Reference Guide
Spanning Tree Protocol (STP) | 1427
Usage
Information
If you enable portfast bpduguard on an interface and the interface receives a BPDU, the software
disables the interface and sends a message stating that fact. The port is in ERR_DISABLE mode, yet
appears in the show interface commands as enabled. If shutdown-on-violation is not enabled,
BPDUs will still be sent to the RPM CPU.
STP loop guard and root guard are supported on a port or port-channel enabled in any Spanning Tree
mode: Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree
Protocol (MSTP), and Per-VLAN Spanning Tree Plus (PVST+).
Root guard is supported on any STP-enabled port or port-channel except when used as a stacking port.
When enabled on a port, root guard applies to all VLANs configured on the port.
STP root guard and loop guard cannot be enabled at the same time on a port. For example, if you
configure loop guard on a port on which root guard is already configured, the following error message
is displayed:
% Error: RootGuard is configured. Cannot configure LoopGuard.
Do not enable Portfast BPDU guard and loop guard at the same time on a port. Enabling both features
may result in a port that remains in a blocking state and prevents traffic from flowing through it. For
example, when Portfast BPDU guard and loop guard are both configured:
• If a BPDU is received from a remote device, BPDU guard places the port in an err-disabled
blocking state and no traffic is forwarded on the port.
• If no BPDU is received from a remote device, loop guard places the port in a loop-inconsistent
blocking state and no traffic is forwarded on the port.
To display the type of STP guard (Portfast BPDU, root, or loop guard) enabled on a port, enter the
show spanning-tree 0 command.