topic ELRP and tagged/untagged in ExtremeSwitching (EXOS/Switch Engine) https://community.extremenetworks.com/t5/extremeswitching-exos-switch/elrp-and-tagged-untagged/m-p/82121#M20186 <P>SW-Versions summitX-21.1.5.2-patch1-5 / summitX-22.6.1.4-patch1-1<BR /><BR />We use ELRP (Extreme with Extreme) and STPD-BPDU Protection (Extreme with Other vendors) to prevent loops.<BR />Last Week, someone wired a port with tagged vlans (netlogin-Protected) with a port with untagged vlans.<BR />The switch was busy forwarding packets through the loop although the tagged port was protected by netlogin. ELRP did not react.<BR />The Switch itself registered the connection (VLAN-ID replaced with [vlan]) :<BR /><BR /><CODE>05/08/2019 14:46:20.92 Slot-1: Port=1:1: No associated STP port for STP Domain tag 0 (Rate-limited) 05/08/2019 14:46:20.92 Slot-1: Port=1:11: No associated STP port for STP Domain tag [vlan] (Rate-limited) </CODE><BR /><BR />I tried the same configuration on a testing switch today with the same issues.<BR /><BR /><CODE>Slot-1 # sh elrp ELRP Standalone Client: Enabled Number of ELRP sessions: 2 Number of ELRP pkts transmitted: 2 Number of ELRP pkts received: 0 Interval Pkts Pkts Disable Client VLAN Ports (sec) Count Cyclic Xmit Rcvd Action Port (sec) ---------------------------------------------------------------------------------------------- CLI Vlan_1 All 60.0 0 Yes 1 0 LTI Perm CLI Vlan_2 All 60.0 0 Yes 1 0 LTI Perm ---------------------------------------------------------------------------------------------- Action : (P) Print, (L) Log, (T) Trap, (C) Callback, (E) Egress, (I) Ingress Slot-1 # sh netlogin port 1:1 Port : 1:1 Authentication : 802.1x Port State : Enabled Authentication Mode : Required (Policy Enabled only) Max Supported Users : 1536 (Policy Enabled only) Allowed Users : 128 (Policy Enabled only) Current Users : 0 (Policy Enabled only) ------------------------------------------------ 802.1x Port Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication : On Re-authentication period : 3600 Max Re-authentications : 3 RADIUS server timeout : 30 ------------------------------------------------ Netlogin Clients ------------------------------------------------ MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- (B) - Client entry Blackholed in FDB Number of Clients Authenticated : 0 </CODE><BR /><BR />When I add an untagged vlan (with elrp) on the tagged port, both are immediately disabled.<BR />There are no excluded ports for elrp.<BR /><BR />I did not find anything in the docs or gtac knowledge regarding this issue. And I'm seriously surprised I got a loop while using an unauthenticated netlogin-Port.<BR /><BR />Any Idea what went wrong or how I can get it working?</P> Tue, 14 May 2019 20:08:05 GMT CFaber 2019-05-14T20:08:05Z ELRP and tagged/untagged https://community.extremenetworks.com/t5/extremeswitching-exos-switch/elrp-and-tagged-untagged/m-p/82121#M20186 <P>SW-Versions summitX-21.1.5.2-patch1-5 / summitX-22.6.1.4-patch1-1<BR /><BR />We use ELRP (Extreme with Extreme) and STPD-BPDU Protection (Extreme with Other vendors) to prevent loops.<BR />Last Week, someone wired a port with tagged vlans (netlogin-Protected) with a port with untagged vlans.<BR />The switch was busy forwarding packets through the loop although the tagged port was protected by netlogin. ELRP did not react.<BR />The Switch itself registered the connection (VLAN-ID replaced with [vlan]) :<BR /><BR /><CODE>05/08/2019 14:46:20.92 Slot-1: Port=1:1: No associated STP port for STP Domain tag 0 (Rate-limited) 05/08/2019 14:46:20.92 Slot-1: Port=1:11: No associated STP port for STP Domain tag [vlan] (Rate-limited) </CODE><BR /><BR />I tried the same configuration on a testing switch today with the same issues.<BR /><BR /><CODE>Slot-1 # sh elrp ELRP Standalone Client: Enabled Number of ELRP sessions: 2 Number of ELRP pkts transmitted: 2 Number of ELRP pkts received: 0 Interval Pkts Pkts Disable Client VLAN Ports (sec) Count Cyclic Xmit Rcvd Action Port (sec) ---------------------------------------------------------------------------------------------- CLI Vlan_1 All 60.0 0 Yes 1 0 LTI Perm CLI Vlan_2 All 60.0 0 Yes 1 0 LTI Perm ---------------------------------------------------------------------------------------------- Action : (P) Print, (L) Log, (T) Trap, (C) Callback, (E) Egress, (I) Ingress Slot-1 # sh netlogin port 1:1 Port : 1:1 Authentication : 802.1x Port State : Enabled Authentication Mode : Required (Policy Enabled only) Max Supported Users : 1536 (Policy Enabled only) Allowed Users : 128 (Policy Enabled only) Current Users : 0 (Policy Enabled only) ------------------------------------------------ 802.1x Port Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication : On Re-authentication period : 3600 Max Re-authentications : 3 RADIUS server timeout : 30 ------------------------------------------------ Netlogin Clients ------------------------------------------------ MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- (B) - Client entry Blackholed in FDB Number of Clients Authenticated : 0 </CODE><BR /><BR />When I add an untagged vlan (with elrp) on the tagged port, both are immediately disabled.<BR />There are no excluded ports for elrp.<BR /><BR />I did not find anything in the docs or gtac knowledge regarding this issue. And I'm seriously surprised I got a loop while using an unauthenticated netlogin-Port.<BR /><BR />Any Idea what went wrong or how I can get it working?</P> Tue, 14 May 2019 20:08:05 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/elrp-and-tagged-untagged/m-p/82121#M20186 CFaber 2019-05-14T20:08:05Z