STP Optional Characteristics

Configuration
 Content

Contents
Chapter 1 STP Optional Characteristics Configuration ........................................................................................................ 1
1.1 Introduction of STP Optional Characteristics......................................................................................................... 1
1.1.1 Port Fast.................................................................................................................................................... 1
1.1.2 BPDU Guard ............................................................................................................................................. 2
1.1.3 BPDU Filter ............................................................................................................................................... 2
1.1.4 Uplink Fast ................................................................................................................................................ 3
1.1.5 Backbone Fast .......................................................................................................................................... 4
1.1.6 Root Guard................................................................................................................................................ 6
1.1.7 Loop Guard ............................................................................................................................................... 6
1.2 Configuring STP Optional Characteristics ............................................................................................................. 7
1.2.1 STP Optional Characteristics Configuration Tasks.................................................................................... 7
1.2.2 Configuring Port Fast ................................................................................................................................ 7
1.2.3 Configuring BPDU Guard.......................................................................................................................... 7
1.2.4 Configuring BPDU Filter............................................................................................................................ 8
1.2.5 Configuring Uplink Fast............................................................................................................................. 9
1.2.6 Configuring Backbone Fast....................................................................................................................... 9
1.2.7 Configuring Root Guard ............................................................................................................................ 9
1.2.8 Configuring Loop Guard.......................................................................................................................... 10

- II -
 STP Optional Characteristics Configuration

Chapter 1 STP Optional Characteristics

Configuration

1.1 Introduction of STP Optional Characteristics

STP module in our switch supports 7 additional features (hereinafter referred to as

“optional characteristics”) which has not configurate by default. The corresponding
relationship between STP modes and optional characteristics is listed in the
following table.

Optional Single STP PVST RSTP MSTP

Characteristics
Port Fast Yes Yes No No

BPDU Guard Yes Yes Yes Yes

BPDU Filter Yes Yes No No

Uplink Fast Yes Yes No No

Backbone Fast Yes Yes No No

Root Guard Yes Yes Yes Yes

Loop Guard Yes Yes Yes Yes

1.1.1 Port Fast

By Port Fast characteristic, a port can be transferred into Forwarding state directly
without transition waiting from Listening to Learning. In SSTP or PVST mode, Port
Fast can be enabled on the ports connected directly to hosts and severs which
connects hosts and severs fast to the network.

Port Fast is applicable to the ports connected directly to a host. These ports will
not receive BPDU, so that it would not influence network topology and can be
transferred into Forwarding States without waiting. If Port Fast is configured on a
port connected to the switch, it is possible to bring up loops.

Port Fast characteristic can be configured in global or port configuration mode. If

configured in global mode, all the ports will be considered as Port Fast ports and
enter the Forwarding state fast. But it will be much more possible to bring up loops.
To prevent network loops from Port Fast configuration, use BPDU Guard or BPDU
Filter to protect the ports.

-1-
 STP Optional Characteristics Configuration

Figure 1.1 Port Fast Ports

Comment:

STP with fast convergence, including RSTP and MSTP, can migrate ports into forwarding state by
default. So it is not necessary to use Port Fast.

1.1.2 BPDU Guard

If a port with Port Fast receives BPDU, it can be considered to be caused by an

incorrect configuration. After a port with Port Fast receives BPDU, it will be
protected passively by BPDU Guard.

The behavior of BPDU Guard is different in various STP modes. If a Port Fast port
configured BPDU Guard receives BPDU in SSTP/PVST mode, it will be forced to
be shutdown and users can only manually recover it afterwards. If a port
configured BPDU Guard receives BPDU in RSTP/MSTP mode, it will be set
Blocking after a while.

BPDU Guard can be configured independently from Port Fast. In all STP modes,
ports configured with BPDU Guard will not send BPDU while they can receive
BPDU and handle it. At RSTP/MSTP mode, you can configure BPDU Guards on
hosts connected ports to prevent devices connected to switch from receiving
BPDU.

BPDU Guard is able to be configured in global or port configuration mode. In

global configuration mode, use spanning-tree portfast bpduguard to prevent all
ports from sending BPDU. It is noted that inappropriate use of BPDU Guard may
result in loops in a complex network circumstance.

1.1.3 BPDU Filter

BPDU Filter can make the port of switch disabled to send BPDU exteriorly in
SSTP/PVST mode, which is another protection of Ports with Port Fast configured.

If a Port Fast configured with BPDU Filter receives BPDU in SSTP/PVST mode,
its BPDU Filter and Port Fast will be closed automatically so as to restore it to a
common port which must pass the states transition from Listening to Learning to
enter Forwarding.

-2-
 STP Optional Characteristics Configuration

BPDU Filter can be configured in global or port mode as BPDU Guard.

spanning-tree portfast bpdufilter can stop all the ports sending BPDU in global
configuration mode while the ports can still receive and process BPDU.

1.1.4 Uplink Fast

Uplink Fast enables the new root port fast enter Forwarding when the switch is not
connected to network root bridge.

It shows the multi-layers of devices distribution in a complicated network in figure

1.2. Switches on convergence layer and access layer can provide redundant
uplink. Normally these redundant links are blocked by spanning tree to avoid
loops.

Figure 1.2 Layered Switched network example

If the uplink of a switch is failed(called Direct Link Failure), STP will choose
Alternate port on the redundant link to be the new Root port which will enter
Forwarding state after transition from Listening to Learning.. If Uplink Fast is
configured by global command spanning-tree uplinkfast, new Root port will
directly enter Forwarding without states waiting so as to recover the uplink of the
switch.

Figure 1.3 indicates the work principle of Uplink Fast by a simple network
example. Initially the port connected from C to B is a backup port. After
disconnected from C to Root Bridge A, the previous Alternate port is chosen as
the new root port and start to forward packets immediately.

-3-
 STP Optional Characteristics Configuration

Figure 1.3 Uplink Fast Example

Comments:

Uplink Fast feature is applicable for SSTP and PVST with slow convergence. In RSTP and MSTP
mode, the new root port can be fast migrated to Forwarding state without the help of Uplink Fast.

1.1.5 Backbone Fast

Backbone Fast feature is a supplement of Uplink Fast. Uplink Fast can urge the
redundant link to start work fast at the time when the direct connection to
designated switch fails, while Backbone Fast can detect the indirect connection
failure in the upper layer network and speed up state transition of ports.

Take the network of Figure 1.3 for example, the link L2 from switch C to A is called
Direct Link to root bridge, which can be disconnected by Uplink Fast. While the
link L1 from B to A is indirect connection for switch C. The Indirect Failure of L1
can be processed by Backbone Fast.

Figure 1.4 shows the work principle of Backbone Fast as follow.

-4-
 STP Optional Characteristics Configuration

Figure 1.4 Uplink Fast Example

Suppose switch C has higher network bridge priority than B. When L1

disconnected, switch B will use its own Bridger priority as root priority to send
BPDU to C. The information that BPDU contains is not prior to C itself. When
Backbone Fast disabled, the port from C to B will become Designated Port after
Root bridge is aged since it does not receive BPDU from Root bridge any longer.
In general, it takes several seconds to wait up to information aged. If Backbone
Fast is already enabled by spanning-tree backbonefast, switch C will consider
that a indirect and root bridge reached connection is disconnected once the
Alternate port of C receives a BPDU with lower priority, and change this port into
Designated port immediately, without waiting for port information aged.

After Backbone Fast enabled, BPDU with low priority is received on the ports with
different roles, which will result in various behaviors of a switch. If the BPDU
packet is received on Alternate port, as the example above, this port will be
transferred to designated port. When Root Port receives low priority packets and
there are no other backup ports, the switch will become the network root.

It is noted that Backbone Fast only skips the Aging time of a port and the new
designated port still needs to pass the states transition from Listening to Learning
to enter Forwarding.

Comment:

Same with Uplink Fast, Backbone Fast is only valid within SSTP or PVST.

-5-
 STP Optional Characteristics Configuration

1.1.6 Root Guard

Root Guard can prevent a port from becoming a Root Port for receiving BPDU
with high priority

In a complex layer 2 network, administrator may expect a switch located in core

layer to be the network root bridge. But he can not manage all the switches
located in access layer(Probably because the access layer switches belong to
other clients). Then the incorrect configuration of other switches may cause that
the core switch can not become the Root.

