Reference Guide

The port is in ERR_DISABLE mode, yet appears in the show interface

commands as enabled. If you do not enable shutdown-on-violation, BPDUs

are still sent to the RPM CPU.

STP loop guard and root guard are supported on a port or port-channel enabled in

any Spanning Tree mode: Spanning Tree Protocol (STP), Rapid Spanning Tree

Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and Per-VLAN Spanning

Tree Plus (PVST+).

Root guard is supported on any STP-enabled port or port-channel except when

used as a stacking port. When enabled on a port, root guard applies to all VLANs

configured on the port.

STP root guard and loop guard cannot be enabled at the same time on a port. For

example, if you configure loop guard on a port on which root guard is already

configured, the following error message is displayed: % Error: RootGuard is

configured. Cannot configure LoopGuard.

Do not enable Portfast BPDU guard and loop guard at the same time on a port.

Enabling both features may result in a port that remains in a blocking state and

prevents traffic from flowing through it. For example, when Portfast BPDU guard

and loop guard are both configured:

• If a BPDU is received from a remote device, BPDU guard places the port in an

Err-Disabled Blocking state and no traffic is forwarded on the port.

• If no BPDU is received from a remote device, loop guard places the port in a

Loop-Inconsistent Blocking state and no traffic is forwarded on the port.

To display the type of STP guard (Portfast BPDU, root, or loop guard) enabled on a

port, enter the show spanning-tree 0 command.

Spanning Tree Protocol (STP)

1645