No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Layer 2 Loop Detection

Configuring Layer 2 Loop Detection

This section describes how to configure Layer 2 loop detection.

Usage Scenario

Networks are prone to loops, and loops may occur due to various reasons, such as incorrect link connection and loop prevention protocol failure on an attacked or overloaded ring network. When a Layer 2 loop occurs on an interface, the interface will receive a large number of broadcast and multicast packets, such as Address Resolution Protocol (ARP) packets and Open Shortest Path First (OSPF) packets.

To minimize service loss caused by Layer 2 loops, configure actions in response to an existing or potential Layer 2 loop. This function allows protocols to work normally and prevents major network faults.

The CPU determines whether to enable or disable Layer 2 loop detection based on packet loss caused by the committed access rate (CAR). After Layer 2 loop detection is enabled, the CPU will take the configured responsive action after detecting an existing or a potential loop on an interface.

This feature is supported only on the Admin-VS.

Pre-configuration Tasks

None

Configuration Procedures

Figure 8-5 Flowchart for configuring Layer 2 loop detection

Configuring Actions In Response to Layer 2 Loops

The CPU determines whether to enable or disable Layer 2 loop detection based on packet loss caused by the committed access rate (CAR). After Layer 2 loop detection is enabled, the CPU will take the configured actions in response to Layer 2 loops after the system detects an existing or a potential loop on an interface.

Context

The system can be configured to take one of the following actions in response to an existing or possible Layer 2 loop on an interface:
  • Shut down the interface: The system will shut down the interface only after detecting an existing Layer 2 loop on the interface. This action stops the interface from sending numerous packets to the CPU.

  • Send a trap: The system will send a trap after detecting an existing or a potential Layer 2 loop. The trap message can help a user locate the interface where the Layer 2 loop has occurred or may occur.

  • Send a trap and shut down the interface: The system will send a trap and shut down the interface after detecting an existing Layer 2 loop on the interface.

  • Ignore Layer 2 loops: The system will stop Layer 2 loop, but not shut down the interface or send a trap.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run slot slot-id

    The slot view is displayed.

  3. Run l2-loop-detect action { shutdown [ up-times up-times | up-interval up-interval ] * | trap disable }

    A responsive action for Layer 2 loops is configured.

    NOTE:
    • To enable the system to shut down the interface, run the l2-loop-detect action shutdown [ up-times up-times | up-interval up-interval ] * command.
    • By default, the function of sending a trap is enabled. If the function is disabled, running the undo l2-loop-detect action trap disable command will enable it.
    • To enable the system to send a trap and shut down the interface, run the undo l2-loop-detect action trap disable command to enable the function of sending a trap, and run the l2-loop-detect action shutdown [ up-times up-times | up-interval up-interval ] * command to enable the system to shut down the interface. By default, the system will send a trap but not shut down an interface. Therefore, only the l2-loop-detect action shutdown [ up-times up-times | up-interval up-interval ] * command needs to be run.
    • To configure the system to ignore Layer 2 loops, run the undo l2-loop-detect action shutdown and l2-loop-detect action trap disable commands to disable the function of shutting down the interface and the function of sending a trap, respectively. By default, the system will send a trap but not shut down an interface. Therefore, only the l2-loop-detect action trap disable command needs to be run.

  4. Run commit

    The configuration is committed.

(Optional) Disabling Layer 2 Loop Detection

If you confirm that Layer 2 loops do not occur on a board, you can disable the Layer 2 loop detection function to improve the fault locating efficiency.

Context

If you need to disable Layer 2 loop detection, contact Huawei technical support engineers.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run slot slot-id

    The slot view is displayed.

  3. Run l2-loop-detect disable

    Layer 2 loop detection is disabled.

  4. Run commit

    The configuration is committed.

(Optional) Configuring the Layer 2 Loop Detection Threshold

If the Layer 2 loop detection threshold is not properly set, Layer 2 loop detection may be unexpectedly enabled or display incorrect loop levels, affecting Layer 2 loop detection results. As a result, some services may be affected.

Context

The system calculates the default Layer 2 loop detection threshold based on the packet loss detection and default algorithm. If the Layer 2 loop detection threshold is not properly set, Layer 2 loop detection may not be enabled or be unexpectedly enabled. To resolve this problem, perform the following operations to modify the Layer 2 loop detection threshold:
It is recommended that you run this command with assistance from Huawei engineers. Before performing the operation, obtain experience values of packet loss statistics on the specified board.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run slot slot-id

    The slot view is displayed.

  3. Run l2-loop-detect packets-drop-threshold packets-drop-threshold

    The Layer 2 loop detection threshold is configured.

  4. (Optional) Run l2-loop-detect loop-level-threshold main-interface determined determined-threshold suspect suspect-threshold notification notification-threshold

    The loop level threshold is configured on a detected main interface.

  5. (Optional) Run l2-loop-detect loop-level-threshold sub-interface determined determined-threshold suspect suspect-threshold notification notification-threshold

    The loop level threshold is configured on a detected sub-interface.

    The loop level threshold on a main interface must be greater than that on a sub-interface. If the loop level threshold on a main interface is smaller than that on a sub-interface and a loop occurs on the sub-interface, the system considers that the loop occurs on the main interface, and detection on the sub-interface does not take effect.

  6. Run commit

    The configuration is committed.

Verifying the Layer 2 Loop Detection Configuration

Check information about Layer 2 loop detection on a specified board and information about packets that cause Layer 2 loops on a specified board.

Procedure

  1. Run the display l2-loop-detect status-info slot slot-id command to check information about Layer 2 loop detection on a specified board.
  2. Run the display l2-loop-detect packets-info slot slot-id command to check information about packets that cause Layer 2 loops on a specified board.

Example

Run the display l2-loop-detect status-info slot 1 command to view information about Layer 2 loop detection on the board in slot 1.

<HUAWEI> display l2-loop-detect status-info slot 1
  l2-loop-detect action : trap and shutdown
  port in loop-state :
  ------------------------------------------------------------
  Interface                       LoopLevel        State
  GigabitEthernet0/1/0               Determined       Down

Run the display l2-loop-detect packets-info slot 1 command to view information about packets that cause Layer 2 loops on the board in slot 1.

<HUAWEI> display l2-loop-detect packets-info slot 1
  Interface : GigabitEthernet0/1/0
  ------------------------------------------------------------------------
  No.  PeVlan  CeVlan  Protocol            Type        Src-MAC
  1    100     -       IGMP                Broadcast   0000-0000-0001
  2    100     -       IGMP                Broadcast   0000-0000-0002
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20029

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next