Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Loop protection


in our network, when a user connects a third party mini-switch (that doesn't have STP) to an outlet and creates a loop (connecting 2 ports of the mini-switch with each other), this causes the cpu of our core switch to go to 99%.

I would like to know why.

And I also would like to know what we can do to protect us.

Everyone's tags (1)
VIP Super Bronze

Loop protection


Try enabling bpdu guard on switch posts connecting to these third part devices.

here is good doc to look at:


Loop protection

My guess is that the third party switch does not run STP and that it consumes the BPDUs. Normally the BPDUs would loop back and the Cisco switch could detect it but I think this device is consuming the BPDU without participating in STP.

A catastrophy by design!

So there is no way of stopping the loop at the Cisco device, you can only cut your losses so to speak. Some things that you can implement:

Port security - Limit the number of MAC addresses per port, shut down the port if there is a violation

Storm control - Limit how much multicast/broadcast can come through the port

Basically it's a policy violation as well. The users need to understand what happens when they do this. Only approved devices should be allowed to connect to the network.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
CreatePlease to create content