Case Study: In a VRRP Backup Scenario, a Loop Occurs on the Network When ACs Connect to the Cloud in PnP Auto-Negotiation Mode
Symptom
As shown in the following figure, the core switch and ACs are connected to the cloud, and VRRP networking is deployed between AC1 and AC2. PnP VLAN 100 is configured on the switch. The ACs are connected to the cloud in PnP auto-negotiation mode, an HSB link is established between the ACs through VLAN 200, and the ACs are not configured to allow packets from VLAN 100 to pass through. However, a loop occurs on the network.
AC version: V200R020C00
Relevant Alarms and Logs
None
Cause Analysis
PnP VLAN 100 is configured on the core switch. When the ACs connect to the cloud in PnP auto-negotiation mode, the interfaces on the ACs are automatically added to VLAN 100, which is hidden on the ACs and cannot be deleted. As a result, the interfaces between AC1 and AC2 are also added to VLAN 100, thereby causing a loop.
Procedure
- Run the display mac-address command on an AC to check the MAC addresses learned by the uplink and downlink interfaces. The following uses AC1 as an example.
<AC1> display mac-address ------------------------------------------------------------------------------- MAC Address VLAN/VSI Learned-From Type ------------------------------------------------------------------------------- 1234-1234-1234 1/- Eth-Trunk1 dynamic 1234-1234-1234 100/- GE0/0/2 dynamic 1234-1234-5678 200/- GE0/0/2 dynamic ...... ------------------------------------------------------------------------------- Total items displayed = 10
The preceding information shows that the MAC address 1234-1234-1234 is learned by both the AC's uplink and downlink interfaces (Eth-Trunk1 and GE0/0/2). This indicates that a loop occurs on the network.
- Run the display current-configuration interface command on the AC to check the configuration of the AC's downlink interface.
<AC1> display current-configuration interface GigabitEthernet 0/0/2 Software Version V200R020C00SPC200 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 200 //Only packets from VLAN 200 are allowed to pass through. # return
The preceding information shows that GE0/0/2 is not configured to allow packets from VLAN 100 to pass through.
- Run the display vlan command on the AC to check the interfaces that allow packets from the VLAN to pass through.
<AC1> display vlan 100 * : management-vlan --------------------- VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------------- 100 common enable enable forward forward forward default --------------------- Tagged Port: Eth-Trunk1 --------------------- Active Tag Port: Eth-Trunk1 GigabitEthernet0/0/2 --------------------- Interface Physical Eth-Trunk1 UP GigabitEthernet0/0/2 UP
The preceding information shows that packets from VLAN 100 are also allowed to pass through GE0/0/2, and the interface is Up. However, this configuration does not exist on this interface. It is suspected that the fault may be caused by the PnP VLAN configured on the upstream network device.
- Run the display pnp run-info command on the AC to check PnP VLAN information.
<AC1> display pnp run-info ------------------------------------------------------------- Cloud-mng status : online Startup VLAN send : 100(Dynamic) Startup VLAN receive : 100 Uplink interface : Eth-Trunk1 Uplink device : 1234-1234-1234 Dynamic create VLAN : - ------------------------------------------------------------- The information of uplink interface: Interface XGE0/0/1: Dynamic allow-pass VLAN : - Local TrunkID : 1 Peer device : 1234-1234-1234 Peer interface : XGE1/0/20 Peer TrunkID : 20 Interface XGE0/0/2: Dynamic allow-pass VLAN : - Local TrunkID : 1 Peer device : 1234-1234-1234 Peer interface : XGE2/0/20 Peer TrunkID : 20 -------------------------------------------------------------- The information of downlink interface: Interface GE0/0/2: Dynamic allow-pass VLAN : 100 Local TrunkID : - Peer device : 1234-1234-5678 Peer interface : GE0/0/2 Peer TrunkID : - --------------------------------------------------------------The preceding information shows that GE0/0/2 on the AC allows packets from the PnP VLAN configured on the core switch to pass through.
In summary, the network loop is caused by the PnP VLAN configured on the upstream network device. By default, the PnP VLAN is not configured on the AC, but the AC obtains the PnP VLAN ID from the upstream device through LLDP negotiation.
Resolve this problem using either of the following methods:
- Method 1: Configure MSTP on all NEs on the entire LAN to prevent network loops. Ensure that the HSB link between ACs is not affected.
- Method 2: Connect the ACs to the cloud independently instead of through PnP VLAN auto-negotiation.
Suggestion and Summary
Packets from the PnP VLAN negotiated with the upstream device are allowed to pass through all interfaces of the downstream devices, and this VLAN is hidden. Therefore, it is difficult to locate the fault.