09-21-2021 01:51 PM
We are currently using ELRP to temporarily disable ports that detect a loop; if ELRP continues to alert, we then look to find the specific access port that is causing the loop.
The issue we are having is that we are spending an inordinate amount of time trying to hunt down the port using alert numbers, original time of report, spot checking individual switch logs, etc.
Is there a way to include the specific ports where the loop was detected on the SNMP alerts from the switch? Or is there another way anyone uses to locate and remediate ports?
09-21-2021 07:19 PM
We are currently only sending snmp traps with the device, severity of the event and, in this case, that an ELRP loop was detected. We do not have the switches in our SIEM; is there a way to send (and/or extract) the log information on the ports reporting the loop into an email message? Or can it only be viewed on the switch or sent to another platform?
09-21-2021 01:54 PM
In the ELRP log message the source and destination port are shown, or are you only using snmp trap ? Then I would suggest to enable the log message also (maybe use syslog to send it to a central server (like XMC for example))