how to delete vlan from existing eaps domain

  • 1
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Hi All,

We have a vlan that doesn't need to be protected by EAPS anymore. So I am looking for a step-by-step procedure to delete vlan from EAPS domain without causing any outages.

Thank You
Photo of lovedeep

lovedeep

  • 110 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of Hagemann, Olaf

Hagemann, Olaf, Employee

  • 1,306 Points 1k badge 2x thumb
configure eaps name delete protected {vlan} vlan_name

To prevent loops in the network, you must delete the ring ports (the primary and the secondary ports)
from the protected VLAN before deleting the protected VLAN from the EAPS domain. Failure to do so
can cause a loop in the network.
The switch displays by default a warning message and prompts you to delete the VLAN from the EAPS
domain. When prompted, do one of the following:
• Enter y delete the VLAN from the specified EAPS domain.
• Enter n or press [Return] to cancel this action.
Photo of Christina M

Christina M, Information Architect, Information Development

  • 1,658 Points 1k badge 2x thumb
Photo of lovedeep

lovedeep

  • 110 Points 100 badge 2x thumb
Hi Hagemann, 

Many thanks for your response. So when deleting the vlan from ring ports or deleting the vlan from the eaps domain. Do I have to do this on the master node first and then on transit nodes? Is there any order that I should follow?   

 

Photo of Hagemann, Olaf

Hagemann, Olaf, Employee

  • 1,306 Points 1k badge 2x thumb
The order of nodes does not matter. Just delete the ring ports from the VLAN and delete the VLAN from EAPS.
Photo of lovedeep

lovedeep

  • 110 Points 100 badge 2x thumb
Hi Hagemann, thank you for your quick response. Apologies for hassling you with too many questions, the problem is I haven't done any work with eaps in the past, so I am simply not comfortable with eaps. I just wanted to ask you one more thing. I have attached the picture to give you an idea about the way eaps is configured at our Data centers. Core 1 and 2 are in one data center and core 3, and 4 are in another one. So basically we are running eaps domain across all four core switches. 10:1 and 10:2 are the ring ports on all extreme switches. So if I just delete the vlan from port 10:1 and then delete the vlan from the eaps domain on all core switches should that be enough? Or Do I have to worry about the ports 10:2 as well?  

We need that vlan to be tagged on port 10:2, so the servers can talk locally. I believe this should not cause any loop.   

Photo of ChrisH

ChrisH, ESE - Employee

  • 350 Points 250 badge 2x thumb
Olaf has already explained the required steps to remove the VLAN, however I thought to give a bit of the background information on EAPS here and what you would want to do..

If you have a VLAN on all 4 switches of your drawing on all ring-ports, then you create a loop. The concepts of Ethernet switching indicates that traffic is being sent out all ports on the same VLAN with the exception of the receiving port.  So let's say Core 1 receives a packet on port 10:1 and it does not have an FDB entry for it (to know which port to forward the traffic to), it will do "unknown unicast flooding", so it will send the traffic out all ports with exception of the incoming port.
In this example it will send the traffic out port 10:2. Core 2 receives the packet on port 10:2 and will do the same, so it will send it out of port 10:1 towards Core 4 in your drawing.  The same happens again on Core 4 and Core 3 and eventually the packet is being received by Core 1 again, only to start the process over and again forward it out to Core 2 and this is how a loop is created.

To prevent this loop from happening you can use EAPS.  The EAPS master switch blocks the secondary port on the protected VLANs, so that this loop is being interrupted.
This is similar to just removing one of the ports from the VLAN, however if you actually did this, and there was a single link-failure in the network you would split the VLAN into multiple segments.  To avoid this, you can i.e. use EAPS, which simply "opens" up the blocked secondary port and full connectivity is restored.

So when you say that a specific VLAN is not required by EAPS anymore this indicates that it's not part of the full ring (so the VLAN has been removed from at least one ring-port of one of the switches).
In this case you can just delete it from the list of protected VLANs, with the command that Olaf had already mentioned as there is no chance that a loop can be created.  
This does not mean, that you will have to remove this VLAN from all ring ports on all switches, as i.e. in your case you still need connectivity to some servers.  
Just make sure that before removing this VLAN from the list of protected VLANs in EAPS it is not creating a full loop anymore (so have at least one ring-port removed).
Photo of Hagemann, Olaf

Hagemann, Olaf, Employee

  • 1,306 Points 1k badge 2x thumb
Correct
Photo of lovedeep

lovedeep

  • 110 Points 100 badge 2x thumb
Many thanks Chris, Hagemann and Christina for sharing all the information. Moving forward if we take off the link between core 2 and 4 then can I disable eaps on all four core switches? or do I have to delete vlans first from eaps domain before disabling eaps? Also , are there any steps that I have to follow to disable eaps?

Thanks,
LD
Photo of ChrisH

ChrisH, ESE - Employee

  • 350 Points 250 badge 2x thumb
Hi LD,

If you first physically break the ring, so there is no chance for a physical loop, you can disable EAPS and/or remove the protected VLANs as you wish.
The order doesn't really matter in this case as long as the link is first disabled/removed.

Disabling EAPS globally (= all EAPS rings you may have) simply uses the command "disable eaps" on all switches.

cheers,
Chris
Photo of lovedeep

lovedeep

  • 110 Points 100 badge 2x thumb
 Thanks Chris. I will try to keep it simple by disabling the eaps globally, so the rollback (enable eaps) is easy just in case if we have to.