Spanning Tree Protocol (STP) resolves physically redundant topologies into loop-free, tree-like topologies. The biggest issue with STP is that some hardware failures can cause it to fail. This failure creates forwarding loops (or STP loops). Major network outages are caused by STP loops.
This document describes the loop guard STP feature that is intended to improve the stability of the Layer 2 networks. This document also describes Bridge Protocol Data Unit (BPDU) skew detection. BPDU skew detection is a diagnostic feature that generates syslog messages when BPDUs are not received in time.
This document assumes that the reader is familiar with the basic operation of STP. Refer to Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches in order to learn how STP works.
This document is not restricted to specific software and hardware versions.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
- The STP loop guard feature was introduced in CatOS version 6.2.1 of the Catalyst software for Catalyst 4000 and Catalyst 5000 platforms and in version 6.2.2 for the Catalyst 6000 platform.
- The BPDU skew detection feature was introduced in CatOS version 6.2.1 of the Catalyst software for Catalyst 4000 and Catalyst 5000 platforms and in version 6.2.2 for the Catalyst 6000 platform.
- The STP loop guard feature was introduced in Cisco IOS Software Release 12.1(12c)EW for Catalyst 4500 switches and Cisco IOS Software Release 12.1(11b)EX for Catalyst 6500.
- The BPDU skew detection feature is not supported in Catalyst switches running Cisco IOS system software.
Brief Summary of STP Port Roles
Internally, STP assigns to each bridge (or switch) port a role that is based on configuration, topology, relative position of the port in the topology, and other considerations. The port role defines the behavior of the port from the STP point of view. Based on the port role, the port either sends or receives STP BPDUs and forwards or blocks the data traffic. This list provides a brief summary of each STP port role:
- Designated—One designated port is elected per link (segment). The designated port is the port closest to the root bridge. This port sends BPDUs on the link (segment) and forwards traffic towards the root bridge. In an STP converged network, each designated port is in the STP forwarding state.
- Root—The bridge can have only one root port. The root port is the port that leads to the root bridge. In an STP converged network, the root port is in the STP forwarding state.
- Alternate—Alternate ports lead to the root bridge, but are not root ports. The alternate ports maintain the STP blocking state.
- Backup—This is a special case when two or more ports of the same bridge (switch) are connected together, directly or through shared media. In this case, one port is designated, and the remaining ports block. The role for this port is backup.
STP Loop Guard
The STP loop guard feature provides additional protection against Layer 2 forwarding loops (STP loops). An STP loop is created when an STP blocking port in a redundant topology erroneously transitions to the forwarding state. This usually happens because one of the ports of a physically redundant topology (not necessarily the STP blocking port) no longer receives STP BPDUs. In its operation, STP relies on continuous reception or transmission of BPDUs based on the port role. The designated port transmits BPDUs, and the non-designated port receives BPDUs.
When one of the ports in a physically redundant topology no longer receives BPDUs, the STP conceives that the topology is loop free. Eventually, the blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop.
The loop guard feature makes additional checks. If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state. Without the loop guard feature, the port assumes the designated port role. The port moves to the STP forwarding state and creates a loop.
When the loop guard blocks an inconsistent port, this message is logged: