Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Loopback bringing network down

Hi, tricky one. We've just taken over management of a site and my responsibility is for their Pix. This customer has 2 other sites that connect via MPLS (looked after by BT) who's traffic is filtered by the pix. However, one of these sites has an issue whereby if one of the users plugs a network cable into 2 ports it slowly brings down the network and stops access to our site. Given that this site is a school and the users are students, this happens quite often.

Would I be right in thinking that any solution would need to be implemented on either the switch or router at the remote site? As I dont know must about routing protocols for switches or routers is there any advice I can give them given that I dont have any access to that site and is there anything I can implement on the firewall to help.

Thanks, Rex.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Loopback bringing network down

My guess is that it is best solved with spanning tree in the switches.

If they have "new" cisco switches then try to enable rapid spanning tree (if all the switches support it) and set the ports to portfast (it works nice with rapid)

if the switches does not support rapid spanning tree, then use the "normal" spanning tree but do not set the ports to portfast (unless they are for a server)

Since it is a school there are probably some bright kids there so there are some nice features that there is a possibility to implement fx floodguard and bpdu guard features.

And no there is nothing you can do on your end. This is a local problem.

HTH

4 REPLIES
Gold

Re: Loopback bringing network down

My guess is that it is best solved with spanning tree in the switches.

If they have "new" cisco switches then try to enable rapid spanning tree (if all the switches support it) and set the ports to portfast (it works nice with rapid)

if the switches does not support rapid spanning tree, then use the "normal" spanning tree but do not set the ports to portfast (unless they are for a server)

Since it is a school there are probably some bright kids there so there are some nice features that there is a possibility to implement fx floodguard and bpdu guard features.

And no there is nothing you can do on your end. This is a local problem.

HTH

Community Member

Re: Loopback bringing network down

Thanks, just the answer I was looking for. I'll pass this info on to those that look after the switches at the remote site to sort.

Gold

Re: Loopback bringing network down

There is one drawback to using the old spanning tree and that is that the switches do not open the port until aprox 30 seconds, that can affect the dhcp process depending on how fast the computers are.

"old" spanning-tree

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi2/cwsiug2/vlan2/stpapp.htm

Rapid Spanning-tree

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

HTH

Community Member

Re: Loopback bringing network down

Thanks again.

542
Views
0
Helpful
4
Replies