Finding an ethernet loop?

A large company would certainly use managed switches with STP enabled.

Enable STP so all ports send STP BPDUs, and on all except the interconnection ports, enable the feature to immediately block the port when such a BPDU is received. When that happens, syslog messages should be generated giving you the relevant port number. When you see one of those, get out your approved baseball bat equivalent, and visit that switch/port.

best regards Patrick

interconnection

other posters mention spanning tree - i dont like network designs that depend on spanning tree since it doesnt "fail soft", but using it to minimise the effect of errors makes things much more stable in the long run.

You may need "port fast" turned on, so that the port start up delay doesnt cause other issues, and running spanning tree on links between switches and routers may degrade the convergence time in your network - you need to check it doesnt break something important.

or turn on "port security" or equivalent on all end user device ports, and limit the port to "x" MAC addresses. (x = 1 for simple ports, 2 or 3 if you daisy chain IP phones). Dont bother making the port lock to the 1st MAC.

Also limits the effect of rogue wireless access points, but not someone adding a SOHO router.

this assumes users can only get at the cabling to desks and so on - if they can plug into unused ports and alter cabling, then you have another issue.

it helps to actually lock wiring closets, use a ID carded access, and / or set up a motion detect camera - it is amazing how the number of "no one moved the cable" problems goes down when people think you might be able to tell who did it.......

Thanks everyone for this information!