Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
2
Replies

Loop protection

HenkRoggeman
Level 1
Level 1

‎12-18-2013 01:46 AM - edited ‎03-07-2019 05:08 PM

Hi,

in our network, when a user connects a third party mini-switch (that doesn't have STP) to an outlet and creates a loop (connecting 2 ports of the mini-switch with each other), this causes the cpu of our core switch to go to 99%.

I would like to know why.

And I also would like to know what we can do to protect us.

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-18-2013 05:00 AM

Hi,

Try enabling bpdu guard on switch posts connecting to these third part devices.

here is good doc to look at:

https://supportforums.cisco.com/docs/DOC-11825

HTH

0 Helpful

daniel.dib
Level 7
Level 7

‎12-18-2013 06:43 AM

My guess is that the third party switch does not run STP and that it consumes the BPDUs. Normally the BPDUs would loop back and the Cisco switch could detect it but I think this device is consuming the BPDU without participating in STP.

A catastrophy by design!

So there is no way of stopping the loop at the Cisco device, you can only cut your losses so to speak. Some things that you can implement:

Port security - Limit the number of MAC addresses per port, shut down the port if there is a violation

Storm control - Limit how much multicast/broadcast can come through the port

Basically it's a policy violation as well. The users need to understand what happens when they do this. Only approved devices should be allowed to connect to the network.

Daniel Dib
CCIE #37149

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents