Loop Protection

Aruba Instant 8.4.0.0 introduces the loop protection feature that detects and avoids the formation of loops on the EthernetEthernet is a network protocol for data transmission over LAN. ports of an Instant AP.

The loop protect feature can be enabled on all Instant APs that have multiple EthernetEthernet is a network protocol for data transmission over LAN. ports and it supports tunnel, split-tunnel, and bridge modes.

The loop protection feature prevents the formation of loops when:

An unmanaged switch is connected to one port of an Instant AP and a loop forms in the unmanaged switch.

The WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. port (port 0) and either of ports 1, 2, 3, or 4, if it exists, in an AP are connected to the same switch.

Multiple ports in an Instant AP are connected to an unmanaged switch.

The loop protection feature transmits a proprietary loop detection packet on one EthernetEthernet is a network protocol for data transmission over LAN. port of an Instant AP at the configured loop-protect interval (default value is 2 seconds). The loop protect feature transmits the loop detection packet without a VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. tag irrespective of whether the EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP is connected in access mode or trunk mode. That is, for trunk mode, loop protect is supported only in the native VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..

If the same packet is received on the same EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP, a loop in the downstream switch is detected and the EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP is shut down.

If the same packet is received on the WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. port (port 0) of the Instant AP, a loop between the EthernetEthernet is a network protocol for data transmission over LAN. and WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. ports of the AP is detected and the EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP is shut down.

If the same packet is received on another EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP, a loop between the EthernetEthernet is a network protocol for data transmission over LAN. ports of the Instant AP is detected and the EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP port with lower priority is shut down. The EthernetEthernet is a network protocol for data transmission over LAN. port with smaller port ID has high priority.

The EthernetEthernet is a network protocol for data transmission over LAN. port of the Instant AP that is shut down because of loop protection is marked with status Loop-ERR. A user can either the recover the shut down port from the Instant AP with manual intervention or enable automatic recovery mode and configure a automatic recovery interval. At the expiry of the automatic recovery interval, the Loop-ERR status of the EthernetEthernet is a network protocol for data transmission over LAN. port is cleared and the EthernetEthernet is a network protocol for data transmission over LAN. port is re-enabled automatically.

To prevent the downstream switch from dropping the loop detection packet, for example during broadcast storm state, if the Instant AP takes longer time, or if the Instant AP fails to detect a loop, a broadcast storm-control mechanism is provided as part of the loop protection feature. During broadcast-storm control, an Instant AP counts the broadcast packets received on each of its EthernetEthernet is a network protocol for data transmission over LAN. port and determines the packet rate in an interval. If the broadcast packet rate on one EthernetEthernet is a network protocol for data transmission over LAN. port exceeds the configured threshold (default value is 2000 packets per second), the EthernetEthernet is a network protocol for data transmission over LAN. port is shut down.

Configuring Loop Protection

In the CLI

To configure loop protection for the wired profile:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# loop-protect

(Instant AP)(wired ap profile <name>)# loop-detection-interval 5

To configure automatic recovery for a wired profile:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# auto-recovery

(Instant AP)(wired ap profile <name>)# auto-recovery-interval 50

To configure broadcast storm control:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# storm-control-broadcast

(Instant AP)(wired ap profile <name>)# storm-control-threshold 110