Typical Loopback Detection Configuration
- Example for Configuring LDT to Detect Loops on the Downstream Network
- Example for Configuring LDT to Detect Loops on the Local Network
- Example for Configuring LBDT to Detect Loopbacks on an Interface
- Example for Configuring LBDT to Detect Loops on the Downstream Network
- Example for Configuring LBDT to Detect Loops on the Local Network
Example for Configuring LDT to Detect Loops on the Downstream Network
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources and may even cause a network breakdown. To minimize the impact of loops on a Layer 2 network, a detection technology that quickly notifies users of loops is required. When a loop occurs, users are requested to check network connections and configurations, and control the problematic interface.
If LDT packets are received by the same interface, a loopback occurs on the interface or a loop occurs on the network connected to the interface.
If LDT packets are received by another interface on the same device, a loop occurs on the network connected to the interface.
Trap: The device reports a trap to the NMS and records a log, but does not take any action on the interface.
Block: The device blocks this interface, and can forward only BPDUs.
No learning: The interface is disabled from learning MAC addresses.
Shutdown: The device shuts down the interface.
Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LDT packets. If the device receives no LDT packets from the problematic interface within the recovery time, it considers that the loop is eliminated on the interface and restores the interface.
LDT can only detect loops on a single node, but cannot eliminate loops on the entire network in the same manner as ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
This example applies to all versions of the modular switches.
In V200R008C00 and earlier versions, LDT does not take effect in dynamic VLANs
LDT and LBDT cannot be configured simultaneously.
LDT needs to send a large number of LDT packets to detect loops, occupying system resources. Therefore, disable LDT if loops do not need to be detected.
When loops occur in multiple VLANs on many interfaces, LDT performance is lowered due to limitations of security policies and CPU processing capability. The greater the number of involved VLANs and interfaces, the lower the performance. In particular, the performance of the standby chassis in the cluster is lowered. Manually eliminating loops is recommended.
LDT cannot be used with ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST. Do not configure ring network technologies on an interface of a LDT-enabled VLAN. If LDT has been enabled globally and ring network technologies need to be configured on an interface, disable LDT on the interface first.
LDT sends only tagged packets and can only detect loops based on VLANs. LDT can detect loops in a maximum of 4094 VLANs.
When a loop occurs on the network-side interface where the Block or Shutdown action is configured, all services on the device are interrupted. Do not deploy LDT on the network-side interface.
The Quitvlan action cannot be used with GVRP, HVRP, or the action of removing an interface from the VLAN where MAC address flapping occurs.
- The blocked ports of LDT cannot block GVRP packets. To ensure that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the blocked port of LDT.
Networking Requirements
In Figure 3-104, a new branch network of an enterprise connects to the aggregation switch Switch, and VLANs 10 to 20 are deployed on the branch network. Loops occur due to incorrect connections or configurations. As a result, communication on the Switch and uplink network is affected.
It is required that the Switch should immediately detect loops on the new branch network to prevent the impact of loops on the Switch and uplink network.
Configuration Roadmap
The configuration roadmap is as follows:
- Enable LDT on GE1/0/1 of the Switch to detect loops in a specified VLAN so that loops on the downstream network can be detected.
- Configure an action after loops are detected so that the Switch can immediately shut down the interface where a loop is detected. This prevents the impact of the loop on the Switch and uplink network.
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure these interfaces to allow packets from corresponding VLANs to pass through. This ensures Layer 2 connectivity on the new network and between the new network and the Switch.
Procedure
- Enable global LDT.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] loop-detection enable //Enable LDT globally.
- Enable LDT in VLANs.
[Switch] vlan batch 10 to 20 [Switch] loop-detection enable vlan 10 to 20 //Enable the device to detect loops on all interfaces in VLANs 10 to 20.
- Set the interval for sending LDT packets.
[Switch] loop-detection interval-time 10 //Set the interval for sending LDT packets to 10s.
- Configure an action taken after a loop is detected.
# Enable the trap function for LDT.
[Switch] snmp-agent trap enable feature-name ldttrap //Enable the LDT alarm function so that the device can send LDT traps.
# Set the action to Shutdown.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] stp disable //Disable STP on the interface. [Switch-GigabitEthernet1/0/1] port hybrid tagged vlan 10 to 20 [Switch-GigabitEthernet1/0/1] loop-detection mode port-shutdown ///Configure the Shutdown action to be taken on GE1/0/1 after a loop is detected. [Switch-GigabitEthernet1/0/1] quit
- Verify the configuration.
# After the configuration is complete, run the display loop-detection command to check global LDT information.
[Switch] display loop-detection Loop Detection is enabled. Detection interval time is 10 seconds. Following VLANs enable loop-detection: VLAN 10 to 20 Following ports are blocked for loop: NULL Following ports are shutdown for loop: GigabitEthernet1/0/1 Include Vlans: 10 Following ports are nolearning for loop: NULL Following ports are trapped for loop: NULL Following ports are quitvlan for loop: NULL
# Check LDT information on GE1/0/1.
[Switch] display loop-detection interface gigabitethernet 1/0/1 The port is enabled. The port's status list: Status WorkMode Recovery-time EnabledVLAN ----------------------------------------------------------------------- Shutdown Shutdown 255 10 Normal Shutdown 255 11 Normal Shutdown 255 12 Normal Shutdown 255 13 Normal Shutdown 255 14 Normal Shutdown 255 15 Normal Shutdown 255 16 Normal Shutdown 255 17 Normal Shutdown 255 18 Normal Shutdown 255 19 Normal Shutdown 255 20
The command output shows that LDT is enabled in VLANs 10 to 20 and the Shutdown action is taken on GE1/0/1 in VLAN 10, indicating that loops are detected in VLAN 10.
After loops are detected in one or more VLANs, the system shuts down the involved interface and loops are removed. In this case, LDT may be unable to detect all VLANs where loops occur.
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 to 20
#
loop-detection enable
loop-detection interval-time 10
loop-detection enable vlan 10 to 20
#
interface GigabitEthernet1/0/1
port hybrid tagged vlan 10 to 20
stp disable
#
snmp-agent trap enable feature-name LDTTRAP
#
return
Example for Configuring LDT to Detect Loops on the Local Network
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources and may even cause a network breakdown. To minimize the impact of loops on a Layer 2 network, a detection technology that quickly notifies users of loops is required. When a loop occurs, users are requested to check network connections and configurations, and control the problematic interface.
If LDT packets are received by the same interface, a loopback occurs on the interface or a loop occurs on the network connected to the interface.
If LDT packets are received by another interface on the same device, a loop occurs on the network connected to the interface.
Trap: The device reports a trap to the NMS and records a log, but does not take any action on the interface.
Block: The device blocks this interface, and can forward only BPDUs.
No learning: The interface is disabled from learning MAC addresses.
Shutdown: The device shuts down the interface.
Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LDT packets. If the device receives no LDT packets from the problematic interface within the recovery time, it considers that the loop is eliminated on the interface and restores the interface.
LDT can only detect loops on a single node, but cannot eliminate loops on the entire network in the same manner as ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
This example applies to all versions of the modular switches.
In V200R008C00 and earlier versions, LDT does not take effect in dynamic VLANs
LDT and LBDT cannot be configured simultaneously.
LDT needs to send a large number of LDT packets to detect loops, occupying system resources. Therefore, disable LDT if loops do not need to be detected.
When loops occur in multiple VLANs on many interfaces, LDT performance is lowered due to limitations of security policies and CPU processing capability. The greater the number of involved VLANs and interfaces, the lower the performance. In particular, the performance of the standby chassis in the cluster is lowered. Manually eliminating loops is recommended.
LDT cannot be used with ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST. Do not configure ring network technologies on an interface of a LDT-enabled VLAN. If LDT has been enabled globally and ring network technologies need to be configured on an interface, disable LDT on the interface first.
LDT sends only tagged packets and can only detect loops based on VLANs. LDT can detect loops in a maximum of 4094 VLANs.
When a loop occurs on the network-side interface where the Block or Shutdown action is configured, all services on the device are interrupted. Do not deploy LDT on the network-side interface.
