This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- ELRP with dynamically changing vlan membership
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ELRP with dynamically changing vlan membership
ELRP with dynamically changing vlan membership
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 13 2013 9:48PM
Hello Everyone,
I've been looking at ELRP to help prevent L2 loops. Our switches (one section of them) work in conjunction with Bradford NAC system, which based on the user's profile and settings, puts the edge port into either production vlan or registration or quarantine (non-production) vlans. ELRP if I understand correctly works per vlan only, right? For instance looping a edge port in production vlan with a an edge port in the non-production vlan will not cause either of the edge ports to shutdown, right? My final goal is to achieve prevent L2 loops when the vlan membership of an edge port is constantly changing.
Is there anyway to tweak this behavior of ELRP and if not, are there any alternatives to what I'm trying to achieve?
Thanks!
(from Shashank_S Kumar)
Hello Everyone,
I've been looking at ELRP to help prevent L2 loops. Our switches (one section of them) work in conjunction with Bradford NAC system, which based on the user's profile and settings, puts the edge port into either production vlan or registration or quarantine (non-production) vlans. ELRP if I understand correctly works per vlan only, right? For instance looping a edge port in production vlan with a an edge port in the non-production vlan will not cause either of the edge ports to shutdown, right? My final goal is to achieve prevent L2 loops when the vlan membership of an edge port is constantly changing.
Is there anyway to tweak this behavior of ELRP and if not, are there any alternatives to what I'm trying to achieve?
Thanks!
(from Shashank_S Kumar)
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 28 2013 12:33PM
Hey skumar
We should be able to. We can filter on this message and if the MAC is a variable we can run the command to do a show FDA on the MAC address and find the port. I would need to try and reproduce this and see if the UPM will work. I am out until next Wed so I may not have anything
let me see what we can do.
(from Paul_Russo)
Hey skumar
We should be able to. We can filter on this message and if the MAC is a variable we can run the command to do a show FDA on the MAC address and find the port. I would need to try and reproduce this and see if the UPM will work. I am out until next Wed so I may not have anything
let me see what we can do.
(from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 27 2013 7:19PM
Thanks Prusso,
Yes, that makes sense.
We have a Bradford NAC system that works in conjunction with XOS switches. Each time a student connects to the XOS switch, relevant snmp traps are sent to the NAC. Based on these traps and the student's info, the NAC moves the edge port to either a production vlan or reregistration vlan or quarantine vlan.
A UPM profile for something like this would be cool. What log would we be able to send the UPM profile? The 'ELRP.Report.Message' event seems to only get generated when a loop is detected. Is there anyway that I can modify this behavior and generate a log when ELRP transmit packet count increases? Is there a way to "create" my own syslog event?
I have no experience with IDM. Is there a separate license for IDM or does it just need to be enabled on Ridgeline?
I came across broadcast storm control app https://xkit.extremenetworks.com/app/v/bcaststormdetect; any idea what this is?
I'll look into this as well.
Edit: I noticed this syslog today:
03/27/2013 13:45:11.96 Our own packet received. Mac address of the received packet is [0:4:96:35:75:d4],there could be physical loop in the network
I wonder if could modify this syslog to read the FDB table and give me the port number on which the MAC address is received?
(from Shashank_S Kumar)
Thanks Prusso,
Yes, that makes sense.
We have a Bradford NAC system that works in conjunction with XOS switches. Each time a student connects to the XOS switch, relevant snmp traps are sent to the NAC. Based on these traps and the student's info, the NAC moves the edge port to either a production vlan or reregistration vlan or quarantine vlan.
A UPM profile for something like this would be cool. What log would we be able to send the UPM profile? The 'ELRP.Report.Message' event seems to only get generated when a loop is detected. Is there anyway that I can modify this behavior and generate a log when ELRP transmit packet count increases? Is there a way to "create" my own syslog event?
I have no experience with IDM. Is there a separate license for IDM or does it just need to be enabled on Ridgeline?
I came across broadcast storm control app https://xkit.extremenetworks.com/app/v/bcaststormdetect; any idea what this is?
I'll look into this as well.
Edit: I noticed this syslog today:
03/27/2013 13:45:11.96
I wonder if could modify this syslog to read the FDB table and give me the port number on which the MAC address is received?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 27 2013 6:32PM
Hey Skumar
ELRP will not work when your control VLAN is tagged on the port. The reason is that the switch, netgear for example, will not have that VLAN tagged on the port to the extreme switch. The ELRP packet is going out with a 802.1Q tag on it but the remote switch will not understand the tag and will drop the packet on its port. Since the packet is dropped it will not be looped back to extreme. When ever you have more than one VLAN on a port then you need to have a control VLAN that is untagged. This is the same for STP as well as it is a tag issue.
How are the ports being moved into the VLAN? 802.1x? if so then we may be able launch a IDM or UPM profile to en elrp on that port for the VLAN that it gets added to.
As for it working on ExtremeWare versus netgear there should be no difference if the VLAN is untagged and the switches have all ports on the same VLAN.
Hope that helps to clear some things up.
