Understanding Loop Guard; Understanding Root Guard - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Understanding Loop Guard

Understanding Loop Guard
Loop Guard protects networks from loops that are caused by the following:
• Network interfaces that malfunction
• Busy CPUs
• Anything that prevents the normal forwarding of BPDUs
An STP loop occurs when a blocking port in a redundant topology erroneously transitions to the forwarding
state. This transition usually happens because one of the ports in a physically redundant topology (not
necessarily the blocking port) stops receiving BPDUs.
Loop Guard is only useful in switched networks where devices are connected by point-to-point links. On a
point-to-point link, a designated bridge cannot disappear unless it sends an inferior BPDU or brings the link
down.
Note Loop Guard can be enabled only on network and normal spanning tree port types.
You can use Loop Guard to determine if a root port or an alternate/backup root port receives BPDUs. If the
port does not receive BPDUs, Loop Guard puts the port into an inconsistent state (blocking) until the port
starts to receive BPDUs again. A port in the inconsistent state does not transmit BPDUs. If the port receives
BPDUs again, the protocol removes its loop-inconsistent condition, and the STP determines the port state
because such recovery is automatic.
Loop Guard isolates the failure and allows STP to converge to a stable topology without the failed link or
bridge. Disabling Loop Guard moves all loop-inconsistent ports to the listening state.
You can enable Loop Guard on a per-port basis. When you enable Loop Guard on a port, it is automatically
applied to all of the active instances or VLANs to which that port belongs. When you disable Loop Guard, it
is disabled for the specified ports.

Understanding Root Guard

When you enable Root Guard on a port, Root Guard does not allow that port to become a root port. If a
received BPDU triggers an STP convergence that makes that designated port become a root port, that port is
put into a root-inconsistent (blocked) state. After the port stops send superior BPDUs, the port is unblocked
again. Through STP, the port moves to the forwarding state. Recovery is automatic.
Root Guard enabled on an interface applies this functionality to all VLANs to which that interface belongs.
You can use Root Guard to enforce the root bridge placement in the network. Root Guard ensures that the
port on which Root Guard is enabled is the designated port. Normally, root bridge ports are all designated
ports, unless two or more of the ports of the root bridge are connected. If the bridge receives superior BPDUs
on a Root Guard-enabled port, the bridge moves this port to a root-inconsistent STP state. In this way, Root
Guard enforces the position of the root bridge.
You cannot configure Root Guard globally.
You can enable Root Guard on all spanning tree port types: normal, edge, and network ports.
Note
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
202
About STP Extensions
OL-16597-01