Detect and prevent/mitigate non-STP loop

berniebbow1 · ‎03-31-2015

I have a site where non-STP loop can happen very easily - I won't bother you with details.

non-STP loop in my environment is when you interconnect one wall jack with another which is equivalent to interconnecting two switch ports on same switch.

Since this situation eats CPU, I need a way to break the loop:

1) detect: need EEM script to detect massive MAC flapping* and eventually shutdown a port

2) prevent/mitigate: what are recommended switchport settings?

* I have MAC flapping from time to time due to clients roaming between APs, but it's not massive (2-3 records per MAC in syslog).

Vasilii Mikhailovskii · ‎04-01-2015

Hello.

Why don't you use STP to prevent loops?

berniebbow1 · ‎04-02-2015

What STP configuration solve my problem?

Vasilii Mikhailovskii · ‎04-02-2015

Hello.

I think default STP configuration would solve the issue unless you run some special network design.

berniebbow1 · ‎04-03-2015

I have STP enabled (Rapid STP per VLAN).

Ports are not configured as portfast, BPDU guard is enabled.

AFAIK STP will not deal with two interconnected ports on same switch

Vasilii Mikhailovskii · ‎04-03-2015

Hello.

STP will deal with two interconnected ports on same switch

And BPDU guard would even help here.

Leo Laohoo · ‎04-02-2015

* I have MAC flapping from time to time due to clients roaming between APs, but it's not massive (2-3 records per MAC in syslog).

If this is the "cause" of your loops then you need to look at how to configure EtherChannel. "MAC flapping when client roams between APs" is a sure sign EtherChannel is NOT configured (properly) on the uplink/downlink ports.

berniebbow1 · ‎04-03-2015

This is not the cause of my loops.