Dell POWEREDGE M1000E User Manual
Page 640
640
Configuring the Spanning Tree Protocol
Root Guard
Enabling root guard on a port ensures that the port does not become a root
port or a blocked port. When a switch is elected as the root bridge, all ports
are designated ports unless two or more ports of the root bridge are connected
together. If the switch receives superior STP BPDUs on a root-guard enabled
port, the root guard feature moves this port to a root-inconsistent STP state,
which is effectively equal to a listening state. No traffic is forwarded across
this port. In this way, the root guard feature enforces the position of the root
bridge.
When the STP mode is MSTP, the port may be a designated port in one
MSTI and an alternate port in the CIST, etc. Root guard is a per port (not a
per port per instance command) configuration, so all the MSTP instances this
port participates in should not be in a root role.
Loop Guard
Loop guard protects a network from forwarding loops induced by BPDU
packet loss. The reasons for failing to receive packets are numerous, including
heavy traffic, software problems, incorrect configuration, and unidirectional
link failure. When a non-designated port no longer receives BPDUs, the
spanning-tree algorithm considers that this link is loop free and begins
transitioning the link from blocking to forwarding. Once in forwarding state,
the link may create a loop in the network.
Enabling loop guard prevents such accidental loops. When a port is no longer
receiving BPDUs and the max age timer expires, the port is moved to a
loop-
inconsistent blocking state
. In the loop-inconsistent blocking state, traffic is
not forwarded so the port behaves as if it is in the blocking state. The port will
remain in this state until it receives a BPDU. It will then transition through
the normal spanning tree states based on the information in the received
BPDU.
NOTE:
Loop Guard should be configured only on non-designated ports. These
include ports in alternate or backup roles. Root ports and designated ports
should not have loop guard enabled so that they can forward traffic.