Can anyone explain me what is the role of protected vlan in EAPS ring and how it cause a loop when EAPS and STPD both configured in a protected vlan.Any response will be highly appreciated....

Ajay Raj

Userlevel 6
Hello Ajay A protected VLAN is the VLAN that EAPS stops from making a loop. It is the VLAN you want to have redundant. The control VLAN is the VLAN that runs the EAPS protocol. Running STP on an EAPS is a tricky design as you need to make sure that neither blocking protocol blocks the other. If this is on one EAPS domain ther is no reason to have both. If the design uses EAPS in a core ring and STP out to the edge then we would need to look at the design. Why do you need STP and EAPS together? Was the loop only on one VLAN ? P

Here i am facing an a high CPU utilisation on switch and the funniest part is master switch having no issue and one of my transit node getting delay while executing commands.

As per network configuration, EAPS & STPD are running on different ports on Transit switch Ideally it should not create any issue because in master switch it is configured in same way and we are not facing any issue in master

Userlevel 6
Hey Ajay

I am wondering if this is a loop or something else. One thing you can look at doing is enabling the CPU DoS Protect. If it is a loop and the CPU is forwarding the traffic you will see the switch kick off the DoS Protect but it will not be able to match the traffic (because it is all different) and wont create a ACL. That would show a loop.

The other thing I would recommend is to call TAC there are debug commands they can run on the switch to see what is hitting the CPU.

Userlevel 5
Hello Ajay,

As Paul mentioned, the protected VLAN will have it's secondary port blocked on the EAPS master switch to prevent a loop. On a transit switch, EAPS is not doing anything on port level.
If STP and EAPS are configured on the same VLAN and on the same switch, it is possible that it end up in a conflicting situation. That can result in a potential loop.
In that case you should see high CPU utilization on all ring switches.

One command to check if there are basic EAPS errors on a switch is:
# > debug eaps check config
Please note that you cannot this.
If there are no errors on this switch it will pass.

But if you have a high CPU utilization on only one of the transit switches, it is likely that it has a different root cause.

To have better debug tools, I also recommend to open a TAC case through the normal support channel.


Thanks Prusso & Ron......Anyway i have opened a TAC case and working on it..
Looking forward to your support on future also......