You can configure Root Guard on the Edge switch so as to prevent Root Bridge
robbed by switches outside administration area. If a Root Guard configured port is
chosen as Root Port for receiving BPDU with higher priority, Root Guord will
automatically set it blocked and restore it to a designated port.

In PVST or MSTP mode ， Root Guard can work independently in each

Spanning-tree instance. In MSTP mode，if an Edge Port is blocked by Root Guard
in CIST, it will be blocked at all other MSTIs. Edge port refers to the port that is
connected to LAN hosts, STP switches, RSTP switches or MSTP switches outside
region.

Within port configuration mode, use spanning-tree guard root to enable Root
Guard on the port.

Note:

The behaviors of Root Guard are different in SSTP/PVST or RSTP/MSTP mode. Root port is always
blocked by Root Guard in SSTP/PVST mode, while in RSTP/MSTP mode; ports will be blocked by
Root Guard only when it receives higher priority BPDU. A port originally with Root role will not be
blocked.

1.1.7 Loop Guard

Loop Guard can protect Root Port or Alternate Port after being changed into
Designated Port, which can prevents loops caused by not receiving BPDU
continually.

You can use spanning-tree loopguard default to enable Loop Guard on the
switch. After being enabled, the port will be blocked when it is changed from a
Root port or Alternate port to a Designated port. If the port receives BPDU with
high priority again after a while, it will recover from Loop Guard automatically.

In PVST or MSTP mode ， Loop Guard can work independently in each

Spanning-tree instance. In MSTP mode，if an Edge Port is blocked in CIST
because of Loop Guard, it will be blocked at all other MSTIs.

Note:

The behavior of Loop Guard is different in SSTP/PVST or RSTP/MSTP. In SSTP/PVST mode,

Designated port is always blocked by Loop Guard, while in RSTP/MSTP, the port will be blocked
when it is transformed into Designated port for not receiving BPDU. A port with Designated
characteristic after receiving lower priority BPDU will not be blocked by Loop Guard.

-6-
 STP Optional Characteristics Configuration

1.2 Configuring STP Optional Characteristics

1.2.1 STP Optional Characteristics Configuration Tasks

Configuring Port Fast

Configuring BPDU Guard

Configuring BPDU Filter

Configuring Uplink Fast

Configuring Backbone Fast

Configuring Root Guard

Configuring Loop Guard

1.2.2 Configuring Port Fast

Port Fast can make a port transferred into Forwarding directly in SSTP/PVST
mode without states transition from Listening to Learning. Port Fast is not valid in
other STP modes.

Use the following commands to configure Port Fast under the global
configuration mode:

Command Purpose

spanning-tree portfast default Enable Port Fast globally, which is valid to

all ports

no spanning-tree portfast default Disable Port Fast globally, which does not
influence port configuration

Note:

Port Fast is only available for hosts connected ports，if configured globally，configure BpduGuard or
BpduFilter for preventing at the same time.

Use the following commands to configure Port Fast under switched port
configuration mode:

Command Purpose

spanning-tree portfast Enable Port Fast of current port

no spanning-tree portfast Disable Port Fast of current port, which

does not influence global configuration

1.2.3 Configuring BPDU Guard

BPDU Guard can provide protection for a port when it receives BPDU. The port
configured BPDU Guard will not send BPDU any longer.

-7-
 STP Optional Characteristics Configuration

The behaviors of BPDU Guard are different at various STP modes. If a port
configured Port Fast and BPDU Guard receives BPDU in SSTP/PVST mode, it
will be forced to be shutdown, and users can only manually recover it afterwards.
If a port configured BPDU Guard receives BPDU in RSTP/MSTP mode, It will be
set Blocking for some time.

Use the following commands to configure BPDU Guard under the global
configuration mode:

Command Purpose

spanning-tree portfast bpduguard Enable BPDU Guard globally, which is

valid to all ports.

no spanning-tree portfast bpduguard Disable BPDU Guard globally

Comment:

Configuring Port Fast globally may result in broadcast storm. To avoid it, configure BPDU Guard or
Filter simultaneously.

