Minimizing Service Loss and Data Theft in a Campus Network

Preventing STP Forwarding Loops

Unidirectional Link Failure
Loop Guard

Root
Before Loop Guard

Root
With Loop Guard
UDLD and Loop Guard Configuration
Commands

Configuring and verifying UDLD

• udld enable
• show udld interface fa0/1
Configuring and verifying loop guard
• spantree global-default loopguard enable
• show spantree guard fa0/1
 Configuring UDLD

Switch(config)#udld enable

• Enables UDLD globally on all fiber-optic interfaces

Switch(config-if)#udld enable

• Enables UDLD on an individual interface

Switch(config-if)#no udld enable

• Disables UDLD on an individual nonfiber-optic interface

Switch(config-if)#udld disable

• Disables UDLD on an individual fiber-optic interface

 Resetting and Verifying UDLD

Switch# udld reset

• Resets all interfaces that have been shut down by UDLD

Switch#show udld interface

• Displays UDLD information for a specific interface

Configuring Loop Guard
 Comparing Loop Guard and UDLD

Loop Guard UDLD

Configuration Per port Per port
Action granularity Per VLAN Per Port
Autorecovery Yes Yes, with
errdisable
timeout feature
Protection against STP failures Yes, when enabled on all Yes, when enabled on all
caused by unidirectional links root and alternative ports links in redundant topology
in redundant topology
Protection against STP failures Yes No
caused by problem in software,
resulting in designated switch not
sending BPDU
Protection against miswiring No Yes
Summary

• UDLD detects and disables an interface with unidirectional

connectivity, protecting the network from anomalous STP
conditions.
• Loop guard detects and disables an interface with Layer 2
unidirectional connectivity, protecting the network from
anomalous STP conditions.
• UDLD and loop guard are configured and verified using
specific commands.
• Implementation of UDLD and loop guard protects
spanning tree operations from being disrupted due to
unidirectional links.