Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Loop-protect best practice

This thread has been viewed 28 times

  • 1.  Loop-protect best practice

    Posted Jul 23, 2018 04:13 AM

    I have switches where on the uplinks to other switches, loop-protect is enabled, and the other switches work fine (bpdu-filter/protect/admin-edge-port disabled).

     

    On other switches i have loop-protect specifically disabled for uplinks.

     

    What's the recommended best practice?

     

    Also a followup question regarding HP access points connected to HP/Aruba switches:

     

    I know i need to disable port-security on AP ports or i get into trouble with more devices connected to it (than 3 for example). Do i also need to disable bpdu-filter/protect/admin-edge port/loop-protect on these ports?



  • 2.  RE: Loop-protect best practice

    Posted Jul 24, 2018 09:45 AM

    Anyone? :)



  • 3.  RE: Loop-protect best practice

    Posted Jul 25, 2018 10:10 AM

    Hello Pepe,

     

    I can only speak for ourselves but we run the following configuration for all our switches, enabling it on all ports (so both uplink and edge ports) for as long as I can remember:

     

    loop-protect <ALL_PORT_LIST> receiver-action send-disable
    loop-protect trap loop-detected
    loop-protect transmit-interval 1 disable-timer 300

     

    Kind regards,

    Niels Mejan

    University of Twente



  • 4.  RE: Loop-protect best practice

    MVP GURU
    Posted Mar 25, 2019 05:40 AM

    Hello @Nelis,

     

    sorry for resurrecting this old thread but I was trying to optimize the loop-protect configuration on my network and I reading your statement:

     

    @Nelis wrote: ...enabling it on all ports (so both uplink and edge ports) for as long as I can remember:

    I've a question about using loop-protect on uplinks (where with uplink I mean inter-swtich link made via single interface or via aggregated interfaces): on interface(s) dedicated to uplink are you using the same parameter for loop-protect of edge interfaces or you experienced that other adjustments can be done with regards to action and/or disable timer values?



  • 5.  RE: Loop-protect best practice

    Posted Mar 25, 2019 06:31 AM

    Hello Parnassus,

     

    We use the exact same configuration for edge ports as inter-switch uplink ports. The disable-timer is a global setting so you cannot have different timers for edge or uplink ports. You can configure different actions if you would want to.

     

    Kind regards,

    Niels Mejan

    University of Twente



  • 6.  RE: Loop-protect best practice

    MVP GURU
    Posted Mar 25, 2019 07:56 AM

    Yeah! good catch, correct...the disable timer is a global parameter. Thanks!

     

    Edit: I admit I'm still in doubt if using loop-protect on a non-edge interface (as an uplink interface is) is good or not...I've broadly read that loop-protect is designed to be used on edge interfaces, not on uplinks.