- Community Home
- >
- Networking
- >
- IMC
- >
- Alert via e-mail if a loop occurs
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2016 07:06 AM
тАО04-28-2016 07:06 AM
Alert via e-mail if a loop occurs
Hello!
I want to configure an alert in IMC version 7.2 that sends an e-mail if a loop occurs. The mail notification with other alarms is working allready. The problem is that the switch won't even send a trap if it detects a loop.
I configured the switch with the following commands:
loop-protect all
loop-protect trap loop-detected
snmp-server host xxx.xxx.xxx.xxx community "xxx" trap-level All
snmp-server community "xxx" Unrestricted
Is their any missing configuration on the switch or the IMC?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2016 05:53 PM
тАО04-28-2016 05:53 PM
Re: Alert via e-mail if a loop occurs
Describe the method you are using to create a loop in order to test loop detection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2016 07:53 PM
тАО04-28-2016 07:53 PM
Re: Alert via e-mail if a loop occurs
The config looks OK.
Does the switch detect & log the loop?
If it does, check with tcpdump on the IMC server - does it receive a trap?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2016 11:23 PM - edited тАО04-28-2016 11:26 PM
тАО04-28-2016 11:23 PM - edited тАО04-28-2016 11:26 PM
Re: Alert via e-mail if a loop occurs
Describe the method you are using to create a loop in order to test loop detection.
- I'm connecting two ports of the switch with the same cable.
Does the switch detect & log the loop?
- Yes.
If it does, check with tcpdump on the IMC server - does it receive a trap?
- I did a tcpdump and there was no trap sent to the IMC server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2016 11:42 PM
тАО04-28-2016 11:42 PM
Re: Alert via e-mail if a loop occurs
OK, so we've narrowed it down - looks like it must be something in the SNMP config on that device.
Do ANY traps get sent from that switch? (e.g. for link up/down, etc). Wondering if there's something else not right - e.g. misconfigured SNMP host IP, or something filtering udp/162 from switch -> IMC server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2016 12:12 AM
тАО04-29-2016 12:12 AM
Re: Alert via e-mail if a loop occurs
That's not a loop. That's a spanning-tree loop.
Loop-detect is for detecing a loop that has occurred on an upstream switch, not on the switch itself.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2016 12:23 AM
тАО04-29-2016 12:23 AM
Re: Alert via e-mail if a loop occurs
@Vince-Whirlwind wrote:That's not a loop. That's a spanning-tree loop.
Loop-detect is for detecing a loop that has occurred on an upstream switch, not on the switch itself.
No.
There is no such thing as a spanning-tree loop. Spanning tree is a protocol that exists to *prevent* layer-2 loops. It does not cause loops in itself.
Spanning-tree protocol is one method of detecting and preventing L2 frames from looping around a segment. But it is not the only method for doing so. HP Procurve switches include loop-detect for detecting and preventing such loops. This is *not* the same as Cisco's loopback detection, that detects traffic looped back into the same port.
Taking one cable, and plugging both ends into the same switch is a perfectly valid way of creating a loop. This will be detected by a Procurve switch. It works, and it generates a trap. I tested it myself https://lkhill.com/loop-detection-without-stp/
Besides, what exactly do you mean by "a loop that has occurred on an upstream switch" ? Are you referring to a frame leaving a switch, then coming back in the same port? Or being received by another port on the same switch?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-01-2016 04:58 PM
тАО05-01-2016 04:58 PM
Re: Alert via e-mail if a loop occurs
I think you've misunderstood the purpose of Loop-protect.
It's not there to detect loops created on the local switch, but to detect loops that have occurred elsewhere.
"You can use BPDU protection for systems that have spanning tree enabled
(See "Configuring BPDU Protection" on page 5-27), however, the BPDU
protection feature cannot detect the formation of loops when an unmanaged
device on the network drops spanning tree packets. To protect against the
formation of loops in these cases, you can enable the Loop Protection feature"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2016 06:37 PM
тАО05-02-2016 06:37 PM
Re: Alert via e-mail if a loop occurs
@Vince-Whirlwind wrote:I think you've misunderstood the purpose of Loop-protect.
It's not there to detect loops created on the local switch, but to detect loops that have occurred elsewhere.
I don't follow this - I must be missing something. How do you define a loop created on the local switch? A single cable that is connected to two ports on the same switch? And how do you define a loop that has occurred elsewhere?
What would that second case look like from the perspective of a single switch? If a frame exits one port, and comes back in another port on the same switch, then there is a bridging loop, right? It makes no difference to the switch if that went through a single cable, or through 10 dumb hubs, or another switch that had STP disabled. Or are you thinking of something a bit different?
"You can use BPDU protection for systems that have spanning tree enabled
(See "Configuring BPDU Protection" on page 5-27), however, the BPDU
protection feature cannot detect the formation of loops when an unmanaged
device on the network drops spanning tree packets. To protect against the
formation of loops in these cases, you can enable the Loop Protection feature"
BPDU protection (aka BPDU guard in Cisco-speak) is only one part of network protection. The switch could process those BPDUs, and STP could run through its normal processes, and determine if there is the potential for a loop, and if so, may decide to put the port in blocking mode. It doesn't have to block the port just because BPDUs are received. I see BPDU protection as more about detecting unexpected BPDUs because of wilful (e.g. fake BPDUs) or accidental misconfiguration, rather than loop prevention. From the docs:
BPDU protection is a security feature designed to protect the active STP topology by preventing spoofed BPDU packets from entering the STP domain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-02-2016 09:51 PM
тАО05-02-2016 09:51 PM
Re: Alert via e-mail if a loop occurs
I think the Procurve manual explains this very clearly.
Let me present a real-world example of the situation Loop-protect is designed for:
A user brings in their 8-port unmanaged switch from home. They patch it into the work network. At some point they absent-mindedly patch one of its ports to another. It's a kind of switch that does not forward BPDU frames.
Loop-protect protects your Edge switch from the broadcast storm which this user has just created by detecting the remote loop and shutting down the connecting Access port.
This scenario is at least as common as the problem of rogue BPDUs or DHCP services and I always use it.
Loop-protect is *not* designed to detect a local loop - that's what STP is for.