How Loops Can Form in the ACI Fabric
Incorrect cabling or misconfigurations can cause loops in the Cisco ACI fabric.
A loop means there is more than one path for traffic to circulate endlessly, which can overload the network.
Methods to Detect Loops
LLDP (Link Layer Discovery Protocol)
When a port becomes active, the switches exchange LLDP information.
If a leaf switch sees LLDP from another leaf (or a spine sees LLDP from another spine), it detects a wiring mismatch.
In that case, the port is disabled (out-of-service) and a fault is raised (wiring-mismatch).
Important: MCP (Mis-Cabling Protocol) is not needed for these kinds of leaf-to-leaf or spine-to-spine errors.
STP (Spanning Tree Protocol)
ACI itself does not run STP inside the fabric.
However, ACI leaf ports can connect to external Layer 2 networks that do run STP.
STP in the external network will detect and block loops there.
Important: MCP is not needed for loops that STP can handle.
What is MCP (Mis-Cabling Protocol)?
A protocol designed to detect other types of loops that LLDP or STP cannot detect.
Sends a special Layer 2 frame (with a multicast MAC) that downstream devices flood.
Can be sent on a per-VLAN basis.
If a leaf port in the fabric receives its own MCP frame back:
It checks if the MD5 digest is the same, and
If the send time matches (within 2 seconds).
If either condition is met, the port goes into error-disable (mcp-loop-err-disable).
MCP Packet and Design
MCP Packet is a lightweight Layer 2 frame with low overhead.
MCP Design:
Automatically disables any ports that form a loop within the fabric.
Prevents user traffic from using these looped ports.
Generates syslog events and faults so you can troubleshoot problems.
Configuring MCP
A. Enable MCP Globally (Usually On by Default)
In the APIC GUI:
Fabric → Access Policies → Policies → Global → MCP instance Policy (default) → Policy
Set:
Admin State = Enabled
Controls = Enable MCP PDU per VLAN
Loop Protection Action = Port Disable
( If you choose “disabled,” you will only see logs, and ports will not be disabled.)
B. Enable MCP on Specific Interfaces
Note : MCP must be globally enabled for any interface-specific MCP policy to actually apply.
Create an MCP Interface Policy
Fabric → Access Policies → Policies → Interface → MCP Interface
Right-click → Create Mis-cabling Protocol Interface Policy
Give it a name and enable Admin State.
Assign MCP Policy
Leaf Access Port
Fabric → Access Policies → Interfaces → Leaf Interfaces → Policy Groups → Leaf Access Port
Under Policy → MCP, select either the default global policy or the new MCP Interface Policy.
Port Channel (PC)
Fabric → Access Policies → Interfaces → Leaf Interfaces → Policy Groups → PC Interface
In Advanced Policies → MCP Policy, select the global or custom MCP policy.
Virtual Port Channel (vPC)
Fabric → Access Policies → Interfaces → Leaf Interfaces → Policy Groups → vPC Interface
In Advanced Policies → MCP Policy, pick the global or custom MCP policy.
Useful Commands
Check MCP interface status
leaf# moquery -c mcpIf -f 'mcp.If.id=="eth1/1"'
Show global MCP info
leaf# show mcp internal info global
Show MCP info for a specific interface
leaf# show mcp internal info interface ethernet 1/1
leaf# show mcp internal info interface port-channel X
Verify if a loop was detected
leaf# show mcp internal event-history interface port-channelX
If loop detected, you may see:
MCP loop detected at: Wed Sep 21 18:00:09 2021
leaf# show interface ethernet 1/1
If loop detected, you may see:
Ethernet1/1 is down (mcp-loop-err-disable)
Fault Codes
F1607 and F0532 may appear if MCP detects a loop.
Summary
LLDP handles leaf-to-leaf or spine-to-spine cabling errors.
STP handles loops in the external Layer 2 network.
MCP handles all other loops inside or just outside the fabric that LLDP/STP don’t catch.
MCP sends special frames, and if those frames return to the sender, it flags a loop and can disable the port.
Always enable MCP globally, and then enable it on interfaces or port groups to fully protect against loops.
Comments