Schilling, You should be most likely looking at reducing these wide L2 domains, but regardless of the L2 domain size, you should still deploy access layer countermeasures to avoid loop creation and the effects of a potential loop.
VPLS or any other transport would not help you if some user loops the cable back, or connects a rouge hub/switch. VPLS just makes sure there are no loops in the VPLS core - you can still get loops through the other layers. I would suggest reading these documents (I am including the docs for 3750, but it is quite generally supported across the switching portfolio): http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e /software/release/12.2_55_se/configuration/guide/swstpopt.html (Features to look at include: BPDU Guard, Root Guard, Loop Guard) Also: http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e /software/release/12.2_55_se/configuration/guide/swtrafc.html#wp1063295 (Features to look at include: Storm Control, Port Security (to limit number of MACs per port)) Not directly related to loop prevention, but a good practice on campus access layer: http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e /software/release/12.2_55_se/configuration/guide/swdhcp82.html http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e /software/release/12.2_55_se/configuration/guide/swdynarp.html For even more advanced protection: http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e /software/release/12.2_55_se/configuration/guide/sw8021x.html Arie -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of schilling Sent: Wednesday, February 09, 2011 17:12 To: cisco-nsp Subject: [c-nsp] EoMPLS or VPLS loop prevention/storm control Hi All, We right now have several bridged campus wide VLAN. It happens several times a year where a loop in one of the VLAN will cause our backbone to be unavailable. Now we are thinking to better architect the design. If we migrate to some platform like ASR9K and use EoMPLS or VPLS, what will happen if we have a loop in one of the VLAN? The simple loop is to have a dump switch, connected two ports of it together. Thanks, Schilling _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