Use the following commands to configure BPDU Guard under switched port
configuration mode:

Command Purpose

spanning-tree bpduguard enable Enable BPDU Guard on the port

spanning-tree bpduguard disable Disable BPDU Guard, which does not

influence global configuration

no spanning-tree bpduguard Disable BPDU Guard, which does not

influence global configuration

1.2.4 Configuring BPDU Filter

With BPDU Filter, the ports of a switch can be disabled to send BPDU exteriorly,
which is another protection for ports with Port Fast configured.

Use the following commands to configure BPDU Filter under the global
configuration mode:

Command Purpose

spanning-tree portfast bpdufilter Enable BPDU Filter globally, which is

valid to all ports.

no spanning-tree portfast bpdufilter Disable BPDU Filter globally

Comment:

Configuring Port Fast globally may result in broadcast storm. To avoid it, configure BPDU Guard or
Filter simultaneously.

Use the following commands to configure BPDU Filter under switched port
configuration mode:

-8-
 STP Optional Characteristics Configuration

Command Purpose

spanning-tree bpdufilter enable Enable BPDU Filter on a port

spanning-tree bpdufilter disable Disable BPDU Filter, which does not

influence global configuration

no spanning-tree bpdufilter Disable BPDU Filter, which does not

influence global configuration

1.2.5 Configuring Uplink Fast

Uplink Fast enables the new root port fast enter Forwarding when the switch is
not connected to network Root Bridge.

Uplink Fast is valid only in SSTP/PVST mode.

Use the following commands to configure Uplink Fast in the global configuration
mode:

Command Purpose

spanning-tree uplinkfast Enable Uplink Fast

no spanning-tree uplinkfast Disable Uplink Fast

1.2.6 Configuring Backbone Fast

Backbone Fast is a supplement of Uplink Fast. Uplink Fast can urge the
redundant link to start work fast at the time when the direct connection to
designated switch failed, while Backbone Fast can detect the indirect connection
failure in the upper layer network and speed up state transition of ports.

Backbone Fast is valid only in SSTP/PVST modes.

Use the following commands to configure Backbone Fast under the global
configuration mode:

Command Purpose

spanning-tree backbonefast Enable Backbone Fast

no spanning-tree backbonefast Disable Backbone Fast

1.2.7 Configuring Root Guard

By Root Guard, a port is prevented from becoming a Root port for receiving the
BPDU with higher priority.

The behaviors of Loop Guard are different in SSTP/PVST or RSTP/MSTP mode.

Root port is always blocked by Root Guard inSSTP/PVST mode, while
inRSTP/MSTP mode, ports will be blocked by Root Guard only when it receives
higher priority BPDU. A port originally with Root character will not be blocked.

-9-
 STP Optional Characteristics Configuration

Use the following commands to configure Root Guard under switched port
configuration mode:

Command Purpose

spanning-tree guard root Enable Root Guard on a port

no spanning-tree guard Disable Root Guard and Loop Guard on

the port

spanning-tree guard none Disable Root Guard and Loop Guard on

the port

1.2.8 Configuring Loop Guard

Loop Guard can protect Root Port or Alternate Port after being changed into
Designated Port, which can prevents loops caused by not receiving BPDU
continually.

The behaviors of Loop Guard are different in SSTP/PVST or RSTP/MSTP mode.

In SSTP/PVST mode, Designated port is always blocked by Loop Guard, while in
RSTP/MSTP, the port will be blocked when it is transformed into Designated port
for not receiving BPDU. A port with Designated characteristic after receiving lower
priority BPDU will not be blocked by Loop Guard.

Use the following commands to configure Loop Guard in the global configuration
mode:

Command Purpose

spanning-tree loopguard default Enable Loop Guard globally, which is

valid to all ports.

no spanning-tree loopguard default Disable Loop Guard globally

Use the following commands to configure Loop Guard under switched port
configuration mode:

Command Purpose

spanning-tree guard loop Enable Loop Guard on the port

no spanning-tree guard Disable Root Guard and Loop Guard on

the port

spanning-tree guard none Disable Root Guard and Loop Guard on

the port

- 10 -