Courseiva
Spanning TreeCCNA 200-301

Layer 2 Loop Detected — Broadcast Storm

Presenting Symptom

Users in multiple VLANs report network connectivity issues, and the switch console shows high CPU utilization with rapidly incrementing interface counters.

Network Context

A small branch office network with three Cisco Catalyst 2960 switches (IOS 15.0) connected in a triangle topology: SwitchA, SwitchB, and SwitchC. All switches run Rapid PVST+ and have multiple access VLANs (10, 20, 30) trunked between them. The network has been stable for months until a junior engineer connected a new switch (SwitchD) to SwitchA and SwitchB without disabling STP.

Diagnostic Steps

1

Check CPU utilization and interface counters

show processes cpu sorted | include CPU
CPU utilization for five seconds: 99%/0%; one minute: 95%; five minutes: 90%

High CPU utilization indicates a broadcast storm or other control plane overload. Normal CPU should be below 50%.

2

Identify interfaces with high broadcast/multicast traffic

show interfaces | include (Broadcast|Multicast|output rate)
  Broadcast: 12345678 packets/sec
  Multicast: 9876543 packets/sec
  output rate: 100000000 bits/sec

Extremely high broadcast rates (millions per second) confirm a broadcast storm. Normal broadcast rates are a few hundred per second.

3

Check STP status to see if any ports are in blocking state

show spanning-tree vlan 10
VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     0011.2233.4455
             This bridge is the root
  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0011.2233.4455
  Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Desg FWD 4         128.1    P2p
  Gi0/2            Desg FWD 4         128.2    P2p
  Gi0/3            Desg FWD 4         128.3    P2p

All ports are in forwarding state (FWD) with no blocking ports. In a triangle topology, at least one port should be in blocking state to prevent loops. This indicates a bridging loop.

4

Check for BPDU reception on suspect ports

show spanning-tree vlan 10 detail | include BPDU
BPDU: sent 12345, received 0

If BPDUs are not received on a port that should be receiving them (e.g., a port connected to another switch), STP may be disabled or misconfigured. Zero received BPDUs on a port that should be a trunk suggests a loop.

Root Cause

A bridging loop caused by connecting SwitchD to both SwitchA and SwitchB without enabling Spanning Tree Protocol (STP) on the new switch. STP was disabled (or not running) on SwitchD, so it forwarded BPDUs and data frames out all ports, creating a loop that resulted in a broadcast storm.

Resolution

1. Immediately break the loop by physically disconnecting one of the redundant links (e.g., remove cable between SwitchD and SwitchB). 2. Enable STP on SwitchD: SwitchD(config)# spanning-tree vlan 1-4094 3. (Optional) Set the STP mode to Rapid PVST+ to match the existing network: SwitchD(config)# spanning-tree mode rapid-pvst 4. Reconnect the cable. STP will now block one of the redundant ports.

Verification

After reconnecting, run: show spanning-tree vlan 10 Expected output shows one port in BLK (blocking) state: Gi0/1 Desg FWD 4 128.1 P2p Gi0/2 Altn BLK 4 128.2 P2p Also verify CPU utilization drops below 50% and broadcast counters stabilize.

Prevention

1. Always enable STP on all switches (default on Cisco switches, but verify it is not disabled). 2. Use BPDU guard on access ports to prevent unauthorized switches from being connected. 3. Implement PortFast on access ports to speed up convergence while maintaining loop protection.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where you must identify a loop from symptoms like high CPU, broadcast storms, and all ports forwarding. The exam tests understanding of STP states (blocking, listening, learning, forwarding) and the role of BPDUs. Key fact: A loop occurs when STP is disabled or misconfigured, causing all ports to be in forwarding state.

Exam Tips

1.

Memorize the STP port states: Blocking (20 sec), Listening (15 sec), Learning (15 sec), Forwarding. A loop means no port is in Blocking.

2.

In exam simulations, look for 'show spanning-tree' output where all ports are FWD — that's a loop indicator.

3.

Remember that BPDU guard and PortFast are common features to secure STP; BPDU guard err-disables a port if a BPDU is received.

Commands Used in This Scenario

show interfaces

Displays detailed status and statistics for all interfaces or a specific interface, used to verify interface operational state, errors, and performance.

show processes cpu

Displays CPU utilization statistics for all processes running on the Cisco IOS device, used to identify processes consuming excessive CPU and diagnose performance issues.

show spanning-tree

Displays the Spanning Tree Protocol (STP) state and configuration for all VLANs or a specific VLAN, used to verify root bridge, port roles, and STP topology.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions