Loop detection and protection mechanism in Aruba Instant On
This post applies to Aruba Instant On 11D Model.
The loop protection feature prevents the formation of loops when:
An unmanaged switch is connected to one port of an Instant AP and a loop forms in the unmanaged switch.
Multiple ports in an Instant AP are connected to an unmanaged switch.
The loop protection feature transmits a proprietary loop detection packet on all Ethernet port of an AP at the regular loop-protect interval (default value is 2 seconds).
Loop Detection Packet
The loop protect feature transmits the loop detection packet without a VLAN tag irrespective of whether the Ethernet port of the Instant AP is connected in access mode or trunk mode. That is, for trunk mode, loop protect is supported only in the native VLAN.
Below screenshot is when the AP detects loop between E1 and E2 when connecting the AP’s port in same VLAN in the same switch.
Port E2 identified with loop
Below screenshot is when the AP detects loop between E1 and E2 when connecting the AP’s port in different VLAN in the same switch.
Loop detection does not take effect with AP ports connected to different VLAN in the same switch
If the loop protect packet is received on the same Ethernet port of the AP, a loop in the downstream switch is detected and the Ethernet port of the AP is shut down.
If the loop protect packet is received on another Ethernet port of the AP, a loop between the Ethernet ports of the Instant AP is detected and the Ethernet port of the AP port with lower priority is shut down. The Ethernet port with smaller port ID has high priority.
The Ethernet port of the AP that is shut down because of loop protection is marked with status ON WITH_SJ_LOOP.
A user can either the recover the shutdown port from the AP with manual intervention or enable automatic recovery mode and configure an automatic recovery interval. At the expiry of the automatic recovery interval, the ON WITH_SJ_LOOP status of the Ethernet port is cleared and the Ethernet port is re-enabled automatically.
To prevent the downstream switch from dropping the loop detection packet, for example during broadcast storm state, if the AP takes longer time, or if the Instant AP fails to detect a loop, a broadcast storm-control mechanism is provided as part of the loop protection feature. During broadcast-storm control, an AP counts the broadcast packets received on each of its Ethernet port and determines the packet rate in an interval. If the broadcast packet rate on one Ethernet port exceeds the configured threshold (default value is 2000 packets per second), the Ethernet port is shut down.
Loop-protect is not enabled on the uplink port and looping a downlink port to the WAN port makes the AP lose connection to the cloud