07-21-2021 01:31 AM
Hey,
On interface truck can we give additional port security with the command "spanning-tree guard loop".
is that recommended STP on the trunk interface?
Regrads
Solved! Go to Solution.
07-21-2021 02:27 AM
Hello
Spanning-tree isnt port-security , however it is highy recommended to have stp enabled especially when you have trunks
As for loopguard this protect against loops caused by unidirectional links and again is recommended to have this applied at a port or global level, but one caevat to it is it cannot applied to the same port as rootguard as when it is, then rootguard is disabled
07-21-2021 02:57 AM
Hello
Yes it is.
07-21-2021 04:24 AM - edited 07-21-2021 04:25 AM
Make sense when you use fibre-optic uplink. STP loop guard prevents any ATL or root ports from becoming "designated ports". If you use fibre-optic uplink you can consider UDLD too.
07-21-2021 02:24 AM
Kindly solve my confusion
07-21-2021 02:27 AM
Hello
Spanning-tree isnt port-security , however it is highy recommended to have stp enabled especially when you have trunks
As for loopguard this protect against loops caused by unidirectional links and again is recommended to have this applied at a port or global level, but one caevat to it is it cannot applied to the same port as rootguard as when it is, then rootguard is disabled
07-21-2021 02:35 AM - edited 07-21-2021 02:42 AM
spanning-tree itself is a mechanism to prevent loops
there is an option you may refer to
Loopguard:- Unidirectional link failures may cause a root port or alternate port to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. The loop guard feature checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, the loop guard feature puts the port into an inconsistent state until it starts receiving BPDUs again.
-> it is not meant for port-security
07-21-2021 02:48 AM
My simple question is - "spanning-tree guard loop" command recommended on trunk interface where my uplinks are connected.
SWITCH91#sh run int Te1/1/1
Building configuration...
Current configuration : 150 bytes
!
interface TenGigabitEthernet1/1/1
description UPlink_From_CoreSwitch
switchport mode trunk
spanning-tree guard loop
ip dhcp snooping trust
end
07-21-2021 02:57 AM
Hello
Yes it is.
07-21-2021 04:24 AM - edited 07-21-2021 04:25 AM
Make sense when you use fibre-optic uplink. STP loop guard prevents any ATL or root ports from becoming "designated ports". If you use fibre-optic uplink you can consider UDLD too.
07-21-2021 05:43 AM
additional info.
Loop Guard is config in trunk and access port but which one??
the Admin must be know the topology and know that this port is BLK STP status to prevent loop if in some case the BPDU from the connect SW is not receive, so not config under trunk or not but where config it in topology.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide