To prevent loops that might develop if a port that should be blocking transitions to the forwarding state we have loop guard. This could happen if a port stops receiving BPDUs, maybe due to a unidirectional (on point-to-point) link or software/configuration problem on the neighbour.
The following shows an example with both loop guard disabled and then enabled.You will see that the port stops receiving BPDUs the STP conceives the topology as loop free. The blocking port will eventually go into a forwarding state therefore creating a loop. Without the loop guard feature, the port assumes the designated port role thus leading to a bridging loop.
Enabling loop guard prevents an alternative or root port from becoming designated in the absence of BPDUs. If suddenly no BPDUs are received on a non-designated port (more precisely, on root and alternate ports), loop guard puts that port in ‘loop inconsistant’ blocking state rather than transiting to a forwarding state (listening/learning/forwarding).
The Cisco best practice is to enable loop guard on the L2 ports between distribution switches and on the uplink ports from access to the distribution switches. It is also most effective when configured with UDLD.
You cannot enable both loop guard and root guard at the same time.
You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP.
When the loop guard blocks an inconsistent port, this message is logged:
%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port FastEthernet0/24 on VLAN0050.
Once the BPDU is received on a port in a loop-inconsistent STP state, the port transitions into another STP state. According to the received BPDU, this means that the recovery is automatic and intervention is not necessary. After recovery, this message is logged:
%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port FastEthernet0/24 on VLAN0050.
(config)# spanning-tree loopguard default !# enable on all point-to-point links on the switch (config-if)# spanning-tree guard loop !# enable on a specific port Router#show spanning-tree summary Switch is in pvst mode Root bridge for: none EtherChannel misconfig guard is enabled Extended system ID is disabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is enabled UplinkFast is disabled BackboneFast is disabled Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- Total 0 0 0 0 0