Solved: Method for detecting loops.....

jimmysands73_2 · ‎09-24-2012

I am a network tech at a local school district (easily enterprise network). I am just a worker bee, so have no say in the design of the networks. Our topo at a site goes WAN rtr---LAN rtr (6500 of 3550)----distro switches----access switches.

Now at most of our sites we use Extreme, which has a handy feature called ELRP Extreme Loop Recovery Protocol, despite the name, this mechanism just detects loops, in the logs we can see, ok...off the LAN rtr, port 2, then on port 2 we see whats hanging off it...ok, loop off port 5 of that switch.....and work your way down the room.

We do not have STP on our network (dont ask) and yes, logging is not set to standards also......what is the best way to detect loops? Commonly these loops come from classrooms that have mini-sw's that are looped onto themselves or a wall jack connected to mini sw and that mini sw then connected to another wall drop going back to same sw. Sometimes I disable all ports minus the WAN uplink on the LAN router, then enabled ports one by one while having a LR hooked up to a user facing rj45 port on the 6500 and when the LR (link runner) shows 100% util, I know that port is now suspect.

Normally I clear counters then look for abnormally high traffic....but this sometimes leads me on wild goose chases.

Any other ideas for chasing loops in an enviroment that does not use STP?

Thanks

Alessio Andreoli · ‎09-26-2012

This is something else you can do (from techtarget.com):

 A packet sniffer, such as WireShark can also help you to identify if the loop. Look for duplicate packets, with increased TTL. Look in several places around the network. If possible get a 10/100Mbps hub, and put it in-line with the network, and connect the PC with WireShark to the hub (only 3 conections to the hub), which allows you to easily see the traffic, with no config changes to the network. There is no 'magic bullet' to fix a loop. It needs some investigation, and a good knowledge of the network topology. I hope these tips help to get you started.

The matching actions can be taken enabling the debug for packets in detail. Another method could be to write down an ACL that drops and log packets with an excessivly big TTL value.

Hope this helps

Alessio

View solution in original post

pompeychimes · ‎09-27-2012

Physically you can look at the switch LED's. They'll typically be flashing at the same time.

On the CLI you'll likely see higher than normal CPU util.

The same mac addresses showing up on the different switchports would also be an indicator.

More than one mac address per access port would be another clue.

I'd also look interface counters, specifically input, output, and broadcast counters.

James

View solution in original post

Alessio Andreoli · ‎09-25-2012

Hi jimmy,

if for any strange case you cannot deploy STP i would suggest to deploy layer 3 routing implementing Is-Is or EIGRP or OSPF.

Check any way all the trunks and redesign the topology emulating a binary tree. Even without an STP instance(s) a binary tree is a loop-free structure that you can implement without the auxilium of STP or routing protocols.

Hope this helps

Alessio

jimmysands73_2 · ‎09-25-2012

Again, I network tech, in a school distrcit with 380+ sites. A redesign would not be an option. I was just curious how one would discover layer 2 loops in an topology using only CLI commands.

Alessio Andreoli · ‎09-26-2012

This is something else you can do (from techtarget.com):

 A packet sniffer, such as WireShark can also help you to identify if the loop. Look for duplicate packets, with increased TTL. Look in several places around the network. If possible get a 10/100Mbps hub, and put it in-line with the network, and connect the PC with WireShark to the hub (only 3 conections to the hub), which allows you to easily see the traffic, with no config changes to the network. There is no 'magic bullet' to fix a loop. It needs some investigation, and a good knowledge of the network topology. I hope these tips help to get you started.

The matching actions can be taken enabling the debug for packets in detail. Another method could be to write down an ACL that drops and log packets with an excessivly big TTL value.

Hope this helps

Alessio

pompeychimes · ‎09-27-2012

Physically you can look at the switch LED's. They'll typically be flashing at the same time.

On the CLI you'll likely see higher than normal CPU util.

The same mac addresses showing up on the different switchports would also be an indicator.

More than one mac address per access port would be another clue.

I'd also look interface counters, specifically input, output, and broadcast counters.

James

jimmysands73_2 · ‎09-27-2012

Thanks all! Great feekback!

hmossalam · ‎08-14-2020

Hi,how can i stop loop back in new switch configuration ?