Help, I need to configure elrp

  • 1
  • 1
  • Question
  • Updated 9 months ago
  • Answered
Hello All,

I need configure elrp in switch X460-24t version 16.1.4.2 patch1-7 but i don't know what option to choose, i have this options:
  • Log-and-trap disable-port egress permanent
  • Log disable-port ingress permanent

What is the difference between Log-and-trap disable-port egress permanent and  Log disable-port ingress permanent

Thanks everyone for your help


Photo of Susana Tovar

Susana Tovar

  • 494 Points 250 badge 2x thumb
  • Happy

Posted 1 year ago

  • 1
  • 1
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,608 Points 10k badge 2x thumb
Hi,

"log-and-trap" vs "log" is about what info will be sent to signal the loop detection. The "disable-port" is the action taken when a loop is detected, and the "permanent" keyword means the port will not go back up automatically, an admin will have to enable it. As for the "ingress" versus "egress" options, this is a new one since 16.1. It tells what port should be disabled, either the "ingress" one (where the elrp looped packet has been received) or the "egress" one (where the elrp looped packet has been transmitted).
Photo of Susana Tovar

Susana Tovar

  • 494 Points 250 badge 2x thumb
Thanks with your answer :)
Photo of Chad Smith

Chad Smith, Alum

  • 5,660 Points 5k badge 2x thumb
(Edited)
Photo of Susana Tovar

Susana Tovar

  • 494 Points 250 badge 2x thumb
Thanks with your answer :)
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,772 Points 10k badge 2x thumb
Hi,

I prefer to enable ELRP on the access ports, but not on uplinks, and then disable the egress port if a loop is detected.

If e.g. a loop between two access switches is created, ELRP will see packets returning via the uplinks. The uplinks are usually exempted from being disabled by ELRP (otherwise the whole switch would be disabled, not just the access port that is part of the loop). Thus it does not help to act on the ingress port . But the egress port can (and should) be disabled in this situation.

Thanks,
Erik
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,598 Points 10k badge 2x thumb
Happy to see egress mode is used in the field, and correctly understood. This is a nice improvement to ELRP that I have been advocating for a long time.
Photo of Susana Tovar

Susana Tovar

  • 494 Points 250 badge 2x thumb
Thanks with your answer :)
Photo of Ted

Ted

  • 1,174 Points 1k badge 2x thumb
I'm ready to enable this but just so I'm clear, I should enable ELRP blocking on egress on access ports and no ELRP on my uplinks?  I have MLAG configured on all my edge and TOR switches and should have L2 loop prevention on those as well.  Thanks
Photo of Ted

Ted

  • 1,174 Points 1k badge 2x thumb
Thank you, and its time to implement.  I appreciate the help.
Photo of Ted

Ted

  • 1,174 Points 1k badge 2x thumb
Chad, when you mentioned edge ports your talking about end stations connected to switch ports (non trunking access ports)?  Thank you
Photo of Ted

Ted

  • 1,174 Points 1k badge 2x thumb
Chad, when you mentioned edge ports your talking about end stations connected to switch ports (non trunking access ports)?  Thank you
Photo of Chad Smith

Chad Smith, Alum

  • 5,640 Points 5k badge 2x thumb
Not always.  Servers with multiple VLAN interfaces (i.e trunk) could still be considered "edge".  Basically any switch port not connected to a switch/router.  
Photo of Ted

Ted

  • 1,174 Points 1k badge 2x thumb
That makes sense, all our user ports trunk voice vlan but not trunk for the data side.  I appreciate the explanation.