This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: Preventing inadvertent loops
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Preventing inadvertent loops
Preventing inadvertent loops
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 4 2012 2:34AM
We are currently using EAPS (with spatial reuse) and VRRP in our environment and are looking to possibly move to MLAG (maybe two-tier). EAPS does a great job when it comes to loop protection but that is on dedicated trunks/uplinks. What about edge/access ports. But cabling is a mess in my environment and I have had instances where people have used hubs and created loops using access layer ports both on same switches and between switches where VLANs are spanned across. On the older Extremeware based boxes, I used to use lbdetect which helped to an extent. Can you please advise on how best to go about preventing these pesky loops that can be triggered inadvertently using hubs and access ports. The devices at the other end could be Extreme or non-Extreme devices. Couple of suggestions:
1. ELSM and ELRP - I am guessing these are generally used on uplinks and not access ports.
2. CFM - can this be put to good use although I am pretty sure this is not what it is intended for
3. Can I possibly use MAC-address lockdown restricting MAC count to just 1.
4. Does it boil down to doing structured cabling and enabling ports and completing vlan assignment on an "on demand" basis. Tks for the help. (from Anush_Santhanam)
We are currently using EAPS (with spatial reuse) and VRRP in our environment and are looking to possibly move to MLAG (maybe two-tier). EAPS does a great job when it comes to loop protection but that is on dedicated trunks/uplinks. What about edge/access ports. But cabling is a mess in my environment and I have had instances where people have used hubs and created loops using access layer ports both on same switches and between switches where VLANs are spanned across. On the older Extremeware based boxes, I used to use lbdetect which helped to an extent. Can you please advise on how best to go about preventing these pesky loops that can be triggered inadvertently using hubs and access ports. The devices at the other end could be Extreme or non-Extreme devices. Couple of suggestions:
1. ELSM and ELRP - I am guessing these are generally used on uplinks and not access ports.
2. CFM - can this be put to good use although I am pretty sure this is not what it is intended for
3. Can I possibly use MAC-address lockdown restricting MAC count to just 1.
4. Does it boil down to doing structured cabling and enabling ports and completing vlan assignment on an "on demand" basis. Tks for the help. (from Anush_Santhanam)
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 8 2012 5:27PM
Hello Arpit,
Great thanks for this. You are absolutely right. I am aware that you can specifically exclude EAPS ring ports. In fact I just trialed this out in a PoC environment and it worked like a charm. The only thing is about Netlogin. I recollect that the XOS concepts guide indicates that this may not be possible. Lets leave this for prusso to confirm. Again tks a million for taking the time to respond. Great help. Tks. (from Anush_Santhanam)
Hello Arpit,
Great thanks for this. You are absolutely right. I am aware that you can specifically exclude EAPS ring ports. In fact I just trialed this out in a PoC environment and it worked like a charm. The only thing is about Netlogin. I recollect that the XOS concepts guide indicates that this may not be possible. Lets leave this for prusso to confirm. Again tks a million for taking the time to respond. Great help. Tks. (from Anush_Santhanam)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 8 2012 9:01AM
I am pretty sure it works with netlogin as well as it is just a multicast packet that would go through but let's wait on prusso for that.
Also, I would recommend yyou to not block EAPS ports if you are blocking at all. There is a command using which you can prevent ELRP from disabling the EAPS ports when a loop is seen This would help if you have ELRP protection for Uplink ports.
Let me know if that makes sense.
Thanks,
Arpit (from Arpit_Bhatt)
I am pretty sure it works with netlogin as well as it is just a multicast packet that would go through but let's wait on prusso for that.
Also, I would recommend yyou to not block EAPS ports if you are blocking at all. There is a command using which you can prevent ELRP from disabling the EAPS ports when a loop is seen This would help if you have ELRP protection for Uplink ports.
Let me know if that makes sense.
Thanks,
Arpit (from Arpit_Bhatt)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 7 2012 2:21PM
Absolutely fabulous. I will stick with standalone ELRP. Thank you so much. One last question if I may. I have floors that have dot1x netlogin enabled. I am using netlogin in ISP mode. Now I believe that ELRP will not work with netlogin. What can I do here. Any suggestions pls Tks. (from Anush_Santhanam)
Absolutely fabulous. I will stick with standalone ELRP. Thank you so much. One last question if I may. I have floors that have dot1x netlogin enabled. I am using netlogin in ISP mode. Now I believe that ELRP will not work with netlogin. What can I do here. Any suggestions pls Tks. (from Anush_Santhanam)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 6 2012 6:30PM
Hey Excalibur
I am partial to ELRP as it is a much easier design in my opinion and you don't have to worry about STP BPDUs being affected by the end device. I think STP can get confusing with setting the port type domain type and if you have to connect two switches/stacks together in a closet then the STP needs to be configured on the link between the two.
ELRP has three main steps. Enable the ELRP client, Configure the ELRP-client for either one-shot or periodic and then add the uplink ports as exclude from being disabled. The commands are all listed in the Appendix C of the Command Reference Guide.
Hope that helps
P (from Paul_Russo)
Hey Excalibur
I am partial to ELRP as it is a much easier design in my opinion and you don't have to worry about STP BPDUs being affected by the end device. I think STP can get confusing with setting the port type domain type and if you have to connect two switches/stacks together in a closet then the STP needs to be configured on the link between the two.
ELRP has three main steps. Enable the ELRP client, Configure the ELRP-client for either one-shot or periodic and then add the uplink ports as exclude from being disabled. The commands are all listed in the Appendix C of the Command Reference Guide.
Hope that helps
P (from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 6 2012 4:53PM
Thank you so much for this. I will try out ELRP in my lab environment. One question. Would you suggest using ELRP or possibly STP with edge safeguard. I am currently using EAPS for uplink protection and am aware that you cannot apply both STP and EAPS for the same vlan. My production vlan (ex: prod10) is protected by EAPS and ports are assigned to it as edge ports (untagged). How would I use edge safeguard in this instance. I was initially hoping of creating a dummy vlan and assigning that to the default SO STP instance. For this to work, would I need to assign the ports as untagged to this vlan. My idea is to prevent people creating loops using switches (non extreme as well) and mainly hubs. (from Anush_Santhanam)
Thank you so much for this. I will try out ELRP in my lab environment. One question. Would you suggest using ELRP or possibly STP with edge safeguard. I am currently using EAPS for uplink protection and am aware that you cannot apply both STP and EAPS for the same vlan. My production vlan (ex: prod10) is protected by EAPS and ports are assigned to it as edge ports (untagged). How would I use edge safeguard in this instance. I was initially hoping of creating a dummy vlan and assigning that to the default SO STP instance. For this to work, would I need to assign the ports as untagged to this vlan. My idea is to prevent people creating loops using switches (non extreme as well) and mainly hubs. (from Anush_Santhanam)
