Configure ELRP Script

  • 1 August 2014
  • 9 replies
  • 301 views

Userlevel 2
I understand that any scripts on here need to be tested out before placed on a production network. I am just trying to find a fast way to fix ELRP that was configured incorrectly on all ports.

Right now it is enabled on all ports. The uplink ports are excluded from disable. So when the switch loops it sends it out the uplink port.

Looking for some help with a script to enable ELRP only on untagged ports. Would like it to block a looped port permanently. Would like for this script to run daily to make sure any ports that change vlan's are covered.

If you have ideas on a way to stop uplink ports from having ELRP enabled that would be great too!

Thanks in advance

9 replies

Userlevel 4
Below script will run the elrp on all vlan and ports which are present on switch.

step 1) Execute command "vi elrpscript.pol"
Step 2) paste below script

disable clipaging enable elrp-client

set var sv "#ELRP POLL STARTED#"

show var sv

set var cli.out 0

show vlan

set var sv $TCL(split ${cli.out} "\n")

set var e $TCL(lsearch $sv *(B)*)

set var i 5

set var e ($e - 1)

while ($i < $e) do

set var cli.out 0

set var v $TCL(lindex $sv $i)

set var vn $TCL(lindex $v 0)

set var z $TCL(regexp {Mgmt} $vn)

if ($z == 0) then

conf elrp-client one-shot $vn port all print

set var p $TCL(split ${cli.out} "\n")

set var p1 $TCL(lsearch $p *NO*)

if ($p1 == -1) then

set var p1 $TCL(lindex $p 2)

set var p2 $TCL(lindex $p1 9)

set var p1 $TCL(lrange $p1 0 6)

set var p1 $TCL(concat $p1 $p2)

set var p2 $TCL(lindex $p 3)

set var p2 $TCL(lrange $p2 5 7)

set var p $TCL(concat $p1 $p2)

show var p

else

set var p1 $TCL(lindex $p 2)

set var p2 $TCL(lindex $p1 10)

set var p1 $TCL(lrange $p1 0 7)

set var p1 $TCL(concat $p1 $p2)

show var p1

endif

endif

set var i ($i + 1)

endwhile

disable elrp-client

enable clipaging

set var sv "#ELRP POLL COMPLETED#"

show var sv

Step 3) To run script "load script elrpscript"

It will tell you on which port the loop is present.
Userlevel 2
Sumit,

Thanks for the reply. I will give it a test. On this script is it a one time run? I need to have something that will keep ELRP enabled all the time. But needs to check periodically for VLAN port changes. It is in a large network and people change untagged ports from one VLAN to another. I just want to make sure that we are still protected from loops.

Thanks,
Mike
Userlevel 4
You could use UPM profile to invoke above profile after particular time period.
Userlevel 2
When I run the script I get this error

X460-24t.10 # load script elrpscript
Cannot open EXSH script "/config/elrpscript.xsf"!
Userlevel 4
I made mistake in step 1. Please change the file type from pol to xsf and run it again.
Can this script be modified to run only on the access ports of a switch or stack?
Userlevel 4
Everything is possible.

You could write function which can help to find access port and then pass those port number to elrp command.
Userlevel 2
That is more what we need. To find the access ports and vlan's then protect with ELRP. Can we change it to be periodic instead of one shot? Then add a UPM Timer to run it every day to find changes.

1. Find Vlan's and Access ports then
enable elrp-client
configure elrp-client periodic (found vlan) ports (found ports) log-and-trap disable-port permanent

2.UPM- timer to run each day.

think that would solve the issue.
Userlevel 4
In our network I use the vlan default to monitor ELRP on the edge ports. I configure the edge ports in the vlan default (tagged).

the reason: If I have por 1 in vlan1 and port2 in vlan2 and there is a connection on the switch between port 1 and 2 (this no loop on the network). Someone can make a wrong patch.....

And one of those ports is disabled pemantent.

Reply