This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: Preventing inadvertent loops
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Preventing inadvertent loops
Preventing inadvertent loops
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 4 2012 2:34AM
We are currently using EAPS (with spatial reuse) and VRRP in our environment and are looking to possibly move to MLAG (maybe two-tier). EAPS does a great job when it comes to loop protection but that is on dedicated trunks/uplinks. What about edge/access ports. But cabling is a mess in my environment and I have had instances where people have used hubs and created loops using access layer ports both on same switches and between switches where VLANs are spanned across. On the older Extremeware based boxes, I used to use lbdetect which helped to an extent. Can you please advise on how best to go about preventing these pesky loops that can be triggered inadvertently using hubs and access ports. The devices at the other end could be Extreme or non-Extreme devices. Couple of suggestions:
1. ELSM and ELRP - I am guessing these are generally used on uplinks and not access ports.
2. CFM - can this be put to good use although I am pretty sure this is not what it is intended for
3. Can I possibly use MAC-address lockdown restricting MAC count to just 1.
4. Does it boil down to doing structured cabling and enabling ports and completing vlan assignment on an "on demand" basis. Tks for the help. (from Anush_Santhanam)
We are currently using EAPS (with spatial reuse) and VRRP in our environment and are looking to possibly move to MLAG (maybe two-tier). EAPS does a great job when it comes to loop protection but that is on dedicated trunks/uplinks. What about edge/access ports. But cabling is a mess in my environment and I have had instances where people have used hubs and created loops using access layer ports both on same switches and between switches where VLANs are spanned across. On the older Extremeware based boxes, I used to use lbdetect which helped to an extent. Can you please advise on how best to go about preventing these pesky loops that can be triggered inadvertently using hubs and access ports. The devices at the other end could be Extreme or non-Extreme devices. Couple of suggestions:
1. ELSM and ELRP - I am guessing these are generally used on uplinks and not access ports.
2. CFM - can this be put to good use although I am pretty sure this is not what it is intended for
3. Can I possibly use MAC-address lockdown restricting MAC count to just 1.
4. Does it boil down to doing structured cabling and enabling ports and completing vlan assignment on an "on demand" basis. Tks for the help. (from Anush_Santhanam)
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 9 2012 3:56PM
Hey Excalibur
No it is not mandatory to use both ELRP and ESRP. When ESRP is used in the core they do have hooks that make the overall solution better but they are independent protocols.
If you have two stacks or switches in the same closet that are connected to one another and both then have a link to the core it is important to run ELRP only on the links that connect the two together if there is a chance of looping ports on both switches/stacks. So for example if you connect a l2 switch on port 1 on switch 1 and port 1 on switch 2. ELRP will see the loop and will disable the edge ports. If you do not have ELRP on the link between the two then you will not see the loop. You configure ELRP to ignore uplink ports and you only want it on the ports directly connecting the two switches/stacks.
The nice thing with ELRP is that it is proprietary. The edge switch will see the packet as a normal packet and forward it back up. ELRP can see the remote loop and disable the ports. In some cases when using STP the remote switch may try and process the BPDU packet which in cases of a loop can mean that the packet is dropped (High CPU) and the edge switch will not see the BPDU come back and can open up the port.
No do not sue any other blocking technology with MLAG.
Hope this helps
P (from Paul_Russo)
Hey Excalibur
No it is not mandatory to use both ELRP and ESRP. When ESRP is used in the core they do have hooks that make the overall solution better but they are independent protocols.
If you have two stacks or switches in the same closet that are connected to one another and both then have a link to the core it is important to run ELRP only on the links that connect the two together if there is a chance of looping ports on both switches/stacks. So for example if you connect a l2 switch on port 1 on switch 1 and port 1 on switch 2. ELRP will see the loop and will disable the edge ports. If you do not have ELRP on the link between the two then you will not see the loop. You configure ELRP to ignore uplink ports and you only want it on the ports directly connecting the two switches/stacks.
The nice thing with ELRP is that it is proprietary. The edge switch will see the packet as a normal packet and forward it back up. ELRP can see the remote loop and disable the ports. In some cases when using STP the remote switch may try and process the BPDU packet which in cases of a loop can mean that the packet is dropped (High CPU) and the edge switch will not see the BPDU come back and can open up the port.
No do not sue any other blocking technology with MLAG.
Hope this helps
P (from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 9 2012 3:29AM
Great help with this. A couple of questions if I may:
1. Is it mandatory to bundle ELRP with ESRP or can it be used as a standalone protocol
2. Again, I will be protecting the uplinks (switch to switch P2P) through EAPS. My interest is in the edge ports which you have clarified that this will help.
3. Since this is Extreme proprietary, how about in cases where I may have a non Extreme switch inadvertently hooked up (edge port to edge port - single vlan in access mode not tagged).
4. Lastly, can ELRP be used with M-LAG. I know that it is recommended that you do not use ELSM.
Can you please advise. Thank you again for the time and effort. (from Anush_Santhanam)
Great help with this. A couple of questions if I may:
1. Is it mandatory to bundle ELRP with ESRP or can it be used as a standalone protocol
2. Again, I will be protecting the uplinks (switch to switch P2P) through EAPS. My interest is in the edge ports which you have clarified that this will help.
3. Since this is Extreme proprietary, how about in cases where I may have a non Extreme switch inadvertently hooked up (edge port to edge port - single vlan in access mode not tagged).
4. Lastly, can ELRP be used with M-LAG. I know that it is recommended that you do not use ELSM.
Can you please advise. Thank you again for the time and effort. (from Anush_Santhanam)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 4 2012 11:16AM
Hello ExcaliburI am assuming that these loops occurs on XoS based switches and not on the older EW switches. With that assumption there is no doubt that I would use ELRP to protect the edge ports. ELRP has changed a lot from EW where it can actually disable ports where before it was only able to notify of a loop. You can disable them permanently or set a time period where it would disable ports for 30 seconds, for example, and then bring the port back up. If the loop continues the port will go back down for another 30 seconds. Depending on which version of code you are using, needs to be 12.5 or higher you can mark the uplink ports so that if there is a loop between switches ELRP will block the edge and not the uplink ports.Finally ELRP will detect remote loops as well as direct loops. So if there is a loop at an edge switch ELRP will will detect it and disable the port.Let me know if this helps.P (from Paul_Russo)
Hello ExcaliburI am assuming that these loops occurs on XoS based switches and not on the older EW switches. With that assumption there is no doubt that I would use ELRP to protect the edge ports. ELRP has changed a lot from EW where it can actually disable ports where before it was only able to notify of a loop. You can disable them permanently or set a time period where it would disable ports for 30 seconds, for example, and then bring the port back up. If the loop continues the port will go back down for another 30 seconds. Depending on which version of code you are using, needs to be 12.5 or higher you can mark the uplink ports so that if there is a loop between switches ELRP will block the edge and not the uplink ports.Finally ELRP will detect remote loops as well as direct loops. So if there is a loop at an edge switch ELRP will will detect it and disable the port.Let me know if this helps.P (from Paul_Russo)
