Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2889
Views
0
Helpful
6
Replies

UCS loop protection

Henry Rehne
Level 1
Level 1

‎11-22-2012 11:21 AM - edited ‎03-07-2019 10:12 AM

I have a requirement to enable Loop Prevention methods to a pair of UCS switches.
We had a situation where a server was incorrectly configured to bridge its two interfaces, causing a loop back towards the network and causing severe impact.

We urgently need to enable features like BPDU guard and Storm-control to protect the network.

Does anyone have any experience with this issue?

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-22-2012 11:24 AM

Can you provide a drawing and tell us what the connectivity look like?

Do the UCS  devices connect to FEXs or 5Ks?

What type of device are you using?

0 Helpful

Henry Rehne
Level 1
Level 1
In response to Reza Sharifi

‎11-22-2012 11:39 AM

Hi,

2x UCS 6140 switches connected to 2x nexus 2000 FEX switches and part of 2x nexus 5596 switches in a VPC pair.
Thanks for the quick response.
I'm unable to provide a diagram at the moment.

Sent from Cisco Technical Support iPad App

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Henry Rehne

‎11-22-2012 11:56 AM

Your design should not cause any loop. Are the 6100 cross connected using the L1 and L2 ports?

You can also connect the 6100 directly to the 5ks.

Regarding BPDU Guard:

The                  Fabric Extender                 provides end-host connectivity into the network fabric. As a result,  BPDU Guard is enabled on all its host interfaces. If you                 connect a bridge or switch to a host interface, that interface is  placed in an                 error-disabled state when a BPDU is received.

You cannot disable BPDU Guard on the host interfaces of the                  Fabric Extender.

More info:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/502_n1_1m/Cisco_n5k_layer2_config_gd_rel_502_N1_1_chapter16.html

HTH

0 Helpful

Henry Rehne
Level 1
Level 1
In response to Reza Sharifi

‎11-22-2012 12:04 PM

Thanks.

Each 6140 is connected to a separate 2k with L1 & L2 in a Port-Channel.
Somehow the server bridging wasn't stopped by any BPDU guard err-disabling the ports. On the 5k or the UCS.
Also the 5k doesn't support Storm-Control on any FEX ports thus not limiting the broadcast storm towards the network.
Hence the consideration to improve the protection on the UCS switches.

Sent from Cisco Technical Support iPad App

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Henry Rehne

‎11-22-2012 12:34 PM

Each 6140 is connected to a separate 2k with L1 & L2 in a Port-Channel.

Are you sure that is the correct way to uplink the 6140s?  From what I have seen, the L1 & L2 ports are for clustering the 6100 or 6200 series together.

0 Helpful

Henry Rehne
Level 1
Level 1
In response to Reza Sharifi

‎11-26-2012 04:48 AM

Hi, you're correct sorry.
The L1 and L2 is connected between the two 6100 switches and two of the other ports were used for uplinks.
I've managed to arrange for a test UCS system for our Lab and will test the configuration and connectivity their.
I'll connect the two uplinks in a VPC back to the n5k's and configure Storm-Control on the ports on the n5k.

It doesn't appear like the 6100 even runs spanning-tree or supports features like storm-control or BPDU-guard to any server NIC's.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card