The Cisco Learning Network

STP Enhancements cheat sheet -

Warren Sullivan
Feb 13, 2020•Knowledge
Cisco Admin
Portfast

Used on access ports connecting to hosts, to immediately transition to the forwarding

state, bypassing the listening and learning states.

Can be configured globally with;

Spanning tree portfast default

Which will enable portfast on any port configured as an access port on the switch, or
per interface with;

Spanning-tree portfast

Which will enable portfast on the port as long as it is in a non trunking mode, or

Spanning-tree portfast trunk

Which will enable it even if it is a trunk!

Portfast is typically configured on host ports only, although trunks can also be
configured as portfast ports too

BPDUguard

Used on Access ports where BPDU’s should never be received, if they are the port
will be placed in an err-disabled state.

Implimented either globally with;

Spanning-tree portfast bpduguard default

Which will enable it on any portfast enabled interface on the switch, or per interface
with:

Spanning-tree bpduguard enable

Which will enable it explicitly on the port.

BPDUguard is configured on access switch host ports were BPDU's should never be
seen.

BPDUfilter

When enabled globally the port will transmit 10 BPDU's to ensure there is no loop in
the topology, if the port receives a BPDU it will lose portfast status, bpdufilter will be
disabled and the port will begin normal spanning-tree operation.

When enabled per interface, spanning-tree is effectively disabled on the port

altogether, it will not send BPDU's and will drop received BPDU's on that port.

It is again enabled either globally with;

Spanning-tree portfast bpdufilter default

Which will enable it on any portfast enabled interface, or per interface;

Spanning-tree bpdufilter enable

Which will enable it explicitly on the port.

BPDUfilter is configured on access switch host ports.

Note: if BPDUguard and BPDUfilter are enabled on a switchport, BPDUguard will

have no affect as BPDUfilter takes higher precedence over BPDUguard.

ROOTguard

Root Guard is useful in avoiding Layer 2 loops during network anomalies. It forces a
port to become a designated port, if the port were to receive a superior BPDU and
ROOTguard was not enabled it would attempt to become a root port, this is what
ROOTguard prevents.

This feature effectively enforces the position of the root bridge.

it is used to protect the desired root bridge from becoming over-run by a new or
reconfigured switch in the network, it is configured per interface with;

Spanning-tree guard root

If a superior BPDU is received on the port, the port will go into a “root-inconsistent”
state (effectively a listening state) until the superior BPDU’s are no longer received
on that port.

ROOTguard is configured on distribution switch downlinks to the access layer

LOOPguard

Prevents bridge loops caused by unidirectional communication, it works by detecting

BPDU’s received on non-designated (blocked) ports, if the BPDU’s stop coming then
LOOPguard places the port into a Loop-inconsistent state preventing a potential
loop, if this mechanism was not implemented and the sent BPDUs were not reaching
the non-designated port, the non-designated port would transition to a forwarding
state, because it believes that the bridge is dead! But it isn’t, a loop is born!

When configured globally, LOOPguard is implimented on all ports considered to be

point-to-point links (full duplex ports)

It is configured globally with;

Spanning-tree loopguard default

or per port with;

spanning-tree guard loop

LOOPguard is configured on links between distribution switches and uplink ports on

access switches

UDLD

Is a layer 2 protocol that works with layer 1 mechanisms to determine the physical
status of a link, in essence it prevents unidirectional communication, unidirectional
communication typically occurs with fibre connections being misconnected tx to tx or
rx to rx etc, this can play havoc with spanning tree as you can imagine.

It can be configured either globally or per interface, per interface taking precedence,
when configured globally, it is enabled on fibre interfaces only.
It can also be configured in two modes, enable or aggressive.

Enable mode simply changes the UDLD enabled port to an "undetermined" state if it

stops receiving UDLD packets from its neighbor.

Aggressive mode will first attempt to re-establish connectivity by sending 8 UDLD

messages in quick succession, if they fail, the port is place in an errdisabled state.
From STP perspective, loop prevention.

It is configured globally with;

udld [aggressive|enable]

or per interface

udld port [aggressive|enable]

UDLD is configured on fibre interfaces

Enterprise Certifications Community

Files(0)
Show actions for this object
Drop Files

Feed
Filter FeedRefresh this feed
Skip Feed
View This Post

klauspucher
May 28, 2012 at 5:32 PM
Could uplinkfast and backbone fast not be classified as stp enhancements as well?

 Like
 Comment
 15 views

Log In to Comment
View This Post

arteq
Edited by Admin February 16, 2020 at 9:23 PM
thanks to warren for allowing me to post this great guide on my cert dedicated web
site... it can be viewed here... thanks again warren...
 
http://insearchofthecert.blogspot.com/2012/02/guest-post-warren-sullivan.html

 Like
 Comment

 1 comment
 4 views

warrensullivan

10 years ago

No probs Arteq
 

Could uplinkfast and backbone fast not be classified as stp enhancements as well?

 
Yes they could, but my understanding of uplinkfast and backbone fast was ok, this
originally was just a post to refresh my memory for the switch exam.....
 
Cheers
Warren

Expand Post

Like
 Log In to Comment
View This Post

GN
Edited by Admin February 16, 2020 at 9:23 PM
@Warren,
 
I Need caffeine, i skimmed that fast, I didn't see the blue, and rushed to the decision
that it's not there :-)

 Like
 Comment

 2 comments
 1 view

More comments1 of 2

GN

10 years ago

That really helps, you know, after your first comment I'm reading everything word by
word. I was seriously considering  getting my brain imaged and eyes checked (how
couldn't i see the blue)  :-)
All the time betweeen your 2 comments i was thinking sth is wrong with me. I need to
unwind and may be quit studying for some time.
But, thanks to you for 2nd comment, I'm feeling good now

Like

Log In to Comment
View This Post

arteq
February 6, 2012 at 2:38 AM
very nice...

 Like
 Comment
 Log In to Comment
View This Post

GN
February 6, 2012 at 2:36 AM
Nice description, If the commands too were included, it could be a reference :-)

 Like
 Comment

 1 comment
 1 view

warrensullivan

10 years ago

lp4nb wrote:
 

                       

 
Nice description, If the commands too were included, it could be a reference :-)
 

                   

They are....

Expand Post

Like

Log In to Comment
End of Feed
Share



Follow
RELATED ARTICLES
 VPN - VRF-aware ipsec cheat sheet - Real World - Part1

Number of Views815

 VPN - VRF-aware ipsec cheat sheet (MultiSite Redundancy) Real World - Part2

Number of Views213

 VPN - VRF-aware ipsec cheat sheet (MultiSite Redundancy) Real World -Part4

Number of Views234

TRENDING ARTICLES
 CCIE/CCDE - More labs. More locations. More flexibility.
 CCIE/CCDE: Book your Lab/Practical Exam
 Cisco Routers Password Types

If you encounter a technical issue on the site, please open a support case.








 Webinars & Events

  Blogs

 Discussions

CertificationsHelpAbout Us

Cisco Learning Network StoreCertification TrackerCisco Learning Network

Podcast

Stay ConnectedMember Directory

Communities:Chinese|Japanese|Korean
Cisco.com© Copyright 2021 Cisco, Inc. All Rights Reserved.Privacy StatementTerms &
ConditionsCookie PolicyTrademarks