Tags

, ,

In this post we will look at two other STP optional features known as Root Guard & Loop Guard.

Root Guard:
The STP root guard feature prevents a port from becoming root port or blocked port
. If a port configured for root guard receives a superior BPDU, the port immediately goes to the root-inconsistent (blocked) state.

Usually STP root guard is configured on primary & secondary root switches.  You can configure this per interface level as shown in the below.

6506(config-if)# spanning-tree guard root

Loop Guard:
Loop guard helps prevent bridging loops that could occur because of a unidirectional link failure on a point-to-point link.

When enabled globally, the loop guard applies to all point-to-point ports on the system. Loop guard detects root ports and blocked ports and ensures that they keep receiving BPDUs from their designated port on the segment. If a loop guard enabled root or blocked port stop a receiving BPDUs from its designated port, it transitions to the loop-inconsistent blocking state, assuming there is a physical link error on this port. The port recovers from this loop-inconsistent state as soon as it receives a BPDU.

You can enable loop guard on a per-port basis. When you enable loop guard, it is automatically applied to all of the active instances or VLANs to which that port belongs. When you disable loop guard, it is disabled for the specified ports. Disabling loop guard moves all loop-inconsistent ports to the listening state.

Loop Guard feature can be enabled globally or interface level. Below show the configuration syntax for this. “show spanning-tree interface Int_ID detail” command can be used to verify.

*** Enable Loop Guard on globally ***
6506(config)# spanning-tree loopguard default

6506# show spanning-tree interface fastEthernet 4/4 detail
Port 196 (FastEthernet4/4) of VLAN0010 is forwarding
Port path cost 1000, Port priority 160, Port Identifier 160.196.
Designated root has priority 32768, address 00d0.00b8.140a
Designated bridge has priority 32768, address 00d0.00b8.140a
Designated port id is 160.196, designated path cost 0
Timers:message age 0, forward delay 0, hold 0
Number of transitions to forwarding state:1
The port is in the portfast mode by portfast trunk configuration
Link type is point-to-point by default
Bpdu filter is enabled
Loop guard is enabled by default on the port
BPDU:sent 0, received 0

*** Enable Loop Guard on an interface ****
6506(config-if)# spanning-tree guard loop

Router# show spanning-tree interface fastEthernet 4/4 detail
Port 196 (FastEthernet4/4) of VLAN0010 is forwarding
Port path cost 1000, Port priority 160, Port Identifier 160.196.
Designated root has priority 32768, address 00d0.00b8.140a
Designated bridge has priority 32768, address 00d0.00b8.140a
Designated port id is 160.196, designated path cost 0
Timers:message age 0, forward delay 0, hold 0
Number of transitions to forwarding state:1
The port is in the portfast mode by portfast trunk configuration
Link type is point-to-point by default
Bpdu filter is enabled
Loop guard is enabled on the port
BPDU:sent 0, received 0

There are few points you need to remember when configuring Loop Guard.

•  You cannot enable loop guard on PortFast-enabled ports.
•  You cannot enable loop guard if root guard is enabled.
•  Loop guard does not affect the functionality of UplinkFast or BackboneFast.
•  Enabling loop guard on ports that are not connected to a point-to-point link will not work.
•  Root guard forces a port to be always designated as the root port. Loop guard is effective only if the port is a root port or an alternate port. You cannot enable loop guard and root guard on a port at the same time.
•  Loop guard has no effect on a disabled spanning tree instance or a VLAN

Related Posts

1. Configuring STP in 12.2 SXI
2. Configuring STP-Portfast
3. Configuring STP-BPDU Guard & Filter
4.
5.