10-04-2010 02:07 AM - edited 03-04-2019 09:58 AM
Hi,
I am always confused about these three concepts.
I just want to know the basic understanding of this three features of STP.
where should i use and which mode i can configure this ?
I referred cisco website for the same but still not cleared about it ............
Please share the knowledge . It would be great help for getting cleared this concepts ....................
Solved! Go to Solution.
10-04-2010 04:25 AM
Loopguard:- Unidirectional link failures may cause a root port or alternate port to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. The loop guard feature checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.
BPDU Guard:-BPDUGuard enables on access port which helps the switches to put the port in shut down mode once it receives the superior BPDU. e.g. In case of metro ethernet, SP puts switches at customer building and make that switch ar root bridge. Now imagine if some other customer switch sends a superior BPDU then the STP need to be converged again and lead of serious issues.
Rootguard:- It is enabled on the designated ports of root switch, so that if those ports listen to the superior BPDU then put that port in inconsistent state.
regards
Shivlu Jain
10-04-2010 04:25 AM
Loopguard:- Unidirectional link failures may cause a root port or alternate port to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. The loop guard feature checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.
BPDU Guard:-BPDUGuard enables on access port which helps the switches to put the port in shut down mode once it receives the superior BPDU. e.g. In case of metro ethernet, SP puts switches at customer building and make that switch ar root bridge. Now imagine if some other customer switch sends a superior BPDU then the STP need to be converged again and lead of serious issues.
Rootguard:- It is enabled on the designated ports of root switch, so that if those ports listen to the superior BPDU then put that port in inconsistent state.
regards
Shivlu Jain
03-05-2017 10:16 PM
Did you mean to say "If the port is NOT receiving BPDUs"?
10-04-2010 04:49 AM
Hello
Loopguard, BPDUguard and Rootguard are Spanning-Tree enhancements. Since STP is more a LAN topic than a WAN one, this thread should be opened there. Just to know for future questions related to STP
To explain here how each of this features work, would mean to either copy / paste from Cisco.com or to write about 5-10 pages to really capture of all aspects, which is a high effort for this topic which is explained very well at Cisco.com
Maybe you didn't found the right documentation, so here are some links that explain clear and straightforward how this features work:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml <- Loopguard
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml <- BPDUguard
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml <- Root Guard
These explanations comes with example. Please study them and then if you have something which is unclear you can ask here.
Good luck!
Calin
10-04-2010 05:01 AM
Hi Calin,
As you said , this should be queried in LAN switching topic but i did not get any reply from that forum , i have sent from want routing forum .....
you have sent proper link for my understanding ... thanks for that
But i was looking for a real scenario where somebody has configured the same.
I want to know ... where which STP enhacement feature to be enabled ?
this is somewhat confusing for me ................
I will just go through it and raise the query in case i have any doubt about it.
Thanks for your rapid response.
06-07-2013 04:37 AM - last edited on 03-28-2022 05:49 PM by Translator
HI Vinod,
Okay,
Let me give it a try:
1)LoopGuard: Spanning Tree Loop Guard helps to prevent loops when you use fibre links. Fibre links have a transmit and receive connector. If one of these links fails it's possible that interfaces that are currently in "blocking" mode go to forwarding. This might cause a loop. Loop guard will ensure that if a blocked interface no longer receives BPDUs from the other side that it will be shut down to prevent a layer 2 loop.
Taking 3 switchs as a example: connecting in a triangle.
SW1
___|________
| |
Sw2 T0/1---T0/2 SW3
Hence consider the above topology one of the link will be block.
think SW1 is the Root bridge hence the port T0/2 will be in blocking state.( To have the loopfree topology)
It works similar to UDLD feature. The Sw2 and Sw3 is connected through fiber cable, One end would be tx and other end would be rx.
As you know that blocked port would be recieving the BPDU's. what happens when it stopped reciving the BPDU's? (Considering the example that there is some issue with the fiber cable and Tx is haiving issue hence port T0/2 is not reciving it hence it waits for the max age timer to expire after which the port transition from Blocking to forwarding mode which is not supposed to hence there would be loop. Hence when you confiugre the loopguard/udld then the port would go blocked.
Hence it is layer 1 cable issue STP would not be able to detect it automatically, hence you would use the loopguard feature.
2) ROOT-GUARD
Root guard for spanning tree can be used to prevent a certain switch from becoming the root bridge. Even if you receive a superior BPDU from another switch, root guard will prevent that switch from becoming the root bridge.
SW1
___|_f01___
| |
Sw2 SW3
In the above topology SW2 is root bridge for VLan 10 and you dont want any other switch in the network to become the root bridge for this vlan 10 other than SW2.
What you need to do is configure root guard feature on F0/1 of SW1. What happens in this case if if by mistake or intentionally someone configure SW3 to be root bridge for vlan 10 (by lowering the priority) SW1 will put the ports into root-inconsistent port hence this BPDU will not have any affect. It will through you the error in the log.
3) BPDU-GUARD
Spanning Tree BPDU guard ensures that an interface will be error disabled as soon as you receive a BPDU on it. This is useful on access ports where you shouldn't expect any BPDUs and will protect your switched network.
Access-Port-------------------F0/1 Switch
\BPDU guard goes hand in hand with Port-FAst.
Spanning tree shuts down ports that are in a Port Fast-operational state if any BPDU is received on them. In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port means an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. When this happens, the switch shuts down the entire port on which the violation occurred.
EG: If in case someone connect the bridge or switch to the ACcess port which has port-fast configured then there are chances that the bpdu get leaked in to the network, hence to prevent that you confiugre the BDPU guard.
When you configure the BPDU Guard the port when it sees the BPDU it put that respective port into error-disabled .
Hope this helps. We always recommend customer to have this configuration on there devices to prevent any type of STP issues and it works quite well which would prevent your network from behaving abnormally and makes your life bit easier.
Regards
Inayath
*Plz rate if this information is helpfull.
06-07-2013 02:58 AM
Hi Vinod
is it possible to list the commands for the Loop,BPDU,Root guard ? It is will be helpful if we summarize it here.
Thanks,
Sha
06-07-2013 04:43 AM - last edited on 03-28-2022 05:47 PM by Translator
Hi Raja,
Here is the configuration:
Loopguard:
SW1----G1/1---------------G1/1 SW2
go to the respective switches and configure the cmd under the interface.
spanning-tree guard loop
Sw1(config)#interface gigabitEthernet 1/1
Sw1(config-if)#spanning-tree guard loop
2)
Root Guard:
Cat-IOS# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cat-IOS#(config)# interface fastethernet 3/1
Cat-IOS#(config-if)# spanning-tree guard root
Example of this: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml
3)
BPDU Guard: We suggest you to enable bpduguard at the global level so that it gets automatically inherited to the port-fast/access port configuation.
conf t
spanning-tree portfast bpduguard
HTH
Regards
Inayath
*PLz rate all usefull posts.
06-07-2013 04:51 AM
Got it. Thank you Sharieff !
12-25-2015 08:44 AM
Does he mean to say "...If the port is NOT receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again...."
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide