Course Content
Packet Forwarding
0/2
Network Device Communication
Forwarding Architectures
Spanning Tree
An overview of how switches become aware of other switches and prevent loops.
0/2
Spanning Tree Protocol Fundamentals
Rapid Spanning Tree Protocol
Advanced Spanning Tree Tuning
0/2
Spanning Tree Topology Tuning
Additional Spanning Tree Protection Mechanisms
Multiple Spanning Tree Protocol (MST)
0/1
Multiple Spanning Tree Protocol
VLAN Trunks and EtherChannel Bundles
0/3
VLAN Trunking Protocol (VTP)
Dynamic Trunking Protocol (DTP)
EtherChannel Bundle
IP Routing Essentails
0/4
Routing Protocol Overview
Path Selection
Static Routing
Virtual routing and forwarding (VRF)
EIGRP
0/4
EIGRP Fundamentals
EIGRP Path Metric Calculation
EIGRP Failure Detection and Timers
EIGRP Route Summarization
OSPF
0/4
OSPF Fundamentals
OSPF Configuration
OSPF Default Route Advertisement
Common OSPF Optimizations
Advanced OSPF
The (OSPF) protocol scales well with proper network planning. IP addressing schemes, area segmentation, address summarization, and hardware capabilities for each area should considered when designing a network.
0/6
OSPF Areas
OSPF Link-State Announcements
Discontiguous Networks
OSPF Path Selection
OSPF Routes Summarization
OSPF Route Filtering
OSPFv3
0/3
OSPFv3 Fundamentals
OSPFv3 Configurations
IPv4 Support in OSPFv3
BGP
0/4
BGP Fundamentals
Basic BGP Configuration
BGP Route Summarization
Multiprotocol BGP for IPv6
Advanced BGP
0/6
BGP Multihoming
BGP Conditional Matching
BGP Route Maps
BGP Route Filtering and Manipulation
BGP Communities
BGP Path Selection
Multicast
0/5
Multicast Fundamentals
Multicast Addressing
Internet Group Management Protocol
Protocol Independent Multicast
Rendezvous Points
QoS
0/5
The Need for QoS
QoS Models
Classification and Marking
Policing and Shaping
Congestion Management and Avoidance
IP Services
0/3
Time Synchronization
First Hop Redundancy Protocol
Network Address Translation
Overlay Tunnels
0/4
Generic Routing Encapsulation (GRE) Tunnels
IPsec Fundamentals
Cisco Location/ID Separation Protocol (LISP)
Virtual Extensible Local Area Network (VXLAN)
Wireless Signals & Modulation
0/2
Understanding Basic Wireless Theory
Carrying Data over a Wireless Signal
Wireless Infrastructure
0/3
WLAN Topologies
Leveraging Antennas for Wireless Coverage
Pairing Lightweight APs and WLCs
Understanding Wireless Roam and Location Services
0/3
Roaming Overview
Roaming Between Centralized Controllers
Locating Devices in a Wireless Network
Authenticating Wireless Clients
0/4
Open Authentication
Authenticating with Pre-Shared Key (PSK)
Authenticating with EAP
Authenticating with WebAuth
Troubleshooting Wireless Connectivity
0/2
Troubleshooting Client Connectivity from WLC
Troubleshooting Connectivity Problems at the AP
Enterprise Network Architecture
0/2
Hierarchical LAN Design Model
Enterprise Network Architecture Options
Fabric Technologies
0/2
Software-Defined Access (SD-Access)
Software Defined WAN (SD-WAN)
Network Assurance
0/6
Network Diagnostic Tools
Debugging
NetFlow and Flexible NetFlow
Switched Port Analyzer (SPAN) Technologies
IP SLA
DNA Center Assurance
Secure Network Access Control
0/3
Network Security Design for Threat Defense
Network Access Control (NAC)
Next-Generation Endpoint Security
Network Device Access Control and Infrastructure Security
0/5
Access Control Lists (ACLs)
Terminal Lines and Password Protection
Authentication, Authorization, and Accounting (AAA)
Zone-Based Firewall (ZBFW)
Control Plane Policing (CoPP)
Virtualization
0/2
Server Virtualization
Network Functions Virtualization
Foundational Network Programmability Concepts
0/6
CLI
Application Programming Interface (API)
Data Models and Supporting Protocols
DevNet
GitHub
Basic Python Components and Scripts
Introduction to Automation Tools  
To provide a high-level overview of some of the most common configuration management and automation tools that are available.
0/3
Embedded Event Manager (EEM)
Agent-Based Automation Tools
Agentless Automation Tools
ENCOR Course
About Lesson

Additional Spanning Tree Protection Mechanisms

protection mechanisms such as root guard, BPDU guard, and STP loop guard.

  • A network forwarding loop occurs when there are multiple active paths between two devices. Broadcast and multicast traffic are forwarded out every switch port continuing the forwarding loop.
  • The network’s throughput is drastically effected as the switches are processing numerous frames.
  • The switches CPU utilization will be high and memory space will be consumed. The switches might crash and users will likely notice the impact on the network.

