Wired Intelligent Edge

 View Only
  • 1.  Loop-protect best practice

    Posted Jul 23, 2018 04:13 AM

    I have switches where on the uplinks to other switches, loop-protect is enabled, and the other switches work fine (bpdu-filter/protect/admin-edge-port disabled).

     

    On other switches i have loop-protect specifically disabled for uplinks.

     

    What's the recommended best practice?

     

    Also a followup question regarding HP access points connected to HP/Aruba switches:

     

    I know i need to disable port-security on AP ports or i get into trouble with more devices connected to it (than 3 for example). Do i also need to disable bpdu-filter/protect/admin-edge port/loop-protect on these ports?



  • 2.  RE: Loop-protect best practice

    Posted Jul 24, 2018 09:45 AM

    Anyone? :)



  • 3.  RE: Loop-protect best practice

    Posted Jul 25, 2018 10:10 AM

    Hello Pepe,

     

    I can only speak for ourselves but we run the following configuration for all our switches, enabling it on all ports (so both uplink and edge ports) for as long as I can remember:

     

    loop-protect <ALL_PORT_LIST> receiver-action send-disable
    loop-protect trap loop-detected
    loop-protect transmit-interval 1 disable-timer 300

     

    Kind regards,

    Niels Mejan

    University of Twente



  • 4.  RE: Loop-protect best practice

    Posted Mar 25, 2019 05:40 AM

    Hello @Nelis,

     

    sorry for resurrecting this old thread but I was trying to optimize the loop-protect configuration on my network and I reading your statement:

     


    @Nelis wrote: ...enabling it on all ports (so both uplink and edge ports) for as long as I can remember:

    I've a question about using loop-protect on uplinks (where with uplink I mean inter-swtich link made via single interface or via aggregated interfaces): on interface(s) dedicated to uplink are you using the same parameter for loop-protect of edge interfaces or you experienced that other adjustments can be done with regards to action and/or disable timer values?



  • 5.  RE: Loop-protect best practice

    Posted Mar 25, 2019 06:31 AM

    Hello Parnassus,

     

    We use the exact same configuration for edge ports as inter-switch uplink ports. The disable-timer is a global setting so you cannot have different timers for edge or uplink ports. You can configure different actions if you would want to.

     

    Kind regards,

    Niels Mejan

    University of Twente



  • 6.  RE: Loop-protect best practice

    Posted Mar 25, 2019 07:56 AM

    Yeah! good catch, correct...the disable timer is a global parameter. Thanks!

     

    Edit: I admit I'm still in doubt if using loop-protect on a non-edge interface (as an uplink interface is) is good or not...I've broadly read that loop-protect is designed to be used on edge interfaces, not on uplinks.