Hi,
I'm trying to read up for (and take) the CCNA, so that's the level of depth and understanding i'm seeking.
I (hopefully) understand root guard and BPDU guard to some extend. Please correct me if i'm wrong and provide me with the proper knowledge.
Root guard is to prevent another switch from being root bridge. So if you have SW1 and SW2 connected, with SW1 being root bridge and you connect a SW3 to a SW2 port with BPDU guard enabled, if SW3 then starts to send superior BPDU's, SW2 won't accept SW3 as the new root bridge. That's what i know, but then what? I guess SW2 would somehow inform SW3 that it's not the root bridge, right? But how?
BPDU guard is sort of an extension of Portfast; To prevent a loop from forming, BPDU guard can be enabled on Portfast enabled interfaces, so if the switch receives a BPDU on those interfaces, the interfaces will be shutdown.
But i have a small example with a question:
Let's say SW3 formerly had a end host connected to it's G0/0 interface and for that reason, also had BPDU guard enabled. Now the IT guy chooses to expand the network with a SW4 connected to SW3's G0/0. SW4 would send BPDUs, SW3 would notice and shutdown the interface. But how is that preventing a loop? Can someone come up with a simple scenario where a loop is prevented?
I'm having trouble understanding loop guard and that might be because i haven't been able to find any explaining examples online. I understand that if an interface with loop guard enabled, stops receiving BPDUs, it will not start forwarding BPDUs, but instead, it will be disabled, but i don't see how that helps.
If someone can explain a scenario where the problem, loop guard is invented to solve, occurs, i would be very thankful.
Thank you in advance
Accepted Solutions
You got everything right.
"That's what i know, but then what? I guess SW2 would somehow inform SW3 that it's not the root bridge, right? But how?"
"If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge. "
About you scenario, a good explanation is here:
" In Figure 2, device D begins to participate in STP. For example, software-based bridge applications are launched on PCs or other switches that a customer connects to a service-provider network. If the priority of bridge D is 0 or any value lower than the priority of the root bridge, device D is elected as a root bridge for this VLAN. If the link between device A and B is 1 gigabit and links between A and C as well as B and C are 100 Mbps, the election of D as root causes the Gigabit Ethernet link that connects the two core switches to block. This block causes all the data in that VLAN to flow via a 100-Mbps link across the access layer. If more data flow via the core in that VLAN than this link can accommodate, the drop of some frames occurs. The frame drop leads to a performance loss or a connectivity outage."
But, the conclusion needs to be that STP is not a good protocol. It was invented far ago and does not fit modern network requirements and that´s why it is being replaced for Layer 3 loop prevention protocol, which is much more smart.
You got everything right.
"That's what i know, but then what? I guess SW2 would somehow inform SW3 that it's not the root bridge, right? But how?"
"If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge. "
About you scenario, a good explanation is here:
" In Figure 2, device D begins to participate in STP. For example, software-based bridge applications are launched on PCs or other switches that a customer connects to a service-provider network. If the priority of bridge D is 0 or any value lower than the priority of the root bridge, device D is elected as a root bridge for this VLAN. If the link between device A and B is 1 gigabit and links between A and C as well as B and C are 100 Mbps, the election of D as root causes the Gigabit Ethernet link that connects the two core switches to block. This block causes all the data in that VLAN to flow via a 100-Mbps link across the access layer. If more data flow via the core in that VLAN than this link can accommodate, the drop of some frames occurs. The frame drop leads to a performance loss or a connectivity outage."
But, the conclusion needs to be that STP is not a good protocol. It was invented far ago and does not fit modern network requirements and that´s why it is being replaced for Layer 3 loop prevention protocol, which is much more smart.
