Reset Search
 

 

Article

How to Configure ELRP to Disable Ports

« Go Back

Information

 
TitleHow to Configure ELRP to Disable Ports
Objective
Configure ELRP to detect a loop and disable offending ports.
Environment
All EXOS
Procedure
Upon detection of a network loop, ELRP can be used to mitigate that loop by disabling a switch port.  When disabling ports, it is important not to disable certain vital links such as a switch uplink or an EAPS port.  Therefore, ports can be added to an exclude list to prevent them from being disabled.  Starting in EXOS 16.1 ELRP can disable the port that sent the ELRP PDU (egress) rather than the one that received it (ingress).  It is important to understand how to use each function to optimize ELRP performance in the network.  Examples of each scenario are listed below.

Basic Example

Enable a periodic ELRP poll on all ports in a vlan (elrp_test) and disable ports for 15 seconds when a loop is detected.

Switch.18 #enable elrp-client
Switch.19 #configure elrp-client periodic elrp_test ports all log disable-port duration 15


Switch.20 # show elrp 

ELRP Standalone Client:       Enabled

Number of ELRP sessions:          1
Number of ELRP pkts transmitted:  2971
Number of ELRP pkts received:     334

                                                       Pkts    Pkts        Disable
Client  VLAN        Ports   Interval Count Cyclic      Xmit    Rcvd Action Port (sec)
-------------------------------------------------------------------------------------
CLI     elrp_test   All            1     0 Yes         2971     334 LTI    15      
-------------------------------------------------------------------------------------
Action : (P) Print, (L) Log, (T) Trap, (C) Callback, (E) Egress, (I) Ingress


A user then accidentally connects a hub to two ports on a switch creating a loop.
User-added image
The log output of the switch shows that a loop was detected on port 22 and the port was disabled:

Switch.14 # show log
01/13/2016 16:41:12.41 <Warn:ELRP.DsblPortLoopDtect> Disabling port 22. Auto re-enable port after 15 seconds
01/13/2016 16:41:12.41 <Warn:ELRP.Report.Message> [CLI:elrp_test:1] LOOP DETECTED : 63 transmitted, 1 received, ingress slot:port (22) egress slot:port (21)


The show elrp disabled-ports output also lists port 22:

Switch # show elrp disabled-ports 

  Exclude EAPS ring ports: No
  Excluded Ports
  -------------------------------------------------------------------------
 
  ---------------------------------------------------------------------------

  Disabled Detected             Duration Time                       Disable  
  Port     Vlan                 (sec)    Disabled                   Direction
  ---------------------------------------------------------------------------
  22       elrp_test            15       Wed Jan 13 16:50:00 2016   Ingress  
  ---------------------------------------------------------------------------​

ELRP with Excluded Ports

Consider the following topology:
User-added image
A hub is now connected between two switches creating a network loop.  The connection between Switch1 and Switch2 is an important link and should not be disabled by ELRP.  When configuring ELRP to disable ports on Switch1 port 21 should be excluded:

enable elrp-client
configure elrp-client periodic elrp_test ports all log disable-port ingress duration 15
configure elrp-client disable-port exclude 21


In the show elrp disabled-port output it can be seen that port 21 is excluded and that port 2 has been disabled:

Switch1.34 # show elrp disabled-ports 

  Exclude EAPS ring ports: No
  Excluded Ports
  -------------------------------------------------------------------------
  21
  ---------------------------------------------------------------------------

  Disabled Detected             Duration Time                       Disable  
  Port     Vlan                 (sec)    Disabled                   Direction
  ---------------------------------------------------------------------------
  2        elrp_test            15       Wed Jan 13 17:42:05 2016   Ingress  
  ---------------------------------------------------------------------------​

ELRP Blocking on Egress

Introduced in EXOS 16.1, disabling the ELRP egress port, adds another layer of flexibility to the ELRP design.  In many ways this is an alternative approach to the exclude-list.  Loops are typically created at the edge when a user accidentally connects a device to multiple switch ports.  When disabling ports on egress, only the port sending the ELRP PDU will be disabled.  Enabling ELRP egress disable-port on only the network's edge ports ensures that only these ports will be disabled in a loop scenario.  Therefore, in most situations concern over accidentally disabling uplinks and other critical connections is eliminated.  Observe how the configuration and behavior change for the previous topology using egress blocking:

enable elrp-client
configure elrp-client periodic elrp_test ports 2 log disable-port egress duration 15​


With only the edge port (2) added to ELRP it is the only port that will send an ELRP PDU and therefore the only port that can be blocked:

User-added image
Switch1.5 # show elrp 

ELRP Standalone Client:       Enabled

Number of ELRP sessions:          1
Number of ELRP pkts transmitted:  4
Number of ELRP pkts received:     4

                                                       Pkts    Pkts        Disable
Client  VLAN        Ports   Interval Count Cyclic      Xmit    Rcvd Action Port (sec)
-------------------------------------------------------------------------------------
CLI     elrp_test   2              1     0 Yes            1       1 LTE    15      
-------------------------------------------------------------------------------------
Action : (P) Print, (L) Log, (T) Trap, (C) Callback, (E) Egress, (I) Ingress

Switch1.20 # show elrp disabled-ports 

  Exclude EAPS ring ports: No
  Excluded Ports
  -------------------------------------------------------------------------
 
  ---------------------------------------------------------------------------

  Disabled Detected             Duration Time                       Disable  
  Port     Vlan                 (sec)    Disabled                   Direction
  ---------------------------------------------------------------------------
  2        elrp_test            15       Thu Jan 14 12:11:35 2016   Egress   
  ---------------------------------------------------------------------------


 
Additional notes
Important Things to consider:
  • When ELRP disables a port this effects ALL VLANs on the port.  When ELRP disables a port containing multiple VLANs it could potentially segment other VLANs that are not experiencing a network loop.
  • ​If an ELRP packet is received on multiple ports in the same polling period then the first port that received the PDU will be blocked.  All other received PDUs on the VLAN will be ignored for a 1 second period to prevent disabling all ports in the VLAN.
  • ELRP does not have to be enabled on each individual port of a LAG.
  • If ELRP is configured to permanently disable a port, this port will be disabled until the port is manually re-enabled by the network administrator or the switch is rebooted.  ELRP disabled ports are not configuration persistent (they do not persist after a reboot.)
Related Articles:
What is ELRP?
Which EXOS Commands can be used to Detect a Loop?
Which port does ELRP disable
How to add ELRP alarms via Netsight Console
Creating Alarms for ELRP in Ridgeline
What is the destination MAC address of an ELRP packet?
ELRP is unable to detect a loop when the looped packets are within QP8
EXOS Switch Security Checklist and Best Practice

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255