z4ydi Posted May 26, 2010 Posted May 26, 2010 We have HP ProCurve 2900 as our Core Switch - and then the HP ProCurve 2510 - 48 switches in the cabs around the school. We have recently put these in solely to stop these stupid loops created by students -switches were configured by the people who supply them for us. But last night I had a hell of a job to sort out a network flood/loop - eventually found it after 2 hours. My question is: How come these new switches did not stop the loop - are they not properly configured (i.e. STP is not set) if so how can I configure them to stop this headache - I am a dummy when it comes to switches
FN-GM Posted May 26, 2010 Posted May 26, 2010 Do you have multiple VLANS? Has spanning tree been enabled on these? If not you will need to enable that.
z4ydi Posted May 26, 2010 Author Posted May 26, 2010 yes we have 2 VLANs but how can I check wheter SPT is enabled or not I checked the ProCurve web management utility but did not find anything there. can someone please let me know how to do this
AngryITGuy Posted May 26, 2010 Posted May 26, 2010 If you know the IP addresses of the switches you can check to see if the Spanning Tree feature is enabled via the web interface. Once your into the web interface you need to go to Configuration -> Device
z4ydi Posted May 26, 2010 Author Posted May 26, 2010 Oh thanks for that - I checked it on the web interface under Device features and Spanning Tree is ON, on all switches in the Stack, then why was the loop/flood not isolated, yesterday?
keithu Posted May 26, 2010 Posted May 26, 2010 Spanning Tree will not prevent all kinds of loops and that isn't its purpose in the first place; what you want is Loop Protect. You can enable it on the Procurves by connecting via the cli and executing the following commands: loop-protect all loop-protect trap loop-detected loop-protect disable-timer 60 write mem (if you want to save this config permanently) this will disable any looped ports for 60 seconds and generate an snmp trap.
z4ydi Posted May 26, 2010 Author Posted May 26, 2010 Thank you Keithu - As I said i am quite a dummy when it comes to CLI and switch configuration, I will be executing these commands on switches on a live network, If i run these commands would it not hamper the network? - or do I have to take certain precautions before running this, if so what are they. Secondly should I run loop-protect for all ports on a switch or just the main Link port to isolate the loop on a switch level. Thanks
Kipling Posted May 26, 2010 Posted May 26, 2010 Yes you can run loop-protect on all ports, its relatively light weight; it works basically by sending out a packet and listening for it on other ports, there’s no reason to enable it on uplink ports to other switches but it does no real harm. 1
keithu Posted May 27, 2010 Posted May 27, 2010 As Kipling says, you only need to run loop-protect on ports connected to network endpoints. Personallly I enable it on all ports - it wont do any harm. It is safe to enable on a live network.
z4ydi Posted May 27, 2010 Author Posted May 27, 2010 Thanks you guys - does this in any way slow down the links?
z4ydi Posted May 27, 2010 Author Posted May 27, 2010 I have a problem now - I can only telnet to the Core switch as it is in the same IP range as the rest of the network but the rest of the switches are part of the VLAN IP which is a totally different range - I manually assigned an IP of that range to my PC and tried to telnet to the rest of the switches but to no avail. how do I telnet to the rest please help me.....
DAZZD88 Posted May 27, 2010 Posted May 27, 2010 I'm not sure but it sounds like you may have a routing problem. Is your setup new or did somebody prior to you set everything up? Unfortunately I have a limited grasp of network infrastructure and have no idea how to go about setting up routing or diagnosing it, however Google may yield the answers...or even the CLI guide for the Procurve switches that you can download from HP.
z4ydi Posted May 27, 2010 Author Posted May 27, 2010 (edited) The Switches were installed just before i join the school configured by the people who supplied the lot. The setup is: We have HP ProCurve 2900 as our Core Switch - and then the HP ProCurve 2510 - 48 switches in the cabs around the school. We have 3 VLANs configured on the Core switch (Curriculum and Admin, and Default VLAN), The 2510 switches are all assigned the Default VLAN IPs and ofcourse this is an IP range that totally different to the Cur and Admin network. Now when I can not telnet to these switches because they are in a different range and the only switch that I can telenet to is the core switch because it also has a curriculum IP assigned. Hope this is clear enough Edited May 27, 2010 by z4ydi
K.C.Leblanc Posted May 27, 2010 Posted May 27, 2010 I have a problem now - I can only telnet to the Core switch as it is in the same IP range as the rest of the network but the rest of the switches are part of the VLAN IP which is a totally different range - I manually assigned an IP of that range to my PC and tried to telnet to the rest of the switches but to no avail. how do I telnet to the rest please help me..... You would also need to have your computer attached to a port that's set 'untagged' on the default vlan aswell. Try using the server that runs procurve manager, if it's running PCM it must have a network connection to the default vlan. Or if you're getting despirate break out the serial cables.
z4ydi Posted May 27, 2010 Author Posted May 27, 2010 of course I can plug-in the serial cable to each switch and use a cli utility i.e. Putty or Hyper terminal to connect to them OR as you said untag a port on the Default VLAN on eache switch and connect to that particular port, but this means I have to go to about 10 cabinets in different parts of the building and this is quite tedious. and if a loop happens I want to be able to telnet to each switch and use the command "loop-protect show all" to see which switch and which port is flooded - can you imagine going round 10 cabinets trying to find loops. We dont have a server that runs Procurve Manager - we type the IP of the core switch in the browser to access the web interface. is there a software to install, would it give me more than the web interface?
Kipling Posted May 27, 2010 Posted May 27, 2010 The core switch can act as a telnet client; so assuming the core switch is able to see the other switches you can telnet to the core switch and then from within that session telnet to the other switches.
z4ydi Posted May 28, 2010 Author Posted May 28, 2010 thank you Kipling that did the trick, now I want to test whether enabling loop-protect will stop the loops by loop protecting a couple of ports on a switch and then plugging one end of a cable to on port and the other end to the second port on the same switch creating a loop to see whether this will bring down the network. unless someone has a better idea of testing.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now