cancel
Showing results for 
Search instead for 
Did you mean: 

Loop protection

 
ruzz3tt0
Frequent Visitor

Loop protection

Hi,

i have an entire L2 network based on HP/HPE switches (most of them are comware based). I never needed to enable STP because i preferred use of LAGs between access switches and core. I faced a noisy issue last days when someone (worker or cleaner) plugged the same patch into 2 wall plates. This caused a flood storm toward core switches and i had to isolate a floor before to detect this issue. I'm wondering if there's a way to automatically prevent this kind of incident (bpdu guard or other kind of loop protection). Thanks a lot!

 

7 REPLIES
HP-Browniee
Respected Contributor

Re: Loop protection

Hello

To prevent loops from being created at the edge of your network.
Perform the below on the switch:

1. system-view
2. loopback-detection enable
3. loopback-detection multi-port-mode enable

4. interface interface-type interface-number
5. loopback-detection enable
6. loopback-detection control enable
7. loopback-detection per-vlan enable
8. loopback-detection action { no-learning | semi-block |
shutdown } Optional.

By default, a looped interface drops the incoming packets and correctly sends packets; the system generates traps and log messages, and deletes all MAC address entries of the looped interface. With the shutdown keyword specified, the switch shuts down the looped ports and set their physical state to Loop down. When a looped port recovers, you must use the undo shutdown command to restore its forwarding capability.

 

ruzz3tt0
Frequent Visitor

Re: Loop protection

Hello,

thanks for your reply. Do you suggest to enable only for access ports? For uplink trunks i'd like to avoid because they're in LACP toward core switches.

Thanks,

 

HP-Browniee
Respected Contributor

Re: Loop protection

Yes, Only enabling loopdetection on access ports is enough. I don't like it either that it disables my uplink ports.

Kind regards

 

ruzz3tt0
Frequent Visitor

Re: Loop protection


1. system-view
2. loopback-detection enable
3. loopback-detection multi-port-mode enable

these commands enable as system global? they affect on uplinks too or not?

HP-Browniee
Respected Contributor

Re: Loop protection

You need to configure it globally first to enable it.

If you don't configure loopdetection on port level  for your uplinks you will be fine.

 

ruzz3tt0
Frequent Visitor

Re: Loop protection

Great! Thanks again

parnassus
Honored Contributor

Re: Loop protection

See the mmr_sf-EN_US000005234 HPE Knowledge Article (title: HPE Networking Switches - How to Guard Against Edge Loops), just as a reference.

The @ruzz3tt0 statement "I never needed to enable STP because i preferred use of LAGs between access switches and core" is a little bit unclear: enabling STP (or RSTP) feature on network swithces is not mutually exclusive (like saying either (R)STP or LAGs) with the presence of LAGs between Core and Edge switches...