loop check on Enterasys C5K125-48

  • 0
  • 1
  • Question
  • Updated 4 years ago
Hi all.
Is there an easy way to do a check on a C5K125-48 about possible loops on network?

Tnx
Photo of giro

giro

  • 150 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Bill Handler

Bill Handler

  • 1,434 Points 1k badge 2x thumb

The easiest way we've found is to use the 'show neighbor' command.  If you see the switch you're connected to on more than 1 port (excluding ports associated with lags), you know you have a loop with one of those ports.

For an instance where you don't have CDP available, it gets a little more difficult.  We recently had a customer that had a loop on a commodity switch that was connected to an Enterasys Stack causing a broadcast storm in their network.  The CPU utilization for the switch stacks on the subnet was at 70+%.  We looked at the port statistics in NetSight Console.  We looked at the port (non-uplink port between stacks) with the highest non-unicast packet in count, and disabled that port.  We noticed the CPU utilization drop to normal levels almost immediately.  For us, we got the problem port on the first shot.  It may take a little trial and error, but I think you'll be able to find a loop with this method if CDP is not available.

Photo of giro

giro

  • 150 Points 100 badge 2x thumb
OK tnx.
In this case there's not CDP available on the network and I was looking for some less empirical tests.
I tried some commands to display if my PC MAC address was learned by more than 1 port on the switches but I have not prominent results...
Any other suggestion?
Photo of Bill Handler

Bill Handler

  • 1,434 Points 1k badge 2x thumb

Giro, a few questions...

Do you have NetSight available?

How many Enterasys Switches/Stacks are on the subnet in question?

Is STP enabled?


There is likely a CLI command that would show the full port statistics.  You could run the command, copy the output into an excel sheet and sort for the highest non-unicast packet count as mentioned above.

Why do you think there's a loop in the network to begin with?


Photo of giro

giro

  • 150 Points 100 badge 2x thumb
In this case I don't have Netsight available.
STP is not enabled (and it will be never...)
In my network there are two stacks of C5, two x460 (connected between themselves with a LAG of 2 links), two Allied Telesys (connected between them with one link).
Imagine that the two stacks of C5 are connected to the two AT switches, and the two x460 too.
The two stacks and the x460 are not connected.
My customer wants me to test if this topology could have a loop.
I don't think so but I have to find a test to demonstrate them it!!
Photo of Bill Handler

Bill Handler

  • 1,434 Points 1k badge 2x thumb

Giro,

For greatest ease, I would looking installing a demo of NetSight, pull in all the switches you can, and then test for loops as above mentioned.  The X460 (if they are not G2 models) may not be fully compatible with all the features of NetSight, but I'm sure that they and the Allied switches (if they are managed switches) will have some compatibility.  Also, if you can add the MiBs for the Allied switches if they are available, that may enhance your experience.

A short non-authoritative test for loops with the C5K would be to check the CPU utilization.  If it's high, likely there is a loop or some other issue.

Photo of Johan Hendrikx

Johan Hendrikx

  • 3,876 Points 3k badge 2x thumb

You don't need netsight to check a loop.

On XOS switches:

enable elrp-client

configure elrp-client < peroidic/one0shot>  <vlan name> <ports>

You can log the action and even send a trap to a NMS, disable ports.

Check the log on the switch.

The configuration on our switches:

configure elrp-client periodic <vlan>  ports all interval 1 log-and-trap disable-port permanent


(Edited)
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,608 Points 10k badge 2x thumb
One more thing to note, is that on later versions of EXOS, you can just do 'run elrp <vlan name>' to run ELRP on all ports in a specific vlan once, instead of typing out the full configure elrp command. This is equivalent to the command 'configure elrp-client one-shot <vlan_name> ports all print-and-log'.
(Edited)