Spanning Tree Network Ports
If you configure a port connected to another switch as an edge port, you might create a bridging loop.
Note
Spanning Tree Network Ports
Network ports are connected only to switches or bridges. Bridge Assurance is enabled only on network ports.
If you mistakenly configure ports that are connected to hosts or other edge devices, as spanning tree
Note
network ports, those ports will automatically move into the blocking state.
Spanning Tree Normal Ports
Normal ports can be connected to either hosts, switches, or bridges. These ports function as normal spanning
tree ports.
The default spanning tree interface is a normal port.
Understanding Bridge Assurance
You can use Bridge Assurance to protect against certain problems that can cause bridging loops in the network.
Specifically, you use Bridge Assurance to protect against a unidirectional link failure and a device that continues
to forward data traffic when it is no longer running the spanning tree algorithm.
Bridge Assurance is supported only by Rapid PVST+ and MST. Legacy 802.1D spanning tree does not
Note
support Bridge Assurance.
Bridge Assurance is enabled by default and can only be disabled globally. Also, Bridge Assurance can be
enabled only on spanning tree network ports that are point-to-point links. Finally, both ends of the link must
have Bridge Assurance enabled.
With Bridge Assurance enabled, BPDUs are sent out on all operational network ports, including alternate and
backup ports, for each hello time period. If the port does not receive a BPDU for a specified period, the port
moves into the blocking state and is not used in the root port calculation. Once that port receives a BPDU, it
resumes the normal spanning tree transitions.
Understanding BPDU Guard
Enabling BPDU Guard shuts down that interface if a BPDU is received.
You can configure BPDU Guard at the interface level. When configured at the interface level, BPDU Guard
shuts the port down as soon as the port receives a BPDU, regardless of the port type configuration.
When you configure BPDU Guard globally, it is effective only on operational spanning tree edge ports. In a
valid configuration, LAN edge interfaces do not receive BPDUs. A BPDU that is received by an edge LAN
interface signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDU
Guard, when enabled globally, shuts down all spanning tree edge ports when they receive a BPDU.
BPDU Guard provides a secure response to invalid configurations, because you must manually put the LAN
interface back in service after an invalid configuration.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
200
About STP Extensions
OL-16597-01