This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: Preventing inadvertent loops
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Preventing inadvertent loops
Preventing inadvertent loops
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 4 2012 2:34AM
We are currently using EAPS (with spatial reuse) and VRRP in our environment and are looking to possibly move to MLAG (maybe two-tier). EAPS does a great job when it comes to loop protection but that is on dedicated trunks/uplinks. What about edge/access ports. But cabling is a mess in my environment and I have had instances where people have used hubs and created loops using access layer ports both on same switches and between switches where VLANs are spanned across. On the older Extremeware based boxes, I used to use lbdetect which helped to an extent. Can you please advise on how best to go about preventing these pesky loops that can be triggered inadvertently using hubs and access ports. The devices at the other end could be Extreme or non-Extreme devices. Couple of suggestions:
1. ELSM and ELRP - I am guessing these are generally used on uplinks and not access ports.
2. CFM - can this be put to good use although I am pretty sure this is not what it is intended for
3. Can I possibly use MAC-address lockdown restricting MAC count to just 1.
4. Does it boil down to doing structured cabling and enabling ports and completing vlan assignment on an "on demand" basis. Tks for the help. (from Anush_Santhanam)
We are currently using EAPS (with spatial reuse) and VRRP in our environment and are looking to possibly move to MLAG (maybe two-tier). EAPS does a great job when it comes to loop protection but that is on dedicated trunks/uplinks. What about edge/access ports. But cabling is a mess in my environment and I have had instances where people have used hubs and created loops using access layer ports both on same switches and between switches where VLANs are spanned across. On the older Extremeware based boxes, I used to use lbdetect which helped to an extent. Can you please advise on how best to go about preventing these pesky loops that can be triggered inadvertently using hubs and access ports. The devices at the other end could be Extreme or non-Extreme devices. Couple of suggestions:
1. ELSM and ELRP - I am guessing these are generally used on uplinks and not access ports.
2. CFM - can this be put to good use although I am pretty sure this is not what it is intended for
3. Can I possibly use MAC-address lockdown restricting MAC count to just 1.
4. Does it boil down to doing structured cabling and enabling ports and completing vlan assignment on an "on demand" basis. Tks for the help. (from Anush_Santhanam)
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Oct 15 2013 3:50PM
I am going to necro this and bring it back up. Loops on the uplinks with EAPS has bitten me in the ass a few times now. The issue is my EAPS ring is running over a MAN basically so the telco is between the links. If the Telco does troubleshooting they loop their dmarc. this in turn causes my network to loop.
EAPS does not get his heartbeat so the secondary port on the master opens up where guess what is connected? the hard loop at the dmarc from the telco doing their troubleshooting.
So far I have not been able to get a solution as I want to use ELRP but everything i have read is do not put on the uplinks which is what keep looping..
Suggestions?
I have 4 8810's forming my eaps ring. 2 are at one location and 2 are at another with telco (dark fiber) between the sites. (from Kyle_Buffington)
I am going to necro this and bring it back up. Loops on the uplinks with EAPS has bitten me in the ass a few times now. The issue is my EAPS ring is running over a MAN basically so the telco is between the links. If the Telco does troubleshooting they loop their dmarc. this in turn causes my network to loop.
EAPS does not get his heartbeat so the secondary port on the master opens up where guess what is connected? the hard loop at the dmarc from the telco doing their troubleshooting.
So far I have not been able to get a solution as I want to use ELRP but everything i have read is do not put on the uplinks which is what keep looping..
Suggestions?
I have 4 8810's forming my eaps ring. 2 are at one location and 2 are at another with telco (dark fiber) between the sites. (from Kyle_Buffington)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 14 2012 1:44PM
Hey Excalibur
Have you tried the ELSM with dot1x in your lab? If so please post your findings.
Thanks
P (from Paul_Russo)
Hey Excalibur
Have you tried the ELSM with dot1x in your lab? If so please post your findings.
Thanks
P (from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 9 2012 3:09PM
Sorry Excalibur forgot to post the log
11/09/2012 17:45:20.31 Network Login user cleared due to link down event, Mac 00:04:96:27:7C:09 port 9 VLAN(s) "PublicWirelessNetwork"
11/09/2012 17:45:20.27 Port 9 link down
11/09/2012 17:45:20.05 Toggling AdminState on Port 9
11/09/2012 17:45:20.03 Disabling port 9. Auto re-enable port after 15 seconds
11/09/2012 17:45:20.03 [CLI:PublicWirelessNetwork:3] LOOP DETECTED : 355 transmited, 225 received, ingress slot:port (9) egress slot:port (9) (from Paul_Russo)
Sorry Excalibur forgot to post the log
11/09/2012 17:45:20.31 Network Login user cleared due to link down event, Mac 00:04:96:27:7C:09 port 9 VLAN(s) "PublicWirelessNetwork"
11/09/2012 17:45:20.27 Port 9 link down
11/09/2012 17:45:20.05 Toggling AdminState on Port 9
11/09/2012 17:45:20.03
11/09/2012 17:45:20.03
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:56 PM
Create Date: Nov 9 2012 3:08PM
Hello Excalibur
Sorry for the delay as I was off yesterday and today_x005F_x0010_. The Concepts guide does say they can't be configured on the same port however in my testing there is no warning or error that occurs. What I found is that initially when the port is in my netlogin VLAN the port does not get disabled if it is connected to a remote loop. In my configuration I have guest vlan enabled. If I enable ELRP on both my netlogin VLAN and my guest VLAN I notice that once 802.1x authentication stops and the port is placed into the guest VLAN the remote loop is seen and the port is disabled. One thing to note is that since the port is disabled it takes it out of the guest VLAN and places it into the netlogin VLAN and the port remains disabled until I re-enable it even if I have the timed duration on.
So it does appear to stop loops in the other VLANs that are not part of the netlogin VLAN after the port is moved. If you look into the concepts guide STP also has limitaitons with netlogin.
I would recommend testing it in your lab with your netlogin configuration to see if the limitations work in your setup. I only tested a remote loop scenario because I normally disable auto-polarity to make sure two ports on the switches do not link up unless there is a cross over cable.
Not sure if that completely answers your question. Please let us know what you find in your testing. As I have more time on Monday I will continue to test both STP and ELRP.
P (from Paul_Russo)
Hello Excalibur
Sorry for the delay as I was off yesterday and today_x005F_x0010_. The Concepts guide does say they can't be configured on the same port however in my testing there is no warning or error that occurs. What I found is that initially when the port is in my netlogin VLAN the port does not get disabled if it is connected to a remote loop. In my configuration I have guest vlan enabled. If I enable ELRP on both my netlogin VLAN and my guest VLAN I notice that once 802.1x authentication stops and the port is placed into the guest VLAN the remote loop is seen and the port is disabled. One thing to note is that since the port is disabled it takes it out of the guest VLAN and places it into the netlogin VLAN and the port remains disabled until I re-enable it even if I have the timed duration on.
So it does appear to stop loops in the other VLANs that are not part of the netlogin VLAN after the port is moved. If you look into the concepts guide STP also has limitaitons with netlogin.
I would recommend testing it in your lab with your netlogin configuration to see if the limitations work in your setup. I only tested a remote loop scenario because I normally disable auto-polarity to make sure two ports on the switches do not link up unless there is a cross over cable.
Not sure if that completely answers your question. Please let us know what you find in your testing. As I have more time on Monday I will continue to test both STP and ELRP.
P (from Paul_Russo)
