OS10 Enterprise Edition User Guide Release 10.4.0E(R3)

PDF

Spanning-tree extensions

STP extensions ensure efficient network convergence by securely enforcing the active network topology. OS10 supports BPDU filtering, BPDU guard, loop guard, and root guard STP extensions.

BPDU filtering
Protects the network from unexpected flooding of BPDUs from an erroneous device. Enabling BPDU Filtering instructs the hardware to drop BPDUs and prevents flooding from reaching the CPU. BPDU filtering is enabled by default on Edge ports. All BPDUs received on the Edge port are dropped. If you explicitly configure BPDU filtering on a port, that port drops all BPDUs that it receives.
BPDU guard
Blocks the L2 bridged ports and LAG ports connected to end hosts and servers from receiving any BPDUs. When you enable BPDU guard, it places a port (bridge or LAG) in an Error_Disable or Blocking state if the port receives any BPDU frames. In a LAG, all member ports (including new members) are placed in an Blocking state. The network traffic drops but the port continues to forward BPDUs to the CPU that are later dropped. To prevent further reception of BPDUs, configure a port to shut down using the shutdown command. The port can only resume operation from the Shutdown state after manual intervention.
Root guard
Avoids bridging loops and preserves the root bridge position during network transitions. STP selects the root bridge with the lowest priority value. During network transitions, another bridge with a lower priority may attempt to become the root bridge and cause unpredictable network behavior. Configure the spanning-tree guard root command to avoid such an attempt and preserves the position of the root bridge. Root guard is enabled on ports that are designated ports. The root guard configuration applies to all VLANs configured on the port.
Loop guard
Prevents L2 forwarding loops caused by a hardware failure (cable failure or an interface fault). When a hardware failure occurs, a participating spanning tree link becomes unidirectional and a port stops receiving BPDUs. When a blocked port stops receiving BPDUs, it transitions to a Forwarding state causing spanning tree loops in the network. You can enable loop guard on a port that transitions to the Loop-Inconsistent state until it receives BPDUs using the spanning-tree guard loop command. After BPDUs are received, the port moves out of the Loop-Inconsistent (or blocking) state and transitions to an appropriate state determined by STP. Enabling loop guard on a per port basis enables it on all VLANs configured on the port. If you disable loop guard on a port, it is moved to the Listening state.

If you enable BPDU filter and BPDU guard on the same port, the BPDU filter configuration takes precedence. Root guard and loop guard are mutually exclusive. Configuring one overwrites the other from the active configuration.

  • Enable spanning-tree BPDU filter in INTERFACE mode. Use the spanning-tree bpdufilter disable command to disable the BPDU filter on the interface.
    spanning-tree bpdufilter enable
  • Enable spanning-tree BPDU guard in INTERFACE mode.
    spanning-tree bpduguard enable
    • Use the shutdown command to shut down the port channel interface, all member ports that are disabled in the hardware.
    • Use the spanning-tree bpduguard disable command to add a physical port to a port-channel already in the Error Disable state, the new member port is also disabled in the hardware.
  • Set the guard types to avoid loops in INTERFACE mode.
    spanning-tree guard {loop | root | none}
    • loop — Set the guard type to loop.
    • none — Set the guard type to none.
    • root — Set the guard type to root.

BPDU filter

OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable
                                 OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
                                 ethernet1/1/4 of vlan1 is designated Blocking
                                 Edge port:no (default) port guard :none (default)
                                 Link type is point-to-point (auto)
                                 Boundary: NO  bpdu filter : Enable bpdu guard :  bpduguard shutdown-on-
                                 violation :disable  RootGuard:  enable LoopGuard  disable
                                 Bpdus (MRecords) sent 134, received 138
                                 Interface                                                Designated
                                 Name           PortID   Prio Cost Sts  Cost  Bridge ID          PortID
                                 --------------------------------------------------------------------------
                                 ethernet1/1/4  128.272  128  500  BLK  500   32769    90b1.1cf4.a911 128.272
                              

BPDU guard

OS10(config)# interface ethernet 1/1/4
                                 OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable
                                 OS10(conf-if-eth1/1/4)# exit
                                 OS10(config)# interface ethernet 1/1/4
                                 OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
                                 ethernet1/1/4 of vlan1 is designated Blocking
                                 Edge port:no (default) port guard :none (default)
                                 Link type is point-to-point (auto)
                                 Boundary: NO  bpdu filter : Enable bpdu guard :  bpduguard shutdown-on-
                                 violation :enable  RootGuard:  enable LoopGuard  disable
                                 Bpdus (MRecords) sent 134, received 138
                                 Interface                                                Designated
                                 Name           PortID  Prio Cost Sts  Cost Bridge ID         PortID
                                 ------------------------------------------------------------------
                                 ethernet1/1/4  128.272 128  500  BLK  500  32769    90b1.1cf4.a911 128.272
                              

Loop guard

OS10(config)# interface ethernet 1/1/4
                                 OS10(conf-if-eth1/1/4)# spanning-tree guard loop
                                 OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
                                 ethernet1/1/4 of vlan1 is root Forwarding
                                 Edge port:no (default) port guard :none (default)
                                 Link type is point-to-point (auto)
                                 Boundary: NO  bpdu filter : bpdu guard :  bpduguard shutdown-on-
                                 violation :disable  RootGuard:  disable LoopGuard  enable
                                 Bpdus (MRecords) sent 7, received 20
                                 Interface                                                 Designated
                                 Name           PortID  Prio  Cost Sts  Cost Bridge ID           PortID
                                 -------------------------------------------------------------------------
                                 ethernet1/1/4  128.272 128   500  FWD  0    32769    90b1.1cf4.9d3b 128.272
                              

Root guard

OS10(conf-if-eth1/1/4)# spanning-tree guard root
                                 OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
                                 ethernet1/1/4 of vlan1 is root Forwarding
                                 Edge port:no (default) port guard :none (default)
                                 Link type is point-to-point (auto)
                                 Boundary: NO  bpdu filter : bpdu guard :  bpduguard shutdown-on-
                                 violation :disable  RootGuard:  enable LoopGuard  disable
                                 Bpdus (MRecords) sent 7, received 33
                                 Interface                                                 Designated
                                 Name           PortID  Prio Cost Sts Cost Bridge ID        PortID
                                 -----------------------------------------------------------------------
                                 ethernet1/1/4  128.272 128  500  BLK 500  32769  90b1.1cf4.a911 128.272
                              

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\