Enabling loop guard, Rstp, Mstp – H3C Technologies H3C S12500-X Series Switches User Manual
Page 105: Mstp features
94
region during network design. However, due to possible configuration errors or malicious attacks in the
network, the legal root bridge might receive a configuration BPDU with a higher priority. Another device
supersedes the current legal root bridge, causing an undesired change of the network topology. The
traffic that should go over high-speed links is switched to low-speed links, resulting in network
congestion.
To prevent this situation, MSTP provides the root guard function. If the root guard function is enabled on
a port of a root bridge, this port plays the role of designated port on all MSTIs. After this port receives a
configuration BPDU with a higher priority from an MSTI, it immediately sets that port to the listening state
in the MSTI, without forwarding the packet. This is equivalent to disconnecting the link connected with
this port in the MSTI. If the port receives no BPDUs with a higher priority within twice the forwarding delay,
it reverts to its original state.
On a port, the loop guard function and the root guard function are mutually exclusive.
Configure root guard on a designated port.
To enable root guard:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet or
aggregate interface view.
interface interface-type interface-number
N/A
3.
Enable the root guard
function.
stp root-protection
By default, root guard is
disabled.
Enabling loop guard
By continuing to receive BPDUs from the upstream device, a device can maintain the state of the root port
and blocked ports. However, link congestion or unidirectional link failures might cause these ports to fail
to receive BPDUs from the upstream devices. The device reselects the port roles: Those ports in forwarding
state that failed to receive upstream BPDUs become designated ports, and the blocked ports transit to the
forwarding state, resulting in loops in the switched network. The loop guard function can suppress the
occurrence of such loops.
The initial state of a loop guard-enabled port is discarding in every MSTI. When the port receives BPDUs,
it transits its state. Otherwise, it stays in the discarding state to prevent temporary loops.
Do not enable loop guard on a port that connects user terminals. Otherwise, the port stays in the
discarding state in all MSTIs because it cannot receive BPDUs.
On a port, the loop guard function is mutually exclusive with the root guard function or the edge port
setting.
Configure loop guard on the root port and alternate ports of a device.
To enable loop guard:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet or
aggregate interface view.
interface interface-type interface-number
N/A