This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- ELRP with dynamically changing vlan membership
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ELRP with dynamically changing vlan membership
ELRP with dynamically changing vlan membership
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 13 2013 9:48PM
Hello Everyone,
I've been looking at ELRP to help prevent L2 loops. Our switches (one section of them) work in conjunction with Bradford NAC system, which based on the user's profile and settings, puts the edge port into either production vlan or registration or quarantine (non-production) vlans. ELRP if I understand correctly works per vlan only, right? For instance looping a edge port in production vlan with a an edge port in the non-production vlan will not cause either of the edge ports to shutdown, right? My final goal is to achieve prevent L2 loops when the vlan membership of an edge port is constantly changing.
Is there anyway to tweak this behavior of ELRP and if not, are there any alternatives to what I'm trying to achieve?
Thanks!
(from Shashank_S Kumar)
Hello Everyone,
I've been looking at ELRP to help prevent L2 loops. Our switches (one section of them) work in conjunction with Bradford NAC system, which based on the user's profile and settings, puts the edge port into either production vlan or registration or quarantine (non-production) vlans. ELRP if I understand correctly works per vlan only, right? For instance looping a edge port in production vlan with a an edge port in the non-production vlan will not cause either of the edge ports to shutdown, right? My final goal is to achieve prevent L2 loops when the vlan membership of an edge port is constantly changing.
Is there anyway to tweak this behavior of ELRP and if not, are there any alternatives to what I'm trying to achieve?
Thanks!
(from Shashank_S Kumar)
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 14 2013 8:24PM
Thanks Prusso,
1. We have multiple vlans setup on the switch – production, registration, isolation and quarantine. The XOS switches are setup in conjunction with Bradford NAC. The default (not native) vlan configured on edge ports is untagged registration.
So when a student plugs into the switch, Bradford prompts the student to enter his details and register with Bradford. Once done, Bradford automatically moves the student over to the production vlan. If the student’s laptop/PC health does not match set standards, then he is put into the quarantine vlan. Once the student disconnects, then the port is out back into the registration vlan
2. I tried this with a netgear home unmanaged switch, looped the netgear switch and connected it the XOS switch, the port wasn't disabled
I did not check to see if the ELRP counters changed.
3. No, the control vlan would always be tagged. The untagged vlans are registration, isolation, etc.
I'll test this again and see what comes up.
Thanks in advance for your help!!
(from Shashank_S Kumar)
Thanks Prusso,
1. We have multiple vlans setup on the switch – production, registration, isolation and quarantine. The XOS switches are setup in conjunction with Bradford NAC. The default (not native) vlan configured on edge ports is untagged registration.
So when a student plugs into the switch, Bradford prompts the student to enter his details and register with Bradford. Once done, Bradford automatically moves the student over to the production vlan. If the student’s laptop/PC health does not match set standards, then he is put into the quarantine vlan. Once the student disconnects, then the port is out back into the registration vlan
2. I tried this with a netgear home unmanaged switch, looped the netgear switch and connected it the XOS switch, the port wasn't disabled
I did not check to see if the ELRP counters changed.
3. No, the control vlan would always be tagged. The untagged vlans are registration, isolation, etc.
I'll test this again and see what comes up.
Thanks in advance for your help!!
(from Shashank_S Kumar)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 14 2013 7:22PM
Hey Skumar
I have a few questions to help understand the issue.
1) why are they ports changing VLANs so much? Are you using 802.1x? if so we may be able to use a UPM profile to launch after the VLAN is moved.
2) ELRP should shutdown a port with a remote loop, i.e. from a 3rd party switch. What symptom are you seeing where it isn't?
3) is the control VLAN the untagged VLAN on the port?
Thanks
P (from Paul_Russo)
Hey Skumar
I have a few questions to help understand the issue.
1) why are they ports changing VLANs so much? Are you using 802.1x? if so we may be able to use a UPM profile to launch after the VLAN is moved.
2) ELRP should shutdown a port with a remote loop, i.e. from a 3rd party switch. What symptom are you seeing where it isn't?
3) is the control VLAN the untagged VLAN on the port?
Thanks
P (from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 14 2013 6:27PM
Damn, I totally forgot about 3rd party switches that users may plug in and loop.
*Sigh* back to some more testing... (from Shashank_S Kumar)
Damn, I totally forgot about 3rd party switches that users may plug in and loop.
*Sigh* back to some more testing... (from Shashank_S Kumar)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 10:00 PM
Create Date: Mar 14 2013 1:05PM
Hey Guys,
I think I found a solution.
Just create a control VLAN for ELRP. Tag it on all ports and done. ELRP works flawlessly.
Enter these two commands:
en elrp-client
conf elrp-client periodic "control-elrp" ports 1-24 log-and-trap disable-port permanent
The log looks something like this:
03/14/2013 05:55:36.56 Disabling port 21. Permanent
03/14/2013 05:55:36.56 [CLI:control-elrp:14] LOOP DETECTED : 67 transmited, 3 received, ingress slot:port (21) egress slot:port (1
Simple.
Hope it helps others in a similar situation
Note:
1. When looping two edge ports on different XoS switches, ELRP disables the uplink port
2. The "disable-port" keyword in the above config works only on XoS version 12.5 and above. For previous version to shut down a port, you'll have play around with UPM a little
(from Shashank_S Kumar)
Hey Guys,
I think I found a solution.
Just create a control VLAN for ELRP. Tag it on all ports and done. ELRP works flawlessly.
Enter these two commands:
en elrp-client
conf elrp-client periodic "control-elrp" ports 1-24 log-and-trap disable-port permanent
The log looks something like this:
03/14/2013 05:55:36.56
03/14/2013 05:55:36.56
Simple.
Hope it helps others in a similar situation
Note:
1. When looping two edge ports on different XoS switches, ELRP disables the uplink port
2. The "disable-port" keyword in the above config works only on XoS version 12.5 and above. For previous version to shut down a port, you'll have play around with UPM a little
(from Shashank_S Kumar)
