Cisco Loop Protection
We are replacing some Extreme switches with Cisco 2960S-48 switches.
We ran ELRP on the Extreme switches to prevent loops.
Looking at the Cisco options I am a bit confused as to what option to use or multiple options.
I read that BPDU guard may not be enough to prevent loops. Maybe the storm control should be used. Loop guard ? UDLD ?
Here is the environment:
Several engineers hardware/software have small desktop switches as they plug in numerous devices and I don't want to limit the MAC count.
Two 1 Gig GBICS with be used as Etherchannel to the core.
Portfast on
Most user ports are access mode with a default vlan, data, and voice.
My main concern is to prevent users from looping the network with small switches. We also have the occasional person moving desks looping by plugging things in wrong.
UDLD and BPDU guard?
Example switch port or trunk port config ?
Thanks in advance
We ran ELRP on the Extreme switches to prevent loops.
Looking at the Cisco options I am a bit confused as to what option to use or multiple options.
I read that BPDU guard may not be enough to prevent loops. Maybe the storm control should be used. Loop guard ? UDLD ?
Here is the environment:
Several engineers hardware/software have small desktop switches as they plug in numerous devices and I don't want to limit the MAC count.
Two 1 Gig GBICS with be used as Etherchannel to the core.
Portfast on
Most user ports are access mode with a default vlan, data, and voice.
My main concern is to prevent users from looping the network with small switches. We also have the occasional person moving desks looping by plugging things in wrong.
UDLD and BPDU guard?
Example switch port or trunk port config ?
Thanks in advance
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Udld works on uni directional connections like fiber as the name implies ( Uni Directional Link Detection). Fiber has 1 port sending and the other port receiving. When on port fails, spanning tree enables alternate port which may cause a loop because the other half of the failed fiber connection is still active. Udld ensures that the other half is disabled if one half fails
Spanning tree with bpdu guard should be sufficient. Since you have port fast enabled, do not use bpdu filter as that will convert to standard stp operation if bpdu is detected on the port. Bpdu guard on the other hand will disable the port to prevent loop. Also, hard code your access layer switch ports as access ports. Consider nonnegotiate option also.
You should only worry about loops on your up links
Spanning tree with bpdu guard should be sufficient. Since you have port fast enabled, do not use bpdu filter as that will convert to standard stp operation if bpdu is detected on the port. Bpdu guard on the other hand will disable the port to prevent loop. Also, hard code your access layer switch ports as access ports. Consider nonnegotiate option also.
You should only worry about loops on your up links
ASKER
So I will use UDLD on the 2 Etherchannel fiber trunks, and bpdu guard on the hard coded access ports? Your last statement has me leaning toward applying nothing on the user ports, but I do want to halt user created loops.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can use udld on copper but it has no effect
Hard coding access ports prevents loops automatically as the ports do not send dtp packets and can never form a trunk. Loops are only formed on trunk ports
Hard coding access ports prevents loops automatically as the ports do not send dtp packets and can never form a trunk. Loops are only formed on trunk ports
ASKER