blocking loops between ports

Unanswered Question
Sep 23rd, 2009
User Badges:
  • Gold, 750 points or more

I am curious if there is a way to block loops between ports.


Here is a situation:

client orders 3 network lines. they decide to plug all three lines into an unmanaged switch that they did not inform us about.


I am guessing that storm-control broadcast level x is my best option and use errdisable detect storm-control enabled without errdisabled storm-control recovery enabled.


Edge switches are 3560 running 12.2(44)SE1

Here are some snippets from and edge switch config:

#sh spanning-tree summary

Switch is in rapid-pvst mode

Root bridge for: VLAN0201

Extended system ID is enabled

Portfast Default is disabled

PortFast BPDU Guard Default is disabled

Portfast BPDU Filter Default is disabled

Loopguard Default is enabled

EtherChannel misconfig guard is enabled

UplinkFast is enabled but inactive in rapid-pvst mode

BackboneFast is disabled

Configured Pathcost method used is short



Guest port setting:

interface GigabitEthernet0/1

description port1

power inline never

switchport access vlan 24

switchport mode access

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

srr-queue bandwidth limit 10

priority-queue out

no mdix auto

storm-control broadcast level 10.00

storm-control multicast level 40.00

storm-control action shutdown

storm-control action trap

macro description ROLLBACK

no cdp enable

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree guard loop

ip dhcp snooping limit rate 90

end


Thanks,


Eric

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Wed, 09/23/2009 - 10:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Eric,

I strongly recommend to remove the following line:


spanning-tree bpdufilter enable


this can cause only problems here.


have two links with STP bpdu filter enabled and you are in good position to get a loop.


spanning-tree bpduguard + broadcast storm-control


spanning-tree loop guard looks for the opposite events in comparison to STP bpdu guard.


BPDU guard reacts to the fact of receiving unexpected BPDUs on a port.


BPDU root guard can be of help instead of BPDU guard if you need to connect a third-party switch to the port.


BPDU root guard reacts to receiving BPDUs that would cause a change of Root Bridge ID.



BPDU loop guard reacts to the fact that BPDUs stop to be received on an uplink by putting the port in inconsistent state instead of moving the port to forwarding state.


so the right tool if a switch will be connected should be root guard.


loop guard is useful on uplinks.


on user ports bpdu guard




Hope to help

Giuseppe


ericgarnel Wed, 09/23/2009 - 10:55
User Badges:
  • Gold, 750 points or more

Thanks, I will update all our guest ports

Actions

This Discussion