Configuring MAC Flapping-based Loop Detection for a BD
After MAC flapping-based loop detection is configured on a Bridge-Domain (BD), the devices can detect loops on AC-side interfaces, and block interfaces or report alarms.
Usage Scenario
- Blocking interfaces based on their blocking priorities: If a device detects a loop, it blocks the interface with a lower blocking priority.
- Blocking interfaces based on their trusted or untrusted states: If a device detects a loop, it blocks the untrusted interface.
After MAC flapping-based loop detection is configured on a device and the device receives packets with fake source MAC addresses from attackers, the device may mistakenly conclude that a loop has occurred and block an interface based on the configured blocking policy. Therefore, key user traffic may be blocked. It is recommended that you disable MAC flapping-based loop detection on properly running devices. If you have to use MAC flapping-based loop detection to detect whether links operate properly during site deployment, be sure to disable this function after this stage.
Pre-configuration Tasks
Before configuring MAC flapping-based loop detection on a BD network, configure BD on the PE. For details about BD configuration, see EVC Configuration in NetEngine 8000 F Configuration Guide - LAN Access and MAN Access.
- Enabling MAC Flapping-based Loop Detection
- After MAC flapping-based loop detection is enabled on devices, the devices can detect loops based on MAC address entry flapping and block interfaces to eliminate the loops.
- (Optional) Configuring a Blocking Policy
- After deploying MAC flapping-based loop detection, you can configure a blocking policy for AC-side interfaces (AC is short for attachment circuit).
- Verifying the Configuration of MAC Flapping-based Loop Detection for a BD
- After configuring MAC flapping-based loop detection for a bridge-domain (BD) network, verify the configuration.