The Quitvlan action cannot be used with GVRP, HVRP, or the action of removing an interface from the VLAN where MAC address flapping occurs.
- The blocked ports of LDT cannot block GVRP packets. To ensure that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the blocked port of LDT.
Networking Requirements
In Figure 3-105, an enterprise uses Layer 2 networking. The Switch is the aggregation switch, and each switch allows packets from VLANs 10 to 20 to pass through. Because employees often move, the network topology changes frequently. Connections or configurations may be incorrect due to misoperations. As a result, loops may occur in VLANs 10 to 20.
Loops cause broadcast storms and affect device and network communication. It is required that loops be detected and eliminated in VLANs in a timely manner to prevent broadcast storms.
Configuration Roadmap
Loops need to be detected in VLANs 10 to 20. Because there are more than eight VLANs, you can configure LDT to detect loops and configure an action after loops are detected to prevent broadcast storms. All VLANs share a link. To prevent loop removal in a VLAN from affecting data forwarding in other VLANs, configure the Quitvlan action. The configuration roadmap is as follows:
Enable LDT on GE1/0/0 and GE2/0/0 on the Switch to detect loops in VLANs 10 to 20.
Configure an action to be taken after a loop is detected on GE1/0/0 and GE2/0/0, and set the recovery time so that the Switch can immediately take the preconfigured action on the interface to prevent broadcast storms after a loop is detected. In addition, the Switch can restore the interface after the loop is eliminated.
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure these interfaces to allow packets from corresponding VLANs to pass through to ensure Layer 2 connectivity.
Procedure
- Enable global LDT.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] loop-detection enable //Enable LDT globally.
- Enable LDT in VLANs.
[Switch] vlan batch 10 to 20 [Switch] loop-detection enable vlan 10 to 20 //Enable the device to detect loops on all interfaces in VLANs 10 to 20.
- Set the interval for sending LDT packets.
[Switch] loop-detection interval-time 10 //Set the interval for sending LDT packets to 10s.
- Configure an action to be taken after a loop is detected.
# Enable the trap function for LDT.
[Switch] snmp-agent trap enable feature-name ldttrap //Enable the LDT alarm function so that the device can send LDT traps.
# Set the action to Quitvlan.
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] stp disable //Disable STP on the interface. [Switch-GigabitEthernet1/0/0] port hybrid tagged vlan 10 to 20 [Switch-GigabitEthernet1/0/0] loop-detection mode port-quitvlan //Configure the Quitvlan action to be taken after a loop is detected. [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] stp disable //Disable STP on the interface. [Switch-GigabitEthernet2/0/0] port hybrid tagged vlan 10 to 20 [Switch-GigabitEthernet2/0/0] loop-detection mode port-quitvlan //Configure the Quitvlan action to be taken after a loop is detected. [Switch-GigabitEthernet2/0/0] quit
- Set the interface recovery time.
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] loop-detection recovery-time 30 //Set the recovery time to 30s. [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] loop-detection recovery-time 30 //Set the recovery time to 30s. [Switch-GigabitEthernet2/0/0] quit
- Verify the configuration.
Check the LDT configuration.
# After the configuration is complete, run the display loop-detection command to check global LDT information.
[Switch] display loop-detection Loop Detection is enabled. Detection interval time is 10 seconds. Following VLANs enable loop-detection: VLAN 10 to 20 Following ports are blocked for loop: NULL Following ports are shutdown for loop: NULL Following ports are nolearning for loop: NULL Following ports are trapped for loop: NULL Following ports are quitvlan for loop: GigabitEthernet1/0/0 Include Vlans: 10 11 12 16 19 GigabitEthernet2/0/0 Include Vlans: 13 14 15 17 18 20
