Spanning TreeInterface Config

spanning-tree guard loop

Configures loop guard on a spanning-tree port to prevent alternate or root ports from becoming designated in the absence of BPDUs, protecting against unidirectional link failures.

Syntax·Interface Config

spanning-tree guard loop

When to Use This Command

On a switch port connected to a critical server where a unidirectional link failure could cause a bridging loop.
On access ports in a redundant topology where BPDU guard is not enough and you need additional protection against loops.
On ports connecting to other switches in a spanning-tree network to ensure loops are not created if BPDUs stop arriving.
On ports where you suspect faulty fiber or media converters that might cause one-way traffic.

Command Examples

Enable loop guard on an interface

spanning-tree guard loop

No output is generated when this command is entered. The command simply enables loop guard on the interface. Use 'show spanning-tree interface gigabitethernet0/1 detail' to verify.

Verify loop guard configuration

show spanning-tree interface gigabitethernet0/1 detail

GigabitEthernet0/1 is up, line protocol is up
  Port id: 128.1    Port role: Designated    Port state: forwarding
  Loop guard: enabled
  Root guard: disabled
  BPDU guard: disabled
  BPDU filter: disabled
  ...

The output shows the interface status, port role, port state, and the status of various STP protections. 'Loop guard: enabled' confirms that loop guard is active on this port.

Understanding the Output

The 'show spanning-tree interface <interface> detail' command displays the STP configuration for a specific interface. Key fields include: 'Port role' (Designated, Root, Alternate, Backup), 'Port state' (forwarding, blocking, listening, learning), and protection settings like 'Loop guard', 'Root guard', 'BPDU guard', and 'BPDU filter'. Loop guard being 'enabled' means the port will be put into loop-inconsistent state if BPDUs are not received, preventing a loop. If loop guard is 'disabled', the port may become designated and cause a loop. In a real network, you should see loop guard enabled on ports where unidirectional link failure is a concern. A good value is 'enabled' on such ports; a bad value is 'disabled' when you intended to enable it. Watch for 'Loop guard: enabled' to confirm configuration.

CCNA Exam Tips

CCNA exam tip: Loop guard is configured per interface, not globally. Know the difference between loop guard and BPDU guard.

CCNA exam tip: Loop guard prevents alternate/root ports from becoming designated if BPDUs stop; it does not affect designated ports.

CCNA exam tip: Loop guard and root guard cannot be enabled simultaneously on the same port; they are mutually exclusive.

CCNA exam tip: In the exam, you may be asked to identify which STP protection to use in a scenario with unidirectional link failure.

Common Mistakes

Mistake: Enabling loop guard on a port that is already a designated port; loop guard has no effect on designated ports.

Mistake: Confusing loop guard with BPDU guard; BPDU guard err-disables a port if a BPDU is received, while loop guard puts the port into loop-inconsistent state if BPDUs are not received.

Mistake: Forgetting to verify loop guard with 'show spanning-tree interface' after configuration.

Related Commands

spanning-tree guard root

Enables root guard on a switch port to prevent it from becoming a root port in the Spanning Tree Protocol, protecting against rogue switches that might try to become the root bridge.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions