- Community Home
- >
- Networking
- >
- Legacy
- >
- Switching and Routing
- >
- Re: How to avoid HPE and Aruba switches looping
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2021 10:04 AM - edited 03-07-2021 10:10 AM
03-07-2021 10:04 AM - edited 03-07-2021 10:10 AM
We are having mixture of HPE core switch A5102 and A5130, Aruba 2920 and 2930F.
Recently we experience an issue wherein an user mistakently plugged a data cable from his Avaya IP phone data port to RJ45 Cat5e ground module causing a loop, putting two bridged switches go into a spin and almost bringing down the entire VMware environment.
Luckily this was detected in timely manner and major outage was averted.
Question: Upon post incident analysis, it was decided to find ways if HPE/Aruba switches can be configured to be made loop proof and if not, any alert that can be sent to IT admin of potential loop start in the switch and the port responsible for it.
I would personally prefer that an configuration to handle or make switch loop proof, be it Aruba or HPE.
Any suggestions or directions to this effect would be appreciated.
Many thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2021 10:37 AM
03-07-2021 10:37 AM
Re: How to avoid HPE and Aruba switches looping
Hi @DiagoFernandes !
When we need to detect and prevent Layer 2 loops in a network we are pretty much limited to two technologies:
- Spanning Tree (STP). I recommend sticking to MSTP or RSTP as they use fast convergence mechanism. Vendor-agnostic and industry standard protocol.
- Loopback detection (Comware) which is known in ProCurve (AOS) switches as loop-protect. Proprietary protocol, but it works independently on each switch, doesn't rely on adjacent devices and has two modes - single-port or multi-port loop detection. Each switch that has this enabled sends L2 multicasts frames. If switch will start to get its own messages back (each message has switch identifier) it will mean there is a loop and such looped port can be either shut down, blocked or keep forwarding traffic, but without learning new MAC addresses on the looped port.
Each of these has its pros and cons, they can even work concurrently without interferring with each other. I'd definitely start with MSTP, but keep in mind very important piece of configuration that often is ignored and that inevitably causes many issues with non-STP devices - every switchport that is not connected to a device that speaks STP should be configured as STP edge port. In other words, every switchport that is not facing another switch should be edge. Otherwise a host device like a PC or Phone won't be able to communicate first 30 seconds from the 'port up' event. You can imagine what will happen to DHCP and other protocols that expect to have a connection as soon as the link goes up. STP edge configuration on a port will prevent this 30 seconds block, but at the same time will protect the port from loops.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2021 09:23 PM
03-07-2021 09:23 PM
Re: How to avoid HPE and Aruba switches looping
Hi Ivan,
Thank you for your well thougth answer.
We have switches configured with multiple vlans (upto 6 vlans) . we would want to enable loop back (STP) in each vlan. Kindly let us know the commands and if there is any risk to production.
The part numbers of our switches are
J9729A JG236A J9772A J9773A JG937A JL262A JL261A
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2021 11:19 PM
03-07-2021 11:19 PM
SolutionFor ArubaOS:
! Select MSTP
spanning-tree mode mstp
spanning-tree clear-debug-counters
! Configure MSTP region parameters
spanning-tree config-name "myregion"
spanning-tree config-revision 1
! Enable MSTP
spanning-tree
Comware:
# Configure MSTP mode
stp mode mstp
# Configure STP region settings. These must be identical to ArubaOS switches, otherwise single region won't be formed
stp region-configuration
region-name myregion
revision-level 1
active region-configuration
quit
# Set end-hosts facing port to STP edge. I will use GigabitEthernet1/0/1 as EXAMPLE
interface gig1/0/1
stp edged-port enable
quit
# Enable MSTP
stp enable
More information can be found in the following guides:
HPE 5120-EI: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c03996931
Aruba 2920: https://internal.support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05365183
Aruba 2930F / 2930M: https://internal.support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00091305en_us
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2021 01:31 AM
04-02-2021 01:31 AM
Re: How to avoid HPE and Aruba switches looping
Dear Ivan,
I need two clarification,
1-For HP 5130 the stp enable command is not working
2-For HP Comware Switch I need to run "stp edged-port enable " on all ports or only those ports that connected to Edge devices , (eg computers/phone etc), this command should not be run on the trunk port?
Awaiting kind response,
hasan reza
- Tags:
- all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2021 06:51 AM
04-02-2021 06:51 AM
Re: How to avoid HPE and Aruba switches looping
Comware 5 and 7 have slightly different syntax for many commands, for example to enable STP you need to use following commands:
Comware 5: 'stp enable'
Comware 7: 'stp global enable'.
5130 runs Comware 7, so use the second command, it should work.
'stp edged-port enable' should be used on ports facing end hosts, however, if by mistake you enable it on a trunk, that is connected to another switch, nothing terrible won't happen. If STP edge port gets STP BPDU, it automatically reverts back to normal port and starts behaving as non-edged port. Even more, on ArubaOS switches all ports are STP edge by default and as you can see it's quite safe choice exactly because of this fallback mechanism.