loop guard and root guard

Unanswered Question
Jul 3rd, 2009

Hi all

Can I use loop and root guard with RSTP ?

and what is the best practice config for these ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Giuseppe Larosa Fri, 07/03/2009 - 11:38

Hello Carl,

we use loop guard with RSTP and it is recommended because UDLD is too slow for RSTP.

I may be wrong but the two commands cannot be used together on the same port.



change the partner word in customer if you cannot access it

I see that CCO has changed so sorry if you cannot open it.

Hope to help


Francois Tallet Mon, 07/06/2009 - 11:05


UDLD is not too slow for RSTP. RSTP is only fast on links by bi-directional connectivity, where the proposal/agreement mechanism can take place. Else, it just falls back to regular STP timers.

The dispute mechanism is much better than loopguard at detecting unidirectional linke failures. We also have bridge assurance, that can introduce an additional level of safety.

I think it still makes sense to use UDLD along with STP feature because UDLD operates at the link level. For instance, UDLD is able to single out a bad fiber in a channel (sure, LACP should also). STP cannot do this because it is only running on the logical link and can only disable the whole channel should it encounter a problem.



Giuseppe Larosa Mon, 07/06/2009 - 12:42

Hello Francois,

Rapid STP is declared able to converge in 100 msec and UDLD timers (at least last time I checked them) are in the range of seconds: so my idea was that UDLD can be too slow.

However, I admit that handshake cannot happen in a unidirectional link one side sends its proposal but cannot receive the answer from the other side.

If I correctly understand your answer RSTP implementation fall backs to regular STP timers in a unidirectional scenario because no agreement can be received.

I didn't know this.

May you provide a link to the bridge assurance feature?

Thanks for your correction.

Best Regards


ananshah Wed, 07/08/2009 - 02:47

Loopguard is an option that operates with Spanning-Tree to prevent an alternate port or a root port from assuming a designated role due to the absence of BPDUs. When Loopguard does not receive BPDUs from a root port or a blocking port, it puts or keeps the port in a blocking state and marks the port as Loop-inconsistent

Key benefits

Loopguard has the following key benefits for a Layer 2 network:

• It protects against Layer 2 loops that Spanning-Tree cannot handle

• It works together with Spanning-Tree, so there is no additional protocol traffic on the link

• Loopguard takes care of Layer 2 loops even when Spanning-Tree aggressive timers are used



carl_townshend Wed, 07/08/2009 - 03:06

Hi there

what ports should I enable loop guard and root guard on? and are these per port or global commands ?

ananshah Wed, 07/08/2009 - 08:08

Hello Carl ,

Root guard are generally enabled on the port other than Root port where we are expecting that some user might plug in another switch ..

Loop guard is generally enabled on ports going to the root bridge (Root port , backup/alternate ) ..

Rootguard and Loopguard are mutually exclusive, the reason being that a “Rootguarded” port is forced to be a designated port all of the time. A Loopguarded port is either a root port or a blocking port.

Loop guard can be enabled globally or per interface ..

Under interface :

spanning-tree guard loop

Global config :

spanning-tree loopguard default



carl_townshend Thu, 07/09/2009 - 01:29

hi there

what happens in I enable loop guard globally, what does everyone else do with loop guard and root guard ?


This Discussion