This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ELRP and tagged/untagged

ELRP and tagged/untagged

CFaber
New Contributor

‎05-14-2019 01:08 PM

SW-Versions summitX-21.1.5.2-patch1-5 / summitX-22.6.1.4-patch1-1

We use ELRP (Extreme with Extreme) and STPD-BPDU Protection (Extreme with Other vendors) to prevent loops.
Last Week, someone wired a port with tagged vlans (netlogin-Protected) with a port with untagged vlans.
The switch was busy forwarding packets through the loop although the tagged port was protected by netlogin. ELRP did not react.
The Switch itself registered the connection (VLAN-ID replaced with [vlan]) :

05/08/2019 14:46:20.92 Slot-1: Port=1:1: No associated STP port for STP Domain tag 0 (Rate-limited) 05/08/2019 14:46:20.92 Slot-1: Port=1:11: No associated STP port for STP Domain tag [vlan] (Rate-limited)

I tried the same configuration on a testing switch today with the same issues.

Slot-1 # sh elrp ELRP Standalone Client: Enabled Number of ELRP sessions: 2 Number of ELRP pkts transmitted: 2 Number of ELRP pkts received: 0 Interval Pkts Pkts Disable Client VLAN Ports (sec) Count Cyclic Xmit Rcvd Action Port (sec) ---------------------------------------------------------------------------------------------- CLI Vlan_1 All 60.0 0 Yes 1 0 LTI Perm CLI Vlan_2 All 60.0 0 Yes 1 0 LTI Perm ---------------------------------------------------------------------------------------------- Action : (P) Print, (L) Log, (T) Trap, (C) Callback, (E) Egress, (I) Ingress Slot-1 # sh netlogin port 1:1 Port : 1:1 Authentication : 802.1x Port State : Enabled Authentication Mode : Required (Policy Enabled only) Max Supported Users : 1536 (Policy Enabled only) Allowed Users : 128 (Policy Enabled only) Current Users : 0 (Policy Enabled only) ------------------------------------------------ 802.1x Port Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication : On Re-authentication period : 3600 Max Re-authentications : 3 RADIUS server timeout : 30 ------------------------------------------------ Netlogin Clients ------------------------------------------------ MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- (B) - Client entry Blackholed in FDB Number of Clients Authenticated : 0

When I add an untagged vlan (with elrp) on the tagged port, both are immediately disabled.
There are no excluded ports for elrp.

I did not find anything in the docs or gtac knowledge regarding this issue. And I'm seriously surprised I got a loop while using an unauthenticated netlogin-Port.

Any Idea what went wrong or how I can get it working?

0 Kudos
0 REPLIES 0
GTM-P2G8KFN