Aruba & ProVision-based

Re: Loop Protection

Go to solution

Loop Protection

I have 2 Aruba 2930f setup as a VSF as my root switch.

I have 2 Aruba 2540, one at each of my main buildings used as edge switches. One 2540 is connected to my 2930f via a 10GB SFP+ connection. The second 2540 is connected to the first 2540 via a 3 port fiber optic trunk.

I have multiple other older HP switches at each locations (HP2650, HP1800, HP2520) that most of my clients connect to. Each of those switches connects directly to one of my 2540 switch.

I would like that when a loop is created on one of my older switch that the port that this looped switch is connected to on my 2540 would shut down so the rest of the network would not be affected.

I have spanning-tree turned on to RPVST, I have no auto-edge-port on the ports that connect to my other switches, I have those ports setup as loop guard ports, I have loop protect setup on Vlan1, 5 sec transmit interval and 300 sec port disable timer.

When I connect an HP1800 on one of those port on my 2540 and loop it, I start dropping pings on my 2930f root switch and it affects all of my network, No dropped pings on my 2540 and no port shutdown. What am I missing?

Honored Contributor

Re: Loop Protection

"I have loop protect setup on Vlan1,"

I'm not entirely sure what that means. Your test with the HP1800 is precisely what loop-protect is designed to prevent. Loop-protect is setup on interfaces, not on a VLAN.


Re: Loop Protection

Loop protection is configured using the loop-protect.

From there I can setup disable timer, mode (vlan or ports), transmit interval, etc.

Aruba-2540-595-007# conf
Aruba-2540-595-007(config)# sho loop-protect

Status and Counters - Loop Protection Information

Transmit Interval (sec) : 5
Port Disable Timer (sec) : 300
Loop Detected Trap : Disabled
Loop Protect Mode : Port
Loop Protect Enabled VLANs :

Loop Loop Detected Loop Time Since Rx Port
Port Protect Detected on VLAN Count Last Loop Action Status
------ ------- -------- --------- ------ ----------- ------------- --------
13 Yes No NA 0 send-disable Down
14 Yes No NA 0 send-disable Down
15 Yes No NA 0 send-disable Down
16 Yes No NA 0 send-disable Up
17 Yes No NA 0 send-disable Down
18 Yes No NA 0 send-disable Down
19 Yes No NA 0 send-disable Down
20 Yes No NA 0 send-disable Down
21 Yes No NA 0 send-disable Down
22 Yes No NA 0 send-disable Down
23 Yes No NA 0 send-disable Down
24 Yes No NA 0 send-disable Down

I had it setup for vlan mode but I switched it to port mode and selected the ports I wanted loop protected. I created a loop on my HP1800 connected to port 16 and again the port did nothing. My core switch started dropping every secong ping. The show loop-protect said there was no loop detected on that port. I created a loop on the 2540 between 2 ports and it still showed no loop detected on those 2 ports I had looped.

You can also turn on loop protection on the spanning tree which I have done also.

Aruba-2540-595-007(config)# sho spann

Spanning Tree Information

STP Enabled [No] : Yes
Mode : RPVST
Extended System ID : Enabled
Ignore PVID Inconsistency : Disabled
RPVST Enabled VLANs : 1

Switch MAC Address : 941882-55dc60
Root Guard Ports :
Loop Guard Ports : 13-24
TCN Guard Ports :
BPDU Protected Ports :
BPDU Filtered Ports :
Auto Edge Ports : 1-12
Admin Edge Ports :

VLAN Root Mac Root Root Root Hello
ID Address Priority Path-Cost Port Time(sec)
----- --------------- ---------- ---------- -------------------- ---------
1 941882-6048a3 4096 2000 28 2



Re: Loop Protection

I was able to get it to work by disabling the spanning tree. Now when I create a loop on the HP1800 the port that it connects to on the Aruba 2540 shuts down. After 300 seconds it turns back on.

When I run show loop-protect is shows when the port is down and how long since the last loop. Is there a command to reset this runni9ng counter?

Also is there a way to manually set the root switch path since I have to turn off STP?


Re: Loop Protection

I was able to get this to work with spanning tree enabled the following way:

Configure loop-protect for 5 sec transmit interval, 300 sec port disable timer, vlan mode and enable loop-protect on all of the ports.

Configure the port that the HP1800 or any other switch that does not support spanning tree is connecting to as a BPDU Filtered Port. I even had to do that with a HP2520 switch that only supported MST spanning tree as my Aruba switches are configured to use RPVST.

Now when a loop is created on my network the uplink port to that looped switch shuts down for 5 minutes. When I login to the Aruba switch I can see which port is in a looped state and act on it.