This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to delete vlan from existing eaps domain

how to delete vlan from existing eaps domain

lovedeep
New Contributor

‎07-08-2016 03:22 AM

Hi All,

We have a vlan that doesn't need to be protected by EAPS anymore. So I am looking for a step-by-step procedure to delete vlan from EAPS domain without causing any outages.
Thank You

0 Kudos
10 REPLIES 10

lovedeep
New Contributor

‎07-12-2016 12:02 AM

Hi Hagemann, thank you for your quick response. Apologies for hassling you with too many questions, the problem is I haven't done any work with eaps in the past, so I am simply not comfortable with eaps. I just wanted to ask you one more thing. I have attached the picture to give you an idea about the way eaps is configured at our Data centers. Core 1 and 2 are in one data center and core 3, and 4 are in another one. So basically we are running eaps domain across all four core switches. 10:1 and 10:2 are the ring ports on all extreme switches. So if I just delete the vlan from port 10:1 and then delete the vlan from the eaps domain on all core switches should that be enough? Or Do I have to worry about the ports 10:2 as well? We need that vlan to be tagged on port 10:2, so the servers can talk locally. I believe this should not cause any loop.

29c9728d8ed145b294fa451a86ac3171_RackMultipart20160712-10758-o20ltm-Core_switches_inline.jpg


0 Kudos

Chris_H
Extreme Employee
In response to lovedeep

‎07-12-2016 12:02 AM

Olaf has already explained the required steps to remove the VLAN, however I thought to give a bit of the background information on EAPS here and what you would want to do..

If you have a VLAN on all 4 switches of your drawing on all ring-ports, then you create a loop. The concepts of Ethernet switching indicates that traffic is being sent out all ports on the same VLAN with the exception of the receiving port. So let's say Core 1 receives a packet on port 10:1 and it does not have an FDB entry for it (to know which port to forward the traffic to), it will do "unknown unicast flooding", so it will send the traffic out all ports with exception of the incoming port.
In this example it will send the traffic out port 10:2. Core 2 receives the packet on port 10:2 and will do the same, so it will send it out of port 10:1 towards Core 4 in your drawing. The same happens again on Core 4 and Core 3 and eventually the packet is being received by Core 1 again, only to start the process over and again forward it out to Core 2 and this is how a loop is created.

To prevent this loop from happening you can use EAPS. The EAPS master switch blocks the secondary port on the protected VLANs, so that this loop is being interrupted.
This is similar to just removing one of the ports from the VLAN, however if you actually did this, and there was a single link-failure in the network you would split the VLAN into multiple segments. To avoid this, you can i.e. use EAPS, which simply "opens" up the blocked secondary port and full connectivity is restored.

So when you say that a specific VLAN is not required by EAPS anymore this indicates that it's not part of the full ring (so the VLAN has been removed from at least one ring-port of one of the switches).
In this case you can just delete it from the list of protected VLANs, with the command that Olaf had already mentioned as there is no chance that a loop can be created.
This does not mean, that you will have to remove this VLAN from all ring ports on all switches, as i.e. in your case you still need connectivity to some servers.
Just make sure that before removing this VLAN from the list of protected VLANs in EAPS it is not creating a full loop anymore (so have at least one ring-port removed).

0 Kudos

AnonymousM
Valued Contributor II

‎07-11-2016 03:16 AM

The order of nodes does not matter. Just delete the ring ports from the VLAN and delete the VLAN from EAPS.
0 Kudos

lovedeep
New Contributor

‎07-11-2016 12:36 AM

Hi Hagemann, Many thanks for your response. So when deleting the vlan from ring ports or deleting the vlan from the eaps domain. Do I have to do this on the master node first and then on transit nodes? Is there any order that I should follow?



0 Kudos

AnonymousM
Valued Contributor II

‎07-08-2016 04:33 AM

configure eaps name delete protected {vlan} vlan_name

To prevent loops in the network, you must delete the ring ports (the primary and the secondary ports)
from the protected VLAN before deleting the protected VLAN from the EAPS domain. Failure to do so
can cause a loop in the network.
The switch displays by default a warning message and prompts you to delete the VLAN from the EAPS
domain. When prompted, do one of the following:
• Enter y delete the VLAN from the specified EAPS domain.
• Enter n or press [Return] to cancel this action.

0 Kudos
GTM-P2G8KFN