# Check LDT information on GE1/0/0 and GE2/0/0.
[Switch] display loop-detection interface gigabitethernet 1/0/0 The port is enabled. The port's status list: Status WorkMode Recovery-time EnabledVLAN ----------------------------------------------------------------------- Quitvlan Quitvlan 30 10 Quitvlan Quitvlan 30 11 Quitvlan Quitvlan 30 12 Normal Quitvlan 30 13 Normal Quitvlan 30 14 Normal Quitvlan 30 15 Quitvlan Quitvlan 30 16 Normal Quitvlan 30 17 Normal Quitvlan 30 18 Quitvlan Quitvlan 30 19 Normal Quitvlan 30 20
[Switch] display loop-detection interface gigabitethernet 2/0/0 The port is enabled. The port's status list: Status WorkMode Recovery-time EnabledVLAN ----------------------------------------------------------------------- Normal Quitvlan 30 10 Normal Quitvlan 30 11 Normal Quitvlan 30 12 Quitvlan Quitvlan 30 13 Quitvlan Quitvlan 30 14 Quitvlan Quitvlan 30 15 Normal Quitvlan 30 16 Quitvlan Quitvlan 30 17 Quitvlan Quitvlan 30 18 Normal Quitvlan 30 19 Quitvlan Quitvlan 30 20
In the command output, LDT is enabled in VLANs 10 to 20, GE1/0/0 is removed from VLANs 10, 11, 12, 16, and 19, and GE2/0/0 is removed from VLANs 13, 14, 15, 17, 18, and 20.
The VLANs that an interface is removed from are uncertain, but the interface will be removed from all VLANs where loops occur.
After the loop is eliminated (for example, GE2/0/0 is shut down, and connections between devices are corrected), check whether GE1/0/0 and GE2/0/0 are restored.
[Switch] display loop-detection interface gigabitethernet 1/0/0 The port is enabled. The port's status list: Status WorkMode Recovery-time EnabledVLAN ----------------------------------------------------------------------- Normal Quitvlan 30 10 Normal Quitvlan 30 11 Normal Quitvlan 30 12 Normal Quitvlan 30 13 Normal Quitvlan 30 14 Normal Quitvlan 30 15 Normal Quitvlan 30 16 Normal Quitvlan 30 17 Normal Quitvlan 30 18 Normal Quitvlan 30 19 Normal Quitvlan 30 20
[Switch] display loop-detection interface gigabitethernet 2/0/0 The port is enabled. The port's status list: Status WorkMode Recovery-time EnabledVLAN ----------------------------------------------------------------------- Normal Quitvlan 30 10 Normal Quitvlan 30 11 Normal Quitvlan 30 12 Normal Quitvlan 30 13 Normal Quitvlan 30 14 Normal Quitvlan 30 15 Normal Quitvlan 30 16 Normal Quitvlan 30 17 Normal Quitvlan 30 18 Normal Quitvlan 30 19 Normal Quitvlan 30 20
The command output shows that GE1/0/0 and GE2/0/0 are restored.
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10 to 20
#
loop-detection enable
loop-detection interval-time 10
loop-detection enable vlan 10 to 20
#
interface GigabitEthernet1/0/0
port hybrid tagged vlan 10 to 20
stp disable
loop-detection mode port-quitvlan
loop-detection recovery-time 30
#
interface GigabitEthernet2/0/0
port hybrid tagged vlan 10 to 20
stp disable
loop-detection mode port-quitvlan
loop-detection recovery-time 30
#
snmp-agent trap enable feature-name LDTTRAP
#
return
Example for Configuring LBDT to Detect Loopbacks on an Interface
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources and may even cause a network breakdown. To minimize the impact of loops on a Layer 2 network, a detection technology that quickly notifies users of loops is required. When a loop occurs, users are requested to check network connections and configurations, and control the problematic interface.
If LBDT packets are received and sent by the same interface, a loopback occurs on the interface or a loop occurs on the network connected to the interface.
If LBDT packets are received by another interface on the same device, a loop occurs on the network connected to the interface or device.
Trap: The device reports a trap to the NMS and records a log, but does not take any action on the interface.
Block: The device blocks this interface, and can forward only BPDUs.
No learning: The interface is disabled from learning MAC addresses.
Shutdown: The device shuts down the interface.
Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LBDT packets. After the configured recovery time expires, the system attempts to restore the problematic interface. If the device receives no LBDT packets from the problematic interface within the next recovery time, it considers that the loop is eliminated on the interface and restores the interface.
