Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2106
Views
0
Helpful
2
Replies

Layer 2 Loop in Branch Network

Go to solution
harsha senaratna
Level 1
Level 1

‎10-10-2015 09:42 PM - edited ‎03-08-2019 02:09 AM

hi all,

In my branch office , there is a layer 2 going on. Only two vlans exists for Data (vlan 10) and Management (Vlan 20).
My branch LAN topology look like following:

Cisco Router (fa0/0.10) ---> SW 1 (Trunk - gi 0/2)
                                                       (Trunk - gi 0/1) ----> SW 2 (Trunk - gi 0/1)

I did the following configuration to all access ports in all switches.
Access Port Config :

switchport port-security maximum 2
switchport port-security
spanning-tree portfast
spanning-tree bpdufilter enable

There is no any security violations and still problem prevails. How do I resolve this issue ?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
joe19366
Level 1
Level 1

‎10-11-2015 02:46 AM

Hi there,

 

Sounds like you have a device connected to the network that is fwd traffic up and down a single port, and or a cable from your cisco switch back to itself.

 

first, NEVER run "spanning-tree bpdufilter enable" when you have a loop. your likely PREVENTING STP from doing its job - and finding out redundant paths to root and staying fwd when it should block.

 

spanning-tree bpdufilter enable is like turning off spanning-tree in many cases. the ONLY time you should EVER use that command is when connecting to a device YOU DO NOT control that will have an error if it hears a bpdu.

So, once you remove that command from all ports if you STILL have a loop, i recommend enabling BPDUGUARD on each port which you some how missed. BPDU GUARD can be enabled on ANY switchport that is not a link to another switch in your topology. this will disable any interface that is looped back to your own switch either directly with a single cable or through a switch or device in your infrastructure.

 

let us know...

 

thanks,

Joe

#19366

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
joe19366
Level 1
Level 1

‎10-11-2015 02:46 AM

Hi there,

 

Sounds like you have a device connected to the network that is fwd traffic up and down a single port, and or a cable from your cisco switch back to itself.

 

first, NEVER run "spanning-tree bpdufilter enable" when you have a loop. your likely PREVENTING STP from doing its job - and finding out redundant paths to root and staying fwd when it should block.

 

spanning-tree bpdufilter enable is like turning off spanning-tree in many cases. the ONLY time you should EVER use that command is when connecting to a device YOU DO NOT control that will have an error if it hears a bpdu.

So, once you remove that command from all ports if you STILL have a loop, i recommend enabling BPDUGUARD on each port which you some how missed. BPDU GUARD can be enabled on ANY switchport that is not a link to another switch in your topology. this will disable any interface that is looped back to your own switch either directly with a single cable or through a switch or device in your infrastructure.

 

let us know...

 

thanks,

Joe

#19366

 

0 Helpful

Go to solution
harsha senaratna
Level 1
Level 1
In response to joe19366

‎10-11-2015 03:07 AM

Thanks Joe for your support.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card