Spanning Tree Protection

Posted: June 1, 2012 in Cisco IOS, Routing & Switching
Tags: , , ,

1- BPDU Guard:

– Prevent loops if another switch is attached to Portfast port enabled port.
– When enabled on interface, port goes in error-disabled state if BPDU is received

Switch(config-if)#spanning-tree bpduguard enable
(note portfast may not be configured)

– Can be enabled on global configuration mode

Switch(config)#spanning-tree portfast bpduguard default

2- BPDU Filter:

– If enabled on interface mode it prevents the port from sending or receiving BPDU

Switch(cofig-if)#spanning-tree bpdufilter enable

– If enabled globally if portfast interface receive the BPDU it take out portfast status

Switch(config)#spanning-treee portfast bpdufilter default

3- Root Guard:

– Prevent other switch becoming root bridge
– Enabled on ports other than the root port and on the switches other than root switch
– Root guard port receives a BPDU that might cause it to become a root port, then the port is put into “root inconsistent” state and does not pass traffic through it.
– But if port stops receiving these BPDU, it automatically re-enables itself

Switch(config)#spanning-tree guard root.

4- UDLD (Unidirectional Link Detection):

– Detects physical broken physical link in absence of layer 1 electrical keepalives (Ethernet calls this a link beat).However, sometimes a cable is intact enough to maintain keepalives, but no to pass data in both directions. This is unidirectional link.
– UDLD detects a unidirectional link by sending periodic hellos out to the interface. It also uses porbes, which must be acknowledged by the devices on the other end of the link. UDLD operates at Layer 2. The port is shutdown if a unidirectional link is found.
– UDLD will not consider a link eligible for disabling until it has seen a neighbor on the interface already.This prevents it from disabling an interface when only one end of the link has been configured to support UDLD.
– The default UDLD message timer is 7 or 15 seconds (depending on the platform), allowing it to detect a unidirectional link before STP has time to transition the interface to forwarding mode

– UDLD has two modes of operation:

1- Normal mode – UDLD will notice and log a unidirectional link condition, but the interface is allowed to continue operating.
2- Aggressive mode – UDLD will transmit 8 additional messages (1 per second); if none of these are echoed back the interface is placed in the error-disabled state.

– UDLD can be enabled globally for all fiber interfaces, or per-interface

– Global command but it applies only to fiber ports

Switch(config)# udld { enable | aggressive | message time }

– The UDLD message time can be from 7 to 90 seconds
– To enable udld for non fiber port enable same command on interface mode

Switch(config-if)# udld { enable | aggressive | disable }

– To disable UDLD on a specific fiber port, use the following command:

Switch(config-if)# udld disable

– To disable UDLD on a specific non-fiber port, use the following command:

Switch(config-if)#no udld enable

– To re-enable all interfaces shut by UDLD, use the following:

Switch#udld reset

– To verify UDLD status, use the following:

Switch#show udld interface

5- Loop guard:

– Loop guard prevents form loop which occurs as result of blocking port transiting to forwarding state
– If no Bpdu are received on a blocked port for a specific length of time. Loop guard puts that port into “loop inconsistent” blocking state
– Loop Guard automatically re-enables the port if it starts receiving BPDUs again.
– It is most effective when enabled in the entire switched network in conjunction with UDLD.
– To enable Loop Guard for all point-to-point links on the switch, use the following command:

Switch(config)# spanning-tree loopguard default

– To enable Loop Guard on a specific interface, use the following:

Switch(config-if)# spanning-tree guard loop

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s