LBDT can only detect loops on a single node, but cannot eliminate loops on the entire network in the same manner as ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
- This example applies to all versions of all S series switches.
In V200R008C00 and earlier versions, LBDT does not take effect in dynamic VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic VLANs.
LBDT needs to send a large number of LBDT packets to detect loops, occupying system resources. Therefore, disable LBDT if loops do not need to be detected.
In versions earlier than V200R019C00, LBDT cannot be configured on an Eth-Trunk or its member interfaces. In V200R019C00 and later versions, LBDT can be configured on an Eth-Trunk but cannot be configured on its member interfaces.
On the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6720-HI, S6730S-H, S6730-H, S6730-S, and S6730S-S, manual LBDT can be configured on a maximum of 64 Eth-Trunks; on other models, manual LBDT can be configured on a maximum of 32 Eth-Trunks.
An interface can send LBDT packets with the specified VLAN tag only when the specified VLAN has been created.
LBDT can detect loops in a maximum of 32 VLANs.
When the PVID of the interface in the loop is the detected VLAN ID or the interface joins the detected VLAN in untagged mode, VLAN tags of LBDT packets are removed. As a result, the packet priority changes and the system may fail to detect loops.
When the Quitvlan action is used, the configuration file remains unchanged.
The LBDT action and MAC address flapping action affect each other, and cannot be configured simultaneously.
The Quitvlan action of LBDT conflicts with dynamic removal from VLANs (for example, GVRP and HVRP), and cannot be configured simultaneously.
- The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the blocked port of LBDT.
Networking Requirements
In Figure 3-106, aggregation switch SwitchA on an enterprise network connects to access switch SwitchB. To prevent loopbacks on a TX-RX interface (GE1/0/0) because optical fibers are connected incorrectly or the interface is damaged by high voltage, SwitchA is required to detect loopbacks on GE1/0/0. Furthermore, it is required that the interface be blocked to reduce the impact of the loopback on the network when a loopback is detected, and the interface be restored after the loopback is removed.
Configuration Roadmap
To detect loopbacks on downlink interface GE1/0/0 of SwitchA, configure LBDT on GE1/0/0 of SwitchA. The configuration roadmap is as follows:
- Enable LBDT on GE1/0/0 of SwitchA to detect loopbacks.
- Configure an action to be taken after a loopback is detected and set the recovery time. After a loopback is detected, the Switch blocks the interface to reduce the impact of the loopback on the network. After a loop is eliminated, the interface can be restored.
Procedure
- Enable LBDT on an interface.
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] loopback-detect enable //Enable LBDT on the interface. [SwitchA-GigabitEthernet1/0/0] quit
- Configure an action to be taken after a loop is detected and set the recovery time.
[SwitchA] interface gigabitethernet 1/0/0 [SwitchA-GigabitEthernet1/0/0] loopback-detect action block //Configure the Block action to be taken after a loop is detected. [SwitchA-GigabitEthernet1/0/0] loopback-detect recovery-time 30 //Set the recovery delay to 30s. [SwitchA-GigabitEthernet1/0/0] quit
- Verify the configuration.
Run the display loopback-detect command to check the LBDT configuration.
[SwitchA] display loopback-detect Loopback-detect sending-packet interval: 5 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/0 30 block NORMAL ----------------------------------------------------------------------------------The preceding command output shows that the LBDT configuration is successful.
After about 5s, run the display loopback-detect command to check whether GE1/0/0 is blocked.
[SwitchA] display loopback-detect Loopback-detect sending-packet interval: 5 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/0 30 block BLOCK(Loopback detected) ----------------------------------------------------------------------------------The preceding command output shows that GE1/0/0 is blocked, indicating that a loopback occurs on GE1/0/0.
Manually remove the loopback. Run the display loopback-detect command to check whether GE1/0/0 is restored.
[SwitchA] display loopback-detect Loopback-detect sending-packet interval: 5 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/0 30 block NORMAL ----------------------------------------------------------------------------------The preceding command output shows that GE1/0/0 is restored.
