This tutorial demonstrates a potential looping risk introduced by BPDU filter.
Below is the lab architecture which will be used that include 2 Cisco Catalayst 2950.
Below are interesting configuration's parts of both switches:
We see that the following configuration has been applied to F0/44 on sw01:
That configuration will actually prevent switches to detect the loop as there won't be anymore BPDUs sent and received on F0/44.
By pinging, switch will send a broadcast ARP request to try and find the corresponding MAC address associated with the IP address. Yet, because of BPDU filtering applied to F0/44 of sw01 that broadcast will loop indefinitely between sw01 and sw02.
Below is the results of several show interface f0/44 and we note that traffic increases constantly on input and output (see input/output rate, Received X broadcasts):
That problem can be fixed several ways:
- Shutdown/no shutdown of port (yet if configuration and cabling remains the same the issue will re-occur quickly)
- removing the loop by shutting down the port or unplugging the cable permanently
- Changing spanning tree configuration (especially BPDU filter)
- Apply a storm-control configuration
What's next focuses on the last solution: applying storm-control configuration.
Storm-control allows to define a limit, in PPS (Packets Per Second) or percentage along with an associated action to apply if the thershold is reached (send an alarm or shutdown port). Here we will shutdown the port to remove the loop.
Storm-control is applied on a per-interface basis and must define a packet type (unicast, multicast, broadcast), a threshold at which an alarm is raised and a threshold at which switch will consider trafic is back to standards. Below is shown how storm-control is applied, then a ping is started, thus generating a brodcast (once again due to the ARP request generated by the switch in order to find the MAC address associated to the IP address); finally show storm-control broadcast allows to see storm-control's activities: