Can't find what you need?

• Ask the Community
• Create a Case
Reset Search



How to prevent layer 2 loop from using STP, RSTP '802.1w', and loop detection?

« Go Back


TitleHow to prevent layer 2 loop from using STP, RSTP '802.1w', and loop detection?
There are several features/protocols to prevent layer2 loop. This article is intended to help compare the pro's and con's for these protocols and their application:
STP (802.1D), RSTP (802.1W), Loop-detection (loose mode), Loop-detection (strict mode), STP BPDU Guard, and STP protection

Key STP/RSTP (802.1W)Terms:

Root Bridge - The switch used as a reference point by all other switches in the network for eliminating loops.

Designated Bridge - The bridges on a network segment collectively determine which bridge has the least-cost path from the network segment to the Root bridge.

Root Port - The port on a non root bridge that is selected as having the lowest path cost to the Root.

Designated Port - On a given link, it is the port having the superior BPDU. (All ports on the root bridge are designated ports)

Non-Designated Port - The port (or ports) that lose the election for Designated port are the non-Designated port.

BPDU 'Bridge Protocol Data Unit' Guard - BPDU guard would only be active when the Port is belongs to the VLAN that is under STP/RSTP protection. The BPDU guard feature is configured either globally or on a per-port basis. The per-port configuration overrides the global configuration unless the port configuration is set to default, then the global configuration is checked.

3 Port States for RSTP:

Discarding -This state is analogous to STPs Blocking state.However it willnot forwardtraffic, but still receives BPDUs

Learning - This corresponds to the Learning states in STP, the port is building a its MAC table, but not forwarding traffic yet.

Forwarding - This corresponds to the forwarding state in STP, the port is active and is now forwarding traffic.

Below is the explanation from Engineering:

  • RSTP
  • Each layer 2 device mustparticipateusing theRSTP protocol.
  • BPDUs aregenerated from the Root bridge every 2 seconds
  • Every downstream switch willsend aBPDU on the Designated port every 2 second
  • The Switches redundant linkwill be in a discardingstatewhen the loop isdetected
  • Each switch participates in the RSTP Topology.
  • RSTP will dynamically break physical loop
  • Provides layer 2 link redundancy.
  • It blocks the edge port when a user connects two ports together in the same vlan.
  • Need to configure other parameters to provide edge loop detection for end devices
  • It is commonly used for switch to switch connection to prevent loop detectionand provide dynamic redundant data path.
  • STP (802.1d)
  • Similar to RSTP, but older version
  • Compare to RSTP, it block edge port when user create an external loop
  • Slow converge.
  • Trigger TC when edge port flapping
  • It is used for legacy layer 2 devices
  • Loop-detection (loose mode)
  • It is configured on the VLAN.
  • Each port on the vlan sends out probe packet once every second (default).
  • The destination MAC in probe packet is a layer2 multicast with aswitch ID.
  • When the switch receives its own probe packet originated from any port on the device, theport willgo into aerr-disable for the receiving port
  • It detects aloop and willdisable the port when auser mistakenly connects two ports on a switch together.
  • It also protects againstwhen two ports connect each otherin different vlans
  • It is enabled on entire vlan. It is also very sensitive. Sometimes it will disable theuplink port when a network had theRSTP flapping.
  • Itwill notprotect against two ports in different devices and auser connects one port to another.
  • Itwill notprotect if the receiving port doesnt have loop-detection enabled.
  • It is used for an edge switch to prevent user errors
  • Loop-detection (strict mode)
  • It is configured on each individual port.
  • Each port with enabled loop-detection, send out probe packet once every second (default).
  • The destination MAC in the probe packet is a layer2 multicast with unique port ID.
  • When the port received its own probe packet, it err-disable the port.
  • It detect loop when received its own probe packet.
  • It can be configured on individual port, exclude uplink port.
  • It wont detect loop when two port connect each other
  • It is used for an edge switch to prevent user errors.
  • STP BPDU guard
  • It is configured on each individual port.
  • Once a BPDU receive packet is detectedon the port, it will go into aerr-disable state.
  • Combined with a RSTP/STP configuration,
  • It will detect aloop when any BPDU packet is received on the port with STP BPDU guard enabled.
  • It is enable on individual port, can exclude uplink port.
  • It willprotect against anexternal loop.
  • It protects against two ports beingconnected to each other and creating a loop.
  • It is not as sensitive as loop detection (2sec vs 1sec).
  • To protect against aloop, it require RSTP/STP configured together with BPDU guard to detect the BPDU packet.
  • It is usedto protect theSTP domain and topology.
  • Combined with RSTP/STP configuration, it is used for edge switch protectionto prevent user errors and creating loop conditions on the switch.
  • STP protection
  • It is configured on individual port.
  • It will drop any BPDU packet received.
  • It wont err-disable the port.
  • It will protect the STP domain and topology.
  • It will not prevent aloop.
  • It is used on an edge switch to protect theSTP domain, and only allow a data packet through the port.
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255