Preventing Forwarding Loops
What is loop guard

Like UDLD, loop guard provides protection for STP when a link is unidirectional and BPDUs are being sent, but not received, on a link that is considered operational. Without loop guard, a blocking port will transition to forwarding if it stops receiving BPDUs. If loop guard is enabled, and the link is not receiving BPDUs, the interface will move into the STP loop-inconsistent blocking state. When loop guard blocks a port, this message is generated to the console or log file if allowed:

SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 3/2 in vlan 3. Moved to loop-inconsistent state.

Once a BPDU is received on a loop guard port that is in a loop-inconsistent state, the port will transition to the appropriate state as determined by the normal functioning of Spanning Tree. The recovery requires no user intervention. After the recovery, this message is logged:

SPANTREE-2-LOOPGUARDUNBLOCK: port 3/2 restored in vlan 3.

Example: Before Loop Guard
In this example, Switch A is the root bridge. Due to unidirectional link failure on the link between switch B and switch C, switch C is not receiving BPDUs from B.

Without loop guard, the STP blocking port on C will transition to the STP listening state upon max_age timer expiration and then to the forwarding state in two times the forward delay time. A loop will be created.

Example: With Loop Guard
With loop guard enabled, the blocking port on switch C will transition into the STP loop-inconsistent state upon expiration of the max_age timer. Because a port in the STP loop-inconsistent state will not pass user traffic, no loop is created. The loop-inconsistent state is effectively equal to the blocking state.


Web Links