Example for Configuring LBDT to Detect Loops on the Downstream Network
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources and may even cause a network breakdown. To minimize the impact of loops on a Layer 2 network, a detection technology that quickly notifies users of loops is required. When a loop occurs, users are requested to check network connections and configurations, and control the problematic interface.
If LBDT packets are received and sent by the same interface, a loopback occurs on the interface or a loop occurs on the network connected to the interface.
If LBDT packets are received by another interface on the same device, a loop occurs on the network connected to the interface or device.
Trap: The device reports a trap to the NMS and records a log, but does not take any action on the interface.
Block: The device blocks this interface, and can forward only BPDUs.
No learning: The interface is disabled from learning MAC addresses.
Shutdown: The device shuts down the interface.
Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LBDT packets. After the configured recovery time expires, the system attempts to restore the problematic interface. If the device receives no LBDT packets from the problematic interface within the next recovery time, it considers that the loop is eliminated on the interface and restores the interface.
LBDT can only detect loops on a single node, but cannot eliminate loops on the entire network in the same manner as ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
- This example applies to all versions of all S series switches.
In V200R008C00 and earlier versions, LBDT does not take effect in dynamic VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic VLANs.
LBDT needs to send a large number of LBDT packets to detect loops, occupying system resources. Therefore, disable LBDT if loops do not need to be detected.
In versions earlier than V200R019C00, LBDT cannot be configured on an Eth-Trunk or its member interfaces. In V200R019C00 and later versions, LBDT can be configured on an Eth-Trunk but cannot be configured on its member interfaces.
On the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6720-HI, S6730S-H, S6730-H, S6730-S, and S6730S-S, manual LBDT can be configured on a maximum of 64 Eth-Trunks; on other models, manual LBDT can be configured on a maximum of 32 Eth-Trunks.
An interface can send LBDT packets with the specified VLAN tag only when the specified VLAN has been created.
LBDT can detect loops in a maximum of 32 VLANs.
When the PVID of the interface in the loop is the detected VLAN ID or the interface joins the detected VLAN in untagged mode, VLAN tags of LBDT packets are removed. As a result, the packet priority changes and the system may fail to detect loops.
When the Quitvlan action is used, the configuration file remains unchanged.
The LBDT action and MAC address flapping action affect each other, and cannot be configured simultaneously.
The Quitvlan action of LBDT conflicts with dynamic removal from VLANs (for example, GVRP and HVRP), and cannot be configured simultaneously.
- The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the blocked port of LBDT.
Networking Requirements
In Figure 3-107, a new department of an enterprise connects to the aggregation switch Switch. This department belongs to VLAN 100. Loops occur due to incorrect connections or configurations. As a result, communication on the Switch and uplink network is affected.
It is required that the Switch should detect loops on the new network to prevent the impact of loops on the Switch and connected network.
Configuration Roadmap
The configuration roadmap is as follows:
- Enable LBDT on GE1/0/1 of the Switch to detect loops in a specified VLAN so that loops on the downstream network can be detected.
- Set LBDT parameters so that the Switch can immediately shut down GE1/0/1 after a loop is detected. This prevents the impact of the loop on the Switch and connected network.
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure these interfaces to allow packets from corresponding VLANs to pass through. This ensures Layer 2 connectivity on the new network and between the new network and the Switch.
Procedure
- Enable LBDT on the interface.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] loopback-detect enable //Enable LBDT on the interface. [Switch-GigabitEthernet1/0/1] quit
- Specify the VLAN ID of LBDT packets.
[Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitEthernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type hybrid //In V200R005C00 and later versions, the default link type of a switch interface is not hybrid. You can choose run the port link-type hybrid command to configure the link type of the interface as hybrid. [Switch-GigabitEthernet1/0/1] port hybrid tagged vlan 100 [Switch-GigabitEthernet1/0/1] loopback-detect packet vlan 100 //Enable LBDT to detect loops in VLAN 100. [Switch-GigabitEthernet1/0/1] quit
- Configure LBDT parameters.
# Set the interval for sending LBDT packets.
[Switch] loopback-detect packet-interval 10
# Configure an action to be taken after a loop is detected.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] loopback-detect action shutdown //Configure the Shutdown action to be taken after a loop is detected. [Switch-GigabitEthernet1/0/1] quit
- Verify the configuration.
