recommended edge switch end user loop prevention i/w mlag

  • 1
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Nov 27 2013 1:58PM

Is it possible to enable stp protocol at the edge switches (user/workstation level) to prevent possible loops created by users in combination with mlag on the core?

(from LNU)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 1
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Nov 27 2013 8:48PM

Hi,

Yes it is possible.
In our environment, we use STP on the access switches, activated only on the access ports (not on the uplinks towards the core).
So we have isolated instances of STP on each access switch, and the distribution/core switches are not aware of STP (so you can have two uplinks on your access switch that connect to two core switchs with MLAG for example).
We use STP in combination with "edge-safeguard", "bpdu restrict" and "recovery timetout" (check the EXOS Concepts Guide for explanation)

It works well, when a user accidentally plugs in a cable on two plugs in a office, the switch deactivates the ports, and then checks every 60 seconds (the "recovery timeout") to see if the loop is still here or not. If the loop disappears, the ports are activated.
We created a log filter on the access switches to record this event, and a script on our monitoring server checking the value of this filter, so we have monitoring alerts when a loop appears.

Best regards,
Gabriel

(from Gabrielboubil)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Nov 28 2013 8:44AM

thank you! It was most likely that stp + edge sg would be the best option. If the uplink ports are not part of the stpd domain it should work perfectly. thanks again for the good explaination.

(from LNU)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Dec 4 2013 2:23PM

Hello LNU

Another option that you may want to look at is to use ELRP.  ELRP will disable loops at the edge and doesn't require you to set up a STP network.  ELRP will also allow you to go across the uplink ports if the design is such that an end device could be plugged into two different switches.

Just wanted to provide a simpler option let us know if you have any questions.

P

(from Paul_Russo)

This conversation is no longer open for comments or replies.