Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1726
Views
15
Helpful
3
Replies

STP looping issue

ncnaveen_arasu
Level 1
Level 1

‎10-01-2013 10:43 PM - edited ‎03-07-2019 03:47 PM

Dear Team,

In an STP topology , if loop occurs we will face very much high latency in the network. So if we are unable to login to a switch how can we troubleshoot the issue and what will cause looping in a network even after STP is enabled. How to troubleshoot the STP looping issue. please guide.

Thanks in advance,

Naveen

Labels:
0 Helpful
3 Replies 3

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎10-01-2013 10:53 PM

HI Naveen,

I hope it will helps

------------------------------------------

Spanning Tree Protection

BPDU Guard

  • Prevent      loops if another switch is attached to Portfast port enabled port.

  • When enabled      on interface,  port goes in error-disabled state if BPDU is received
    • Switch(config-if)#spanning-tree       bpduguard enable

               (note portfast may not be configured)

  • Can be      enabled on global configuration mode
    • Switch(config)#spanning-tree       portfast bpduguard default

BPDU Filter:

  • If       enabled on interface mode it prevents the port from sending or       receiving BPDU
    • Switch(cofig-if)#spanning-tree       bpdufilter enable

  • If       enabled globally if portfast interface receive the BPDU it take out       portfast status
    • Switch(config)#spanning-treee       portfast bpdufilter  default

Root Guard

  • Prevent      other switch becoming root bridge
  • Enabled      on  ports other than the root port and on the switches other than      root switch
  • Root guard      port  receives a BPDU that might cause it to become a root port, then      the  port is put into “root inconsistent” state and does not pass      traffic through it.
  • But if port      stops  receiving these BPDU, it automatically re-enables itself
    • Switch(config)#spanning-tree       guard root.

UDLD (Unidirectional Link Detection)

  • Detects      physical broken physical link in absence of layer 1 electrical       keepalives (Ethernet calls this a link beat).However, sometimes a      cable  is intact enough to maintain keepalives, but no to pass data      in both  directions. This is unidirectional link.

  • UDLD detects      a unidirectional link by sending periodic hellos out to  the      interface. It also uses porbes, which must be acknowledged by the       devices on the other end of the link. UDLD operates at Layer 2. The      port  is shutdown if a unidirectional link is found.

  • UDLD will      not consider a link eligible for disabling until it has seen  a      neighbor on the interface already.This prevents it from disabling an       interface when only one end of the link has been configured to      support  UDLD.

  • The default      UDLD message timer is 7 or 15 seconds (depending on the  platform),      allowing it to detect a unidirectional link before STP has  time to      transition the interface to forwarding mode

  • UDLD has two      modes of operation:
    • Normal mode       – UDLD will notice and log a unidirectional link condition, but the       interface is allowed to continue operating.
    • Aggressive mode       – UDLD will transmit 8 additional messages (1 per  second); if none       of these are echoed back the interface is placed in the        error-disabled state.
    • UDLD can be       enabled globally for all fiber interfaces, or per-interface

  • Global      command but it applies only to fiber ports
    • Switch(config)#       udld { enable | aggressive | message time }

  • The UDLD      message time can be from 7 to 90 seconds

  • To enable      udld for non fiber port enable same command on interface mode
    • Switch(config-if)#       udld { enable | aggressive | disable }

  • To disable      UDLD on a specific fiber port, use the following command:
    • Switch(config-if)#       udld disable

  • To disable      UDLD on a specific non-fiber port, use the following command:
    • Switch(config-if)#no       udld enable

  • To re-enable      all interfaces shut by UDLD, use the following:    
    • Switch#udld       reset

  • To verify      UDLD status, use the following:
    • Switch#show       udld interface

Loop guard

  • Loop guard      prevents form loop which occurs as  result of blocking port      transiting to forwarding state
    • If no        Bpdu are received on a blocked port for a specific length of  time.       Loop guard puts that port into “loop inconsistent”  blocking state
    • Loop Guard       automatically re-enables the port if it starts receiving BPDUs again.
    • It is most       effective when enabled in the entire switched network in conjunction with       UDLD.

  • To enable      Loop Guard for all point-to-point links on the switch, use the following      command:
    • Switch(config)#       spanning-tree loopguard default

  • To enable      Loop Guard on a specific interface, use the following:
    • Switch(config-if)#       spanning-tree guard loop

---------------------------------------------------------------------------

Regards

pandapower
Level 1
Level 1

‎10-01-2013 11:04 PM

Are the STP timers all at their default values? What SPT protection do you have in place? (BPDU Guard, Loop Guard, Root Guard, BPDU Filters)

I have included some commands that you can run to check what the current setup of the STP topology is (Which switch the Root bridge is, which ports are in what state, etc)

View all possible STP parameters for all VLANs. Port information is summarized.

Switch# show spanning-tree

View all possible STP information for all VLANs. Port information is very detailed.

Switch# show spanning-tree detail

View the total number of switch ports currently in each of the STP states.

Switch# show spanning-tree [vlan vlan-id] summary

Find the root bridge ID, the root port, and the root path cost.

Switch# show spanning-tree [vlan vlan-id] root

Show the bridge ID and STP timers for the local switch.

Switch# show spanning-tree [vlan vlan-id] bridge

Show the STP activity on a specific interface.

Switch# show spanning-tree interface type port

Show the STP UplinkFast status.

Switch# show spanning-tree uplinkfast

Show the STP BackboneFast status.

Switch# show spanning-tree backbonefast

Lastly - some definitions to help you in your quest for knowledge

Loopguard:- Unidirectional link failures may cause a root port or alternate port to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. The loop guard feature checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.

BPDU Guard:-BPDUGuard enables on access port which helps the switches to put the port in shut down mode once it receives the superior BPDU. e.g. In case of metro ethernet, SP puts switches at customer building and make that switch ar root bridge. Now imagine if some other customer switch sends a superior BPDU then the STP need to be converged again and lead of serious issues.

Rootguard:- It is enabled on the designated ports of root switch, so that if those ports listen to the superior BPDU then put that port in inconsistent state.

HTH

Julio Carvajal
VIP Alumni
VIP Alumni

‎10-02-2013 12:22 AM

Hello Naveen,

I think you are asking a question about what to do in that scenario right? Not that you are having an issue right now.

Well based on what you said:

So if we are unable to login to a switch how can we troubleshoot the issue and what will cause looping in a network even after STP is enabled. How to troubleshoot the STP looping issue

Well if you can access the devices just cross your fingers and pray to god that this is just a bad dream I mean if you cannot access it you will need to go to each redundant link and start disconnecting cables until you take out the one that was causing the loop

But why don't we configure the network in such a way that we can prevent this:

https://supportforums.cisco.com/docs/DOC-14223

That link will show you some guidelines my friend and remember to follow me on my website

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card