Wired Intelligent Edge (Campus Switching and Routing)

Reply
Contributor I

Loop-protect best practice

I have switches where on the uplinks to other switches, loop-protect is enabled, and the other switches work fine (bpdu-filter/protect/admin-edge-port disabled).

 

On other switches i have loop-protect specifically disabled for uplinks.

 

What's the recommended best practice?

 

Also a followup question regarding HP access points connected to HP/Aruba switches:

 

I know i need to disable port-security on AP ports or i get into trouble with more devices connected to it (than 3 for example). Do i also need to disable bpdu-filter/protect/admin-edge port/loop-protect on these ports?

Contributor I

Re: Loop-protect best practice

Anyone? :)

Occasional Contributor I

Re: Loop-protect best practice

Hello Pepe,

 

I can only speak for ourselves but we run the following configuration for all our switches, enabling it on all ports (so both uplink and edge ports) for as long as I can remember:

 

loop-protect <ALL_PORT_LIST> receiver-action send-disable
loop-protect trap loop-detected
loop-protect transmit-interval 1 disable-timer 300

 

Kind regards,

Niels Mejan

University of Twente

MVP Expert

Re: Loop-protect best practice

Hello @Nelis,

 

sorry for resurrecting this old thread but I was trying to optimize the loop-protect configuration on my network and I reading your statement:

 


@Nelis wrote: ...enabling it on all ports (so both uplink and edge ports) for as long as I can remember:

I've a question about using loop-protect on uplinks (where with uplink I mean inter-swtich link made via single interface or via aggregated interfaces): on interface(s) dedicated to uplink are you using the same parameter for loop-protect of edge interfaces or you experienced that other adjustments can be done with regards to action and/or disable timer values?

Occasional Contributor I

Re: Loop-protect best practice

Hello Parnassus,

 

We use the exact same configuration for edge ports as inter-switch uplink ports. The disable-timer is a global setting so you cannot have different timers for edge or uplink ports. You can configure different actions if you would want to.

 

Kind regards,

Niels Mejan

University of Twente

MVP Expert

Re: Loop-protect best practice

Yeah! good catch, correct...the disable timer is a global parameter. Thanks!

 

Edit: I admit I'm still in doubt if using loop-protect on a non-edge interface (as an uplink interface is) is good or not...I've broadly read that loop-protect is designed to be used on edge interfaces, not on uplinks.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: