BPDU Guard

When BPDU Guard is enabled and a switch port receives a BPDU it stops forwarding and disables itself. It is common to enable this on a access port, usually in addition to portfast. In theory a user should never generate legitimate BPDUs therefore this mechanism helps prevent malicious alteration of…

Root guard

Root Guard is a mechanism that allows the administrator to control where candidate root bridges can be connected to the network, it will basically prevent the wrong switch (say a random one just added) from becoming the root bridge.  If a Rood guard port receives a BPDU that might cause…

UDLD

Unidirectional Link Detection (UDLD) is a Cisco proprietary extension that lives to detect miss-configured and broken links between Cisco switches. It verifies that they can both send and receive data on a point-to-point link. This can be used to assist spanning-tree and compliments things like ‘loop guard’ and ‘bridge assurance’…

Loop Guard

To prevent loops that might develop if a port that should be blocking transitions to the forwarding state we have loop guard. This could happen if a port stops receiving BPDUs, maybe due to a unidirectional (on point-to-point) link or software/configuration problem on the neighbour. The following shows an…

Implementing STP

When multiple switches exist in the same layer 2 domain you run the risk of loops forming (bridging loops). Spanning Tree Protocol (STP) detects and prevents these loops. In essence if a loop exists the interfaces allowed to forward traffic are limited by preventing traffic being forwarded done (blocking). Over…