Run the display loopback-detect command to check the LBDT configuration.
[Switch] display loopback-detect Loopback-detect sending-packet interval: 10 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/1 30 shutdown NORMAL ----------------------------------------------------------------------------------The preceding command output shows that the LBDT configuration is successful.
Construct loops on the downstream network and run the display loopback-detect command to check whether GE1/0/1 is shut down.
[Switch] display loopback-detect Loopback-detect sending-packet interval: 10 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/1 30 shutdown SHUTDOWN(Loopback detected) ----------------------------------------------------------------------------------The preceding command output shows that GE1/0/1 is shut down.
Example for Configuring LBDT to Detect Loops on the Local Network
Overview
When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources and may even cause a network breakdown. To minimize the impact of loops on a Layer 2 network, a detection technology that quickly notifies users of loops is required. When a loop occurs, users are requested to check network connections and configurations, and control the problematic interface.
If LBDT packets are received and sent by the same interface, a loopback occurs on the interface or a loop occurs on the network connected to the interface.
If LBDT packets are received by another interface on the same device, a loop occurs on the network connected to the interface or device.
Trap: The device reports a trap to the NMS and records a log, but does not take any action on the interface.
Block: The device blocks this interface, and can forward only BPDUs.
No learning: The interface is disabled from learning MAC addresses.
Shutdown: The device shuts down the interface.
Quitvlan: The interface is removed from the VLAN where a loop occurs.
The problematic interface continues to send LBDT packets. After the configured recovery time expires, the system attempts to restore the problematic interface. If the device receives no LBDT packets from the problematic interface within the next recovery time, it considers that the loop is eliminated on the interface and restores the interface.
LBDT can only detect loops on a single node, but cannot eliminate loops on the entire network in the same manner as ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST.
Configuration Notes
- This example applies to all versions of all S series switches.
In V200R008C00 and earlier versions, LBDT does not take effect in dynamic VLANs. In V200R008C00 and later versions, the LBDT-enabled switch can detect loops in dynamic VLANs, but the Quitvlan action is invalid for dynamic VLANs.
LBDT needs to send a large number of LBDT packets to detect loops, occupying system resources. Therefore, disable LBDT if loops do not need to be detected.
In versions earlier than V200R019C00, LBDT cannot be configured on an Eth-Trunk or its member interfaces. In V200R019C00 and later versions, LBDT can be configured on an Eth-Trunk but cannot be configured on its member interfaces.
On the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6720-HI, S6730S-H, S6730-H, S6730-S, and S6730S-S, manual LBDT can be configured on a maximum of 64 Eth-Trunks; on other models, manual LBDT can be configured on a maximum of 32 Eth-Trunks.
An interface can send LBDT packets with the specified VLAN tag only when the specified VLAN has been created.
LBDT can detect loops in a maximum of 32 VLANs.
When the PVID of the interface in the loop is the detected VLAN ID or the interface joins the detected VLAN in untagged mode, VLAN tags of LBDT packets are removed. As a result, the packet priority changes and the system may fail to detect loops.
When the Quitvlan action is used, the configuration file remains unchanged.
The LBDT action and MAC address flapping action affect each other, and cannot be configured simultaneously.
The Quitvlan action of LBDT conflicts with dynamic removal from VLANs (for example, GVRP and HVRP), and cannot be configured simultaneously.
- The blocked ports of LBDT cannot block GVRP packets. To ensure that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the blocked port of LBDT.
Networking Requirements
In Figure 3-108, a small-scale enterprise uses Layer 2 networking and belongs to VLAN 100. Because employees often move, the network topology changes frequently. Loops occur due to incorrect connections or configurations during the change. As a result, broadcast storms occur and affect communication of the Switch and entire network.
- The Switch detects loops.
- When a loop exists, the interface is blocked to reduce the impact of the loop on the Switch and network.
- When the loop is eliminated, the interface can be restored.