Additional Spanning Tree Protection Mechanisms

Common issues for Layer 2 forwarding loops:

  • STP is disabled on a switch.
  • A load balancer is misconfigured and sends traffic out multiple ports with the same MAC address.
  • A virtual switch that bridges two physical ports.
  • End users using an unmanaged switch or hub.

Root Guard

Root guard is an STP feature that prevents a configured port from becoming a root port.

  • It does this by placing the port in an ErrDisabled state if a superior BDPU is received on that port.
  • Root guard placed on designated ports towards other switches that should never become root bridges.
  • Root guard is enabled on a port-by-port basis.

Use the spanning-tree guard root to enable root guard.

STP Portfast

  • disables the topology notification (TCN) generation and causes access ports that come up to bypass the learning and listening states and enter the forwarding state immediately. If a BPDU is received on a portfast-enabled port, the portfast functionality is removed from that port.
Command Description
spanning-tree portfast Interface command to enable portfast on aspecific access port
spanning-tree portfast default Global command to enable portfast on allaccess ports
spanning-tree portfast disable Disable portfast on a port
spanning-tree portfast trunk Command used on trunk links to enableportfast*This command should only be used withports connected to a single host.

STP Portfast Examples

BPDU Guard

BPDU guard is a safety mechanism that shuts down ports configured with STP portfast upon receiving a BPDU.

Command Description
spanning-tree portfast bpduguard default Global command to enable BPDU guard on all STP portfast ports
spanning-tree portfast bpduguard default{enable | disable} Interface command to enables or disable BPDUguard on a specific interface
show spanning-tree interface interface-id detail Displays whether BPDU guard is enabled for thespecified interface

Note: BPDU Guard is typically configured with all host-facing ports that are enabled with portfast.

BPDU Guard Examples

BPDU Guard Error Recovery

The Error Recovery service can be used to reactivate ports that are shut down. Ports that are put into the ErrDisabled mode due to BPDU guard do not automatically restore themselves.

Command Description
errdisable recovery cause bpduguard Recovers ports shutdown by BPDUguard
errdisable recovery interval time-seconds The period that Error Recovery checks

BPDU Guard Error Recovery Example

Note: The Error Recovery service operates every 300 seconds (5 minutes). This can be changed from 5 to 86,000 seconds with the global command errdisable recovery interval time

BPDU Filter

BPDU filter blocks BPDUs from being transmitted out of a port. It can be enabled globally or on a specific interface.

Global BPDU filter:

spanning-tree portfast bpdufilter default With the global BPDU configuration the port sends a series of 10 – 12 BPDUs. If the switch receives any BPDUs, it checks to identify which switch is more preferred.

  • The preferred switch doesn’t process any BPDUs but still passes them along to inferior switches.
  • A non-preferred switch processes the BPDUs that are received but doesn’t transmit any BPDUs to superior switches.

Interface-specific BPDU filter:

Spanning-tree bpdufilter enable With the interface-specific BPDU configuration the port does not send any BPDUs on an ongoing basis. If the remote port has BPDU guard, that generally shuts down the port as a loop prevention mechanism.

Verifying a BPDU Filter

Problems with Unidirectional Links

Network devices that utilize fiber-optic cables for connectivity can encounter unidirectional traffic flows if one strand is broken. BPDUs will not able to be transmitted causing other switches on the network to eventually time out the existing root port and change root ports resulting in a forwarding loop. Two solutions to problems with unidirectional links:

  • STP LoopGuard
  • Unidirectional Link Detection

Loop Guard

  • Prevents any alternative or root ports from becoming designated ports due to loss of BPDUs on the root port. Loop guard places the original port into an ErrDisabled while BPDUs are not being received and transitions back through the STP states when it begins receiving BPDUs again.
Command Description
spanning-tree loopguard default Global command to enable loop guard
spanning-tree guard loop Interface command to enable loop guard
show spanning-tree inconsistent-ports Shows ports in the inconsistent state due to the portnot receiving BPDUs

Note: Loop guard shouldn’t be enabled on portfast- enabled ports because it directly conflicts with root/alternate port logic

STP Loop Guard Examples

Unidirectional Link Detection

Allows for the bidirectional monitoring of fiber-optic cables. UDLD operates in two modes:

  • Normal – If a frame not acknowledged, the link considered undetermined and the port remains active.
  • Aggressive – If a frame is not acknowledged, the switch sends another 8 packets in 1 second intervals. If those packets aren’t acknowledged, the port is placed into an error state.

UDLD Commands

Command Description
udld enable [aggressive] Global command to enable UDLD. *Optionalaggressive keyword sets the mode to aggressive.
udld port [aggressive] Interface command to enable UDLD *Optionalaggressive keyword sets the mode to aggressive.
udld port disable Disable UDLD on a specific interface
udld recovery [interval time] Enables UDLD recovery. The time default value is 5minutes.
show udld neighbors Displays the status of UDLD neighborship
ushow udld interface-id Displays detailed information about UDLD

Configuring & Verifying UDLD Examples

 

Other useful information:

Join the conversation
Previous
Next