cancel
Showing results for 
Search instead for 
Did you mean: 

Help, I need to configure elrp

Help, I need to configure elrp

Susana_Tovar
New Contributor II
Hello All,

I need configure elrp in switch X460-24t version 16.1.4.2 patch1-7 but i don't know what option to choose, i have this options:
  • Log-and-trap disable-port egress permanent
  • Log disable-port ingress permanent
What is the difference between Log-and-trap disable-port egress permanent and Log disable-port ingress permanent

Thanks everyone for your help


1 ACCEPTED SOLUTION

That makes sense, all our user ports trunk voice vlan but not trunk for the data side. I appreciate the explanation.

View solution in original post

20 REPLIES 20

Our VM environment and MLAG live on the 2 blackdiamonds and 10G DC670's that terminate to our cores. I'm thinking something could happen if hardware issue caused a loop regarding MLAG and ELRP would keep a loop from happening either by user error or by issue. Does this help? Thanks Chad.

I'm not sure I fully understand. If you enable egress on ALL edge ports, and have confidence that the other ports (i.e core and aggregation layer) are secure and will remain loop-free, you don't have to enable ELRP there. If not, then yes you could enable ELRP on egress going to your downstream edge switches. However, any loop detected on these ports could segment the entire downstream switch from the network.

When using ELRP at the core/aggregation layer it can make more sense to use ingress blocking with the exclude list excluding critical uplinks/downlinks.

So best practice I should could enable ELRP blocking on edge switch access ports then on the uplinks that have LAG's to MLAGs to the cores enable egress blocking? Thanks Chad

Generally, for egress blocking, yes enable it only on the edge ports

Erik_Auerswald
Contributor II
Hi,

I prefer to enable ELRP on the access ports, but not on uplinks, and then disable the egress port if a loop is detected.

If e.g. a loop between two access switches is created, ELRP will see packets returning via the uplinks. The uplinks are usually exempted from being disabled by ELRP (otherwise the whole switch would be disabled, not just the access port that is part of the loop). Thus it does not help to act on the ingress port . But the egress port can (and should) be disabled in this situation.

Thanks,
Erik

GTM-P2G8KFN