P (from Paul_Russo)
Hey Skumar
ELRP will not work when your control VLAN is tagged on the port. The reason is that the switch, netgear for example, will not have that VLAN tagged on the port to the extreme switch. The ELRP packet is going out with a 802.1Q tag on it but the remote switch will not understand the tag and will drop the packet on its port. Since the packet is dropped it will not be looped back to extreme. When ever you have more than one VLAN on a port then you need to have a control VLAN that is untagged. This is the same for STP as well as it is a tag issue.
How are the ports being moved into the VLAN? 802.1x? if so then we may be able launch a IDM or UPM profile to en elrp on that port for the VLAN that it gets added to.
As for it working on ExtremeWare versus netgear there should be no difference if the VLAN is untagged and the switches have all ports on the same VLAN.
Hope that helps to clear some things up.
P (from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 27 2013 2:47PM
Hey Prusso,
But in my scenario, we have multiple vlans in a switch and vlan membership of a port changes dynamically. Which is why I created a dummy vlan called 'control'elrp' and tagged it on all ports
Anyways, here's what I did:
1. Upgraded my switch to 15.1.3.4
2. Created a dummy vlan called 'control'elrp' and tagged it all ports 1-24
3. Created a bunch of dummy vlans - prod, reg, quaruntine
4. untagged port 1-5 on prod, 6-11 on reg, 12-17 on quaruntine
Test:
1. Loop port 1 and 2, elrp works fine
2. Loop port 3 and por 11 - elrp works just fine, sicne both these ports have common tagged vlan
3. Loop a remote switch (ExtremeWare, unmanaged home switch, etc) and then connect to XOS switch running elrp. This is where elrp does not catch the loop.
4. Tagged default vlan on ports 1-24 and tried connecting to remote switch, elrp did not catch the loop
5. Undid the prior config, added default vlan untagged to all the ports and then tried catching a remote loop - elrp worked when the remote switch was ExtremeWare, but not when the remote switch was a netgear home unmanaged switch.
I guess i'll have to skip ELRP for what I'm trying to achieve. I'll look into something else and post it here when I have a solid working config.
Meanwhile, if anyone has any suggestions, please do let me know.
Thanks for all you help thus far Prusso!
(from Shashank_S Kumar)
Hey Prusso,
But in my scenario, we have multiple vlans in a switch and vlan membership of a port changes dynamically. Which is why I created a dummy vlan called 'control'elrp' and tagged it on all ports
Anyways, here's what I did:
1. Upgraded my switch to 15.1.3.4
2. Created a dummy vlan called 'control'elrp' and tagged it all ports 1-24
3. Created a bunch of dummy vlans - prod, reg, quaruntine
4. untagged port 1-5 on prod, 6-11 on reg, 12-17 on quaruntine
Test:
1. Loop port 1 and 2, elrp works fine
2. Loop port 3 and por 11 - elrp works just fine, sicne both these ports have common tagged vlan
3. Loop a remote switch (ExtremeWare, unmanaged home switch, etc) and then connect to XOS switch running elrp. This is where elrp does not catch the loop.
4. Tagged default vlan on ports 1-24 and tried connecting to remote switch, elrp did not catch the loop
5. Undid the prior config, added default vlan untagged to all the ports and then tried catching a remote loop - elrp worked when the remote switch was ExtremeWare, but not when the remote switch was a netgear home unmanaged switch.
I guess i'll have to skip ELRP for what I'm trying to achieve. I'll look into something else and post it here when I have a solid working config.
Meanwhile, if anyone has any suggestions, please do let me know.
Thanks for all you help thus far Prusso!
(from Shashank_S Kumar)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 20 2013 2:39PM
Hey Skumar
I did some testing on both 12.5.12.6 as well as on 15.1.3.4. In my test I used a Summit x250 in default configuration where I used the default VLAN which is untagged on all ports. I then enabled elrp and configure elrp-client periodic Default ports all interval 1 log-and-trap disable-port permanent.
I replicated connecting to a switch that did not know about ELRP. In my case I was using a Summit 300 with EDP and ELRP turned off.
If I had the edge switch connected prior to stating the loop ELRP caught it. There were two times it didn't catch it but I believe that it was because I was moving the connection to a new port and starting the loop very quickly. See results below
If the loop was already going then my results were sporadic which I would expect as the port util was at 100% on the port to the looped switch.
I hope this helps let me know if you do more testing and whether you are starting the loop after the connection is created or before.
Thanks
P
(from Paul_Russo)
Hey Skumar
I did some testing on both 12.5.12.6 as well as on 15.1.3.4. In my test I used a Summit x250 in default configuration where I used the default VLAN which is untagged on all ports. I then enabled elrp and configure elrp-client periodic Default ports all interval 1 log-and-trap disable-port permanent.
I replicated connecting to a switch that did not know about ELRP. In my case I was using a Summit 300 with EDP and ELRP turned off.
If I had the edge switch connected prior to stating the loop ELRP caught it. There were two times it didn't catch it but I believe that it was because I was moving the connection to a new port and starting the loop very quickly. See results below
If the loop was already going then my results were sporadic which I would expect as the port util was at 100% on the port to the looped switch.
I hope this helps let me know if you do more testing and whether you are starting the loop after the connection is created or before.
Thanks
P
(from Paul_Russo)
