Loop Protect:
The Loop Protect functionality detects the unwanted physical loops in your network. You can enable or disable this functionality at an interface level. A proprietary protocol data unit (PDU) is used to detect the physical loops in the network. When the system detects a loop, it disables the port that sends the PDU.
Points to Remember
It is recommended that you enable Loop Protect on all the Layer 2 interfaces when the spanning tree is disabled on the switch.
The Loop Protect will not detect any loops when MSTP or PVST (on any VLAN) is enabled on the switch.
The Loop Protect functionality will work only on non-HSL interfaces. An error will be displayed when you try to enable this functionality on HSL interfaces.
Enabling Loop Protect Functionality
Port Loop Protect functionality is configured as part of the port level security configuration. You can attach the port-security profile to any Layer 2 interface. Loop protect include 2 function.
#1 – Loop protect …
Once a loop is detected; then what we do. As the previous paragraph has said, it will disable the port. The comment here is
(host) (Port security profile "TEST") #loop-protect <cr>
#2 – Recover …
Automatically enable the port back after a time period. Set a value for auto-recovery-time to enable the auto-recovery option.
The port will then be automatically recovered from the error after the specified time. If you set the auto-recovery-time value to 0, it disables the auto-recovery option. By default, auto-recovery is disabled. The command here is
(host) (Port security profile "TEST") #loop-protect auto-recovery-time
Time to recover port loop error in seconds.
Default: 0 (No Auto Recovery)
Allowed range: [0-65535]
You can also disable the auto-recovery option using the following command:
(host) (Port security profile "<profile-name>") #no loop-protect auto-recovery-time
To disable the Loop Protect functionality:
(host) (Port security profile "<profile-name>") #no loop-protect
(S2500) #show vlan
1 VLAN0001 GE0/0/0-47 GE0/1/0-1
(S2500) (config) #spanning-tree no mode
(S2500) (config) # show interface brief
Interface Admin Link Line Protocol Speed/Duplex
=========================================================
GE0/0/0 Enable Up Up 1 Gbps / Full
GE0/0/1 Enable Down Down N/A
GE0/0/2 Enable Up Up 1 Gbps / Full
GE0/0/3 Enable Down Down N/A
S2500) (config) #interface-profile port-security-profile LOOP_Protect
(S2500) (Port security profile "LOOP_Protect") #loop-protect <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Without setting auto-recovery time. Meaning auto-recovery=0
(ArubaS2500-48P-US) (Port security profile "LOOP_Protect") #loop-protect auto-recovery-time ? <<<<< Or set up auto-recovery time. Default=0
<recovery_timeout> Time to recover port loop error in seconds.
Default" 0 (No Auto Recovery) Allowed range: [0-65535]
(S2500) (Port security profile "LOOP_Protect") #exit
(S2500) (config) #interface gigabitethernet 0/0/0
(S2500) (gigabitethernet "0/0/0") #port-security-profile LOOP_Protect
(S2500) (gigabitethernet "0/0/0") #interface gigabitethernet 0/0/2
(S2500) (gigabitethernet "0/0/2") #port-security-profile LOOP_Protect
(S2500) (gigabitethernet "0/0/2") #show running-config | begin LOOP_Protect
Building Configuration...
interface-profile port-security-profile "LOOP_Protect"
loop-protect auto-recovery-time 0
!
spanning-tree
!
interface gigabitethernet "0/0/0"
port-security-profile "LOOP_Protect"
!
interface gigabitethernet "0/0/2"
port-security-profile "LOOP_Protect"
!
(S2500) (gigabitethernet "0/0/2") #show interface brief
Interface Admin Link Line Protocol Speed/Duplex
======================================================
GE0/0/0 Enable Down Down N/A
GE0/0/1 Enable Down Down N/A
GE0/0/2 Enable Down Down N/A
GE0/0/3 Enable Down Down N/A