Solved

Data Cable looped back, Took down Network.. Need help Preventing

Posted on 2013-02-01
7
817 Views
Last Modified: 2013-08-23
Hello,

Please forgive me for any networking ignorance below. I'm not well versed in STP and other Switch Security Features.
-----------------------------------
Today we had a user plug their Data Network Cable coming from the wall into their Voice Network jack (also coming from the wall). Because the PVID on the Voice Network is the same as the Data Network (Mulit-purpose Jacks for Computers and phones) It caused a portion of the network to crash until the loopback was found.

The Trouble is that it was looped between 2 Separate switches from 2 different manufactures. How can I prevent things like this from happening in the future?

Typically in a loopback situation I check ports for errors. In this situation, every port showed no Errors. We finally went desk to desk and found the problem. It felt like it was a loopback issue even though no port errors were showing up.

I know there are STP and BPDU settings that are supposed to help with this but I'm not sure how to correctly set my devices.

It would have been great if one of the switches could have detected the problem and disabled or Flagged the port.

The two switches in question are:
Netgear GS748TPS
HP (3com) Baseline Switch 2952

How do I prevent this from happening in the future?
Thanks in advance.
0
Comment
Question by:varesources
  • 3
  • 2
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Garry-G
ID: 38846256
> How do I prevent this from happening in the future?

Generally, you already answered it ... make sure you have STP/RSTP activated on all switches in your network, and also ensure they play nice together ... I believe you may have the two devices set to different versions, which has caused the broadcast storm that took down your network ... when in doubt, go with the lowest possible version available on both devices, then do a test during a maintenance window and confirm it is working as desired ...
0
 
LVL 1

Author Comment

by:varesources
ID: 38846677
Garry-G

Thank you for the Response. I know this will sound ignorant (because it is) but do you have some documentation that would help me understand this better?

make sure you have STP/RSTP activated on all switches in your network, and also ensure they play nice together ... I believe you may have the two devices set to different versions, which has caused the broadcast storm that took down your network ... when in doubt, go with the lowest possible version available on both devices,

I checked both switches and STP was on and seemed functional. I had RapidSTP on the Netgear and Standard STP on the HP (3Com).

I have attempted to read the HP documentation on STP and RSTP and BPDU and i just continued getting confused. It seemed liked the settings all depended on what I was trying to protect from. (Security, Loopback etc)

I was hoping there would be a definitive... "To Prevent External Loop Backs do this" somewhere...

Could you possibly provide me a little more guidance?

TIA
0
 
LVL 17

Accepted Solution

by:
Garry-G earned 250 total points
ID: 38846685
I checked both switches and STP was on and seemed functional. I had RapidSTP on the Netgear and Standard STP on the HP (3Com).
There's your problem ... either STP, or RSTP, but not one on one switch and the other on the other switch ... the two protocols are not the same ... if both devices support it, go with RSTP, as it has shorter switchover times in a looped environment (multiple switches in a deliberate ring, with one logical "cut" in the ring to keep it from creating the broadcast storm), as well as some other advantages. If the HP switch does not support RSTP, stick with STP on both ...

As for the general function: When you have STP (any flavor) enabled on a switch, it will usually keep a port down once you put something new on it and listen for any *STP frames. If any are present, the devices will communicate and exchange topology information, which will lead to the port just going online, or certain blocking rules will go into effect. This blocking is also per VLAN, as the infrastructure and interconnections may look different in separate VLANs.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:varesources
ID: 38846706
Thank you! That makes a lot of sense. I will setup the STP to match on all switches and test in off hours. (I believe the HP supports STP but not RSTP)

Thank you so much for the expanded answer.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 38847246
Ah, yes, we have been battling this for years when users (or it staff, for that matter) plug in a little 5 port switch in their office because there are not enough drops, then accidently plug both ends of the same cable into that switch.
Problem is that Spanning Tree's purpose is to prevent a loop between 2 ports on your switch, and it does not see the loop on the attached switch, only sees a flood of bpdu's that drives up the CPU usage until you have no choice but to reboot it.
On Cisco switches, we use a feature called bpdu guard along with port security on the switch. We set the maximum number of mac addresses allowed on the switchport to 1 and then if the user plugs in a little switch, the switchport shuts down, but the rest of the network is fine. If a little switch is required, just enable the bpdu guard feature on your switchport, and you should be fine. I just don't know how to tell you to enabled it or even if it is available on your Netgear and HP switches.
0
 
LVL 1

Author Comment

by:varesources
ID: 38851282
Thank you for your reply lrmoore.

The switch does have BDPU features but I'm not sure what to use.. Also, I've read that you can't use BDPU + STP. It seems to be 1 or the other. Do you know if that is true.

I found the BDPU Guard Option to Enable/Disable. Also there is an "Advanced" portion of the menu that gives me the below options.. I'm not sure what should be used

Here's a Snippet from the manual:

Protection type
Edged Port
Set the port as an edge port.
Some ports of access layer devices are directly connected to PCs or file servers, which cannot generate BPDUs. You can set these ports as edge ports to achieve fast transition for these ports.
HP recommends that you enable the BPDU guard function in conjunction with the edged port function to avoid network topology changes when the edge ports receive configuration BPDUs.

Root Protection
Enable the root guard function.
Configuration errors or attacks may result in configuration BPDUs with their priorities higher than that of a root bridge, which causes a new root bridge to be elected and network topology change to occur. The root guard function is used to address such a problem.

Loop Protection
Enable the loop guard function.
By keeping receiving BPDUs from the upstream device, a device can maintain the state of the root port and other blocked ports. These BPDUs may get lost because of network congestion or unidirectional link failures. The device will re-elect a root port, and blocked ports may transit to the forwarding state, causing loops in the network. The loop guard function is used to address such a problem.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 250 total points
ID: 38857814
I would recommend enabling all ports that do not connect directly to another switch as Edge ports, with BPDU guard enabled. I think the root guard is a global on/off so I would turn it on.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now