Re: How to configure Loopguard (errdisable detect cause loopback) the right way (2960 or later)

roesch4alc · ‎01-20-2021

Hi,

I´m wondering, how to configure this feature correctly? We want to use it as an alternative or as an addition to spanning tree based loop detection. I configured a 2960 like that:

errdisable detect cause loopback

errdisable recovery cause loopback
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4

!

So its a very simple config without any special settings. When I now connect a cable between to ports on the same switch, I expect the Loopback packet to be send out on each Port, but after that also sent back because of the loop created. I can see the loopback packets in wireshark:

I also created a loop on a switch on one port of this switch. The links do not go down at all and I am not able to trigger the errdisable message.

IOS Version: flash:/c2960s-universalk9-mz.152-2.E9.bin

Does somebody have this up and running? Is something wrong or should it work?

balaji.bandi · ‎01-20-2021

the port do not have config at all to disable the port -

errdisable recovery cause loopback - this is for recovery.

Enabling Loop Guard - below reference.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swstpopt.html#14020

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

roesch4alc · ‎01-20-2021

Hello, I think you didn´t read my message. You referenced, the Spanning Tree based loop detection. I stated, that I am looking for an alternate solution, only based on this command "errdisable detect cause loopback".

But I also didn´t put in all of my config. Here it is:

errdisable detect cause loopback

errdisable recovery cause loopback
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2

!

balaji.bandi · ‎01-20-2021

i may have over looked your orginal post, are you looking alternative option to detect loop and block the port ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

roesch4alc · ‎01-20-2021

Correct, I´m looking for an alternate solution to stp based loop protection. And because there is this feature based on Keepalives, I would like to test it, but it doesn´t actually work.... I also do not find much information about that. I´m wondering, why this feature is more off topic....

balaji.bandi · ‎01-20-2021

i can only think of securing the port with security features? - this is based on my understanding. but look like you looking alternative option if the port get looped - just thought and added my comments below (i looked on a different angle than your looking to achieve - apologise for that and i can understand your views)

EDIT :

The most common cause for "err-disable loopback detect" as a result of keeping keepalives enabled (default) and these packets momentarily looping back to the same port from which they originated.

But sometimes it all depends on the switch model it behaves differently, checks on the port configuration, by issuing show run all, or show interface x/x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

roesch4alc · ‎01-20-2021

Maybe someone else knows, why the non STP Based Loopback detection is actually not working...

Leo Laohoo · ‎01-20-2021

Post the complete output to the following commands:

sh post
sh interface <PORT> controll

roesch4alc · ‎01-21-2021

Here you go. Ports used are now gi1/0/3 and Gi1/0/4

Switch#sh post
Load for five secs: 18%/0%; one minute: 19%; five minutes: 19%
No time source, *04:28:38.809 UTC Mon Jan 2 2006

Stored system POST messages:

Switch 1
---------

POST: MA BIST : Begin
  FC 1   MBIST Test Passed.
  DP Sg1 MBIST Test Passed.
  DP Xg1 MBIST Test Passed.
  NI 1   MBIST Test Passed.
  FC 0   MBIST Test Passed.
  DP Sg0 MBIST Test Passed.
  DP Xg0 MBIST Test Passed.
  NI 0   MBIST Test Passed.
  UPB    MBIST Test Passed.
POST: MA BIST : End, Status Passed

POST: TCAM BIST : Begin
POST: TCAM BIST : End, Status Passed

POST: Inline Power Controller Tests : Begin
POST: Inline Power Controller Tests : End, Status Passed

POST: Thermal, Fan Tests : Begin
POST: Thermal, Fan Tests : End, Status Passed

POST: PortASIC Stack Port Loopback Tests : Begin
POST: PortASIC Stack Port Loopback Tests : End, Status Passed

POST: PortASIC Port Loopback Tests : Begin
POST: PortASIC Port Loopback Tests : End, Status Passed

POST: EMAC Loopback Tests : Begin
POST: EMAC Loopback Tests : End, Status Passed

Switch#sh int gi1/0/3 controller
Load for five secs: 27%/0%; one minute: 19%; five minutes: 19%
No time source, *04:29:52.807 UTC Mon Jan 2 2006

GigabitEthernet1/0/3 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is ecc8.829c.9c83 (bia ecc8.829c.9c83)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:06, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1 packets input, 64 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     1 packets output, 64 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

     Transmit GigabitEthernet1/0/3            Receive
           64 Bytes                               64 Bytes
            1 Unicast frames                       1 Unicast frames
            0 Multicast frames                     0 Multicast frames
            0 Broadcast frames                     0 Broadcast frames
            0 Too old frames                      64 Unicast bytes
            0 Deferred frames                      0 Multicast bytes
            0 MTU exceeded frames                  0 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                   0 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames                   1 Minimum size frames
            0 8 collision frames                   0 65 to 127 byte frames
            0 9 collision frames                   0 128 to 255 byte frames
            0 10 collision frames                  0 256 to 511 byte frames
            0 11 collision frames                  0 512 to 1023 byte frames
            0 12 collision frames                  0 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
            1 64 byte frames                       0 Valid frames, too small
            0 127 byte frames
            0 255 byte frames                      0 Too old frames
            0 511 byte frames                      0 Valid oversize frames
            0 1023 byte frames                     0 System FCS error frames
            0 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

Switch#

Switch#sh int gi1/0/4 controller
Load for five secs: 18%/0%; one minute: 19%; five minutes: 19%
No time source, *04:30:48.371 UTC Mon Jan 2 2006

GigabitEthernet1/0/4 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is ecc8.829c.9c84 (bia ecc8.829c.9c84)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     7 packets input, 448 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     7 packets output, 448 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

     Transmit GigabitEthernet1/0/4            Receive
          448 Bytes                              448 Bytes
            7 Unicast frames                       7 Unicast frames
            0 Multicast frames                     0 Multicast frames
            0 Broadcast frames                     0 Broadcast frames
            0 Too old frames                     448 Unicast bytes
            0 Deferred frames                      0 Multicast bytes
            0 MTU exceeded frames                  0 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                   0 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames                   7 Minimum size frames
            0 8 collision frames                   0 65 to 127 byte frames
            0 9 collision frames                   0 128 to 255 byte frames
            0 10 collision frames                  0 256 to 511 byte frames
            0 11 collision frames                  0 512 to 1023 byte frames
            0 12 collision frames                  0 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
            7 64 byte frames                       0 Valid frames, too small
            0 127 byte frames
            0 255 byte frames                      0 Too old frames
            0 511 byte frames                      0 Valid oversize frames
            0 1023 byte frames                     0 System FCS error frames
            0 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

Switch#