cancel
Showing results for 
Search instead for 
Did you mean: 

ELRP with dynamically changing vlan membership

ELRP with dynamically changing vlan membership

EtherNation_Use
Contributor II
Create Date: Mar 13 2013 9:48PM

Hello Everyone,

I've been looking at ELRP to help prevent L2 loops. Our switches (one section of them) work in conjunction with Bradford NAC system, which based on the user's profile and settings, puts the edge port into either production vlan or registration or quarantine (non-production) vlans. ELRP if I understand correctly works per vlan only, right? For instance looping a edge port in production vlan with a an edge port in the non-production vlan will not cause either of the edge ports to shutdown, right? My final goal is to achieve prevent L2 loops when the vlan membership of an edge port is constantly changing.

Is there anyway to tweak this behavior of ELRP and if not, are there any alternatives to what I'm trying to achieve?

Thanks!
(from Shashank_S Kumar)
23 REPLIES 23

Matt_Myers
New Contributor
Funny how EXOS implementation of this is really poor in my opinion. I too have fought with how to handle this as a Partner installing in many installations. I also Install Cisco. In Cisco(to prevent loops) you enable spanning-tree portfast and done. If you change the port to trunk(tagged) port automatically disables portfast. Cisco is all automatic. EXOS you have to reinvent some ridiculous method or accept the shortcomings of ELRP. The fact that someone in this post asked why you would want to change vlans often is a null point. Customer need vlans changed on ports all the time. The switches need a better way to handle these port changes. Writing complex scripts etc... is not even near a good solution when Cisco had this handled well over a decade ago. It's going to be that 1% of the time where ELRP did not offer protection(because of vlan changes) that the whole network will be brought down to it's knees.

EtherNation_Use
Contributor II
Create Date: May 14 2013 2:22PM

Any new updates? I am looking at this as well. Trying to test it out in my lab. Will let you know what I come up with! (from Michael_Lunde)

EtherNation_Use
Contributor II
Create Date: Apr 1 2013 2:37PM

Logs on the switches you mean?
This is all I see:

03/27/2013 08:47:39.18 Slot-1: User bf-nac logout from telnet (172.28.3.250)
03/27/2013 08:47:37.77 Slot-1: Login passed for user bf-nac through telnet (172.28.3.250)
03/27/2013 08:47:27.23 Slot-1: User bf-nac logout from telnet (172.28.3.250)

Would it help if I turned on syslogging for "cli.logLocalCmd" and "cli.logRemoteCmd" events?

Or do you mean logs on the Bradford server? (from Shashank_S Kumar)

EtherNation_Use
Contributor II
Create Date: Mar 28 2013 8:23PM

thanks Skumar I will look into this and see what the profile could look like.

Also when Bradford changes the port assignment does it create a log entry? If so can you send me what that looks like?

Thanks
P (from Paul_Russo)

EtherNation_Use
Contributor II
Create Date: Mar 28 2013 2:58PM

Thanks Prusso,

In my previous post, I somehow missed posting the syslog event.

It was an IPMC.Warning event

03/27/2013 13:45:11.96 Our own packet received. Mac address of the received packet is [0:4:96:35:75:d4],there could be physical loop in the network (from Shashank_S Kumar)
GTM-P2G8KFN