STP Security

eng_ahmedaseng_ahmedas Member Posts: 69 ■■□□□□□□□□
Dear Friends
I wish u r fine ....... I wish u could help me understanding some topics in STP Security ....

1)I read this statement is Cisco Material "Loop guard is incompatible with root guard. Also, loop guard should not be enabled on PortFast ports" ..... Why ???

2)Does unidirectional links caused by cable problems (utp problem , fiber problem , ....) or due to failure in the port (Hardware failue) or due to both ?????

3)On an EtherChannel bundle, UDLD disables individual failed links but the channel itself remains functional if other links are available while Loop guard puts the entire channel in loop-inconsistent state if BPDUs are not received across the EtherChannel .... why ?????

I wish u could help me understanding these items
Thanks in advance
Bye

Comments

  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Dear Friends
    I wish u r fine ....... I wish u could help me understanding some topics in STP Security ....

    1)I read this statement is Cisco Material "Loop guard is incompatible with root guard. Also, loop guard should not be enabled on PortFast ports" ..... Why ???

    2)Does unidirectional links caused by cable problems (utp problem , fiber problem , ....) or due to failure in the port (Hardware failue) or due to both ?????

    3)On an EtherChannel bundle, UDLD disables individual failed links but the channel itself remains functional if other links are available while Loop guard puts the entire channel in loop-inconsistent state if BPDUs are not received across the EtherChannel .... why ?????

    I wish u could help me understanding these items
    Thanks in advance
    Bye

    1. Think about what root guard and portfast do to spanning-tree. Portfast allows a interface to transition into forwarding without going through the normal STP delays, and should never be enabled on an interface connected to another switch. Loop gaurd is designed to be used on links connecting to other switches, so the two are mutually exclusive. The same is true for root guard, it is enabled on interfaces where you do not want a superior BPDU to become th root.

    2. Could be both.

    3. UDLD tracks the state of each physical link, where loop guard tracks the state of the etherchannel bundle. Once you put several links into an etherchannel bundle, STP sees them a single link, not multiple independant links.
    The only easy day was yesterday!
Sign In or Register to comment.