Spanning Tree Protocol uses various enhancements to keep your layer 2 networks loop and problem free. Discussed below are some of the useful enhancements.
BPDU Guard
To prevent loops from occurring in a network, the
PortFast mode is supported only on nontrunking access ports because
these ports typically do not transmit or receive BPDUs. The PortFast BPDU guard feature prevents loops by
moving a nontrunking port into an errdisable state when a BPDU is
received on that port. When the BPDU guard feature is enabled on the
switch, spanning tree shuts down PortFast-configured interfaces that
receive BPDUs, instead of putting them into the spanning tree blocking
state.
Switch (config-if)#spanning-tree bpduguard enable
- Can be enabled on global configuration mode
Switch(config)#spanning-tree portfast bpduguard default
BPDU Filter
BPDU filtering allows you to avoid transmitting
BPDUs on PortFast-enabled ports that are connected to an end system.
When you enable PortFast on the switch, spanning tree places ports in
the forwarding state immediately, instead of going through the
listening, learning, and forwarding states.
BDPU filtering is on a per-switch basis; after you
enable BPDU filtering, it applies to all PortFast-enabled ports on the
switch.
Switch(config)#spanning-treee portfast bpdufilter
default
Root Guard
This feature prevent other switch becoming root bridge. Enabled on ports other than the root port and on the switches other than root switch. Root guard port receives a
BPDU that might cause it to become a root port, then the port is put
into “root inconsistent” state and does not pass traffic through it but if port stops receiving these BPDU, it automatically re-enables itself
Switch(config)#spanning-tree guard root.
UDLD (Unidirectional Link Detection)
This feature detects physical broken physical link in absence of layer 1 electrical
keepalives (Ethernet calls this a link beat).However, sometimes a cable
is intact enough to maintain keepalives, but no to pass data in both
directions. This is unidirectional link. UDLD detects a unidirectional link by sending periodic hellos out to
the interface. It also uses porbes, which must be acknowledged by the
devices on the other end of the link. UDLD operates at Layer 2. The port
is shutdown if a unidirectional link is found.
UDLD will not consider a link eligible for disabling until it has seen
a neighbor on the interface already.This prevents it from disabling an
interface when only one end of the link has been configured to support
UDLD. The default UDLD message timer is 7 or 15 seconds (depending on the
platform), allowing it to detect a unidirectional link before STP has
time to transition the interface to forwarding mode
UDLD has two modes of operation:
- Normal mode – UDLD will notice and log a unidirectional link condition, but the interface is allowed to continue operating.
- Aggressive mode – UDLD will transmit 8 additional messages (1 per
second); if none of these are echoed back the interface is placed in the
error-disabled state.
UDLD can be enabled globally for all fiber interfaces, or per-interface. Global command but it applies only to fiber ports
Switch(config)# udld { enable | aggressive | message time }
To enable udld for non fiber port enable same command on interface mode
Switch(config-if)# udld { enable | aggressive | disable }
Loop guard
Loop guard prevents from loop which occurs as result of blocking port transiting to forwarding state, If no BPDU are received on a blocked port for a specific length of
time. Loop guard puts that port into “loop inconsistent” blocking state. Loop Guard automatically re-enables the port if it starts receiving BPDUs again. It is most effective when enabled in the entire switched network in conjunction with UDLD.
To enable Loop Guard for all point-to-point links on the switch, use the following command:
Switch(config)# spanning-tree loopguard default
To enable Loop Guard on a specific interface, use the following:
Switch(config-if)# spanning-tree guard loop