Loop Guard
Sections:
Overview:
- Loop Guard is an STP feature that enhances network stability by preventing bi-directional loops
- Loop Guard ensures that ports that should not become the root port or designated port do not transition into forwarding states incorrectly
- Loop Guard prevents a one way network loop from occurring when there is a failure in receiving BPDUs on a port
How it Works:
- Loop Guard is used on non-designated ports (Root & Blocking) to prevent them from erroneously transitioning to the forwarding state due to a unidirectional link failure in receiving BPDUs from an upstream switch
- If BPDUs stop being received, the port is placed in a "Loop-inconsistent" state, thus preventing potential loops from occurring
- Loop-inconsistent ports will automatically re-enable themselves once BPDUs from an upstream switch are received
- Loop Guard blocks inconsistent ports on a per-VLAN basis
- If BPDUs are not received on the trunk port for one particular VLAN, only that VLAN is blocked during the failover period
When to use:
- It is especially useful in situations where a port could be mistakenly left in a forwarding state due to a BPDU loss, in cases when an upstream switch fails to send BPDUs
- Enabled on a per port basis for Non Designated ports (Root and Blocking ports)
Example Scenario
Consider the following example:
- Switch (A) is the root switch
- Switch (C) does not receive BPDUs from switch (B) due to a unidirectional link failure on the link between switch (B) and switch (C)
- Without loop guard enabled, the STP blocking port on switch (C) transitions to the STP forwarding state after going through the standard MaxAge and Forward Delay timers
- This situation creates a one way loop
- With loop guard enabled, the blocking port on switch (C) transitions into a STP loop-inconsistent state when the MaxAge timer expires
- A port in an STP loop-inconsistent state does not pass user traffic, so a loop is not created. (The loop-inconsistent state is effectively equal to a blocking state)
- Loop Guard is enabled on a per-port basis on Non Designated Ports (Root and Blocking ports)
Lab Topology
Lab Scenario:
- Loop Guard will be configured and enabled on all Non-Designated ports (Root and Blocking ports)
Loop Guard Configuration
Configuration of the Loop Guard feature on a per port basis.
Verification of the Loop Guard feature configured on interface Gi0/2.
Enabled BPDU Filter on DistributionSW2's G0/1 port to block incoming BPDUs from the Root switch. This causes the downstream switch AccessSW1 with Loop Guard configured on its Gi0/2 interface to trigger Loop Guard after the MaxAge timer expires.
AccessSW1 placing port Gi0/2 in a Loop inconsistent state after it stopped receiving BPDUs from the upstream switch DistributionSW1 after MaxAge timer expiration.
AccessSW1 unblocking loop inconsistent port Gi0/2 automatically after disabling BPDU Filter on the upstream switch DistributionSW1.