Configuration Roadmap
To detect loops on the network where the Switch is deployed, configure LBDT on GE1/0/1 and GE1/0/2 of the Switch. In this example, untagged LBDT packets sent by the Switch will be discarded by other switches on the network. As a result, the packets cannot be sent back to the Switch, and LBDT fails. Therefore, LBDT is configured in a specified VLAN. The configuration roadmap is as follows:
- Enable LBDT on interfaces and configure the Switch to detect loops in VLAN 100 to implement LBDT on the network where the Switch is located.
- Configure an action to be taken after a loop is detected and set the recovery time. After a loop is detected, the Switch blocks the interface to reduce the impact of the loop on the network. After a loop is eliminated, the interface can be restored.
Configure interfaces on other switching devices as trunk or hybrid interfaces and configure these interfaces to allow packets from corresponding VLANs to pass through to ensure Layer 2 connectivity.
Procedure
- Enable LBDT on interfaces.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] loopback-detect enable //Enable LBDT on the interface. [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] loopback-detect enable //Enable LBDT on the interface. [Switch-GigabitEthernet1/0/2] quit
- Specify the VLAN ID of LBDT packets.
[Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type hybrid //In V200R005C00 and later versions, the default link type of a switch interface is not hybrid. You can choose run the port link-type hybrid command to configure the link type of the interface as hybrid. [Switch-GigabitEthernet1/0/1] port hybrid tagged vlan 100 [Switch-GigabitEthernet1/0/1] loopback-detect packet vlan 100 //Enable LBDT to detect loops in VLAN 100. [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type hybrid [Switch-GigabitEthernet1/0/2] port hybrid tagged vlan 100 [Switch-GigabitEthernet1/0/2] loopback-detect packet vlan 100 //Enable LBDT to detect loops in VLAN 100. [Switch-GigabitEthernet1/0/2] quit
- Configure an action to be taken after a loop is detected
and set the recovery time.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] loopback-detect action block //Configure the Block action to be taken after a loop is detected. [Switch-GigabitEthernet1/0/1] loopback-detect recovery-time 30 //Set the recovery time to 30s. [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] loopback-detect action block //Configure the Block action to be taken after a loop is detected. [Switch-GigabitEthernet1/0/2] loopback-detect recovery-time 30 //Set the recovery time to 30s. [Switch-GigabitEthernet1/0/2] quit
- Verify the configuration.
Run the display loopback-detect command to check the LBDT configuration.
[Switch] display loopback-detect Loopback-detect sending-packet interval: 5 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/1 30 block NORMAL GigabitEthernet1/0/2 30 block NORMAL ----------------------------------------------------------------------------------The preceding command output shows that the LBDT configuration is successful.
After about 5s, run the display loopback-detect command to check whether GE1/0/1 or GE1/0/2 is blocked.
[Switch] display loopback-detect Loopback-detect sending-packet interval: 5 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/1 30 block NORMAL GigabitEthernet1/0/2 30 block BLOCK(Loopback detected) ----------------------------------------------------------------------------------The preceding command output shows that GE1/0/2 is blocked.
Shut down GE1/0/1. After 30s, run the display loopback-detect command to check whether GE1/0/2 is restored.
[Switch] display loopback-detect Loopback-detect sending-packet interval: 5 ---------------------------------------------------------------------------------- Interface RecoverTime Action Status ---------------------------------------------------------------------------------- GigabitEthernet1/0/1 30 block NORMAL GigabitEthernet1/0/2 30 block NORMAL ----------------------------------------------------------------------------------The preceding command output shows that GE1/0/2 is restored.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 100 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid tagged vlan 100 loopback-detect recovery-time 30 loopback-detect packet vlan 100 loopback-detect enable loopback-detect action block # interface GigabitEthernet1/0/2 port link-type hybrid port hybrid tagged vlan 100 loopback-detect recovery-time 30 loopback-detect packet vlan 100 loopback-detect enable loopback-detect action block # return
- Example for Configuring LDT to Detect Loops on the Downstream Network
- Example for Configuring LDT to Detect Loops on the Local Network
- Example for Configuring LBDT to Detect Loopbacks on an Interface
- Example for Configuring LBDT to Detect Loops on the Downstream Network
- Example for Configuring LBDT to Detect Loops on the Local Network