- BPDU Guard
- BPDU Filtering
- Root Guard
- UDLD
- Loop Guard
BPDU Guard
BPDU Guard is used to prevent loops if another switch is attached to a Portfast port. When BPDU Guard is enabled on an interface, it is put into an error-disabled state (basically, shut down) if a BPDU is received on the interface. It can be enabled at either global config mode—in which case it affects all Portfast interfaces, or at interface mode. Portfast does not have to be enabled for it to be configured at a specific interface. The following configuration example shows BPDU guard being enabled.
BPDU Filtering
BPDU filtering is another way of preventing loops in the network. It also can be enabled either globally or at the interface, and functions differently at each. In global config, if a Portfast interface receives any BPDUs, it is taken out of Portfast status. At interface config mode, it prevents the port from sending or receiving BPDUs. The commands are:
- (config)# spanning-tree portfast bpdufilter default
- (config-if)# spanning-tree bpdufilter enable
Root Guard
Root Guard is meant to prevent the wrong switch from becoming the Spanning Tree root. It is enabled on ports other than the root port and on switches other than the root. If a Root Guard port receives a BPDU that might cause it to become a root port, then the port is put into “rootinconsistent” state and does not pass traffic through it. If the port stops receiving these BPDUs, it automatically re-enables itself.
(config-if)# spanning-tree guard root
Unidirectional Link Detection (UDLD)
A switch notices when a physical connection is broken by the absence of Layer 1 electrical keepalives (Ethernet calls this a link beat). However, sometimes a cable is intact enough to maintain keepalives, but not to pass data in both directions. This is a Unidirectional Link.
Unidirectional Link Detection (UDLD) detects a unidirectional link by sending periodic hellos out to the interface. It also uses probes, which must be acknowledged by the device on the other end of the link. UDLD operates at Layer 2. The port is shut down if a unidirectional link is found.
To enable UDLD on all fiber-optic interfaces, use the following command:
(config)# udld enable
Although this command is given at global config mode, it applies only to fiber ports.
To enable UDLD on non-fiber ports, give the same command at interface config mode.
To disable UDLD on a specific fiber port, use the following command:
(config-if)# udld disable
To disable UDLD on a specific non-fiber port, use the following command:
(config-if)#no udld enable
To re-enable all interfaces shut by UDLD, use the following:
#udld reset
To verify UDLD status, use the following:
#show udld interface
Loop Guard
Loop Guard prevents loops that might develop if a port that should be blocking inadvertently transitions to the forwarding state. This can happen if the port stops receiving BPDUs (perhaps because of a unidirectional link or a software/configuration problem in its neighbor switch). When one of the ports in a physically redundant topology stops receiving BPDUs, the STP conceives the topology as loop-free. Eventually, the blocking port becomes designated and moves to forwarding state, thus creating a loop. With Loop Guard enabled, an
additional check is made.
If no BPDUs are received on a blocked port for a specific length of time. Loop Guard puts that port into “loop inconsistent” blocking state, rather than transitioning to forwarding state. Loop Guard should be enabled on all switch ports that have a chance of becoming root or designated ports. It is most effective when enabled in the entire switched network in conjunction with UDLD.
To enable Loop Guard for all point-to-point links on the switch, use the following command:
(config)# spanning-tree loopguard default
To enable Loop Guard on a specific interface, use the following:
(config-if)# spanning-tree guard loop
Loop Guard automatically re-enables the port if it starts receiving BPDUs again.
No comments:
Post a Comment