Enabling Loop Guard - Cisco Catalyst 4500 Series Configuration Manual

Enabling Loop Guard

Figure 23-1
•
•
•
Enabling loop guard on a root switch has no effect but provides protection when a root switch becomes
a nonroot switch.
Follow these guidelines when using loop guard:
•
•
Loop guard interacts with other features as follows:
•
•
•
•
•
Enabling Loop Guard
You can enable loop guard globally or per-port.
To enable loop guard globally on the switch, perform this task:
Command
Step 1
Switch(config)# spanning-tree loopguard default
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
23-4
illustrates the following configuration:
Switches A and B are distribution switches.
Switch C is an access switch.
Loop guard is enabled on ports 3/1 and 3/2 on Switches A, B, and C.
Do not enable loop guard on PortFast-enabled or dynamic VLAN ports.
Do not enable loop guard if root guard is enabled.
Loop guard does not affect the functionality of UplinkFast or BackboneFast.
Enabling loop guard on ports that are not connected to a point-to-point link does not work.
Root guard forces a port to always be the root port. Loop guard is effective only if the port is a root
port or an alternate port. You cannot enable loop guard and root guard on a port at the same time.
Loop guard uses the ports known to spanning tree. Loop guard can take advantage of logical ports
provided by the Port Aggregation Protocol (PAgP). However, to form a channel, all the physical
ports grouped in the channel must have compatible configurations. PAgP enforces uniform
configurations of root guard or loop guard on all the physical ports to form a channel.
Spanning tree always chooses the first operational port in the channel to send the BPDUs. If that
–
link becomes unidirectional, loop guard blocks the channel, even if other links in the channel
are functioning properly.
– If a set of ports that are already blocked by loop guard are grouped together to form a channel,
spanning tree loses all the state information for those ports and the new channel port may obtain
the forwarding state with a designated role.
If a channel is blocked by loop guard and the channel breaks, spanning tree loses all the state
–
information. The individual physical ports may obtain the forwarding state with the designated
role, even if one or more of the links that formed the channel are unidirectional.
You can enable UniDirectional Link Detection (UDLD) to help isolate the link failure.
Note
A loop may occur until UDLD detects the failure, but loop guard is not able to detect it.
Loop guard has no effect on a disabled spanning tree instance or a VLAN.
Chapter 23
Purpose
Enables loop guard globally on the switch.
Configuring Optional STP Features
OL-25340-01