Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
4
Replies

STP Loops in the Campus network

palukuri77
Level 1
Level 1

‎12-21-2006 06:48 AM - edited ‎03-05-2019 01:27 PM

We do have a Campus Network with a mixture of 5500 & 6500 series switches. We do face a typical problem when one of the user makes a loop by connecting back to back port on the unmanaged switches connected in the conference rooms. We did enable bpdu guard but still the stp loops occur and the network becomes stand still. The core switches have HSRP configured for all the VLANs and they keep on generating the messages " 006-12-20 14:44:55 Local7.Error 131.101.77.252 241151: Dec 20 14:44:54: %STANDBY-3-DUPADDR: Duplicate address 131.101.117.252 on Vlan117, sourced by 0017.dfe0.5000" and the VLANs keep on changing the HSRP states. Is there any way to come out of this problem as the no. of unmanaged switches is not under control for identification.

Labels:
0 Helpful
4 Replies 4

Francois Tallet
Level 7
Level 7

‎12-21-2006 10:50 AM

If you enable bpduguard, don't enable any kind of bpdufilter on your end user interface (I don't know if you did it though). This way, if an end user creates a loop using a device that does not generate bpdus itself (like a hub), bpduguard will still be able to receive something and block the port. Note that even without bpduguard, stp should be able to block that kind of loop if there is no bpdufilter. The problem is that the devices that are used to introduce the loop might also drop bpdus. There is nothing much stp can do in that case and I think the most simple solution that is currently available is to use some form of port security.

Regards,

Francois

0 Helpful

palukuri77
Level 1
Level 1
In response to Francois Tallet

‎12-22-2006 02:35 AM

We are not using any form of bpdufilter. As I said in such a big campus network, its very difficult to identify where such unmanaged switches/hubs are placed. Which in turn makes difficult to enable port security. Which form of portsecurity are you suggesting for?

0 Helpful

bbaillie
Level 1
Level 1
In response to palukuri77

‎12-26-2006 12:52 PM

The command bpduguard only works if the port in question has spanningtree portfast enabled and then receives a bpdu which causes an err-disable shutdown of the port. The commands that you want are "spanningtree loopguard", "errdisable" and "errdisable recovery". these need to be placed as close to the access layer switches as possible.

Loopguard reference:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml

Err disable reference:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

Cheers,

Brian

0 Helpful

mbuillon
Level 1
Level 1

‎12-22-2006 03:04 AM

Hi,

You can force user to use specificated switch.

In our plan we use the command:

Switchport portsecurity

switch portsecurity violation restrict

With this, users cant connecter a switch loops doesnt occur.

Then you can impose Cisco switchs with proper spanning tree configuration.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card