What is Loop Guard and Root Guard?

Root guard forces a port to be always designated as the root port. Loop guard is effective only if the port is a root port or an alternate port. You cannot enable loop guard and root guard on a port at the same time.

How do I disable loop guard?

To globally disable loop guard, use the no spanning-tree loopguard default global configuration command. You can override the setting of the no spanning-tree loopguard default global configuration command by using the spanning-tree guard loop interface configuration command on an NNI.

Where do you put a loop guard?

Loop guard must be enabled on the non-designated ports (more precisely, on root and alternate ports) for all possible combinations of active topologies. As long as the loop guard is not a per-VLAN feature, the same (trunk) port might be designated for one VLAN and non-designated for the other.

Where do you put root guard?

“You must enable root guard on all ports where the root bridge should not appear.” Again going from the image on the original post this is correct. The root bridge should not appear on those highlighted ports. All switches run pure STP with Per VLAN Spanning-Tree.

What is Loop STP?

An STP loop is created when an STP blocking port in a redundant topology erroneously transitions to the forwarding state. Eventually, the blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop.

What is root guard in STP?

Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology. Root guard is enabled with the interface command spanning-tree guard root.

What is the purpose of a root guard?

Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology.

What is a good root barrier?

I recommend you select a root barrier that is at least 30 inches deep. A 36-inch or 48-inch deep root barrier would be even better. The Root Barrier Should Protrude Above Grade — Be sure the root barrier protrudes upward at least two inches above grade so roots will not grow over the top of the root barrier.

What causes STP loop?

When other ports no longer receive BPDUs, the spanning-tree protocol considers the topology to be loop free. However, if a blocked or alternate port moves into a forwarding state, this creates a loop.

How does loop guard and root guard work?

Loop guard helps prevent bridging loops that could occur because of a unidirectional link failure on a point-to-point link. When enabled globally, the loop guard applies to all point-to-point ports on the system. Loop guard detects root ports and blocked ports and ensures that they keep receiving BPDUs from their designated port on the segment.

When to use loopguard, bpduguard, rootguard?

Hence when you confiugre the loopguard/udld then the port would go blocked. Hence it is layer 1 cable issue STP would not be able to detect it automatically, hence you would use the loopguard feature. Root guard for spanning tree can be used to prevent a certain switch from becoming the root bridge.

When to use loop guard on a non-designated port?

The loop guard feature makes additional checks. If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state.

How is spanning-tree root guard useful in Layer 2?

Spanning-tree root guard is useful in avoiding layer 2 loops during network anomalies. Root guard forces an interface to become a designated port to prevent switches from becoming a root switch.