[f-nsp] protecting from network loops due to IP phones

Raja Subramanian rajasuperman at gmail.com
Mon Jun 13 03:44:48 EDT 2011


On Thu, May 26, 2011 at 1:05 PM, Raja Subramanian
<rajasuperman at gmail.com> wrote:
> Not sure if tagged ports are also protected.  Can't understand
> why BPDU Guard does not work with tagged ports on SX.

Had a chance to test loop detection during a maintenance window
last weekend.  Here are my observations for anyone who may find
it useful.


BPDU guard worked perfectly whenever there was an actual loop.
When any 2 untagged ports were looped, or when 2 ports in same
tagged VLAN were looped, BPDU guard shutdown the ports as
expected.

When we had one port untagged, and the other tagged, BPDU guard
did not shutdown ports.  It also did not shutdown ports when the two
were tagged in different VLANs.  These two cases did not cause any
CPU/STP issues on LAN as I guess there was no data transfer possible
in this condition and there was no real loop happening here.

But loose mode loop detection also did not shutdown the ports when
BPDU Guard had failed.  Enabling loop detection on ~40 ports did not
cause any appreciable CPU load on our SX1600.  BPDU guard on
400 ports causes no CPU impact at all.

So for the moment, I'm happy with enabling stp-bpdu-guard on all
my edge ports.

- Raja




More information about the foundry-nsp mailing list