Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

loop protection and spanning tree

Occasional Visitor

loop protection and spanning tree


The college network I administer has mostly old 8000 and 4000m switches with some 2500 series and a couple of 4108gl's and 2848's. We don't have redundant paths but we have had occasional problems with loops from somebody plugging a cable into two wall ports on one of the newer switches or putting their own cheap switch in and/or creating a loop with wireless devices. So, I put spanning tree on and left it in it's default configuration aside from set a low priority on root.

But that didn't do exactly what I wanted because we still ended up with the occasional loop when something became a step or two abstracted from spanning tree and it slowed the initial network connectivity down to nearly a minute bringing all kinds of complaints.

So being that none of these switches seem to have a setting for just inadvertent loop protection I'm trying to figure out the best way to stop inadvertent loops. Any suggestions?
Mohammed Faiz
Honored Contributor

Re: loop protection and spanning tree

There is a feature called loop protection that is designed to cover situations where there are unmanaged areas of the network that don't support spanning tree.
I'm not sure which series of swtiches/firmware it is available on but the manual section is under the MSTP chapter here:


Other than that one thing you can do to reduce the chance of getting loops is to disable auto-mdix on those switches that you are having trouble with. That way someone would have to connect a crossover cable between two ports to create a loop.
Javed Padinhakara
Respected Contributor

Re: loop protection and spanning tree

As Faiz mentioned, loop-protection is one feature which you could use to control the loops formed by introducing unmanaged (non STP capable)switches resulting in STP packets being dropped.

Another way to solidify your STP deployment would be to use the feature called "BPDU protection" (this feature is supported in 2510's, 2520's, 2810's as well)

BPDU protection would ensure that spanning-tree BPDU's received from ports where end-nodes(workstations, laptop's, printers etc )are connected, are prevented from entering the STP domain.

This would meet your case where someone plug's in their own switch to the workstation port and starts pumping in STP packets resulting in loops in your college network.

Turning on BPDU protection would disable the notorious port for a given (configurable) period. It can be enabled using the command

#spanning-tree bpdu-protection
#spanning-tree bpdu-protection-timeout 300


ps:- Noticed that you have joined recently and hence thought will share an important etiquette followed in the forum - assign points on scale (1-10) to people trying to help by answering your queries; its an appreciation for the time they spend in responding to your questions.