Configure ELRP Script

  • 0
  • 2
  • Question
  • Updated 3 years ago
  • Answered
I understand that any scripts on here need to be tested out before placed on a production network. I am just trying to find a fast way to fix ELRP that was configured incorrectly on all ports.

Right now it is enabled on all ports. The uplink ports are excluded from disable. So when the switch loops it sends it out the uplink port. 

Looking for some help with a script to enable ELRP only on untagged ports. Would like it to block a looped port permanently. Would like for this script to run daily to make sure any ports that change vlan's are covered. 

If you have ideas on a way to stop uplink ports from having ELRP enabled that would be great too!

Thanks in advance
Photo of Michael

Michael

  • 178 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 2
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
Below script will run the elrp on all vlan and ports which are present on switch.

step 1) Execute command "vi elrpscript.pol"
Step 2) paste below script

disable clipaging

enable elrp-client

set var sv "#ELRP POLL STARTED#"

show var sv

set var cli.out 0

show vlan

set var sv $TCL(split ${cli.out} "\n")

set var e $TCL(lsearch $sv *(B)*)

set var i 5

set var e ($e - 1)

while ($i < $e) do

   set var cli.out 0

   set var v $TCL(lindex $sv $i)

   set var vn $TCL(lindex $v 0)

   set var z $TCL(regexp {Mgmt} $vn)

   if ($z == 0) then

         conf elrp-client one-shot $vn port all print

         set var p $TCL(split ${cli.out} "\n")

         set var p1 $TCL(lsearch $p *NO*)

         if ($p1 == -1) then

            set var p1 $TCL(lindex $p 2)

            set var p2 $TCL(lindex $p1 9)

            set var p1 $TCL(lrange $p1 0 6)

            set var p1 $TCL(concat $p1 $p2)

            set var p2 $TCL(lindex $p 3)

            set var p2 $TCL(lrange $p2 5 7)

            set var p $TCL(concat $p1 $p2)

            show var p

         else

            set var p1 $TCL(lindex $p 2)

            set var p2 $TCL(lindex $p1 10)

            set var p1 $TCL(lrange $p1 0 7)

            set var p1 $TCL(concat $p1 $p2)

            show var p1

         endif

   endif

   set var i ($i + 1)

endwhile

disable elrp-client

enable clipaging

set var sv "#ELRP POLL COMPLETED#"

show var sv


Step 3) To run script "load script elrpscript"

It will tell you on which port the loop is present.

Photo of Michael

Michael

  • 178 Points 100 badge 2x thumb
Sumit,

Thanks for the reply. I will give it a test. On this script is it a one time run? I need to have something that will keep ELRP enabled all the time. But needs to check periodically for VLAN port changes. It is in a large network and people change untagged ports from one VLAN to another. I just want to make sure that we are still protected from loops. 

Thanks,
Mike
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
You could use UPM profile to invoke above profile after particular time period.
Photo of Michael

Michael

  • 178 Points 100 badge 2x thumb
When I run the script I get this error


X460-24t.10 # load script elrpscript
Cannot open EXSH script "/config/elrpscript.xsf"!
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
I made mistake in step 1. Please change the file type from pol to xsf and run it again.
Photo of Michael O'Loughlin

Michael O'Loughlin

  • 76 Points 75 badge 2x thumb
Can this script be modified to run only on the access ports of a switch or stack?
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
Everything is possible.

You could write function which can help to find access port and then pass those port number to elrp command.
Photo of Michael

Michael

  • 178 Points 100 badge 2x thumb
That is more what we need. To find the access ports and vlan's then protect with ELRP. Can we change it to be periodic instead of one shot? Then add a UPM Timer to run it every day to find changes. 

1. Find Vlan's and Access ports then
       enable elrp-client
       configure elrp-client periodic (found vlan) ports (found ports) log-and-trap disable-port          permanent 

2.UPM- timer to run each day.

think that would solve the issue.
Photo of Johan Hendrikx

Johan Hendrikx

  • 2,990 Points 2k badge 2x thumb

In our network I use the vlan default to monitor ELRP on the edge ports. I configure the edge ports in the vlan default (tagged).

the reason: If I have por 1 in vlan1 and port2 in vlan2 and there is a connection on the switch between port 1 and 2 (this no loop on the network). Someone can make a wrong patch.....

And one of those ports is disabled pemantent.