Detection of the source of L2 loop on a LAN ?

Unanswered Question
Dec 4th, 2008
User Badges:

Hello,


I would like to know what is the most effective way to detect the source of a L2 local loop on a LAN causing high CPU for several switches and big slowdowns on the network. I was thinking about two differents ways but not sure they work:

- Perform a sh-mac-address on the switches to look at the duplicate mac-address ?

- Capture the traffic ? (Quite difficult on a big LAN when you have no idea of where the loop could be !)


Don't hesitate to let me know what you think about it. I just would like to know how to react before it happens on my LAN (... and unfortunately i'am sure it'll happen one day ;) )


Thanks in advance for your reply,


Best Regards,


Adrien

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jon Marshall Thu, 12/04/2008 - 02:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Adrien


Hope it never does happen to you. Happened to me a few times and unless you are quick you won't be able to log on to the switches never mind look at the mac-address tables.


Attached is good doc from Cisco about troubleshooting STP. One of the key things is to have a diagram of your L2 topology in terms of redundant links, which switches are STP root and secondary. If you don't explicitly set which switches are root and secondary for vlans i strongly recommend you do as it's the last thing you want to be trying to find out in a broadcast storm :-)


http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml


Jon

Giuseppe Larosa Thu, 12/04/2008 - 03:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Adrien,

- Perform a sh-mac-address on the switches to look at the duplicate mac-address ?


this is more an effect of a bridging loop then a cause.

As Jon has written if you are lucky you are able to log in on switches and the only thing you can do is to manually shut down inter-switch links (at least one) in the hope to break the loop.

So the need for an updated and complete topology.

If you cannot access the devices someone has to unplug cables/fibers as soon as possible to break the loop.


There is no time for advanced analysis when the loop takes place.

Some features as broadcast storm-control can give the time to access your devices so they are useful together with loop guard on inter-switch links, bpu guard on user ports.


Hope to help

Giuseppe


adrienbomble Thu, 12/04/2008 - 03:19
User Badges:

Thanks Jon and Giuseppe for your reply ! I will definetly check that my STP architecture is good ; ) !


Best Regards,


Adrien

Actions

This Discussion