Setup Guide
• Loop guard is supported on any STP-enabled port or port-channel interface.
• Loop guard is supported on a port or port-channel in any spanning tree mode:
– Spanning Tree Protocol (STP)
– Rapid Spanning Tree Protocol (RSTP)
– Multiple Spanning Tree Protocol (MSTP)
– Per-VLAN Spanning Tree Plus (PVST+)
• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you congure loop guard on a port on
which root guard is already congured, the following error message is displayed: % Error: RootGuard is configured.
Cannot configure LoopGuard.
• Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents
trac from owing through it. For example, when Portfast BPDU guard and loop guard are both congured:
– If a BPDU is received from a remote device, BPDU guard places the port in an Err-Disabled Blocking state and no trac is
forwarded on the port.
– If no BPDU is received from a remote device, loop guard places the port in a Loop-Inconsistent Blocking state and no trac is
forwarded on the port.
• When used in a PVST+ network, STP loop guard is performed per-port or per-port channel at a VLAN level. If no BPDUs are received
on a VLAN interface, the port or port-channel transitions to a Loop-Inconsistent (Blocking) state only for this VLAN.
To enable a loop guard on an STP-enabled port or port-channel interface, use the following command.
• Enable loop guard on a port or port-channel interface.
INTERFACE mode or INTERFACE PORT-CHANNEL mode
spanning-tree {0 | mstp | rstp | pvst} loopguard
– 0: enables loop guard on an STP-enabled port assigned to instance 0.
– mstp: enables loop guard on an MSTP-enabled port.
– rstp: enables loop guard on an RSTP-enabled port.
– pvst: enables loop guard on a PVST-enabled port.
To disable STP loop guard on a port or port-channel interface, use the no spanning-tree 0 loopguard command in an INTERFACE
conguration mode.
To verify the STP loop guard conguration on a port or port-channel interface, use the show spanning-tree 0 guard
[interface interface] command in a global conguration mode.
Displaying STP Guard Conguration
To display the STP guard conguration, use the following command.
The following example shows an STP network (instance 0) in which:
• Root guard is enabled on a port that is in a root-inconsistent state.
• Loop guard is enabled on a port that is in a listening state.
• BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU.
• Verify the STP guard congured on port or port-channel interfaces.
show spanning-tree 0 guard [interface interface]
Example of Viewing STP Guard Conguration
DellEMC#show spanning-tree 0 guard
Interface
Name Instance Sts Guard type
--------- -------- --------- ----------
Gi 1/1 0 INCON(Root) Rootguard
Gi 1/2 0 LIS Loopguard
Gi 1/3 0 EDS (Shut) Bpduguard
Spanning Tree Protocol (STP)
949