This page was exported from Free Cisco Training & Resources - Certification Exam Preparation [ https://www.ciscobibles.com ]
Export date: Thu Mar 6 19:17:17 2025 / +0000 GMT

CCNP BCMSN Notes - Protecting the Spanning Tree Protocol Topology


Root Guard

If a switch with a lower bridge ID enters the network, it can preempt the current STP root.

Root guard can be enabled on an interface to prevent it from becoming a root port:

     clip_image002

Root guard will affect all VLANs on the port.

Ports disabled by root guard can be viewed with show spanning-tree inconsistentports.

BPDU Guard

BPDU guard automatically places an interface in the error-disabled state upon receipt of a BPDU.

BPDU guard can be enabled globally or per interface:

    clip_image004

Loop Guard

Loop guard prevents a blocked port from transitioning to the forwarding state if it stops receiving BPDUs. Instead, the port is placed in the loop-inconsistent state and continues to block traffic.

Loop guard operates per VLAN, and can be enabled globally or per interface:

     clip_image006

Unidirectional Link Detection (UDLD)

UDLD can detect link failures which do no explicitly shutdown the interface (such as a unidirectional fiber link or failed intermediate media converter).

UDLD transmits frames across a link at regular intervals, expecting the distant end to transmit them back.

The default UDLD message timer is 7 or 15 seconds (depending on the platform), allowing it to detect a unidirectional link before STP has time to transition the interface to forwarding mode.

UDLD has two modes of operation:

       Normal mode - UDLD will notice and log a unidirectional link condition, but the interface is allowed to continue operating.

       Aggressive mode - UDLD will transmit 8 additional messages (1 per second); if none of these are echoed back the interface is placed in the error-disabled state.

UDLD can be enabled globally for all fiber interfaces, or per-interface:

    clip_image008

The UDLD message time can be from 7 to 90 seconds.

UDLD will not consider a link eligible for disabling until it has seen a neighbor on the interface already.

This prevents it from disabling an interface when only one end of the link has been configured to support UDLD.

udld reset can be issued in user exec to re-enable interfaces which UDLD has disabled.

BPDU Filtering

BPDU filter can be enabled globally or per-interface to effectively disable STP:

     clip_image010
Post date: 2009-11-05 10:52:35
Post date GMT: 2009-11-05 02:52:35
Post modified date: 2010-07-23 00:49:09
Post modified date GMT: 2010-07-22 16:49:09
Powered by [ Universal Post Manager ] plugin. HTML saving format developed by gVectors Team www.gVectors.com