Got it

Differences between loop-protection, root-protection and bpdu-protection Highlighted

Latest reply: Nov 27, 2018 13:38:41 3824 1 3 0 0

Hi there, everyone!

This post highlights the differences between loop-protection, root-protection and bpdu-protection. Please read further down for details.


When the link is congested or faulty, switching device failed to receive BPDUs, this will lead the device to re-elect root port, the former root port will turn to designated port, and the discarding port will translate to forwarding. In this situation, network loop may happen.

By enabled loop-protection, when switch failed to receive BPDUs on root port or alternate port, it will notice administrator, and the root port translate to discarding state, port role turn to designated port. Simultaneously, alternate port keeps discarding state and port role turn to designated port. Without forwarding traffic, no network loop forms. Switch will return to the original state after receiving BPDU again on the corresponding port.

For those designated ports which enabled root-protection, the port role can only be maintained as the designated port.Once receiving BPDU with a higher priority(smaller priority number), these ports will turn to discarding, and not forwarding traffic anymore.In a short time range, usually double foward delay, if no more higher priority(smaller priority number) BPDU received, these ports will turn to forwarding state as usual.

root-protection takes effect only on the designated port. When configured on other ports, root-protection affect nothing.

In general, root-protection is used to prevent receiving higher priority BPDU.


When a terminal device connect to a switch, usually corresponding ports are configured edge-port, this could help these ports turn to forwarding state rapidly.But when BPDU receives on edge-port, edge-port loses its edge-port attribute, and turn to participate in STP calculation, under this circumstance, these ports' convergence time will be extended greatly.

When bpdu-protection configured on edge-port, edge-port will keeps its attribute and turn into down if BPDU received.Not the same as configuring root-protection, edge-port wouldn't recover from shutdown state automatically, edge-ports' state only can be renewed by administrator execute restart or shutdown, undo shutdown in interface view.

If user want the shutted edge-port recovery from shutdown state automatically, command error-down auto-recovery cause bpdu-protection interval interval-value can achieve this goal.

      Summary of      working mechanism
      Enable command
      Error state
      Prevents      port state transition caused by BPDUs not received due to link failure,      causing loops
      stp      loop-protection
      root-port      and alternate-port turn to designated-port

      auto-recovery when receiving BPDU packet again
      Prevent      spanning tree recalculation due to receiving better BPDUs
      stp      root-protection
      auto-recovery if no more higher priority BPDU received during      double forward delay
      Prevent      the edge-port caused by receiving BPDUs from becoming a non-edge-port.
      stp      bpdu-protection
      shutdown      & undo shutdown   or
      restart or
      error-down auto-recovery cause bpdu-protection interval interval-value


1. Both loop-protection,root-protection and bpdu-protection are disabled by default.

2. root-protection and loop-protection can not be configured in a interface simultaneously,when try to do like this,switch will report an error. 

3. root-protection takes effect only when configured in designated-port.

  • x
  • convention:

Created Nov 27, 2018 13:38:41

LOOP Guard is mainly used to avoid bridging loops when blocking ports transit to forwarding state incorrectly; when a switch stops receiving BPDU on an unspecified port with loopguard feature enabled, the switch will cause the port to enter STP "inconsistent ports" blocking state, and when the inconsistent ports are again blocked. When BPDU is received, the port will automatically filter to STP status according to BPDU. The inconsistent port status can be viewed through the SH spanning-tree inconsistent ports command
View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.