tree Protocol (VSTP) to run as the original IEEE 802.1D Spanning Tree Protocol (STP) version. Configure original IEEE_802.1D STP for compatibility with older bridges that do not support RSTP or VSTP.

Keep the following limitations in mind when RSTP or VSTP are forced to run as the original STP version:

  • If you configure an instance interface as an edge port, the configuration statement is ignored.

  • If you configure point-to-point link mode for an instance interface, the configuration statement is ignored.

Forcing RSTP or VSTP to Run as IEEE 802.1D STP (CLI Procedure)

Note

This procedure uses Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style. For ELS details, see Using the Enhanced Layer 2 Software CLI.

On EX Series switches running Rapid Spanning Tree Protocol (RSTP) (the default) or VLAN Spanning Tree Protocol (VSTP), you can force the original IEEE 802.1D Spanning Tree Protocol (STP) version to run in place of RSTP or VSTP. Configure the force-version stp statement for compatibility with older bridges that do not support RSTP or VSTP.

To force the spanning-tree protocol version to be the original IEEE 802.1D STP:

  1. Enable IEEE 802.1D STP:
    [edit protocols]

    user@switch# set (rstp | vstp) force-version stp
Note

After using the force-version statement to enable xSTP globally, apply the force-version statement for specific Layer 2 ports.

Reverting to RSTP or VSTP from Forced IEEE 802.1D STP

On MX Series routers and EX Series and QFX Series switches on which Rapid Spanning Tree Protocol (RSTP) or VLAN Spanning Tree Protocol (VSTP) has been forced to run as the original IEEE 802.1D Spanning Tree Protocol (STP) version, you can revert back to RSTP or VSTP.

To revert from the forced instance of the original IEEE 802.1D STP version to the originally configured RSTP or VSTP version:

  1. Remove the force-version statement from the following RSTP or VSTP configuration:

    Include this statement at the following hierarchy levels:

    • [edit logical-systems routing-instance-name protocols rstp]

    • [edit protocols rstp]

    • [edit protocols vstp]

    • [edit routing-instances routing-instance-name protocols rstp]

    • [edit routing-instances routing-instance-name protocols vstp]

  2. Revert the forced IEEE 802.1D STP to run as the configured RSTP or VSTP:

    To revert the STP protocol globally, issue the statement without options (clear spanning-tree protocol-migration).

    To revert the STP protocol for the specified interface only, specify the interface interface-name option.

    To revert the STP protocol for a particular routing instance only, specify the routing-instance routing-instance-name option.