Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Looping on unmanaged switches bringing down the whole network

We have a typical problem creeping up very frequently. In our campus there are some unmanaged netgear switches kept in conference rooms or at some users' cubicles. Sometimes the users before leaving the conference rooms, connect a cable back to back on two ports of the netgear switch which is creating a broadcast storm and bringing the entire campus network down. We have identified some ports and configured the broadcast storm to be under 1%. But whats a long term solution for this? Because some ports are still unidentified and even any time a user can connect a netgear switch at his cubicle and by mistake connect a cable back to back on this netgear switch. Please suggest any configuration task to be involved.

Involved switches are Cisco IOS and also Cat OS based switches (Catalyst 6000, 6500 and 5500)

4 REPLIES

Re: Looping on unmanaged switches bringing down the whole networ

We use NAC. Searching Cisco.com will provide plenty of reading material.

Re: Looping on unmanaged switches bringing down the whole networ

Maybe you can use bpduguard. If your cisco switch receives its own bpdu back because of a loop on the unmanaged switch, it will bring down the port. You can re-enable the port automatically after a certain period of time (and it will go down automatically as long as there is the loop).

Regards,

Francois

New Member

Re: Looping on unmanaged switches bringing down the whole networ

Hi,

I can use this bpduguard if I am aware of the ports connected to the unmanaged switches, but it is very difficult in our large campus to identify all such ports. I am just looking at a proactive approach for such problem.

Regards,

Subhash.

Re: Looping on unmanaged switches bringing down the whole networ

Hi,

you could probably use prot security with sticky learning MAC addresses on most ports.

If a broadcast frame is looped in an unmanaged switch and thus sent back to the campus, it would create a security violation (new source MAC) and error disable the port.

This could also happen from time to time, when someone connects additional devices, but there is always a price to pay.

Regards, Martin

528
Views
0
Helpful
4
Replies
CreatePlease login to create content