In this article, we learn that how to work and use STP loop protection in Cisco switch. We can use STP loop protection with CST, PVST+, and RPVST+. You can see here ( Networking Signal ) this is a great way to prevent loops.
STP Loop Protection By Using Root Guard
Root Guard: It is a basically an STP protection which deploys at distribution layer Switches. It is used to
prevent access layer Switches from becoming ROOT BRIDGE.
For example three switch first core switch, 2nd distribution switch and the 3rd access switch. Simply in
network topology core layer switch always makes a ROOT BRIDGE. If by mistake ACCESS layer switch
If by mistake ACCESS layer switch priority is less than CORE switch (CORE switch priority 4096 and ACCESS switch priority 0) after this happen ACCESS layer switch send superior BPDU message to Distribution layer Switch and on DISTRIBUTION layer switch no ROOT GUARD enable that’s why now ROOT BRIDGE change in the topology
with ACCESS layer switch.
If ROOT GUARD enabled on DISTRIBUTION layer switch when superior BPDU received on DISTRIBUTION
layer switch port then same port goes to ROOT INCONSISTENCY STATE or BROKEN.
NOTE* In which VLAN port goes to inconsistency state only that VLAN traffic will be drop on the same port.
Other VLAN normally working.
STP Loop Protection By Using Loop Guard
LOOP GUARD: Loss of BPDU on the nondesignated port then LOOP GUARD prevented it. We enable it
on root port and block the port. If loss comes then that port goes into LOOP INCONSISTENCY or BROKEN
When network topology any link behavior goes to unidirectional then can be formed a loop.
The first question comes that how to create a unidirectional link?
An interface has two queues
1. Input Queue
2. Output Queue
It can be possible any of queue congestion is high and that’s why BPDU not processed. Then that link
behavior goes to unidirectional.
STP Loop Protection By Using UDLD
UDLD: Unidirectional Link Detection
It is a layer 2 protocol of CISCO. It’s work on FIBER PORT other work same like as LOOP GUARD.
In fiber, there is two path first send the second receive, so that two echo message send with echo
If only from one side echo message send or receive on this behalf UDLD declare to link is
unidirectional and then port goes to the ERROR_DISABLE state.
Bridge Assurance: It is a new technology. It is used in 6500 and 7000 nexus series SWITCHES. In that
type of switch both switch send BPDU message to each other to check the unidirectional link that technique
called BRIDGE ASSURANCE.
STP Loop Protection By Using BPDU Guard and PORTFAST
BPDU GUARD and PORTFAST: when we enable PORTFAST on any port then port change our STP
behavior like below:
1. Port save the STP converge time from 30 sec to 2 sec.(STP port converge time).
2. Port goes direct forwarding state.(not goes blocking> Listing>learning direct in Forwarding)
3. No TCN BPDU generate.
When PORTFAST enable port received BPDU then switch same port dissolve PORTFAST nature or loose
and no PORTFAST work continue that problem resolved by BPDU GUARD.
On ACCESS layer switch BPDU GUARD enables, when BPDU message receives on same port then port goes
to the ERROR-DISABLE state. But on same port BPDU message forward continue. That problem can be
resolve by BPDU FILTER.
Configuration of globally PORTFAST enable: #SPANING-TREE PORTFAST DEFAULT
By this command, PORTFAST enables on all access port where BPDU msg not received.
Configuration Globally of BPDU GUARD enable: #SPANING-TREE PORTFAST BPDUGUARD DEFAULT
By this command, BPDU GUARD enables on that port where PORTFAST enabled.
BPDU FILTER: It is enabled on edge switches. Two type of BPDU FILTER we enable on Switch.
2. Per Port Basis
If we enable BPDU FILTER globally then port send 11 consecutive BPDU message to check that is
neighbor device is an STP working device or not ( SWITCH or not). If neighbor device a SWITCH the STP is
normally working. If a neighbor is not a switch then BPDU FILTER enable and function.
If we enable it per port basis then we know that about port connection. PER PORT BASIS enable BPDU
FILTER no send or receive BPDU message.
Configuration BPDU FILTER :
#SPANNING-TREE PORTFAST BPDU FILTER DEFAULT (Globally Enable)
Configuration-if #SPANING-TREE BPDU FILTER ENABLE (Per port basis enable)
That all is about STP loop protection in CISCO SWITCH. Thanks.