Whether loop detection can be configured on the firewall interface

4

The USG2000&5000&6000 do not support configuring the loop detection command at the interface. Loop detection usually applies to detection at the lower-layer switches.
On the firewall:
1. You can make a comparison by viewing interface traffic information. If the traffic volumes of certain interfaces are large and similar, a loop may occur.
2. If a loop occurs, the following alarm information is displayed.
Alarm information: PPP/4/TRAP: [oid] Interface (IfIndex:[interface-index]) LoopBack is detected

Other related questions:
Can a box switch record logs and alarms after a loop detection-enabled interface detects a loop
A fixed switch can record alarms but not logs after a loop detection-enabled interface detects a loop. The configurations are as follows: In V100R005 and V100R006, you can run the snmp-agent trap enable feature-name ldttrap command to enable the alarm function for loop detection. If snmp-agent trap enable has been configured globally, the alarm function has been enabled. Loop detection and loopback detection have been available since V200R001. You can run the snmp-agent trap enable feature-name ldttrap command to enable the alarm function for loop detection and run the snmp-agent trap enable feature-name lbdt command to enable the alarm function for loopback detection. You can run the display trapbuffer command to view alarms.

Can protocol packets be sent if an interface with a loop detected is blocked on an S series switches
Can protocol packets be sent if an interface with a loop detected is blocked on an S series (except the S1700) or E series switch? For S series switches (except the S1700), the destination MAC address of LDT packets and tagged LBDT packets is all Fs. These packets cannot be sent through an interface if it is blocked. The destination MAC address of untagged LBDT packets is a BPDU MAC address. These packets can still be sent through an interface even if it is blocked. For E series switches, the destination MAC address of tagged LBDT packets is all Fs. These packets cannot be sent through an interface if it is blocked. The destination MAC address of untagged LBDT packets is a BPDU MAC address. These packets can still be sent through an interface even if it is blocked.

Will the device management be affected if an interface with loop detected is blocked
The blocked interface does not affect device management because the ping and Telnet functions are not affected. Blocking the interface only affect Layer 2 forwarding on the interface because the blocked interface does not learn MAC addresses.

Configure single-interface loopback detection on S series switch
How to configure single-interface loopback detection on S series switches (except S1700)? Among external loopback detection, only single-interface loopback detection is supported on switches. After external loopback detection is enabled on an Ethernet interface of a switch, the switch periodically checks whether external loopback occurs on each Ethernet interface. If an S series switch finds that external loopback occurs on an Ethernet interface, by default, it blocks the interface when it runs a version earlier than V200R001 or shuts down the interface when it runs V200R001 or a later version. If an E series switch finds that external loopback occurs on an Ethernet interface, by default, it shuts down the interface. 1. Application Scenario In actual networking, single-interface loopback detection is often used on a downlink interface of a newly deployed or added access switch. You are advised to set the action taken after loopback is detected to block. 2. Configuration Procedure Enable loopback detection globally. This function will then be enabled on all interfaces simultaneously. [Huawei] loopback-detect enable Modular switches running V200R001 or later support loopback detection in a maximum of eight VLANs. Fixed switches running V100R005 or later support loopback detection in a maximum of eight VLANs. E series switches support loopback detection in a maximum of eight VLANs. The following example describes how to configure loopback detection on a fixed switch: [Huawei-Ethernet0/0/1] loopback-detect packet vlan 20 21 22 23 24 25 26 27 [Huawei-Ethernet0/0/1] loopback-detect action block Among E series switches, modular switches running V200R001 and fixed switches running V100R005 or later save loopback alarm information in the trap buffer, and the alarm information can also contain information about the VLAN in which loopback is detected. Alarm information is as follows: #Jan 1 2008 06:43:54-08:00 Quidway LDT/4/Porttrap:OID1.3.6.1.4.1.2011.5.25.174.3.3 Loopback does exist on interface(5) Ethernet0/0/1 ( VLAN 20 ) , loopback detect status: 4.(1:normal; 2:block;3:shutdown; 4:trap; 5:nolearn) 3. Precautions Loopback detection will consume some system resources. After deploying or adding access switches, run the undo loopback-detect enable command to disable this function.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top