Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1699
Views
15
Helpful
19
Replies

STP loop

kamalnathsingh
Level 1
Level 1

‎09-03-2007 11:02 PM - edited ‎03-05-2019 06:15 PM

Last night i had a bad day. STP loop occur in one of core switch.

connection is like that

core switch -> HUB -> hub

between this hub to hub two cables are connected. which cause loop. I just wondering why this port didn't go to block state. though i have enabled portfast disable on the port.

Loop

regards,

Kamalnath

Labels:
0 Helpful
19 Replies 19

kamalnathsingh
Level 1
Level 1
In response to Francois Tallet

‎09-14-2007 11:48 PM

Hi Francois,

thanks for your suggestion. last night i did testing after enabling the bpduguard and root guard feature. it works for hub to hub connection.

but when i did the testing with basic dlink switch it doesn't work. core switch didn't detected bpdu guard.

core switch -> dlink switch -> self looped

0 Helpful

Francois Tallet
Level 7
Level 7
In response to kamalnathsingh

‎09-16-2007 09:32 PM

Hi Kamalnath,

Two potential reasons I can think of:

-1- the dlink is not running STP but is dropping BPDUs. That would be a very bad idea but I've seen this behavior on some switches.

-2- the dlink is running STP, and is not sending any bpdu back to the core switch. This is possible as the core switch generally has a higher priority and is thus designated. The dlink have just a root port on the core switch and is just silent (and, as a consequence invisible to the core switch). Note that there is a short race condition at link up: if the dlink sends its BPDU before the core switch, the core switch will be able to detect it and shut the port down. So the burden of preventing the loop is moved down to the dlink switch in that case.

Unfortunately, I don't have a solution for either case... The core switch cannot do anything if it does not receive its BPDU back:-( Eventually, there is a limit to what you can do to prevent user configuration error. When you think of it, even without a loop, a user can still introduce line rate traffic in your network from a single port...

Regards,

Francois

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to Francois Tallet

‎09-16-2007 10:47 PM

There is a third possibility: that he has bdpu-filter ebanbled. That would stop the switch transmitting BPDUs out the port. If he has bpdu-filter on either of the ports facing the hub, then that would explain why he gets a loop when the two hubs get connected together. IMHO, bpdu-filter should not be enabled except in some very specific exceptional circumstances. Please confirm there are no bpdu-filters.

Please also do a show spanning-tree on each switch and post the result.

Kevin Dorrell

Luxembourg

0 Helpful

kamalnathsingh
Level 1
Level 1
In response to Kevin Dorrell

‎09-16-2007 10:50 PM

yes. I didn't enable bpdu-filter..

kamal

0 Helpful

paul.matthews
Level 5
Level 5
In response to kamalnathsingh

‎09-10-2007 11:36 AM

This isn't strictly an STP loop but a packet loop.

How to avoid? BPDU guard would put the port into err-disable (shut it down) if it saw a BPDU. Do not use guard and filter together - filter works first so you don't get the effect of guard. In this case they may not have had much effect.

What is really needed is a policy, and use the technology to back that up.

The policy states no unauthorised hubs or switches.

Use BPDU Guard on all "edge" ports, so that is a user connects a switch the port is effectively closed and they have to come begging if they want it reopened.

Use port security with a max address set to one for a user port or three for a port with an IP phone. That way if a user plugs in a single hub there is no benefit to them as it won't allow more than one user device.

This is then a technical enforcement of the stated policy, but you need to have something in place for how to deal with people that break the policy - loss of bonus? dismissal? black mark and you set their port to 10M Half duplex along with marking all their traffic as first to be discarded in QoS?

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card