Loop guard
NOTE: This feature is different from STP loop protection.
A loop in a layer-2 network results in broadcast storms that have far-reaching and unwanted effects. Loop guard helps to prevent loops. When loop guard is enabled on a switch port, the port monitors its subtending network for any downstream loops.
The loop guard feature is designed to work in concert with STP rather than as a replacement for STP. Each port that has loop guard enabled will periodically broadcast loop guard data packets (LGDP) packets to its network. If a broadcast packet is subsequently received by the sending port, a loop exists downstream.
You can also have the port check for a high rate of MAC address moves per second, which indicates a physical loop only when the rate exceeds the threshold for 6 consecutive seconds.
NOTE: If a port detects a loop, the system takes the port out of service to protect the overall network. The port returns to service after a configured timeout duration. If the timeout value is zero, you must manually reset the port.
By default, loop guard is disabled on all ports. When loop guard is enabled, the default loop-guard-timeout
is 45 minutes, and the default loop-guard-mac-move-threshold
is 0, which means that the traditional loop guard is used instead of the MAC-move loop guard.
Configuring loop guard
Using the GUI:
- Go to Switch > Interfaces.
- Select one or more interfaces to update and then select Edit.
If you selected more than one port, the port names are displayed in the name field, separated by commas. - Under Loop Guard, select Enable.
- Select OK to save your changes.
Using the CLI:
config switch interface
edit port <number>
set loop-guard <enabled | disabled>
set loop-guard-timeout <0-120 minutes>
set loop-guard-mac-move-threshold <0-100 MAC address moves per second>
When loop guard takes a port out of service, the system creates the following log messages:
Loop Guard: loop detected on <port_name>. Shutting down <port_name>
Use the following command to reset a port that detected a loop:
execute loop-guard reset <port>
Viewing the loop guard configuration
Using the GUI:
Go to Switch > Monitor > Loop Guard.
Using the CLI:
diagnose loop-guard status