Configuring STP loop guard
Spanning tree is used to ensure a loop-free topology over the LAN. Occasionally a hardware or software failure can cause STP to fail, creating STP/ forwarding loops that can cause network failures where unidirectional links are used. The non-designated port transitions in a faulty manner because the port is no longer receiving STP BPDUs.
STP Loop Guard causes the non-designated port to go into the STP loop inconsistent state instead of the forwarding state. In the loop-inconsistent state, the port prevents data traffic through the link, therefore avoiding the loop creation. When BPDUs again are received on the inconsistent port, it resumes normal STP operation automatically.
Syntax:
spanning-tree port-list loop-guard
no spanning-tree port-list loop-guard
Enables STP Loop Guard on a particular port or ports. STP Loop Guard is best applied on blocking or forwarding ports.
The
no
form of the command disables STP Loop Guard.
Default: Disabled
Before configuring loop guard
switch(config)# show spanning-tree vlan 20 Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST Extended System ID : Enabled Ignore PVID Inconsistency : Disabled Switch MAC Address : 002347-c651c0 VLAN ID : 20 RPVST Enabled : Enabled Root MAC Address : 0024a8-d13a40 Root Priority : 32,768 Root Path Cost : 20,000 Root Port : 1 Operational Hello Time (secs) : 2 Topology Change Count : 2 Time Since Last Change : 9 secs Designated Port Type Cost Priority Role State Bridge ----- ---------- ------ --------- ---------- ---------- --------------- 1 100/1000T 20000 128 Root Forwarding 0024a8-d13a40 20 10/100TX 200000 128 Alternate Blocking 002347-587b80
After configuring loop guard
spanning-tree 20 loop-guard
, loop guard has been configured on port 20 of Switch 2:
switch(config)# show spanning-tree Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST Extended System ID : Enabled Ignore PVID Inconsistency : Disabled RPVST Enabled VLANs : 20 Switch MAC Address : 002347-c651c0 Root Guard Ports : Loop Guard Ports : 20 TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : Auto Edge Ports : 1-24 Admin Edge Ports : VLAN Root Mac Root Root Root Hello ID Address Priority Path-Cost Port Time(sec) ----- --------------- ---------- ---------- -------------------- --------- 100 0024a8-d13a40 32,768 20,000 1 2
Switch ceasing to send BPDUs
With switch 1 ceasing to send BPDUs through port 20 to switch 2, port 20 goes into the “inconsistent” state and ceases to forward traffic, as displayed in the following
show spanning-tree
output for VLAN 20.
switch(config)# show spanning-tree vlan 20 Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST Extended System ID : Enabled Ignore PVID Inconsistency : Disabled Switch MAC Address : 002347-c651c0 VLAN ID : 20 RPVST Enabled : Enabled Root MAC Address : 0024a8-d13a40 Root Priority : 32,768 Root Path Cost : 20,000 Root Port : 1 Operational Hello Time (secs) : 2 Topology Change Count : 3 Time Since Last Change : 42 hours Designated Port Type Cost Priority Role State Bridge ----- ---------- ------ --------- ---------- ---------- --------------- 1 100/1000T 20000 128 Root Forwarding 0024a8-d13a40 20 10/100TX 200000 128 Alternate Inconsi... 002347-587b80
Viewing configuration file with loop guard enabled
The following example displays
show spanning-tree config
output with loop guard enabled on Port 20:
switch(config)# show spanning-tree config Spanning Tree Information STP Enabled [No] : Yes Mode : RPVST Extended System ID : Enabled Ignore PVID Inconsistency : Disabled RPVST Enabled VLANs : 100 Switch MAC Address : 002347-c651c0 Root Guard Ports : Loop Guard Ports : 20 TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : Auto Edge Ports : 1-24 Admin Edge Ports : Max Age Forward Hello Admin Root VLAN Priority (sec) Delay(sec) Time(sec) Bridge ---- -------- ------- ---------- --------- ---------------- 100 32768 20 15 2 Not Configured