Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Loop protection

Hi,

in our network, when a user connects a third party mini-switch (that doesn't have STP) to an outlet and creates a loop (connecting 2 ports of the mini-switch with each other), this causes the cpu of our core switch to go to 99%.

I would like to know why.

And I also would like to know what we can do to protect us.

Everyone's tags (1)
2 REPLIES
VIP Super Bronze

Loop protection

Hi,

Try enabling bpdu guard on switch posts connecting to these third part devices.

here is good doc to look at:

https://supportforums.cisco.com/docs/DOC-11825

HTH

Loop protection

My guess is that the third party switch does not run STP and that it consumes the BPDUs. Normally the BPDUs would loop back and the Cisco switch could detect it but I think this device is consuming the BPDU without participating in STP.

A catastrophy by design!

So there is no way of stopping the loop at the Cisco device, you can only cut your losses so to speak. Some things that you can implement:

Port security - Limit the number of MAC addresses per port, shut down the port if there is a violation

Storm control - Limit how much multicast/broadcast can come through the port

Basically it's a policy violation as well. The users need to understand what happens when they do this. Only approved devices should be allowed to connect to the network.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
255
Views
0
Helpful
2
Replies
CreatePlease to create content