This post highlights the differences between loop-protection, root-protection and bpdu-protection. Please read further down for details.
loop-protection
When the link is congested or faulty, switching device failed to receive BPDUs, this will lead the device to re-elect root port, the former root port will turn to designated port, and the discarding port will translate to forwarding. In this situation, network loop may happen.
By enabled loop-protection, when switch failed to receive BPDUs on root port or alternate port, it will notice administrator, and the root port translate to discarding state, port role turn to designated port. Simultaneously, alternate port keeps discarding state and port role turn to designated port. Without forwarding traffic, no network loop forms. Switch will return to the original state after receiving BPDU again on the corresponding port.
root-protection
For those designated ports which enabled root-protection, the port role can only be maintained as the designated port.Once receiving BPDU with a higher priority(smaller priority number), these ports will turn to discarding, and not forwarding traffic anymore.In a short time range, usually double foward delay, if no more higher priority(smaller priority number) BPDU received, these ports will turn to forwarding state as usual.
root-protection takes effect only on the designated port. When configured on other ports, root-protection affect nothing.
In general, root-protection is used to prevent receiving higher priority BPDU.
bpdu-protection
When a terminal device connect to a switch, usually corresponding ports are configured edge-port, this could help these ports turn to forwarding state rapidly.But when BPDU receives on edge-port, edge-port loses its edge-port attribute, and turn to participate in STP calculation, under this circumstance, these ports' convergence time will be extended greatly.
When bpdu-protection configured on edge-port, edge-port will keeps its attribute and turn into down if BPDU received.Not the same as configuring root-protection, edge-port wouldn't recover from shutdown state automatically, edge-ports' state only can be renewed by administrator execute restart or shutdown, undo shutdown in interface view.
If user want the shutted edge-port recovery from shutdown state automatically, command error-down auto-recovery cause bpdu-protection interval interval-value can achieve this goal.
| | Summary of working mechanism | Enable command | Error state | Recovery |
| loop-protection | Prevents port state transition caused by BPDUs not received due to link failure, causing loops | stp loop-protection | root-port and alternate-port turn to designated-port discarding | auto-recovery when receiving BPDU packet again |
| root-protection | Prevent spanning tree recalculation due to receiving better BPDUs | stp root-protection | discarding | auto-recovery if no more higher priority BPDU received during double forward delay |
| bpdu-protection | Prevent the edge-port caused by receiving BPDUs from becoming a non-edge-port. | stp bpdu-protection | shutdown | shutdown & undo shutdown or restart or auto-recovery error-down auto-recovery cause bpdu-protection interval interval-value |
TIPS:
1. Both loop-protection,root-protection and bpdu-protection are disabled by default.
2. root-protection and loop-protection can not be configured in a interface simultaneously,when try to do like this,switch will report an error.
3. root-protection takes effect only when configured in designated-port.
