Using Simple Loop Prevention Protocol (SLPP)
Guard
Simple Loop Prevention Protocol (SLPP) is an application that detects loops in
an MLAG or Split Multi-link Trunking (SMLT) network on
VOSS/BOSS switches.
SLPP Guard is a complementary feature for ExtremeXOS switches that helps prevent loops
in networks by administratively disabling an edge port if a switch receiveS an SLPP PDU
from an SMLT network. SLPP Guard detects and discards SLPP control PDUs on a per port
basis. SLPP Guard identifies SLPP PDUs using the Ethernet type field of the packet,
which is configurable. When an SLPP PDU is received on a port that has SLPP Guard
activated on it, it is immediately disabled. After a configurable timeout value expires
(associated with each port), the port is automatically re-enabled.
Note
When SLPP Guard disables a port, the
disabled status is not persistent. If the switch reboots, the port is enabled when
the switch comes back up.
Note
If you use the CLI to enable or disable a port that has been disabled by SLPP
Guard, the port is enabled or disabled as applicable and the recovery timer is
stopped for that port.
When a new user is authenticated by netlogin, the enable attribute of SLPP
Guard is given to netlogin. Netlogin processes this attribute and sends the enable attribute message to
the SLPP Guard module. If all users are unauthenticated by netlogin, a disable message
for the port is sent to SLPP Guard. At the time of re-authentication, if the
FA-Service-Request = SLPPGUARD is removed from the RADIUS server, then netlogin sends an
SLPP Guard disable
message.
Note
If you modify the RADIUS attributes in between authentication, then a port
restart or clear all netlogin clients is required in order for the service attributes to
change on the port.
The status is enabled and the entry in the save configuration
command is sent to enable slpp
guard port port_list for the following scenarios:
If the status of SLPP Guard is enabled by the CLI.
If the status of SLPP Guard is enabled by both the Vendor Specific Attribute (VSA)
and by the CLI.
If after enabling SLPP Guard by the CLI, the status is then disabled from the
VSA.
The status is enabled and the saved configuration contains default values for the
following scenarios:
If the status of SLPP Guard is enabled by the VSA.
If after enabling SLPP Guard by the VSA, the status is then disabled from the
CLI.
The most common use case is with an IP phone with two ports: one for a switch
and one for a computer (see SLPP Use Case).
If you plug both IP phone ports onto the edge switch, a loop is created. To avoid a loop
in the SMLT network, on the ExtremeXOS edge switch, enable SLPP Guard on
the ports that are connected to the IP phone.
SLPP Use Case
Supported Platforms
All ExtremeSwitching
switches.
Limitations
SNMP for SLPP Guard is not
supported.
The SLPP Guard active state per
port is limited by the number of available ACL filters.
