Switching and Routing

How to avoid HPE and Aruba switches looping

 
SOLVED
Go to solution
DiagoFernandes
Advisor

How to avoid HPE and Aruba switches looping

We are having mixture of HPE core switch A5102 and A5130, Aruba 2920 and 2930F.

 Recently we experience an issue wherein an user mistakently plugged a data cable from his Avaya IP phone data port to RJ45 Cat5e ground module causing a loop, putting two bridged switches go into a spin and almost bringing down the entire VMware environment.

Luckily this was detected in timely manner and major outage was averted.

Question: Upon post incident analysis, it was decided to find ways if HPE/Aruba switches can be configured to be made loop proof and if not, any alert that can be sent to IT admin of potential loop start in the switch and the port responsible for it.

I would personally prefer that an configuration to handle or make switch loop proof, be it Aruba or HPE.

Any suggestions or directions to this effect would be appreciated.

Many thanks.

 

5 REPLIES 5
Ivan_B
HPE Pro

Re: How to avoid HPE and Aruba switches looping

Hi @DiagoFernandes !

When we need to detect and prevent Layer 2 loops in a network we are pretty much limited to two technologies:

- Spanning Tree (STP). I recommend sticking to MSTP or RSTP as they use fast convergence mechanism. Vendor-agnostic and industry standard protocol. 

- Loopback detection (Comware) which is known in ProCurve (AOS) switches as loop-protect. Proprietary protocol, but it works independently on each switch, doesn't rely on adjacent devices and has two modes - single-port or multi-port loop detection. Each switch that has this enabled sends L2 multicasts frames. If switch will start to get its own messages back (each message has switch identifier) it will mean there is a loop and such looped port can be either shut down, blocked or keep forwarding traffic, but without learning new MAC addresses on the looped port.

Each of these has its pros and cons, they can even work concurrently without interferring with each other. I'd definitely start with MSTP, but keep in mind very important piece of configuration that often is ignored and that inevitably causes many issues with non-STP devices - every switchport that is not connected to a device that speaks STP should be configured as STP edge port. In other words, every switchport that is not facing another switch should be edge. Otherwise a host device like a PC or Phone won't be able to communicate first 30 seconds from the 'port up' event. You can imagine what will happen to DHCP and other protocols that expect to have a connection as soon as the link goes up. STP edge configuration on a port will prevent this 30 seconds block, but at the same time will protect the port from loops.


 

 

I am an HPE employee

Accept or Kudo

DiagoFernandes
Advisor

Re: How to avoid HPE and Aruba switches looping

Hi Ivan, 

Thank you for your well thougth answer.

We have switches configured with multiple vlans (upto 6 vlans) . we would want to enable loop back (STP) in each vlan. Kindly let us know the commands and if there is any risk to production.

The part numbers of our switches are 

J9729A JG236A J9772A J9773A JG937A JL262A JL261A

Thank you.

Ivan_B
HPE Pro
Solution

Re: How to avoid HPE and Aruba switches looping

For ArubaOS:

! Select MSTP
spanning-tree mode mstp
spanning-tree clear-debug-counters
! Configure MSTP region parameters
spanning-tree config-name "myregion"
spanning-tree config-revision 1
! Enable MSTP
spanning-tree


Comware:

# Configure MSTP mode
stp mode mstp
# Configure STP region settings. These must be identical to ArubaOS switches, otherwise single region won't be formed
stp region-configuration
 region-name myregion
 revision-level 1
 active region-configuration
 quit
# Set end-hosts facing port to STP edge. I will use GigabitEthernet1/0/1 as EXAMPLE
interface gig1/0/1
 stp edged-port enable
 quit
# Enable MSTP
stp enable

 

More information can be found in the following guides:

HPE 5120-EI: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c03996931
Aruba 2920: https://internal.support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05365183
Aruba 2930F / 2930M: https://internal.support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00091305en_us

 

I am an HPE employee

Accept or Kudo

HasanReza
Occasional Visitor

Re: How to avoid HPE and Aruba switches looping

Dear Ivan,

I need two clarification,

1-For HP 5130 the stp enable command is not working

2-For  HP Comware Switch I need to run "stp edged-port enable " on all ports or only those ports that connected to Edge devices , (eg computers/phone etc), this command should not be run on the trunk port?

Awaiting kind response,

hasan reza

 

 

Ivan_B
HPE Pro

Re: How to avoid HPE and Aruba switches looping

Comware 5 and 7 have slightly different syntax for many commands, for example to enable STP you need to use following commands:

Comware 5: 'stp enable'
Comware 7: 'stp global enable'.

5130 runs Comware 7, so use the second command, it should work.

'stp edged-port enable' should be used on ports facing end hosts, however, if by mistake you enable it on a trunk, that is connected to another switch, nothing terrible won't happen. If STP edge port gets STP BPDU, it automatically reverts back to normal port and starts behaving as non-edged port. Even more, on ArubaOS switches all ports are STP edge by default and as you can see it's quite safe choice exactly because of this fallback mechanism.

 

I am an HPE employee

Accept or Kudo